git.ipfire.org Git - ipfire-2.x.git/log

openssl: Update to version 3.4.0

- Update from version 3.3.2 to 3.4.0
- Update of rootfile
- Changelog
    3.4.0
This release incorporates the following potentially significant or incompatible
changes:
  * Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement
    TS_VERIFY_CTX_set0_* functions with improved semantics
  * Redesigned use of OPENSSLDIR/ENGINESDIR/MODULESDIR on Windows such that
    what were formerly build time locations can now be defined at run time
    with registry keys
  * The X25519 and X448 key exchange implementation in the FIPS provider
    is unapproved and has `fips=no` property.
  * SHAKE-128 and SHAKE-256 implementations have no default digest length
    anymore. That means these algorithms cannot be used with
    EVP_DigestFinal/_ex() unless the `xoflen` param is set before.
  * Setting `config_diagnostics=1` in the config file will cause errors to
    be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error
    in the ssl module configuration.
  * An empty renegotiate extension will be used in TLS client hellos instead
    of the empty renegotiation SCSV, for all connections with a minimum TLS
    version > 1.0.
  * Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and
    SSL_CTX_flush_sessions() functions in favor of their respective `_ex`
    functions which are Y2038-safe on platforms with Y2038-safe `time_t`
This release adds the following new features:
  * Support for directly fetched composite signature algorithms such as
    RSA-SHA2-256 including new API functions
  * FIPS indicators support in the FIPS provider and various updates of the FIPS
    provider required for future FIPS 140-3 validations
  * Implementation of RFC 9579 (PBMAC1) in PKCS#12
  * An optional additional random seed source RNG `JITTER` using a statically
    linked jitterentropy library
  * New options `-not_before` and `-not_after` for explicit setting start and
    end dates of certificates created with the `req` and `x509` apps
  * Support for integrity-only cipher suites TLS_SHA256_SHA256 and
    TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150
  * Support for requesting CRL in CMP
  * Support for additional X.509v3 extensions related to Attribute Certificates
  * Initial Attribute Certificate (RFC 5755) support
  * Possibility to customize ECC groups initialization to use precomputed values
    to save CPU time and use of this feature by the P-256 implementation
   3.3.3
security patch release.
The most severe CVE fixed in this release is Low.
This release incorporates the following bug fixes and mitigations:
  * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
    curve parameters.
    ([CVE-2024-9143])

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship openldap

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

openldap: Update to version 2.6.8

- Update from version 2.6.5 to 2.6.8
- Update of rootfile
- Replacement of previous 2.6.5-consolideated patch with 2.6.8-consolidated patch
- Changelog
    2.6.8
Fixed libldap exit handling with OpenSSL3 again (ITS#9952)
Fixed libldap OpenSSL channel binding digest (ITS#10216)
Fixed slapd handling of large uid/gids peercred auth (ITS#10211)
Fixed slapd-asyncmeta/meta target structure allocations (ITS#10197)
Fixed slapd-meta with dynlist (ITS#10164)
Fixed slapd-meta binds when proxying internal op (ITS#10165)
Added slapo-nestgroup overlay (ITS#10161)
Added slapo-memberof 'addcheck' option (ITS#10167)
Fixed slapo-accesslog startup initialization (ITS#10170)
Fixed slapo-constraint double free on invalid attr (ITS#10204)
Fixed slapo-dynlist with abandoned operations (ITS#10044)
Build
Fixed build with gcc14.x (ITS#10166)
Fixed back-perl with clang15 (ITS#10177)
Fixed to reduce systemd dependencies (ITS#10214)
Contrib
Added slapo-alias contrib module (ITS#10104, ITS#10182)
Fixed slapo-autogroup to work with slapo-dynlist (ITS#10185)
Fixed smbk5pwd implicit function declaration (ITS#10206)
Documentation
Fixed slapo-memberof exattr requirements (ITS#7400)
Fixed slapo-memberof is no longer deprecated (ITS#7400)
Minor Cleanup
ITS#9921
ITS#10103
ITS#10171
ITS#10172
ITS#10173
ITS#10179
ITS#10183
ITS#10186
ITS#10188
ITS#10193
ITS#10209
    2.6.7
Added slapo-dynlist option to disable filter support (ITS#10025)
Fixed liblber missing newline on long msg (ITS#10105)
Fixed libldap exit handling with OpenSSL3 (ITS#9952)
Fixed libldap with TLS and multiple ldap URIs (ITS#10101)
Fixed libldap OpenSSL cipher suite handling (ITS#10094)
Fixed libldap OpenSSL 3.0 and Diffie-Hellman param files (ITS#10124)
Fixed libldap timestamps on Windows (ITS#10100)
Fixed lloadd to work when resolv.conf is missing (ITS#10070)
Fixed lloadd handling of closing connection (ITS#10083)
Fixed lloadd tiers to be correctly linked on startup (ITS#10142)
Fixed slapd to honour disclose in matchedDN handling (ITS#10139)
Fixed slapd handling of regex testing in ACLs (ITS#10089)
Fixed slapd sync replication with glued database (ITS#10080)
Fixed slapd local logging on Windows (ITS#10092)
Fixed slapd-asyncmeta when remote suffix is empty (ITS#10076)
Fixed slapo-dynlist so it can't be global (ITS#10091)
Build
Fixed lloadd type mismatches (ITS#10074)
Fixed builds for Windows (ITS#10117)
Fixed build with clang16 (ITS#10123)
Documentation
Fixed slapo-homedir(5) attribute name for olcHomedirArchivePath (ITS#10057)
Minor Cleanup
ITS#10059
ITS#10068
ITS#10098
ITS#10109
ITS#10110
ITS#10129
ITS#10130
ITS#10135
ITS#10143
ITS#10144
ITS#10145
ITS#10153
    2.6.6
Fixed slapd cn=config incorrect handling of paused (ITS#10045)
Fixed slapd-meta to account for MOD ops being optional (ITS#10067)
Fixed slapd-asyncmeta to account for MOD ops being optional (ITS#10067)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship oath-toolkit

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

oath-toolkit: Update to version 2.6.12

- Update from version 2.6.11 to 2.6.12
- Update of rootfile not required
- Changelog
    2.6.12
** pam_oath: Drop privs when ${HOME} is used in the usersfile= setting.
   Reported by Fabian Vogt (SUSE), and associated with CVE-2024-47191.
   See <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43>.
   Security bug triggered by new feature in pam_oath v2.6.7 released on
   2021-05-01 with the USER/HOME placeholder strings, see
   <https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12>.
   Quoting a writeup in an alternate patch by Matthias Gerstner (SUSE):
   With the addition of the possibility to place a usersfile also into a
   user's home directory via variable expansion of ${HOME} and ${USER} in
   the `usersfile=` path specification, security issues sneaked in.  The
   PAM process usually runs with root privileges.  The file operations in
   an unprivileged user's home directory follow symlinks both when
   reading and creating files, allowing for a potential local root
   exploit, because of the `fchown()` performed on the newly created
   usersfile.
   We drop privileges to the user that is being logged into, assuming it
   has the necessary permissions for the usersfile belonging in their
   home directory.  This restricts the ability for non-root users to
   affect files beyond their control via liboath.
** liboath: Don't follow symbolic links for usersfile updates.
   Reported by Fabian Vogt (SUSE), and associated with CVE-2024-47191.
   See <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43>.
   Security bug triggered by new feature in pam_oath v2.6.7 released on
   2021-05-01 with the USER/HOME placeholder strings, see
   <https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12>.
   The fix is to open files for writing in exclusive mode (i.e., fail if
   the file exists including if it is a symbolic link).
   We offer a brief self-test to reproduce the problem in
   liboath/tests/tst_fopen-wx.c which you may use as follows:
   cc -o tst_fopen-wx tst_fopen-wx.c $(pkg-config --libs --cflags liboath)
   rm -f cve.oath cve.oath.new cve.sshd-config cve.oath.lock
   printf 'HOTP/E/8\tsilver\t4711\t3132333435363738393031323334353637383930313233343536373839303132\n' > cve.oath
   echo my-magic-cookie > cve.sshd-config
   ln -s cve.sshd-config cve.oath.new
   ./tst_fopen-wx cve.oath silver 670691 4711
   If this is linked with a vulnerable liboath it will print:
   FAIL: Liboath VULNERABLE to fopen(wx) bug.
   If you link it to a fixed liboath it will print:
   PASS: Your liboath is NOT VULNERABLE to fopen(wx) bug.
   For convenience, the liboath/tests/tst_fopen-wx.sh script can be used
   to setup and invoke tst_fopen-wx.
** We publish a minimal source-only tarball generated by 'git archive'.
   This tarball only contains the files stored in version controlled
   sources, and no auxilliary files.  The source-only tarball may be
   reproduced on a Trisquel 11 platform using Git at (or near) version
   2.46 from Guix.  If something results in the 'git archive' format
   changing again, the tarball can only be reproduced using an earlier
   system.  The git version in AlmaLinux 8, AlmaLinux 9, RockyLinux 8 and
   RockyLinux 9 should all produce the same identical 'git archive'
   tarball.  The git version used on Debian 11, PureOS 10, Trisquel 11
   and Ubuntu 22.04 should all produce an identical tarball.  These two
   'git archive' outputs are not the same, due to how Git works.
** oathtool: Fix test suite on 32-bit big-endian platforms.  Fixes: #44.
   Patch by Helge Deller and thanks to Jan Zerebecki.  See
   <https://lists.nongnu.org/archive/html/oath-toolkit-help/2024-04/msg00000.html>
   and <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/44>.
** libpskc: Don't call deprecated xmlMemoryDump.
** libpskc: fix implicit declaration with musl.
   See <https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/39>.
** libpskc: Fix linker warning when linked with mold.
   Thanks to Jan Palus, see
   <https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/30> and
   <https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/36> for
   regression testing.
** Various build fixes including updated gnulib files.
   Fixes Windows tzset build errors, among other things.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

meson: Update to version 1.6.0

- Update from version 1.5.1 to 1.6.0
- Update of rootfile
- Changelog is too large to include here.
    1.6.0
Support for OpenXL compiler in AIX.
The OpenXL compiler is now supported from Meson 1.6.0 onwards. So currently,
in AIX Operating system we support GCC and openXL compilers for Meson build
system.
Both the compilers will archive shared libraries and generate a shared object
for a shared module while using Meson in AIX.
alias_target of both_libraries
Previously, when passing a both_libs object to alias_target(), the alias
would only point to the shared library. It now points to both the static and
the shared library.
Default to printing deprecations when no minimum version is specified.
For a long time, the project() function has supported specifying the minimum
meson_version: needed by a project. When this is used, deprecated features
from before that version produce warnings, as do features which aren't
available in all supported versions.
When no minimum version was specified, meson didn't warn you even about
deprecated functionality that might go away in an upcoming semver major
release of meson.
Now, meson will treat an unspecified minimum version following semver:
    For new features introduced in the current meson semver major cycle
     (currently: all features added since 1.0) a warning is printed. Features
     that have been available since the initial 1.0 release are assumed to be
     widely available.
    For features that have been deprecated by any version of meson, a warning
     is printed. Since no minimum version was specified, it is assumed that
     the project wishes to follow the latest and greatest functionality.
These warnings will overlap for functionality that was both deprecated and
  replaced with an alternative in the current release cycle. The combination
  means that projects without a minimum version specified are assumed to want
  broad compatibility with the current release cycle (1.x).
Projects that specify a minimum meson_version: will continue to only receive
  actionable warnings based on their current minimum version.
Cargo subprojects is experimental
Cargo subprojects was intended to be experimental with no stability
  guarantees. That notice was unfortunately missing from documentation. Meson
  will now start warning about usage of experimental features and future
  releases might do breaking changes.
This is aligned with our general policy regarding mixing build systems.
Dependencies from CMake subprojects now use only PUBLIC link flags
Any dep obtained from a CMake subproject (or .wrap with method = cmake) now
  only includes link flags marked in CMake as PUBLIC or INTERFACE. Flags
  marked as PRIVATE are now only applied when building the subproject library
  and not when using it as a dependency. This better matches how CMake handles
  link flags and fixes link errors when using some CMake projects as subprojects.
New built-in option for default both_libraries
both_libraries targets used to be considered as a shared library by default.
There is now the default_both_libraries option to change this default.
When default_both_libraries is 'auto', both_libraries() with dependencies
that are both_libs themselves will link with the same kind of library.
For example, if libA is a both_libs and libB is a both_libs linked with libA
(or with an internal dependency on libA), the static lib of libB will link
with the static lib of libA, and the shared lib of libA will link with the
shared lib of libB.
New as_static and as_shared methods on internal dependencies
dep object returned by declare_dependency() now has .as_static() and
.as_shared() methods, to convert to a dependency that prefers the static or
the shared version of the linked both_libs target.
When the same dependency is used without those methods, the
default_both_libraries option determines which version is used.
Support for DIA SDK
Added support for Windows Debug Interface Access SDK (DIA SDK) dependency. It
  allows reading with MSVC debugging information (.PDB format). This
  dependency can only be used on Windows, with msvc, clang or clang-cl compiler.
Support for LLVM-based flang compiler
Added basic handling for the flang compiler that's now part of LLVM. It is
  the successor of another compiler named flang by largely the same group of
  developers, who now refer to the latter as "classic flang".
Meson already supports classic flang, and the LLVM-based flang now uses the
  compiler-id 'llvm-flang'.
nvc and nvc++ now support setting std
The following standards are available for nvc: c89, c90, c99, c11, c17, c18,
  gnu90, gnu89, gnu99, gnu11, gnu17, gnu18. For nvc++: c++98, c++03, c++11,
  c++14, c++17, c++20, c++23, gnu++98, gnu++03, gnu++11, gnu++14, gnu++17,
  gnu++20
Tools can be selected when calling has_tools() on the Qt modules
When checking for the presence of Qt tools, you can now explictly ask Meson
which tools you need. This is particularly useful when you do not need
lrelease because you are not shipping any translations. For example:
qt6_mod = import('qt6')
qt6_mod.has_tools(required: true, tools: ['moc', 'uic', 'rcc'])
valid tools are moc, uic, rcc and lrelease.
Simple tool to test build reproducibility
Meson now ships with a command for testing whether your project can be built
  reproducibly. It can be used by running a command like the following in the
  source root of your project:
meson reprotest --intermediaries -- --buildtype=debugoptimized
All command line options after the -- are passed to the build invocations
  directly.
This tool is not meant to be exhaustive, but instead easy and convenient to
  run. It will detect some but definitely not all reproducibility issues.
Support for variable in system dependencies
System Dependency method get_variable() now supports system variable.
test() and benchmark() functions accept new types
test and benchmark now accept ExternalPrograms (as returned by find_program)
  in the args list. This can be useful where the test executable is a wrapper
  which invokes another program given as an argument.
test('some_test', find_program('sudo'), args : [ find_program('sh'),
  'script.sh' ])
Zig 0.11 can be used as a C/C++ compiler frontend
Zig offers a C/C++ frontend as a drop-in replacement for Clang. It worked
  fine with Meson up to Zig 0.10. Since 0.11, Zig's dynamic linker reports
  itself as zig ld, which wasn't known to Meson. Meson now correctly handles
  Zig's linker.
You can use Zig's frontend via a machine file:
[binaries]
c = ['zig', 'cc']
cpp = ['zig', 'c++']
ar = ['zig', 'ar']
ranlib = ['zig', 'ranlib']
lib = ['zig', 'lib']
dlltool = ['zig', 'dlltool']

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

memtest: Update to version 7.20

- Update from version 7.00 to 7.20
- Update of rootfile not required
- Changelog
    7.20
    Add support for Loongson LA64 arch
    Add support for latest Intel CPUs (ARL/MTL)
    Add support for latest AMD CPUs (Zen5)
    Preliminary support for NUMA
    Bug fixes & optimizations

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

man: Update to version 2.13.0

- Update from version 2.12.0 to 2.13.0
- Update of rootfile
- Changelog
    2.13.0
Compatibility notes:
     * Drop support for versions of groff before 1.21 (released on 2010-12-31).
Fixes:
     * Fix `man-suffixed-extension` test failure when not using the GNU
       hierarchy organization.
     * Fix `-Wmissing-variable-declarations` warnings with GCC 14.
     * Fix `-Wflex-array-member-not-at-end` warning with GCC 14.
Improvements:
     * Upgrade to Gnulib `stable-202407`.
     * Support running the test suite against an installed package; this is
       useful for systems such as Debian's autopkgtest framework.
    2.12.1
Fixes:
     * Fix excessive cleanup of `/var/cache/man` by `systemd-tmpfiles`.
Improvements:
     * `man` matches the display width more accurately to the configured width.
     * Upgrade to Gnulib `stable-202401`.
     * Mention `groff`'s `pdf` device in `man(1)`.
     * Speed up `seccomp` filter slightly.
     * Document how to format pages using italic rather than underlined text.
Compatibility notes:
     * Remove the obsolete `chconfig` tool for converting man-db configuration
       files to the FHS.  This transition took place almost 25 years ago (at
       least in Debian), so it's not worth keeping it around now.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship lsof

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

lsof: Update to version 4.99.4

- Update from version 4.99.3 to 4.99.4
- Update of rootfile not required
- Changelog
    4.99.4
fix version parser for clang (lsof-org#305) (#306)
In lsof manapge: mention /etc/services for -P option (#309)
[freebsd] don't use kf_sock_inpcb on modern versions. In
  FreeBSD 14 and after the generic internet protocol control
  block and protocol specific (TCP) control block are the same
  pointer.  The latter embeds the former. The kf_sock_inpcb is
  planned for removal in FreeBSD 15.
[freebsd] Recognize FreeBSD 15
Fix typos in docs (#314)
[linux] Do not embed kernel version in CFLAGS (#314)
[linux] Linux 6.9 changed the pidfs appearence in procfs. Try
  to maintain original output in lsof (#317)
[linux] closefrom_shim: Add optimized fallback for platforms
  without closefrom or close_range (#316)
lib/misc.c: fix build against -std=c23 (`void (*)()`) changed
  the meaning) (#327)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libcap: Update to version 2.73

- Update from version 2.72 to 2.73
- Update of rootfile
- This version builds correctly with aarch64 - tested out building on the aarch64-builder
   system
- Changelog
    2.73
Bug fixes for libpsx changes in the 2.72 release.
    Some architectures do not support the system call getdents(). More
     modern architectures only support getdents64(), so use that. Patch
     provided by Xi Ruoyao.
    gettid() isn't consistently defined in all *libc's so create a macro
     for using it in the libpsx sources.
Fix some static analysis found issues, surfaced by Carlos
Rodriguez-Fernandez from an analysis performed on Fedora's libcap-2.71
release.
Third attempt to get an executable cap package runnable example into the
documentation on go.pkg.dev.
    It still isn't working, but I think the issue is now one for the go.dev
     website:
    Filed go/issues/70630 which got duped into this go/issues/70611 and
     a fix was requested by Ian Taylor.
    Remove a redundant c.String() function since fmt.Println(c) can figure
     this detail out.
Freshen up setcap.c sources. Sort the argument help.
Add go vet to the tests for cap and psx packages.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'master' into next

flash-image: Create a journal when the filesystem is being created

We recently started to have problems when a new installation was
launched from the flash image that creating the journal corrupted the
filesystem on the next mount operation.

Since we would like all IPFire installations to have a journal, we
create this now when we create the image and won't try to add it later.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

installer: Remove the option to install without journal

It was possible to install a new system without a journal. I think this
is a very outdated concept now and should be avoided in favour of
filesystem integrity.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Config: Don't interpret file names as regular expressions

When we are searching for changes in rootfiles, we walk through each
file that we have found in the build and check if it exists in the
rootfile. That check interpreted filenames as regular expressions which
caused a problem in the case of "/usr/bin/[".

This patch changes that grep will only search for an exact string match
(-F) and the string must be the entire line (-x).

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'master' into next

core190: Load SSH RSA key on legacy systems

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

OpenSSH: No longer try to load the RSA key

This key has been removed on new installations.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

backup: Add /etc/ssh/sshd_config.d

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openssh: Introduce include directory for additional sshd config files

This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.

Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

core191: Ship suricata

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata: Update to version 7.0.8

- Update from version 7.0.7 to 7.0.8
- Update of rootfile not required
- Changelog
    7.0.8
Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x
backport)(HIGH - CVE 2024-55629)
Security #7405: dns: quadratic complexity in logging and invalid json as output
(7.0.x backport)(HIGH - CVE 2024-55628)
Security #7404: tcp: segfault on StreamingBufferSlideToOffsetWithRegions (7.0.x
backport)(CRITICAL - CVE 2024-55627)
Security #7367: bpf: oversized bpf file can lead to buffer overflow (7.0.x
backport)(LOW - CVE 2024-55626)
Security #7306: detect: write to read-only memory in transforms (7.0.x backport)
(CRITICAL - CVE 2024-55605)
Bug #7445: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
22.11.6  (7.0.x backport)
Bug #7434: requires: rules with unmet requirements are still loaded (7.0.x
backport)
Bug #7432: detect: decoder event rules fail to match on invalid packets (7.0.x
backport)
Bug #7407: detect: missing app-layer metadata in alerts (7.0.x backport)
Bug #7368: flow: flow timeout pseudo packet triggers unexpected alert (7.0.x
backport)
Bug #7362: rules: unknown internal events not being detected as errors (7.0.x
backport)
Bug #7339: rust: different int types turn garbage on FFI boundary (7.0.x backport)
Bug #7335: asan/profiling: global-buffer-overflow error (7.0.x backport)
Bug #7327: http: FN with prefilter if the first of multi buffer did not match
(7.0.x backport)
Bug #7324: mqtt: wrong and missing direction for keywords (7.0.x backport)
Bug #7310: http: incorrect file direction handling (7.0.x backport)
Bug #7308: conf: memleak if yaml parser is initialized before checking if file
exists (7.0.x backport)
Bug #7307: detect: memleak in case of errors during initialization (7.0.x
backport)
Bug #7301: output: oversized records lead to invalid json (7.0.x backport)
Bug #7295: detect: sip.stat_code keyword uses wrong buffer name
Bug #7294: conf: nullptr dereference if mem alloc fails for a node in yaml
parser (7.0.x backport)
Optimization #7316: template: remove usage of template-rust (7.0.x backport)
Optimization #7275: tcp/reassemble: GetBlock takes O(nlgn) in worst case (7.0.x
backport)
Feature #7439: eve/alert: enrich decoder event rules (7.0.x backport)
Task #7427:  flowint: add isnotset support (7.0.x backport)
Task #7288: schema: add missing tls fields certificate and chain (7.0.x backport)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

core191: ship libxml2

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libxml2: Update to version 2.13.5

- Update from version 2.13.3 to 2.13.5
- Update of rootfile
- Changelog
    2.13.5
### Regressions
- xmlIO: Fix reading from non-regular files like pipes (Nick Wellnhofer)
- xmlreader: Fix return value of xmlTextReaderReadString (Nick Wellnhofer)
- parser: Fix loading of parameter entities in external DTDs
  (Nick Wellnhofer)
- parser: Fix downstream code that swaps DTDs (Nick Wellnhofer)
- parser: Fix detection of duplicate attributes (Nick Wellnhofer)
- string: Fix va_copy fallback (Nick Wellnhofer)
### Bug fixes
- xpath: Fix parsing of non-ASCII names (Nick Wellnhofer)
    2.13.4
### Regressions
- parser: Make unsupported encodings an error in declarations
- io: don't set the executable bit when creating files (triallax)
- xmlcatalog: Improved fix for #699
- Revert "catalog: Fetch XML catalog before dumping"
- io: Add missing calls to xmlInitParser
- tree: Restore return value of xmlNodeListGetString with NULL list
- parser: Fix error handling after reaching limit
- parser: Make xmlParseChunk return an error if parser was stopped
### Bug fixes
- python: Fix SAX driver with character streams
### Improvements
- xpath: Make recursion check work with xmlXPathCompile
- parser: Report at least one fatal error
### Portability
- include: Check whether _MSC_VER is defined

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libuv

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libuv: Update to version 1.49.2

- Update from version 1.48.0 to 1.49.2
- Update of rootfile not required
- Changelog
    1.49.2
* win,fs: remove trailing slash in junctions (Hüseyin Açacak)
* Revert "linux: eliminate a read on eventfd per wakeup" (Ben Noordhuis)
* win: Fix linked list logic in getaddrinfo (Thad House)
* win: fix compilation against Windows 24H2 SDK (Thad House)
* win: remap ERROR_NOACCESS and ERROR_BUFFER_OVERFLOW (Jameson Nash)
* win,fs: match trailing slash presence in junctions to user input (Jameson
  Nash)
    1.49.1
* build: add darwin-syscalls.h to release tarball (Ben Noordhuis)
* linux: use IORING_SETUP_NO_SQARRAY when available (Ben Noordhuis)
* linux: use IORING_OP_FTRUNCATE when available (Ben Noordhuis)
* win: fix pNtQueryDirectoryFile check (Rialbat)
* win: fix WriteFile() error translation (Santiago Gimeno)
* win,fs: uv_fs_rmdir() to return ENOENT on file (Santiago Gimeno)
* win,pipe: ipc code does not support async read (Jameson Nash)
* netbsd: fix build (Adam)
* win,fs: fix bug in fs__readdir (Hüseyin Açacak)
* unix: workaround gcc bug on armv7 (Santiago Gimeno)
* unix: work around arm-linux-gnueabihf-gcc bug (Ben Noordhuis)
* unix: fix uv_tcp_keepalive in smartOS (Santiago Gimeno)
* unix: fix uv_getrusage ru_maxrss on solaris (Poul T Lomholt)
    1.49.0
* test: fix -Wpointer-to-int-cast on 32 bits systems (Ben Noordhuis)
* build: add alias for libuv to CMakeLists.txt (Anthony Alayo)
* linux: create io_uring sqpoll ring lazily (Ben Noordhuis)
* misc: run sample CI when code changes (Jameson Nash)
* linux: fix uv_available_parallelism using cgroup (Thomas Walter)
* doc: fix tty example segfault (hiiizxf)
* udp,unix: fix sendmsg use-after-free (Geddy)
* cygwin: implement uv_resident_set_memory (Farzin Monsef)
* win: almost fix race detecting ESRCH in uv_kill (Santiago Gimeno)
* test: disable env var test under win32+asan (Ben Noordhuis)
* unix,fs: fix realpath calls that use the system allocator (Saúl Ibarra
  Corretgé)
* sunos: sync tcp keep-alive with other unices (Andy Pan)
* linux: fix /proc/self/stat executable name parsing (Farzin Monsef)
* test,ci: fix [AM]San, disable ASLR (Ben Noordhuis)
* win: remove _alloca usage (Ben Noordhuis)
* unix: reinstate preadv/pwritev fallback code (Ben Noordhuis)
* linux: don't delay EPOLL_CTL_DEL operations (Ben Noordhuis)
* doc: fix typos in ChangeLog (tgolang)
* unix,win: error on zero delay tcp keepalive (Saúl Ibarra Corretgé)
* win: simplify uv_once implementation (Saúl Ibarra Corretgé)
* doc: correct udp socket options documentation (Ben Noordhuis)
* linux: don't use sendmmsg() for single datagrams (Ben Noordhuis)
* unix: fix fd leaks in SCM_RIGHTS error path (Ben Noordhuis)
* win: robustify uv_os_getenv() error checking (Ben Noordhuis)
* test: use newer ASSERT_MEM_EQ macro (Ben Noordhuis)
* unix: de-duplicate conditions for using kqueue (Brad King)
* darwin: simplify uv_hrtime (Saúl Ibarra Corretgé)
* mailmap: update saghul's main email address (Saúl Ibarra Corretgé)
* win: remove no longer needed define (Saúl Ibarra Corretgé)
* doc: fix some typos (josedelinux)
* linux,darwin: make `uv_fs_copyfile` behaves like `cp -r` (Juan José Arboleda)
* dragonfly: disable SO_REUSEPORT for UDP socket bindings (Andy Pan)
* test: remove the obsolete HAVE_KQUEUE macro (Andy Pan)
* unix: use the presence of SOCK_* instead of OS macros for socketpair (Andy
  Pan)
* bsd: support pipe2() on *BSD (Andy Pan)
* unix: support SO_REUSEPORT with load balancing for TCP (Andy Pan)
* doc: add entries for extended getpw (Juan José Arboleda)
* test: fix the flaky test-tcp-reuseport (Andy Pan)
* aix,ibmi: fix compilation errors in fs_copyfile (Jeffrey H. Johnson)
* unix: support SO_REUSEPORT with load balancing for UDP (Andy Pan)
* tcpkeepalive: distinguish OS versions and use proper time units (Andy Pan)
* win: map ERROR_BAD_EXE_FORMAT to UV_EFTYPE (Hüseyin Açacak)
* doc: add instruction how to install with Conan (Uilian Ries)
* unix,win: remove unused req parameter from macros (Viacheslav Muravyev)
* build: fix android ci build (Ben Noordhuis)
* unix,win: export wtf8 functions properly (Ben Noordhuis)
* hurd: add includes and macro prerequisites (Olivier Valentin)
* hurd: stub uv_thread_setpriority() (Olivier Valentin)
* ci: use macOS 12 for macOS and iOS builds (Saúl Ibarra Corretgé)
* darwin: fix crash on iOS(arm64) (郑苏波 (Super Zheng))
* Create dependabot.yml for updating github-actions (Jameson Nash)
* doc: correct names of Win32 APIs in fs.rst (zeertzjq)
* ci: bump upload and download-artifact versions (dependabot[bot])
* ci: bump actions/setup-python from 4 to 5 (dependabot[bot])
* ci: bump KyleMayes/install-llvm-action from 1 to 2 (dependabot[bot])
* win,error: remap ERROR_NO_DATA to EAGAIN (Jameson Nash)
* test: handle zero-length udp datagram (Ben Noordhuis)
* misc: remove splay trees macros (Viacheslav Muravyev)
* test,openbsd: remove superfluous ifdef guard (Ben Noordhuis)
* win,fs: use posix delete semantics, if supported (Ian Butterworth)
* win: fix env var in uv_os_homedir and uv_os_tmpdir (Hüseyin Açacak)
* fsevents: detect watched directory removal (Santiago Gimeno)
* ci: bump actions/checkout to 4 (dependabot[bot])
* linux: eliminate a read on eventfd per wakeup (Andy Pan)
* test: pipe_overlong_path handle ENAMETOOLONG (Abdirahim Musse)
* win,fs: use the new Windows fast stat API (Hüseyin Açacak)
* win,pipe: fix race with concurrent readers (Jameson Nash)
* win,signal: fix data race dispatching SIGWINCH (Jameson Nash)
* build: ubsan fixes (Matheus Izvekov)
* linux: disable SQPOLL io_uring by default (Santiago Gimeno)
* win: fix fs.c ubsan failure (Matheus Izvekov)
* test: rmdir can return `EEXIST` or `ENOTEMPTY` (Richard Lau)
* test: check for `UV_CHANGE` or `UV_RENAME` event (Richard Lau)
* unix,fs: silence -Wunused-result warning (Santiago Gimeno)
* linux: support abstract unix socket autobinding (Ben Noordhuis)
* kqueue: use EVFILT_USER for async if available (Andy Pan)
* win: remove deprecated GetVersionExW call (Shelley Vohr)
* doc: document uv_loop_option (握猫猫)
* doc: fix the `uv_*_set_data` series of functions (握猫猫)
* doc: properly label enumerations and types (握猫猫)
* doc: document specific macOS fs_event behavior (Santiago Gimeno)
* win,pipe: restore fallback handling for blocking pipes (Jameson Nash)
* unix,win: remove unused rb-tree macro parameters (Viacheslav Muravyev)
* win: compute parallelism from process cpu affinity (Ben Noordhuis)
* win: use NtQueryInformationProcess in uv_os_getppid (Zuohui Yang)
* win,pipe: fix missing assignment to success (Jameson Nash)
* win: fix uv_available_parallelism on win32 (Ben Noordhuis)
* win,pipe: fix another missing assignment to success (Jameson Nash)
* kqueue: disallow ill-suited file descriptor kinds (Andy Pan)
* unix: restore tty attributes on handle close (Ben Noordhuis)
* test: delete test with invalid assumption (Ben Noordhuis)
* dragonflybsd: fix compilation failure (Jeffrey H. Johnson)
* test: run android tests on ci (Edigleysson Silva (Edy))
* darwin: add udp mmsg support (Raihaan Shouhell)
* unix: work around arm-linux-gnueabihf-gcc bug (Ben Noordhuis)
* unix: expand uv_available_parallelism() to support more platforms (Ondřej
  Surý)
* doc: add known issue in armv7 (Santiago Gimeno)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libtirpc

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libtirpc: Update to version 1.3.6

- Update from version 1.3.5 to 1.3.6
- Update of rootfile not required
- Changelog
    1.3.6
    configure.ac: Using autoupdate updated to the latest autoconf macros
    svc_fd_create: skip getsockname on a non-network socket
     As svcfd_create(3) said, it can:
     Create a service on top of any open file descriptor.
     But getsockname and getpeername in svc_fd_create assume that
     fd should be a connected socket.
     This patch will leave xp_raddr and xp_laddr uninitialized
     if fd is not a connected socket.
    detect whether linker supports --version-script
    check for gss_pname_to_uid or hardcode an early return if we can't use
     aname to localname
    test for IPV6_PKTINFO and potentially define __APPLE_USE_RFC_3542 to expose
     macos supports both RFC 2292 and RFC 3542 versions of ipv6 options and
     you choose which to expose, with a define
    macos uses the same mutex primitives as linux and so can use these defines
    check for struct rpcent in netdb.h before redefining
     macos defines it in netdb.h
    include string.h when we need a memset prototype for
    attempt to use machine/endian.h if endian.h does not exist
     macos has the former, not the latter
    updated macOS support for tirpc [2/7] SOL_IP vs IPPROTO_IP
     in order to have protocol numbers on macOS, we need to first determine
     we don't have SOL_IP, and then that we do have IPPROTO_IP, and then
     define the former as the latter. do the same for IPV6
    check for getpeereid
     macos ships with it, this avoids trying to build a replacement for a defined
     function
    rpcb_prot.x: Update _PATH_RPCBINDSOCK
     2f9ce0c updated rpcb_prot.h, but rpcb_prot.x must be updated as well.
    Move rpcbind.sock to /run
     Most of the distros have /var/run as symlink to /run.
     Because /var may be a separate partition, and could even be mounted via
     NFS, having to look directly to /run help to avoid issues rpcbind
     startup early in boot when /var might not be available.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libpipeline

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libpipeline: Update to version 1.5.8

- Update from version 1.5.7 to 1.5.8
- Update of rootfile
- Changelog
    1.5.8
* Upgrade to Gnulib `stable-202407`.  Building libpipeline now requires
   Automake >= 1.14.
* Use C23-style `nullptr`.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libpcap

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libpcap: Update to version 1.10.5

- Update from version 1.10.4 to 1.10.5
- Update of rootfile
- Fixes for 2 CVE's
- Changelog
    1.10.5
    Source code:
      Spell WirelessHART details properly.
      Mark pcap_vasprintf() as printf-like.
      Finalize moving of bpf_filter.c. (GH #1166)
      Remove an unneeded argument from gen_mcode6().
      Don't do some Berkeley YACC workarounds with YACC releases not
        requiring them.
      Use correct data types rather than int in some cases.
      Squelch compiler warning in grammar.c.
      Fix findalldevtest compilation if IPv6 isn't enabled.
      Rename helper routines for pcap modules to have names beginning with
        pcapint_, to avoid namespace collisions for code linking statically
        with libpcap.
      Avoid casting hack for the Windows cleanup-on-exit routine.
      Use %zu format for one case of printing a size_t.
      Fix some Coverity errors.
      Fix availabilities of some functions to match reality.
      pcap: make the seconds and microseconds/nanoseconds fields unsigned.
      Remove the unused pcap-rpcap-int.h header file.
    Thread safety:
      Make some static variables thread-local; fixes issue #1174.
    Packet filtering:
      Improve reporting of some invalid filter expressions.
      Return an error from pcap_compile() if the scanner fails to initialize.
      Optimizer fix from Archit Shah to recompute dominators after
        moving code (#976); fixes #945 (although the resulting filter
        isn't empty).
      Optimizer fix from Archit Shah to mark value as unknown when store
        of that value is deleted (#972); fixes #143, #434, #436, #437,
        and #1076.
    Linux:
      Properly return warnings.
      Don't use DLT_LINUX_SLL2 for anything other than the "any" device.
      Avoid 32-bit unsigned integer overflow in USB captures.  Fixes
        issues #1134 and #1205.
      Fix a file descriptor leak.
      Properly report warnings about unknown ARPHRD_ types.
      Fix DLT_CAN_SOCKETCAN handling of CAN FD.
      Add CAN XL support to DLT_CAN_SOCKETCAN.
      Clean up the code that sets the "real" ("original") length for
        isochronous USB transfers.
      Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and
        Bluetoth modules.
    Solaris:
      Handle BPF returning ESRCH for unknown devices.
      List the "any" device if it's supported.
      Report {non-existent zone}/{interface} errors appropriately.
      Allow attaching to links owned by a non-global zone.  (Based on
        pull request #1202.)
      Fix AF_LINK handling on illumos.
    macOS:
      Redid the availability macros to be closer to what Apple's doing
        in recent SDKs, including tagging pcap-namedb.h routines.
      Fix the install name of the installed shared library to have a
        full path when building with CMake.
      Fix universal builds.
    Haiku:
      Convert the module to C.  Fixes issue #1114.
      Address a few compiler warnings.  Fixes issue #1114.
      Fix various build problems.  Fixes issue #1114.
      Report non-existent devices correctly.
      Fix handling of packet statistics.
      Fix packet timestamping.
      Fix packet filtering with low snaplen.
      Improve connection status reporting.
      Add support for promiscuous mode.
      Detect DLTs and loopback capture support at run time.
      Report IEEE 802.11 as PCAP_IF_WIRELESS.
    Windows:
      Fix internal handling of "not supported" error codes from NPF.
      Work around a bug in Npcap 1.00 in case of driver version mismatch.
      Don't call WSACleanup() when handling a failed WSAStartup().
    BSD, macOS, AIX, Solaris 11, Linux:
      Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture
        mechanism is not present, in the hopes that, for example,
        attempts to capture on Windows Services for Linux 1, in which
        the NT kernel attempts to simulate Linux system calls but does
        not support packet sockets, can get an error that better
        indicates the underlying problem.
    AirPcap:
      Format an error message if we run out of memory.
    nflog:
      Fix count of dropped packets.
      Make sure we don't overflow when rounding up the TLV length.
    rpcap:
      Handle routines removed in at least some OpenSSL libraries.
      CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid
        double frees in some cases.
      Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int
        on UN*Xes and as SOCKET on Windows.
      CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a
        file:// URL with a path to a directory that cannot be opened.
    Savefiles:
      Handle DLT_/LINKTYPE_ mapping better, to handle some
        OpenBSD-specific link types better.
      Treat if_tsoffset as signed in pcapng files, as the spec says.
      Don't try to fix the "real" length for isochronous USB
        transfers if the number of USB descriptors is too large.
      Reject pcap files where one of the reserved fields in the
        "link-layer type plus other stuff" is non-zero.
    Building and testing:
      Add a configure option to help debugging (--enable-instrument-functions).
      Improved tests and error reporting for uses of pkg-config, and
        improve help message.
      Fix Haiku build.
      With CMake, install headers in CMAKE_INSTALL_INCLUDEDIR rather
        than just include.
      Build libpcap.a before building test programs.
      Print address family numerically, as well as symbolically,
        in findalldevstest.
      Fail with suggestions, rather than failing over to no capture
        support, if no capture mechanism was found.  Fixes issue #1016.
      Don't indent comments in Make, as that may cause them not to be
        recognized as comments.
      Don't check for libssl if we aren't going to use it.
      Better handle enabling and disabling of sanitizers.  Fixes issue
        #1171.
      CMakeLists.txt: Print "Symlinking: /some/path to ..." conditionally.
      Evaluate CMAKE_INSTALL_PREFIX at install time.
      cmake: Update the minimum required version to 2.8.12 (except Windows).
      cmake: suppress CMP0042 OLD deprecated warning.
      Makefile.in: Add the releasecheck target.
      Cirrus CI: Add the "make releasecheck" command in the Linux task.
      Makefile.in: Add the whitespacecheck target.
      Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
      Autoconf: Update config.{guess,sub}, timestamps 2024-01-01.
      Autoconf: Update the install-sh script to the 2020-11-14.01 version.
      Compile with '-Wnull-pointer-subtraction',
        '-Wunused-but-set-parameter', and '-Wunused-but-set-variable' in
        devel mode if supported.
      Don't ignore spaces between CMAKE_C_FLAGS and DPDK_C_FLAGS with
        CMake.
      Use noreturn and __format__ with XL C 7.0 and later.
      Check for the same -W flags in autotools and CMake.
      Autoconf: Add autogen.sh, remove configure and config.h.in and put
        these generated files in the release tarball.
      Autoconf: Get the size of a time_t.
      Fix propagation of cc_werr_cflags() output.
      Makefile.in(s): Fix the depend target.
      mkdep: Exit with a non-zero status if a command fails.
      Fix HCI_CHANNEL_MONITOR detection with musl libc.
      Extend "make shellcheck" onto mkdep too.
      Add initial support for building with TinyCC.
      Address all known compiler warnings specific to illumos, Linux, NetBSD,
        Solaris and Sun C; in CI expect warnings specific to TinyCC only.
    Documentation:
      Update and fix pcap-filter man page.
      Add a README.haiku.md file.
      Document pcap-config better.
      Man page formatting and prose fixes.
      Rename doc/README.Win32.md to doc/README.windows.md.
      Update pcap-savefile man page to match the Internet-Draft for
        pcap.
      Fix CMake issues for target used by other projects.
      Explain "any" device better in pcap_open_live(3PCAP).
      Update INSTALL.md.
      Note in man pages that errbuf arguments must point to an error
        buffer.
      Note that if pcap_findalldevs() fails it sets *alldevsp to NULL;
        there's no devices list to free.
      Explain "other addresses" in pcap_findalldevs(3PCAP).
      Document pcap_lookupnet(3PCAP) a bit better.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship liboping

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

liboping: Update to version 1.10.0

- Update from version 1.3.4 (2009) to 1.10.0 (2017)
- Update of rootfile
- Changelog
    1.10.0
* Build system: Search the "rt" library for clock_gettime(). This
  fixes build issues on Mac OS X. Thanks to Yann E. Morni for this
  fix. #9
* Build system: The "--with[out]-ncurses" option has been added and
  allows to enforce/disable the building of "noping". Thanks to Thomas
  Deutschmann for the patch. #15
* Build system: Compatibility code to work with pkg-config < 0.27 has
  been added. #22
* liboping: Creation of ICMPv4 packets has been fixed: due to an
  incorrect sizeof() the payload may have been prefixed by 20 zero
  bytes, resulting in larger packets than desired. Thanks to Kyle Zhou
  for reporting and fixing this. #10
* liboping: The number of file descriptors used has been reduced to at
  most two (from one per host). This and a few other optimizations
  significantly improve performance. Thanks to Luke Heberling for the
  patch. #11
* oping, noping: Handling of the "-O" command line flag has been
  fixed.
* oping, noping: The "-b" option has been added and enables a bell
  whenever an echo reply is received. Thanks to Antoine Beaupré for
  the patch. #6
* noping: The background color has been changed to use the terminal
  default. Thanks to @middleO. #18
* noping: The ability to add hosts after noping has started (the "a"
  key) has been added. Thanks to Hamish Coleman for the patch. #20,
  #23
    1.9.0
* liboping: The new "PING_OPT_MARK" option allows to mark packets,
  which can be used for filtering and routing such packets on Linux.
* oping, noping: The new "-m" command line option allows to set a mark
  on packets sent by the tool.
* oping, noping: The new "-O" command line option allows to write
  measurements to an CSV file.
* oping, noping: The new "-w" command line option allows to specify
  the timeout after which a packet/reply is considered "dropped".
    1.8.0
* oping, noping: Average and standard deviation have been removed from
  the status output, which show median and 95th percentile instead.
  The percentile can be chosen with the "-P" option.
* noping: The additional graph types "histogram" and "boxplot" have
  been added, which can be selected with the "-g" option.
    1.7.0
* oping, noping: The new -Z option allows the exit status to indicate
  the number of failing hosts. Thanks to Barak Pearlmutter for the
  patch.
* noping: The ability to print a "prettyping" style graph has been
  added. Thanks to Antoine Beaupré for his work!
* src/liboping.c: Build issues on Solaris have been fixed. Thanks
  Scott Severtson for the fix!
* Build system: Creation and installation of a pkg-config file has
  been added. Thanks to Barak Pearlmutter for the patch.
    1.6.2
* Build system: Setting capabilities and the set-UID bit has been made
  more fault-tolerant, so that it will work with Debian's fakeroot(1)
  utility.
* src/liboping.c: Fixed a compiler warning about an non-static format
  string. Thanks to Brian Edwards for pointing this out.
* src/liboping.c: Fixed compilation under Mac OS X and Solaris. Thanks
  to Clayton O'Neill for his patch.
    1.6.1
* Build system: If "make install" is executed as root, the CAP_NET_RAW
  capability is added to the binary (on Linux) or the set-UID bit is
  set (other Unixes).
* src/oping.c: Fix compiler warnings which may abort the build. Thanks
  to James Bromberger for reporting the problem.
* noping: Compatibility with ncurses 5.8 has been fixed. Thanks to
  Gaetan Bisson for his patch.
    1.6.0
* liboping: Improve timing of received network packets using
  SO_TIMESTAMP if available. Thanks to Bruno Prémont for his patch.
    1.5.1
* oping, noping: Alias for the “Voice Admit” DSCP has been added.
* src/oping.c, src/liboping.c: Compiler warnings / errors have been
  fixed. Thanks to James Bromberger for reporting one of them.
    1.5.0
* src/liboping.c: The possibility to set the QoS byte of outgoing IPv4
  and IPv6 packets and read the byte from incoming packets has been
  added. Thanks to Vladimir Melnikov for his patch.
* oping, noping: Add the ability to configure the QoS field on the
  command line. If either the QoS field of outgoing or incoming
  packets is non-standard, the QoS byte of incoming packets will be
  printed.
* liboping: The library has been relicensed under the LGPL 2.1.
    1.4.0
* noping: A new front-end to liboping, using the ncurses library, has
  been added. The new command line application displays ping
  statistics online and highlights aberrant round-trip times.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libnl-3

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libnl-3: Update to version 3.11.0

- Update from version 3.10.0 to 3.11.0
- Update of rootfile not required
- Changelog details are only available by viewing the git repo commits
https://github.com/thom311/libnl/commits/main/

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship jibjpeg

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libjpeg: Update to version 3.0.4

- Update from version 3.0.3 to 3.0.4
- Update of rootfile not required
- Changelog
    3.0.4
1. Fixed an issue whereby the CPU usage of the default marker processor in the
decompressor grew exponentially with the number of markers.  This caused an
unreasonable slow-down in `jpeg_read_header()` if an application called
`jpeg_save_markers()` to save markers of a particular type and then attempted
to decompress a JPEG image containing an excessive number of markers of that
type.
2. Hardened the default marker processor in the decompressor to guard against
an issue (exposed by 3.0 beta2[6]) whereby attempting to decompress a
specially-crafted malformed JPEG image (specifically an image with a complete
12-bit-per-sample Start Of Frame segment followed by an incomplete
8-bit-per-sample Start Of Frame segment) using buffered-image mode and input
prefetching caused a segfault if the `fill_input_buffer()` method in the
calling application's custom source manager incorrectly returned `FALSE` in
response to a prematurely-terminated JPEG data stream.
3. Fixed an issue in cjpeg whereby, when generating a 12-bit-per-sample or
16-bit-per-sample lossless JPEG image, specifying a point transform value
greater than 7 resulted in an error ("Invalid progressive/lossless parameters")
unless the `-precision` option was specified before the `-lossless` option.
4. Fixed a regression introduced by 3.0.3[3] that made it impossible for
calling applications to generate 12-bit-per-sample arithmetic-coded lossy JPEG
images using the TurboJPEG API.
5. Fixed an error ("Destination buffer is not large enough") that occurred when
attempting to generate a full-color lossless JPEG image using the TurboJPEG
Java API's `byte[] TJCompressor.compress()` method if the value of
`TJ.PARAM_SUBSAMP` was not `TJ.SAMP_444`.
6. Fixed a segfault in djpeg that occurred if a negative width was specified
with the `-crop` option.  Since the cropping region width was read into an
unsigned 32-bit integer, a negative width was interpreted as a very large
value.  With certain negative width and positive left boundary values, the
bounds checks in djpeg and `jpeg_crop_scanline()` overflowed and did not detect
the out-of-bounds width, which caused a buffer overrun in the upsampling or
color conversion routine.  Both bounds checks now use 64-bit integers to guard
against overflow, and djpeg now checks for negative numbers when it parses the
crop specification from the command line.
7. Fixed an issue whereby the TurboJPEG lossless transformation function and
methods checked the specified cropping region against the source image
dimensions and level of chrominance subsampling rather than the destination
image dimensions and level of chrominance subsampling, which caused some
cropping regions to be unduly rejected when performing 90-degree rotation,
270-degree rotation, transposition, transverse transposition, or grayscale
conversion.
8. Fixed an issue whereby the TurboJPEG lossless transformation function and
methods did not honor `TJXOPT_COPYNONE`/`TJTransform.OPT_COPYNONE` unless it
was specified for all lossless transforms.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libgpg-error

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libgpg-error: Update to version 1.51

- Update from version 1.50 to 1.51
- Update of rootfile
- Changelog
    1.51
* Allow initialization of new Windows threads to utf8 mode.  [T7185]
* Add GPGRT_PROCESS_ALLOW_SET_FG for gpgrt_process_spawn.
   [rEb79d4206f4]
* Add new spawn function to modify the environment.  [T7307]
* Fix missing environ var for macOS and others.  [T7169,T7307]
* Fix forgotten _gpgrt_post_syscall on create pipe failure.  [rEbcab96484d]
* Let gpgrt_poll return an error for a closed fd.  [rE4a3dc85f69]
* Fix build error introduced by C-committee stupidity.  [T7344]
* Interface changes relative to the 1.50 release:
_gpg_w32_gettext_use_utf8           EXTN (new value 2).
gpgrt_spawn_actions_set_env_rev     NEW.
GPGRT_PROCESS_ALLOW_SET_FG          NEW.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libedit

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libedit: Update to version 20240808-3.1

- Update from version 20240517-3.1 to 20240808-3.1
- Update of rootfile
- Changelog
    20240808-3.1
   * all: sync with upstream source
   * doc/Makefile.am: fix regression. Name all manpage links as el_*
(e.g. el_history.3) to avoid conflicts.
Reported by Zopolis4

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libcap

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libcap: Update to version 2.72

- Update from version 2.70 to 2.72
- Update of rootfile
- Changelog
    2.72
      ERRATA:
        Failed to support more modern Linux architectures including arm64. Fix provided
by Xi Ruoyao.
      This specific release is devoted to a wholesale rewrite of libpsx to operate on
       native Linux threads (aka LWP = Light Weight Processes).
        Given the potential for misbehavior, we're isolating this release to that change.
            Should some issue(s) arise, and folk need to roll back, this will hopefully
     make downstream packagers' lives a bit easier: skip this release altogether.
        This addresses LCAP-CR-23-102 (SEVERITY) NONE from the libcap-2.69 security
audit. This addresses Bug 217476.
        This addresses C++ std::thread libpsx support. This addresses Bug 218607
reported by Vini Ipsmaker.
            Included a test case for this: contrib/bug218607/
        This now allows the PSX mechanism to apply to threads launched by loaded .so
plugins. This addresses Bug 219174 reported by Stas Sergeev.
            Included a test case for this: tests/b219174.c
        The rewrite has significantly reduced the need for any odd linking of the
-lpsx library. Namely, if code makes use of the psx_syscall*() functions,
there is no need for anything other than -lpsx on the link line.
            Updated a whole lot of documentation that warned folk about the
     -wrap=pthread_create linking need not being needed any more. (Bug 219456)
            Linking -lcap and -lpsx still requires some extra care. Updated
     cap_get_proc(3) manual page to explain.
        Was unable to figure out how to work around the pre-go1.16.* bug related to
cgo and interrupt handling while thread exit with the rewritten libpsx code.
Decided to abandon full support for earlier versions of Go.
            Explanation is Bug 219478 which points to old Go bug.
      Transitioned key used for signing Go package tags to use the
       0D23D34C577B08C4082CFD76430C5CFF993116B1 key.
      Very tiny documentation change for the cap package to try again to get a runnable
       example to show up on the pkg.go.dev website.
    2.71
      Reduce the need for CAP_SETPCAP in IAB setting to the specific instances in
which the kernel requires it. This addresses Bug 219169 reported by
Christopher Head.
      Resolve subtle libpsx linker flag issue related to -Bsymbolic-functions. This
addresses Bug 219169 reported by Stas Sergeev.
      Add new GPG signing key. At this stage, none of the older keys have been
retired. This addresses Bug 218860 requested by David Runge at Arch Linux. Key
details:
$ gpg --fingerprint 0D23D34C577B08C4082CFD76430C5CFF993116B1
pub   ed25519 2024-10-26 [SC]
      0D23 D34C 577B 08C4 082C  FD76 430C 5CFF 9931 16B1
uid           [ultimate] Andrew G. Morgan (2024+ libcap signing key)
<morgan@kernel.org>
sub   cv25519 2024-10-26 [E]
      Expand use of various $(xFLAGS) to building simple binaries in the build tree.
Requested by Pierre-Clément Tosi.
      Numerous documentation updates and clarifications.
      Added a programming example to the cap package documentation. Exploring how to
embed viewer runnable content in the automatically generated online pkg.go.dev
documentation.
      Work around a longstanding glibc segfault annoyance for in-build-tree testing.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libarchive

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libarchive: Update to version 3.7.7

- Update from version 3.7.4 to 3.7.7
- Update of rootfile
- Fixes for 3 CVE's in 3.7.5
- Changelog
    3.7.7
Security fixes:
    gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz)
    tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
    tar: fix two leaks in tar header parsing (#2377)
Important bugfixes:
    7-zip: read/write symlink paths as UTF-8 (#2252)
    cpio: exit with an error code if an entry could not be extracted (#2371)
    rar5: report encrypted entries (#2096)
    tar: fix truncation of entry pathnames in specific archives (#2360)
    windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363)
    3.7.6
This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337)
Important bugfixes.
    tar: clean up linkpath between entries (#2343)
    tar: fix memory leaks when processing symlinks or parsing pax headers (#2338)
    iso: be more cautious about parsing ISO-9660 timestamps (#2330)
    3.7.5
Security fixes:
    fix multiple vulnerabilities identified by SAST (#2251, #2256)
    cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
    lzop: prevent integer overflow (#2174)
    rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
    rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
    rar4: fix OOB in delta and audio filter (#2148, #2149)
    rar4: fix out of boundary access with large files (#2179)
    rar4: add boundary checks to rgb filter (#2210)
    rar4: fix OOB access with unicode filenames (#2203)
    rar5: clear 'data ready' cache on window buffer reallocs (#2265)
    rpm: calculate huge header sizes correctly (#2158)
    unzip: unify EOF handling (#2175)
    util: fix out of boundary access in mktemp functions (#2160)
    uu: stop processing if lines are too long (#2168)
Important bugfixes:
    7zip: fix issue when skipping first file in 7zip archive that is a
  multiple of 65536 bytes (#2245)
    ar: fix archive entries having no type (#2290)
    lha: do not allow negative file sizes (#2155)
    lha: fix integer truncation on 32-bit systems (#2161)
    shar: check strdup return value (#2173)
    rar5: don't try to read rediculously long names (#2259)
    xar: fix another infinite loop and expat error handling (#2150)
    many Windows fixes, cleanups and improvements

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship less

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

less: Update to version 668

- Update from version 661 to 668
- Update of rootfile not required
- Changelog
    668
* Make 256/true colors work better on Windows without -Da
  (github #539, github #546, github #562).
* Fix build using --with-secure (github #544).
* Fix crash when using --header on command line (github #545).
* Fix possible crash when scrolling left/right or toggling -S (github #547).
* Fix bug when using #stop in a lesskey file (github #551).
* Fix bug when using --shift or --match-shift on command line with
  a parameter starting with '.' (github #554).
* Fix bug in R command when file size changes (github #553).
* Fix bug using --header when file does not fill screen (github #556).
* Fix ^X bug when output is not a terminal (github #558).
* Fix bug where ^Z is not handled immediately (github #563).
* Fix bug where first byte from a LESSOPEN filter is deleted if it is
  greater than 0x7F (github #568).
* Fix uninitialized variable in edit_ifile (github #573).
* Fix incorrect handling of UTF-8 chars in prompts (github #576).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship krb5

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

krb5: Update to version 1.21.3

- Update from version 1.21.2 to 1.21.3
- Update of rootfile not required
- Changelog
1.21.3
* Fix vulnerabilities in GSS message token handling [CVE-2024-37370,
CVE-2024-37371].
* Fix a potential bad pointer free in krb5_cccol_have_contents().
* Fix a memory leak in the macOS ccache type.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship knot

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

knot: Update to version 3.4.2

- Update from version 3.3.8 to 3.4.2
- Update of rootfile
- Changelog
    3.4.2
Improvements:
- knotd: new warning log upon every incremental update if previous
  zone signing failed
- mod-cookies: support for two secret values specification
- keymgr: key pregenerate works even when a KSK exists
- libs: upgraded embedded libngtcp2 to 1.8.1
Bugfixes:
- knotd: server can crash when processing just a terminal label as QNAME
- knotd: failed to compile if no atomic operations available
- kjournalprint: failed to merge zone-in-journal if followed by a
  non-first changeset
- knot-exporter: faulty escape sequence in time value parsing
- knot-exporter: failed to parse zone-status output
- kxdpgun: periodic statistics doesn't work correctly for longer time
    periods
    3.4.1
Features:
- knotd: ACL configuration allows protocol specification (see
  'acl.protocol')
- knotc: support for benevolent zone updates (see zone-begin with
  '+benevolent')
- knotd: implemented TLS session resumption
- knotd: pending TLS connections leak memory when the server shuts down
- kjournalprint: added print merged changesets mode (see '-M')
- libknot: added NXNAME meta type (Thanks to Jan Včelák)
Improvements:
- knotd: DNSKEY synchronization event logs removed/added *DNSKEYs
- knotd: control command log message contains filters and flags in
  the debug mode
- knotc: zone status prints running, pending, and frozen duration
- knotd,knotc: unification of control flags and filters
- keymgr: key listing reports configured keys that are inaccessible
- libs: upgraded embedded libngtcp2 to 1.8.0
- doc: various fixes and updates
Bugfixes:
- knotd: missing support for IPv6 link local address configuration
- knotd: zone reload occasionally causes a core dump #939 (Thanks to
  lidcc2)
- knotd: race condition in DDNS over QUIC processing
- knotd: imperfect signal handling on some auxiliary threads
- knotd: EDNS EXPIRE not updated when zone signing results in up-to-date
- knotd: failed to reload autogenerated QUIC/TLS key after process
  ownership change
- knotc: zone backup filter +keysonly doesn't disable other defaults
- kxdpgun: failed to receive more data over QUIC until 1-RTT
    handshake is done
- knsupdate: memory leak if rdata parsing fails
- doc: failed to install manual pages from a tarball
- Dockerfile: TCP port 853 not exposed for DoT
    3.4.0
Features:
- knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS
  over TLS')
- knotd: bidirectional XFR over TLS (XoT) support with opportunistic,
  strict, and mutual authentication profiles
- knotd: support for DDNS over QUIC and TLS
- knotd: DNSSEC validation requires the remaining RRSIG validity is
  longer than 'rrsig-refresh'
- knotd: new event for automatic DNSSEC revalidation
- knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the
  earliest RRSIG expiration
- knotd: added support for libdbus as an alternative to systemd dbus
          (see '--enable-dbus=libdbus' configure parameter)
- knotd: new XDP-related configuration options
          (see 'xdp.ring-size', 'xdp.busypoll-budget', and
  'xdp.busypoll-timeout')
- knotc: new command for explicit triggering DNSSEC validation (see
  'zone-validate' command)
- keymgr: SKR verification requires end of DNSKEY RRSIG validity
   covers next DNSKEY snapshot
- kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA,
ZONEMD, and TSIG
- knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and
      '-S' parameters)
- kxdpgun: support for reading a binary input file (see '-B' parameter)
- kxdpgun: support for output in JSON (see '-j' parameter)
- kxdpgun: support for periodical output (see '-S' parameter)
- mod-rrl: module offers limiting of non-UDP protocols based on
    consumed time (see 'mod-rrl.time-rate-limit' and
    'mod-rrl.time-instant-limit')
- utils: -VV option for listing compile time configuration summary
Improvements:
- knotd: up to eight DDNS queries can be queued per zone when frozen
- knotd: the number of created/validated RRSIGs is logged
- knotd: overhaul of atomic operations usage
- knotd: unified DNAME semantic errors with the CNAME ones
          (see 'Handling CNAME and DNAME-related updates')
- knotd: better DDNS pre-check to prevent dropping a bulk of updates
- knotd: extended SOA presence semantic checks
- knotd: disallowed concurrent control zone and config transactions
  to avoid deadlock
- knotd: disallowed opening zone transaction when blocking command is
  running to avoid deadlock
- knotd: new XDP statistic counters
- knotd: remote zone serial is logged upon received incoming transfer
- knotd: zone backup stores and zone restore checks the CPU
  architecture compatibility
- knotd: time configuration options support 'w', 'M', and 'y' units
- knotd: some control commands can be processed asynchronously
- knotc: zone backup overwrites already existing backupdir in the
  force mode
- kdig: EDNS is enabled by default
- kdig: the default EDNS payload size was lowered to 1232
- mod-rrl: completely reimplemented UDP rate limiting using an efficient
            query-counting mechanism on several address prefix lengths
- mod-rrl: module no longer requires explicit configuration
- libknot: various XDP improvements and new configuration parameters
- docker: increased -D_FORTIFY_SOURCE to 3
Bugfixes:
- knotd: deadlock during zone-ksk-submitted processing of a frozen zone
- kxdpgun: race condition in SIGUSR1 signal processing
- doc: parallel build is unreliable #928
Compatibility:
- configure: increase minimal GnuTLS version to 3.6.10
- configure: removed deprecated libidn 1 support
- configure: removed liburcu search fallback
- configure: required GCC or LLVM Clang compiler with C11 support
- knotd: removed already ignored obsolete configuration options
- keymgr: removed legacy parameter '--brief'
- kjournalprint: removed legacy parameter '--no-color'
- kjournalprint: removed legacy database specification without '--dir'
- kcatalogprint: removed legacy database specification without '--dir'
- packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported
- doc: removed info pages
    3.3.9
Improvements:
- libknot: added EDE code 30
- libknot: improved performance of knot_rrset_to_wire_extra()
- libs: upgraded embedded libngtcp2 to 1.7.0
- doc: various fixes and updates
Bugfixes:
- keymgr: pregenerate clears future timestamps of old keys and
   creates new keys
- mod-dnsproxy: defective TSIG processing
- mod-dnsproxy: TCP not detected in the XDP mode
- kxdpgun: unsuccessful interface initialization leaks memory
- packaging: libknot not installed with python3-libknot

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship kmod

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

kmod: Update to version 33

- Update from version 32 to 33
- Update of rootfile
- Changelog
    33
- Improvements
- Allow to handle compressed modules even without decompression
  libraries linked in. Previously we would detect if the kernel
  supported the decompression algorithm and pass the module directly
  through finit_module(). However it wouldn't consider the file if
  the respective decompression library was compiled out. Now it's
  possible to completely disable all libraries and still have module
  load working with libkmod.
  Tools that inspect module content themselves like modinfo and depmod
  won't work if the decompression library is not enabled.
- Add weak dependencies - these are similar to pre softdep, but they
  don't cause the dependency to be loaded by libkmod: when a module has
  a weak dependency, it is expected that module may or may not be used,
  with decision happening in runtime by the kernel. It's purpose is to
  be informational for other tools like ones used to create initramfs,
  so the module is made available before switch_root(), but doesn't
  imply it to be loaded when not needed.
- Improve compatibility with non-gnu libc like musl and uClibc. Now it's
  possible to build and use libkmod and tools without any additional
  compat patches.
- Move manpages from xsltproc to scdoc, which is now needed during build.
- Improve documentation in manpages, fixing typos, rewording sentences,
  detailing how configuration files are handled with precedence order
  and making all the manpages more consistent on how to reference
  options, environment variables, configuration, authors, etc.
- Speed up zstd decompression, particularly when not using glibc.
- Stop parsing .alias files from modprobe.d directories. Configuration
  files were always documented as needing the .conf extension. For
  compatibility reason with module-init-tools, kmod also parsed .alias
  files. However that was also done in module-init-tools for
  compatibility reasons and not documented anywhere. From inspection
  on what distros are using, none use .alias files in practice, so
  stop parsing those files and follow what's documented.
- Adopt SPDX for license and cleanup comments on individual files.
- Since kmod 29 there's a github mirror for the repository. Now it's
  also used for issues and improvement tracking. With that, the old
  TODO file has been removed and distros/users are encouraged to file
  issues in github.
- Bug fixes
- Move kmod.pc to the right dir, ${datadir}/pkgconfig, as it's related
  to kmod, not libkmod.
- Fix error handling while loading a file and mmap fails.
- Fix error handling while handling errors from the decompression
  libraries.
- Add missing documentation for KMOD_INDEX_MODULES_BUILTIN that was
  added in v27 breaking the ABI. A wide search has found one external
  tool using it, which hasn't been updated in the past 12 years. It
  was deemed safe to simply update the documentation to include the
  missing enum.
- Move kmod_module_new_from_name_lookup() to the correct symbol
  version. It was added by mistake to @LIBKMOD_5 when v30 got released.
  No external user of this API was found, so it was considered safe
  to just move it.
- Others
- Overwrite symlinks when installing tools.
- General cleanup of how (de)compression libraries are integrated.
- Add CI infrastructure to automatically test in several distros
  before applying commit series. Currently the latest versions of
  Alpine, Archlinux, Fedora and Ubuntu are covered. More distros are
  easy to add as they are all containerized.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship json-c

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

json-c: Update to version 0.18

- Update from version 0.17 to 0.18
- Update of rootfile
- Changelog
    0.18
Deprecated and removed features:
* Clean up pre-3.9 CMake support in CMakeLists.txt
New features
* Build pkg-config for msvc as well
Significant changes and bug fixes
* Critical fix for binary compatibility with 0.16: Move the
  json_tokener_error_memory entry to the end of enum json_tokener_error.
* Issue #829: attempt to detect clang-cl.exe and pass MSVC-compatile
  command line arguments.
* PR #831 - rename WIN32 to _WIN32
* PR #839 - Fix gcc 5 "may be used uninitialized" failure in
  json_pointer.c
* PR #849 - random_seed.c: add a Coverity Scan suppression
* Issue #854: Set error=json_tokener_error_memory in
  json_tokener_parser_verbose() when allocating the tokener fails.
* Issue #857: fix a few places where json_tokener should have been
  returning json_tokener_error_memory but wasn't.
* Handle yet another out-of-memory condition in json_tokener,
  duplocate can return NULL.
* Various fixes in the fuzzers
* A few minor doc fixes

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship dnsforward.cgi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Makes entries in dnsforward.cgi visible

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship iputils

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

iputils: Update to version 20240905

- Update from version 20240117 to 20240905
- Update of rootfile not required
- Changelog
    20240905
Mostly ping fixes release.
* Notable changes (for details see below)
- Allow to disable reverse DNS resolution (PTR lookup) with with environment
  variable IPUTILS_PING_PTR_LOOKUP=0
- Lower max allowed -s value to 65507 (IPv4) or 65527 (IPv6). That is the
  maximum the Linux kernel supports.
- Include pre-generated man pages & HTML docs in dist tarballs. This allows to
  avoid libxslt, docbook, ... as a build dependencies.
- require meson >= 0.44
- ping has new option -3
* ping
- Allow to disable reverse DNS resolution (PTR lookup) with with environment
  variable IPUTILS_PING_PTR_LOOKUP=0 (commit: 6fc68b1, PR: #553, issue: #531)
- Add option -3 (don't round up the RTT time) (commit: 48ae5c9, PR: #540)
- fix: Fix IPv4 checksum check always succeeding once again (commit: bacf1b7,
  PR: #534)
- fix: Lower max allowed -s value to 65507 (IPv4) or 65527 (IPv6) (commit:
  1e24c5b, issue: #542, PR: #550)
- fix: Fix node info exit code (commit: 3840637, issue: #528)
- fix: Fix integer overflow for high -s values (commit: aaa3dc3, issue: #542, PR:
  #550)
- fix: Fix EMSGSIZE on -s > 65527 on ICMP datagram socket (commit: aaa3dc3,
  issue: #542, PR: #550)
- fix: Fix print time_t problem on 32 bits platform (commit: 0fd2db7, PR: #533)
- fix: Fix exit code on missing target (commit: 294a65f, issue: #528)
- fix: check return value of write() to avoid integer overflow (commit: 0f12e6d,
  PR: #545)
- setcap-setuid.sh: Add cap_net_admin for ping (commit: 19718b0, issue: #515)
- man: Document CAP_NET_ADMIN for -m (commit: 5b7ba7d, issue: #515)
- reduce duplicity in warnings (commit: 0c08152, issue: #515)
* arping
- fix: Fix exit code if receive more replies than sent (commit: b589819, issue:
  #538, PR: #546)
- fix: Fix unsolicited ARP regressions on -c > 1 (commit: 5de892d, issue: #536,
  PR: #543)
- fix: Fix 1s delay on exit for unsolicited arpings (commit: 4db1de6, issue:
  #536, PR: #541)
* clockdiff
- fix: Fix print time_t problem on 32 bits musl (commit: f2c322a)
- fix: Fix loading localization on clockdiff (commit: c1b0e28)
* tracepath
- fix: Fix print time_t problem on 32 bits musl (commit: 536d40e)
* Meson build system
- include pre-generated man pages & HTML docs in dist tarballs (commit:
  535f6de, issue: #479, PR: #520, https://bugs.gentoo.org/908817
  https://bugs.gentoo.org/920901)
- require meson >= 0.44 (released 2017, commit: c4bed6d)
* CI
- test 'meson dist' (commit: 2e8b3b2, b698ef6)
- add 32bit build (commit: 22debcf)
- build.sh: Configure with meson properly (commit: 01434a6)
- remove Centos 7 (EOL, commit: 8037de5)
* Localization
- 100% translated: Czech, Finnish, Georgian, German, Indonesian, Japanese,
  Korean, Portuguese (Brazil), Turkish, Ukrainian
- Mostly translated: Chinese (Simplified), French
- Fix loading localization on clockdiff

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship iana-etc

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship ipset

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

ipset: Update to version 7.22

- Update from version 7.19 to 7.22
- Update of rootfile not required
- Changelog
    7.22
  - ipset: fix json output format for IPSET_OPT_IP (Z. Liu)
  - tests: add namespace test and take into account delayed
    set removal at module remove
  - Update autoconfig tools to build cleanly on Debian bookworm
    7.21
  - The patch "Fix hex literals in json output" broke save mode, restore it
  - Fix -Werror=format-extra-args warning
  - Workaround misleading -Wstringop-truncation warning
    7.20
  - Ignore *.order.cmd and *.symvers.cmd files in kernel builds
  - Bash completion utility updated
  - Fix json output for -name option (Mark)
  - Fix hex literals in json output
  - tests: increase timeout to cope with slow virtual test machine

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship iproute2

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

iproute2: Update to version 6.11.0

- Update from version 6.10.0 to 6.11.0
- Update of rootfile not required
- Changelog details are only available from the git repository commits
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship intel-microcode

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

intel-microcode: Update to version 20241112

- Update from version 20241029 to 20241112
- Update of rootfile not required
- Changelog
    20241112
    Security updates for INTEL-SA-01101
    Security updates for INTEL-SA-01079
    Updated security updates for INTEL-SA-01097
    Updated security updates for INTEL-SA-01103
    Update for functional issues. Refer to Intel® Core™ Ultra Processor for
     details.
    Update for functional issues. Refer to 14th/13th Generation Intel® Core™
     Processor Specification Update for details.
    Update for functional issues. Refer to 12th Generation Intel® Core™
     Processor Family for details.
    Update for functional issues. Refer to 5th Gen Intel® Xeon® Scalable
     Processors Specification Update for details.
    Update for functional issues. Refer to 4th Gen Intel® Xeon® Scalable
     Processors Specification Update for details.
    Update for functional issues. Refer to 3rd Generation Intel® Xeon®
     Processor Scalable Family Specification Update for details.
    Update for functional issues. Refer to Intel® Xeon® D-2700 Processor
     Specification Update for details.
    Update for functional issues. Refer to Intel® Xeon® D-1700 and D-1800
     Processor Family Specification Update for details
Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
ADL C0 06-97-02/07 00000036 00000037 Core Gen12
ADL H0 06-97-05/07 00000036 00000037 Core Gen12
ADL L0 06-9a-03/80 00000434 00000435 Core Gen12
ADL R0 06-9a-04/80 00000434 00000435 Core Gen12
EMR-SP A0 06-cf-01/87 21000230 21000283 Xeon Scalable Gen5
EMR-SP A1 06-cf-02/87 21000230 21000283 Xeon Scalable Gen5
MTL C0 06-aa-04/e6 0000001f 00000020 Core™ Ultra Processor
RPL-H/P/PX 6+8 J0 06-ba-02/e0 00004122 00004123 Core Gen13
RPL-HX/S C0 06-bf-02/07 00000036 00000037 Core Gen13/Gen14
RPL-S H0 06-bf-05/07 00000036 00000037 Core Gen13/Gen14
RPL-U 2+8 Q0 06-ba-03/e0 00004122 00004123 Core Gen13
SPR-SP E3 06-8f-06/87 2b0005c0 2b000603 Xeon Scalable Gen4
SPR-SP E4/S2 06-8f-07/87 2b0005c0 2b000603 Xeon Scalable Gen4
SPR-SP E5/S3 06-8f-08/87 2b0005c0 2b000603 Xeon Scalable Gen4
New Disclosures Updated in Prior Releases
Processor Stepping F-M-S/PI Old Ver New Ver Products
ICL-D B0 06-6c-01/10 010002b0 N/A Xeon D-17xx/D-18xx, D-27xx/D-28xx
ICX-SP Dx/M1 06-6a-06/87 0d0003e7 N/A Xeon Scalable Gen3

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

iana-etc: Update to version 20241024

- Update from version 20240813 to 20241024
- Update of rootfile not required
- No changelog provided.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship i2c-tools

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

i2c-tools: Update to version 4.4

- Update from version 4.3 to 4.4
- Update of rootfile not required
- Changelog
    4.4
  tools: Use getopt
         Implement and document option -h
  eeprog: Use force option when data comes from a pipe
  i2cdetect: Display more functionality bits with option -F
  i2cdump: Remove support for SMBus block mode
  i2cget: Document SMBus block mode
          Fix the return code of option -h
  i2cset: Fix the return code of option -h
  i2ctransfer: Sort command line options and add to help text
               Add an option to print binary data
               Drop redundant variable arg_idx
  py-smbus: Install in the defined prefix
            Use setuptools instead of distutils

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship glib

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

glib: Update to version 2.83.0

- Update from version 2.77.0 to 2.83.0
- Update of rootfile
- Changelog
   Fix for a NCVE in 2.81.0
    2.83.0
* Update to Unicode 16.0.0; there may be bugs in linebreaking support, see #3518
  (#3460, work by Philip Withnall)
* Optimise UTF-8 validation of strings, including use of ifuncs to prevent
  spurious warnings from sanitizers and valgrind (#3481, work by Christian
  Hergert)
* Fix a potential buffer overflow in `GSocks4aProxy` (#3461, work by
  Michael Catanzaro)
* Change the default value of -Dglib_debug from `auto` to `enabled` for
  developers — distributions will almost certainly want to override it to
  `-Dglib_debug=disabled` for package release builds though; see #3421
* Revert per-instance locking changes in `GCancellable` as they introduced new
  races (#3448)
* Bump Meson dependency to 1.4.0 (!4244, work by Benjamin Gilbert)
* Rename multiple `g_unix_mount_*()` APIs to `g_unix_mount_entry_*()` (#3492,
  work by Jialu Zhou)
* Add a new `GFileMonitor` backend for macOS and BSD: libinotify-kqueue (!3657,
  work by Gleb Popov)
* Add APIs for sync, async and finish function annotations to libgirepository
  (!3746, work by Evan Welsh)
* Bugs fixed:
  - #3289 readlink -f fails in CI on macOS
  - #3415 module-test-library and module-test-plugin tests fail on FreeBSD and
    muslc (Philip Withnall)
  - #3417 Investigate trampoline performance implications in g_mutex_lock_impl()
    changes (Philip Withnall)
  - #3421 Default value for glib_debug meson option (Philip Withnall)
  - #3444 deprecation warnings when using gobjectnotifyqueue.c
  - #3450 Should check for epoll_create1 rather than epoll_create (Philip
    Withnall)
  - #3451 Gio.MenuModel docs have an outdated UI example (Philip Withnall)
  - #3456 Test /unix-mounts/get-mount-entries fails unless libmount is enabled
    (Philip Withnall)
  - #3458 scan-build CI job fails due to gvdb subproject not having meson.build
    (Philip Withnall)
  - #3460 "404: Page not found" Error on "submitted as merge requests" Link
    (Philip Withnall)
  - #3461 Buffer overflow in set_connect_msg() (Michael Catanzaro)
  - #3464 g-ir-scanner fails silently on msys2 CI jobs (Philip Withnall)
  - #3465 Avoid GError for control flow in GResources
  - #3469 Unclear correctness of g_malloc() in pattern_coalesce() (Michael
    Catanzaro)
  - #3470 Update to Unicode 16.0.0 (Philip Withnall)
  - #3472 Overactive GVariantTypeInfo collection causes considerable overhead
    (Christian Hergert)
  - #3477 Determine policy on 32-bit support (Philip Withnall)
  - #3478 Incorrect Examples in GVariant Specification (Christian Hergert)
  - #3480 glib/gvariant: incorrect use of G_ANALYZER_ANALYZING (Christian
    Hergert)
  - #3481 Discussion: utf8 validation optimization (Christian Hergert)
  - #3483 mainloop Unix FD test intermittently fails on Hurd (Philip Withnall)
  - #3484 g_app_info_launch_default_for_uri no longer works on macOS
  - #3486 GVariant inline allocation support broke i686/32-bit builds (Christian
    Hergert)
  - #3488 `glib` does not properly detect `gobject-introspection` (Philip
    Withnall)
  - #3489 Multicast cannot be joined on Mac OS on non-default interface
    (Nirbheek Chauhan)
  - #3490 Meson: fix support for aarch64-w64-mingw32 (Windows on ARM64) (Carlo
    Bramini)
  - #3492 Incorrect Documentation for g_unix_mount_get_mount_path Return Value
    Ownership (Jialu Zhou)
  - #3500 AIX: build failure due to pollfd structure change (Parth Patel)
  - #3502 Test regressions with tzdata 2024b (Rebecca N. Palmer)
  - #3508 g_array_free and free_seg
  - #3512 AIX: Undefined symbol related to ASAN Sanitizer
  - !3657 Introduce a new GFileMonitor backend: libinotify-kqueue
  - !3746 girepository: Add APIs for sync, async, and finish function
    annotations
  - !3816 Update the wrap file for gi-docgen
  - !4126 build: Enable -Wfloat-conversion and fix warnings
  - !4176 tests: Expand tests for app launching via D-Bus
  - !4196 refstring: add GEqualFunc for ref-counted strings
  - !4202 simpleproxyresolver: Ignore host with scope id
  - !4204 Fix minor issues found by static analysis, and add some additional
    code comments
  - !4216 build: Post-release version bump
  - !4218 Persian l10n
  - !4219 tests: Run lint tests with detected bash
  - !4223 Update Korean translation
  - !4224 Update Catalan translation
  - !4225 Update Czech translation
  - !4226 Update Portuguese translation
  - !4227 gspawn: close child_err_report_fd before exiting on error
  - !4235 Update Ukrainian translation
  - !4236 Cherry pick Polish and Brazilian Portuguese translations from
    glib-2-82 to main
  - !4237 Update French translation
  - !4239 Update Galician translations for main
  - !4243 gresource: Convert docs to gi-docgen linking syntax
  - !4244 build: Bump Meson dependency to 1.4.0
  - !4245 resource: Add g_resource[s]_has_children and avoid a pointless
    allocation
  - !4248 dir: Avoid some allocations
  - !4252 gio: Fix overindented docstring of buffer argument
  - !4253 Update Bulgarian translation
  - !4254 Update British English translation (main)
  - !4256 Updated Lithuanian translation
  - !4257 Update Hungarian translation
  - !4260 Collation keys are not encoded in UTF-8
  - !4261 gsocket windows: check event before calling WSAEnumNetworkEvents
  - !4262 Update Russian translation
  - !4264 Update Danish translation
  - !4267 Update Georgian translation
  - !4268 subprojects: Update pcre2 to 10.44
  - !4269 docs(glib): Fix link in string-utils ref
  - !4272 gio: Add a query_exists vfunc to GFile
  - !4277 tests: Add some explicit float → int casts
  - !4278 GDBus: Don't log a message for G_DBUS_CONNECTION_FLAGS_CROSS_NAMESPACE
  - !4286 glib/gvariant: avoid GVariantType copy for stack builders
  - !4288 girepository: Make _blob_is_registered_type static inline
  - !4290 glib/gbytes: save small byte buffers inline
  - !4292 Fix incorrect use of assert/debug/check macros
  - !4293 gvarianttypeinfo: reduce caching overhead
  - !4294 gvarianttype: mark const functions as such
  - !4295 gvariant: Avoid malloc/free in valid_format_string()
  - !4296 glib/gvariant: use g_utf8_validate() for strlen
  - !4297 glib/gvarianttype: g_variant_type_is_subtype_of() fastpath
  - !4298 glib/gvariant: avoid g_renew() for definite tuples
  - !4299 glib/gvariant: Avoid extraneous GBytes ref counting
  - !4300 gpoll windows: use a threadpool when polling large number of fds
  - !4301 glib/gvariant: Inline small gvariant data using C99 flexible arrays
  - !4302 glib/gvariant: skip bitlock for g_variant_ref_sink()
  - !4303 gbytes: Convert docs to gi-docgen linking syntax
  - !4304 gutf8: Convert docs to gi-docgen linking syntax
  - !4305 build: switch back to c_std=gnu99 pending ObjC fix
  - !4307 ci: Re-enable fatal warnings for FreeBSD CI
  - !4308 utils: Add g_steal_handle_id() to complement g_clear_handle_id()
  - !4310 tests: FreeBSD doesn't use glibc
  - !4311 tests: Move fake-document-portal subprocess inside dbus-appinfo test
  - !4313 remove quadratic behavior in g_string_replace
  - !4315 fuzzing: Add simple fuzz test for g_string_replace()
  - !4318 CI: Use Visual Studio 2019 for the MSVC CI
  - !4321 gvariant-core.c: Fix suffix alignment on 32-bit MSVC builds
  - !4322 gvariant: Fix unused variables when G_DISABLE_ASSERT is defined
  - !4323 gbytes: Add an assertion to placate static analysis
  - !4326 gvarianttype: Add two missing (nullable) annotations and port docs to
    gi-docgen format
  - !4327 gio/gdatainputstream: use memchr() when possible
  - !4331 gir: Ignore function-inline and method-inline elements
  - !4332 gstring: Fix a heap buffer overflow in the new g_string_replace() code
  - !4334 fuzzing: Add input length limits on g_string_replace() test
  - !4335 docs: Update CI platforms list and Visual Studio recommendation
  - !4338 CI/MSYS2: Fix prefix for gobject-introspection
  - !4339 Win32 cleanup: do not define STRICT
  - !4340 gsocket: Fix #ifdef for defining g_socket_get_adapter_ipv4_addr()
  - !4341 gio: Use g_steal_handle_id() with signal unsubscriptions
  - !4342 CI: Add manual CI job for VS2019 ARM64 builds
  - !4343 CI: Skip PCRE2 tests for now for 32-bit Visual Studio builds
  - !4344 glib/gutf8: use ifunc to check for valgrind
  - !4345 fuzzing: Add fuzz tests for GDataInputStream’s complex read methods
  - !4346 gdate: Fix minor typo in documentation comment
  - !4347 docs: Add Meson to the GSettings build integration
  - !4348 gdatainputstream: Fix length return value on UTF-8 validation failure
  - !4350 glib: Don't require GLIB_DOMAIN to be a NUL-terminated string
  - !4351 Build fixes for building on Solaris & illumos
  - !4352 gdatainputstream: Use memchr() for the multi-stop-char case too
  - !4353 docs: Add CI runner maintainers to CODEOWNERS
  - !4354 glib.supp: Suppress more _g_io_module_get_default_type leaks
  - !4358 Add a CI job for Debian stable i386 (32-bit)
  - !4359 tests: Use g_assert_*() rather than g_assert() in GDateTime tests
  - !4365 fuzzing: Fix buffer overread error in the fuzz test itself
  - !4366 glocalfile: Disable faccessat()-based query_exists on FreeBSD
  - !4367 tests: Fix calls to deprecated API in unix-mounts tests
  - !4373 macos: Remove extraneous space from type identifier
  - !4374 thread: Force-limit thread name length
  - !4375 Small improvements to g_on_error_stack_trace and g_on_error_query
  - !4376 Enable GNetworkMonitorNetlink on FreeBSD
  - !4377 gvariant: Introduce G_VARIANT_BUILDER_INIT_UNSET
  - !4378 gio: Fix GFileEnumerator leaks in gio tools
  - !4383 gtask: Fix comment for auto task naming via 'g_task_set_source_tag()'
    2.81.2
* Various introspection annotation changes (!4161, !4162, !4180, work by
  multiple people)
* Bugs fixed:
  - #2868 g_openuri_portal_open_uri_async: Does not accept a xdg-activation
    token (Julian Sparber)
  - #2885 Use TAP protocol 14 with newer meson (Marco Trevisan (Treviño))
  - #3315 unix test crashes intermittently on musl with alternate stack code
    (Philip Withnall)
  - #3381 Actually use Fedora 39 on CI (Marco Trevisan (Treviño))
  - #3403 GOsxAppInfo missing async launch implementation
  - #3429 gsettings list-recursively with --schemadir crashes with trace trap
    (core dumped) if no other schemas are installed on the system
  - !2980 ghash: fix g_hash_table_steal_extended() when requesting key and value
    of a set
  - !4161 GVariant: Add copy-func and free-func annotations
  - !4162 GBytes: Add copy-func and free-func annotations
  - !4163 gunixmounts: Add mount point/entry getters from files and add tests
    based on them
  - !4177 gmain: Adapt to gi-docgen comments
  - !4179 2.81.1
  - !4180 glib/mappedfile: g_mapped_file_get_contents() does not transfer
  - !4181 docs: Linkify a function
  - !4182 gstring: fix unused-result warning with g_string_free() in C++
  - !4186 doap: Remove invalid maintainer entry
  - !4187 docs: Fix mistakes from the GTK-Doc to GI-DocGen conversion
  - !4188 gobjectnotifyqueue: add G_GNUC_UNUSED in unused parameters
  - !4192 ghash: Fix the documentation of GHRFunc
  - !4193 docs: Clarify distinction between GDrive, GVolume and GMount
    2.81.1
* Add g_sort_array() and deprecate g_qsort_with_data(), to ensure that
  it can be used with GArray without truncating the data set.
* Continue the port of the documentation over from gtk-doc to gi-docgen.
* Add network monitor implementation for macOS.
* Use per-instance locking in GCancellable, and fix races when disposing
  of a GCancellable.
* Ensure that errno is appropriately set when using g_ascii_strtoull()
  and similar functions.
* Bugs fixed:
  - #774 g_cancellable_connect() doesn't work like its docs claim, has race
    condition (Marco Trevisan (Treviño))
  - #1326 Network monitor support for macOS
  - #2309 cancellable test leaks many GCancellableSource objects (Marco Trevisan
    (Treviño))
  - #2313 gmenumodel test leaks GCancellableSource objects (Marco Trevisan
    (Treviño))
  - #2765 Descriptions for GSourceFuncs structure's members do not appear in
    generated docs (Gary Li)
  - #3370 Fails to build with Clang on Windows with ninja 1.12
  - #3393 Crash with Gio.Resolver
  - #3399 GContentType, GAppInfo, GSpawn, GThread introspection annotations
    missing on Windows
  - #3415 module-test-library and module-test-plugin tests fail on FreeBSD and
    muslc (Philip Withnall)
  - #3418 g_ascii_string_to_unsigned() can fail when it should succeed if
    get_C_locale() clobbers errno (Simon McVittie)
  - #3419 Could not build latest commit in macos sonoma 14.5 (Roshan-R)
  - !4113 Port some GIO files to gi-docgen
  - !4127 gqsort: Add g_sort_array() and deprecate g_qsort_with_data()
  - !4128 gasyncresult: Port all doc comments to gi-docgen
  - !4130 Fix gsocketclient-slow test on FreeBSD
  - !4131 GAsyncQueue: Add copy-func and free-func annotations
  - !4133 replace package.version.Version by internal code
  - !4136 gobject: Remove unused variable from macro
  - !4137 codegen: resolve pylint import issues
  - !4138 gobject: Fix macro name in comment; improve style
  - !4140 Docs: Replace Gio.MenuModel diagram with SVG
  - !4142 docs: Add source location URL
  - !4143 codegen: Drop unused import
  - !4144 gi: Add missing Since annotation
  - !4145 gfilteroutputstream.c: Port all doc comments to gi-docgen
  - !4146 gbufferedinputstream: Port all doc comments to gi-docgen
  - !4148 gbufferedoutputstream.c: Port doc comments to gi-docgen
  - !4149 tests: Make an error check less specific in gsocketclient-slow
  - !4150 glib-private: fix build under Cygwin
  - !4152 tests: Fix compilation of resolver-parsing test on FreeBSD
  - !4154 gmodule-dl: fix G_MODULE_BIND_LOCAL on Darwin
  - !4155 gfile: Add support for x-gvfs-trash mount option
  - !4157 docs(GNode): Traversal diagrams, color & dark-mode
  - !4158 gspawn: Move docs/annotations to be platform independent
  - !4159 introspection: Correct GIO-Windows pkg-config name
  - !4164 docs: Clarify that G_GNUC_UNUSED can’t be used on definitions
  - !4165 docs: Clarify conventions about type naming and name mangling in
    GObject
  - !4166 gmacros: Define G_STATIC_ASSERT for GI Scanner
  - !4167 gappinfo and gcontenttype: Make introspection annotations available on
    all platforms
  - !4173 CI: Mark msys2-mingw32 as allowing failures
  - !4174 meson: Fix another kqueue build race on macOS
    2.81.0
* Add a strong recommendation to build with a toolchain that supports C11; this
  will become a hard requirement in future stable release cycles (!4082, work by
  Emmanuele Bassi)
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
  vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
  Alicia Boya García)
* Fix a regression with IBus caused by the fix for CVE-2024-34397 (#3353,
  work by Simon McVittie)
* Fix Devhelp documentation indexes (#3287, work by Philip Withnall)
* Fix installation directory of the GVariant specification (#3351, work by
  Michael Catanzaro)
* Change `dtrace` and `systemtap` Meson options to auto-enabled features, and
  change default for `sysprof` from `disabled` to `auto` (#3354, work by Michael
  Catanzaro)
* Change how Python is found at configure time and in script shebangs
  (#3301, #3331, work by multiple people)
* Make various libgirepository APIs return reproducible results by defining an
  order over namespaces (#3303, work by Philip Withnall)
* Ignore `SIGPIPE` for the entire parent process when creating a `GSubprocess`
  (#3310, work by Philip Withnall)
* Use alternate signal stack to receive signals if the process provides one
  (!3983, #3314, #3315, #3337, work by Marco Trevisan, Pablo Correa Gomez,
  Philip Withnall)
* Allow multiple parameters for D-Bus activation of app actions (#3333, work by
  Philip Withnall, Julian Sparber)
* Fix out-of-bounds access when reading >4GiB files (#3397, work by
  Benjamin Otte, Philip Withnall)
* Use `ppoll()` rather than `poll()` where possible for more precise timeouts
  (!3958, work by Christian Hergert)
* Port various parts of the documentation to gi-docgen format (#3250, work by
  Sudhanshu Tiwari, Philip Withnall)
* Fix `futex_time64()` use on Android ≤ 10 (!3987, work by Amyspark)
* Various improvements to bash completion for GLib utilities (!3989, !4012,
  !4013, work by Ville Skyttä, Philip Withnall)
* Bugs fixed:
  - GNOME/tracker-miners#315 3.7.0 - GLib-GIO-WARNING **: 09:27:12.186: Error
    creating IO channel for /proc/self/mountinfo: Invalid argument (g-io-error-
    quark, 13) (Ondrej Holy)
  - GNOME/gobject-introspection#509 Gio Typelib error on method call:
    'gi.repository.Gio' object has no attribute 'content_type_get_icon'
    (Biswapriyo Nath)
  - #564 create introspection-friendly version of g_settings_bind_with_mapping
    (Philip Chimento)
  - #1767 Fix scan-build reports and gate CI pipeline success on scan-build
    success (Philip Withnall)
  - #2896 Links to docs for glib-compile-resources are broken (Emmanuele Bassi)
  - #3184 g_socket_client_connect_to_host_async leaks memory when target host
    doesn't respond to ARP (Philip Withnall)
  - #3254 Property deprecation warning can be issued in cases when deprecated
    property isn't used (Philip Withnall)
  - #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
    vulnerable to unicast spoofing (Simon McVittie)
  - #3286 g_strrstr, g_strrstr_len, g_strstr_len return ownership note is
    incorrect (Philip Withnall)
  - #3287 Devhelp does not show indexes for GLib, GIO, or GObject (Philip
    Withnall)
  - #3289 readlink -f fails in CI on macOS (Simon McVittie)
  - #3290 Cleanup after G_TEST_OPTION_ISOLATE_DIRS follows symlinks (Will
    Thompson)
  - #3301 consider glib development binaries usable without external python
    modules
  - #3303 gi_repository_find_by_gtype is nondeterministic (Philip Withnall)
  - #3310 Race condition in `g_subprocess_communicate()` with
    `G_SUBPROCESS_FLAGS_STDIN_PIPE` (Philip Withnall)
  - #3313 GBookmarkFile documentation links to non-existant page (Philip
    Withnall)
  - #3314 unix test fails on macOS due to alternate signal stack changes
  - #3317 test failures during glib bootstrap
  - #3326 Switch TRUE and FALSE to C99 constants (Emmanuele Bassi)
  - #3333 Gio.Application: Takes only first parameter when activating an action
    via D-Bus Activation (Julian Sparber)
  - #3337 unix test fails under valgrind due to alternate stack changes (Marco
    Trevisan (Treviño))
  - #3342 Crash in gdbus schedule_callbacks() due to missing NULL check before
    g_str_equal() (Philip Withnall)
  - #3351 GVariant specification installed in wrong directory (Michael
    Catanzaro)
  - #3353 Fixing CVE-2024-34397 caused regressions for ibus (Simon McVittie)
  - #3354 Reconsider default values for certain build options
  - #3355 GIBaseInfo/GIBaseInfoStack bitfield definition doesn't match on
    16-bit-aligned-pointer systems
  - #3361 Documentation for i18n is limited, i18n macros not available
    (Emmanuele Bassi)
  - #3363 Factor out untranslatable parts of translatable error messages
  - #3366 Crash in error path of g_dbus_connection_export_menu_model() (Philip
    Withnall)
  - #3369 Remove links to dead developer-old.gnome.org (Philip Withnall)
  - #3372 G_LIKELY doesn’t appear in gi-docgen documentation (Emmanuele Bassi)
  - #3394 GLib unit tests fail on macOS runner due to localhost being out of
    addresses (Philip Withnall)
  - #3397 g_file_load_contents reads large (>4GiB) files past end of array due
    to gsize to guint truncation
  - #3401 Random failures to build glib 2.80.3 (Philip Withnall)
  - #3402 g_output_stream_write fails assertion if buffer is NULL and count is 0
    (Gary Li)
  - !3697 GLocalFile: support trashing long file name
  - !3939 Add g_file_copy_async_with_closures() and
    g_file_move_async_with_closures()
  - !3952 Add unref-to-strv to GStrvBuilder
  - !3954 [th/performance] add script for combining performance results
  - !3958 Use ppoll() when possible for more precise timeouts
  - !3959 [th/gobject-toggle-refs-check] Fix critical warning for toggle
    notifications in g_object_ref()/g_object_unref()
  - !3962 meson: Fix a needless recompilation of some gdbus tests
  - !3966 girparser: Don't assume sizeof(size_t) == sizeof(void *)
  - !3967 girparser: Allow time_t, off_t, etc. to appear in GIR XML
  - !3969 Ported the first few documentation comments in `gio/gaction.c` to gi-
    docgen
  - !3970 girparser: Make sizes in integer_aliases more obviously correct
  - !3972 girparser: Adjust signedness() macro
  - !3973 glib/gvariant: fix compile error with GCC 14.0.1
  - !3974 tests: Mark several additional tests as can_fail on GNU Hurd
  - !3975 build: Post-release version bump
  - !3977 tests: Remove unnecessary subprocess from dataset tests
  - !3978 gio: Fix docs links to description of I/O priority
  - !3979 Don't assume CPU_ISSET will return 0 or 1
  - !3983 gmain: Use alternate signal stack if the application provides one
  - !3984 Fix a typo
  - !3985 gio: Change ‘unrecognised’ to ‘unrecognized’ in various user-visible
    places
  - !3986 Port the remaining documentation comments in `gio/gaction.c` to GI-
    Docgen
  - !3987 glib/gthread-posix: Block futex_time64 usage on Android API level < 30
  - !3988 Introspection: Fix running g-ir-scanner 1.80.x+ on Windows
  - !3989 completion: make gsettings work in nounset mode
  - !3990 docs: spelling and grammar fixes
  - !3993 Convert  __BIONIC__ usages that check for Android to __ANDROID__
  - !3994 glib/gthread-posix: Fix missing saved_errno variable in Android's
    g_futex_simple
  - !3996 docs: Fix g_object_connect()'s docblock
  - !4000 Revert "gmain: Use alternate signal stack if the application provides
    one"
  - !4002 Ports the documentation comments in gio/gactiongroup.c to GI-Docgen
  - !4003 Remove unused cmph files
  - !4005 Fix various bugs found by scan-build and refresh scan-build config in
    CI
  - !4008 docs: Update Code of Conduct URI
  - !4011 docs: Minor GVariant fixes
  - !4012 tests: Enable shellcheck for bash completion scripts
  - !4013 completion: Invoke the command being completed
  - !4014 Add a few more missing license and copyright headers to files
  - !4016 gunicode.h: fix warning with -Wcast-qual for define g_utf8_next_char()
  - !4017 docs(gio/overview): Restore missing heading
  - !4020 girepository/introspection: correctly install .gir files into custom
    locations
  - !4022 gfileinfo: Fixed broken link to gio/file-attributes.html
  - !4023 Fix various implicit conversions from size_t to smaller types
  - !4024 gdatetime: Fix string type used to initialise array
  - !4031 gdocumentportal: Handle EROFS and similar errors more gracefully
  - !4034 link with -latomic when needed
  - !4035 Add g_converter_convert_bytes
  - !4045 gapplication: Fix a small leak on an error handling path
  - !4051 gdbusconnection: Fix test signal subscription ordering
  - !4057 gdbusmessage: Clean the cached arg0 when setting the message body
  - !4058 Tests: Build fixes when running `meson test` without previous builds
  - !4059 tests: Fix various memory leaks and valgrind / ASAN errors
  - !4063 gdbusconnection: Fix a misleading comment
  - !4064 girepository/build: Actually use our compiler to generate GLib
    typelibs and fix parser leaks
  - !4066 Fix several GCC 14 warnings to please msys2-mingw32 CI
  - !4067 Remove unused struct
  - !4068 docs: Fix string-utils paragraph heading
  - !4069 gdbus: Make more use of symbolic constants for various aspects of the
    D-Bus protocol
  - !4075 ci: Update Fedora CI image to Fedora 39
  - !4078 tests: Fix clang compilation failure due to unrecognised option in
    pragma
  - !4081 gpattern: Port the docs to gi-docgen syntax
  - !4082 docs: Update toolchain requirement to C11
  - !4083 gobject: fix broken links to parameters and signals naming rules
  - !4084 docs: Improve g_strescape & g_strcompress descriptions
  - !4087 ci: Disable systemtap on musl CI build
  - !4088 girepository: add support for relocations
  - !4089 Revert "Alias TRUE and FALSE to C99's true and false"
  - !4091 build: Use C89 for the standard version check
  - !4092 docs: Improve conversion-macros formatting and add
    GTYPE_TO_POINTER/GPOINTER_TO_TYPE
  - !4093 gmem.c: Update g_clear_pointer() documentation
  - !4094 tests: Fix compilation failure on macOS due to missing include
  - !4095 Improve handling of standard types' signedness
  - !4097 docs: Fix docs reference to main-loop
  - !4098 Dump pointer types in the introspection blob
  - !4099 gfile: Fix finish-func annotations
  - !4100 docs: Mention XDG_DATA_HOME in glib-compile-schemas manual
  - !4101 gio/g-i: Mark Application:action-group property as deprecated
  - !4102 tests: Add basic tests for gdump.c in libgirepository
  - !4108 build: Rename meson_options.txt to meson.options
  - !4114 glocalfileinfo: A few fixes on win32
  - !4115 tests: Use g_assert_*() rather than g_assert() in notification tests
  - !4117 tests: Improve 4GB file loading test to work on i386
  - !4120 gtestutils: Free test_data when freeing a test case
  - !4121 gmacros: Avoid casting functions
    2.80.0
* Bugs fixed:
  - #3271 GLib: string malformed for gettext (Philip Withnall)
  - !3940 tests: Don’t run check-missing-install-tag.py test under valgrind
    (Philip Withnall)
  - !3946 Add missing argument placeholders to several command-line tools (Simon
    McVittie)
  - !3947 docs: Fix a typo in the macros docs page (Philip Withnall)
  - !3951 g_warn_if_fail: Document as always evaluating expr (Simon McVittie)
  - !3953 docs: Specify gi-docgen as a native dependency (Bobby Rong)
  - !3955 docs: Fix building with docs enabled and introspection disabled (Bobby
    Rong)
  - !3956 docs: Minor improvements to GSignal documentation (Philip Withnall)

    2.79.3
* Various consistency improvements to the command line libgirepository tools
  (!3926, !3927, !3928, !3930, work by Simon McVittie)
* Bugs fixed:
  - #3080 Gimp GTK file chooser hang when a remote file is open (Luca Bacci)
  - #3210 Critical using Open location: GWinHttpFile doesn’t set
    G_FILE_ATTRIBUTE_STANDARD_TYPE (Luca Bacci)
  - #3252 [2.79.1] gdatetime installed tests fails on s390x (Simon McVittie)
  - #3255 g_base_info_clear on zero-initialized stack-allocated introspection
    info (Philip Withnall)
  - #3258 Possible memory leak in GUnixVolumeMonitor (Ondrej Holy)
  - #3260 Add man pages for girepository tools
  - #3262 msys2-mingw32 build failing with error code 3221225785 (0xc0000139)
    (Philip Withnall)
  - #3263 Ensure girepository tools are translatable (Philip Withnall)
  - #3266 Use-after-free in gsocketclient.c:connection_attempt_remove() (Philip
    Withnall)
  - #3271 GLib: string malformed for gettext (Philip Withnall)
  - !3918 tests: Don’t run lint tests under valgrind
  - !3919 tests: Speed up threaded toggle notify test unless -m slow is passed
  - !3921 ci: Fix printing the execution environment
  - !3922 gdatetime test: Produce more helpful output on mismatches
  - !3923 girepository test: Don't assume doubles are naturally-aligned
  - !3925 girwriter: Take the GIRepository as a parameter
  - !3926 gi- tools: Remove unused options, improve --debug/--verbose
  - !3927 g-ir-compiler: Only accept one input file
  - !3928 gi-decompile-typelib: Interpret --includedir as most-important-first
  - !3930 migrating-gi: Document command-line option removals
  - !3935 Restrict macOS CI to origin
  - !3937 girepository: Fix static build under Windows
  - !3945 tests: Remove variable-length lookbehind tests for GRegex
    2.79.2
* More work to reduce lock contention and improve performance in GObject (#743,
  !3869, !3873, work by Thomas Haller)
* More API changes to libgirepository, which is now stable as of this release
  (#3155, #3217, #3218, #3231, #3234, #3243, #3244, #3245, #3246, work by
  Philip Chimento, Evan Welsh, Philip Withnall)
* Import `g-ir-compiler`, `g-ir-generate` and `g-ir-inspect` from
  gobject-introspection.git and update them to work with girepository-2.0,
  renaming them to `gi-compile-repository`, `gi-decompile-typelib` and
  `gi-inspect-typelib` (see docs/reference/girepository/migrating-gi.md) (!3853,
  !3909, work by Evan Welsh, Philip Withnall)
* Add new `GLibUnix-2.0.gir`, `GLibWin32-2.0.gir`, `GioUnix-2.0.gir` and
  `GioWin32-2.0.gir` GIRs which contain platform specific APIs, and are the
  preferred way for third parties to access those APIs in future; although
  platform specific APIs which were already exposed in `GLib-2.0.gir` and
  `Gio-2.0.gir` continue to be listed there; the underlying `.so` files have not
  changed (!3892, work by Philip Withnall)
* Bugs fixed:
  - #743 GLib weak refs depend on cascade of locks, including global ones, which
    makes them non-scalable
  - #2887 memory-monitor-dbus.test fails in installed-tests suite (Philip
    Withnall)
  - #3198 Support --version in standard GApplication command line arguments
    (Maxim Moskalets)
  - #3217 Feedback on gobject-introspection: APIs for stack-allocated
    introspection info (Philip Withnall)
  - #3218 Segfault in gi_function_info_prep_invoker (Philip Withnall)
  - #3231 New functions in the glib introspection data (Philip Withnall)
  - #3234 Reference cycle between GIRepository and GIBaseInfos cached by it
    (Philip Withnall)
  - #3236 threaded_resolver_worker_cb leaks memory when lookup fails and
    connection is already canceled (Philip Withnall)
  - #3238 Python packaging module is missing on Hurd CI runner (Philip Withnall)
  - #3240 Missing preconditions checks in GArray (Tobias Stoeckmann)
  - #3242 Memory leak in gresources over libelf (Maxim Moskalets)
  - #3243 Feedback on girepository 2.0: Naming of get_type_info vs load_type
    (Philip Withnall)
  - #3244 Feedback on girepository 2.0: Where to find uninstalled typelibs
    (Philip Withnall)
  - #3245 Feedback on girepository 2.0: GIBoxedInfo's place in the type
    hierarchy (Philip Withnall)
  - #3246 Wrong out parameter type in
    gi_object_info_find_method_using_interfaces (Philip Withnall)
  - #3247 safe_closefrom(), safe_fdwalk_set_cloexec() as public API (Simon
    McVittie)
  - !3797 Refactor GIRepository GIR generation to avoid cyclical dependency
  - !3807 gprintf/gstrfuncs: Improve and port doc comments to gi-docgen
  - !3824 gconvert: match GNU iconv behaviour on FreeBSD
  - !3838 build: Add thorough test setup
  - !3843 Add more test coverage for girepository
  - !3845 gunixmounts: Use libmnt_monitor API for monitoring
  - !3847 ci: Add ability to run manually some specific jobs
  - !3848 Fix build with introspection on Windows
  - !3849 girepository: Remove GI_FUNCTION_THROWS and GI_VFUNC_THROWS flags
  - !3850 [th/strdup-in-ascii-strdown] glib: use g_strdup() in
    g_ascii_strdown(),g_ascii_strup()
  - !3851 ci: Fix post-merge CI pipelines
  - !3853 girepository: Update gir-compiler and use it to compile GIRs
  - !3854 girnode: Document ownership and element types of internal structs
  - !3855 gitypelib: Replace multiple constructors with
    gi_typelib_new_from_bytes()
  - !3856 girepository: Drop gi_repository_get_default()
  - !3859 [th/glib-private-const] glib: return const pointer from
    glib__private__()
  - !3860 tests: Fix typo in memory-monitor-portal.py.in
  - !3861 girepository: Fix a memory leak of a mapped file
  - !3865 [th/test-weak-notify] gobject/tests: add test checking that GWeakRef
    is cleared in GWeakNotify
  - !3866 [th/gobject-carray-comment] gobject: remove obsolete code comment
    about CArray
  - !3868 Link to the main context tutorial from the main loop docs
  - !3869 [th/optimize-weak-ref-list] rework GObject's `WeakRefData` to track
    references in an array instead of GSList
  - !3870 Revert "Don't skip dbus-codegen tests on Win32"
  - !3871 docs: Fix include path for the build
  - !3872 gio: tests: Use slightly more explicit assert functions
  - !3873 [th/datalist-shrink] shrink the interal buffer of `GData`
  - !3874 Don't skip dbus-codegen tests on Win32
  - !3876 build: Only override g-ir-compiler when GIR generation is enabled
  - !3877 Various girepository fixes
  - !3879 [th/gdataset-comment] gdataset: add code comment to
    g_datalist_get_data()
  - !3881 docs: Add migration guide for libgirepository
  - !3886 codegen: Use `-` instead of `stdout` for output to stdout
  - !3887 gtestutils: Ensure test_data is freed even if a test is skipped
  - !3888 gitypes: Fix integer values of GIInfoType and add unit tests for
    GIUnionInfo
  - !3892 introspection: Generate separate GIR files and documentation for
    platform specific APIs
  - !3893 glocalfile: Support statvfs.f_type
  - !3894 Minor fixes/docs changes to GFileDescriptorBased and GTask
  - !3895 [th/meson-werror-fixes] some fixes for meson detection failure with
    -Werror
  - !3896 reuse: Add dep5 lines for gnulib and libcharset
  - !3897 reuse: Fix screen-scraping expression for version 2.x
  - !3898 Incorporate some lint checks into `meson test`
  - !3900 gitypelib: Switch to refcounting
  - !3901 girepository: Add length ‘out’ arguments to several getter methods
  - !3902 gicallableinfo: Clarify docs for callables with no return type
  - !3903 gibaseinfo: Rename gi_info_new() to gi_base_info_new()
  - !3904 [th/meson-werror-fixes-2] more workarounds for compiler warnings in
    meson compiler checks
  - !3909 Rename g-ir-generate and g-ir-inspect and update to girepository-2.0
  - !3911 glib/tests/unix: Mostly pass O_CLOEXEC to g_unix_pipe_open()
  - !3912 glib-unix: Fix reference to FD_CLOEXEC in docs for g_unix_pipe_open()
  - !3913 cmph: Fix a typo
  - !3914 Revert "ci: Remove not-printable chars from generated junit file"
  - !3916 tests: Skip lint tests if bash is not available
  - !3917 ci: Build and tar libgirepository documentation
    2.79.1
* Fix a race condition in `g_object_unref()` (#3064, work by Thomas Haller)
* Various API and build changes to libgirepository as it is not yet API-stable
  (#3216, !3780, !3805, !3823, !3833, !3840)
* Build fixes on big-endian 64-bit systems and mips64el (#3225, #3226, work by
  Simon McVittie)
* Reduce contention on global locks within GObject (!3774, work by Thomas
  Haller)
* Allow building man pages without the reference documentation (!3817, work by
  Simon McVittie)
* Bugs fixed:
  - #1010 g_get_num_processor does not respect cpuset/affinity
  - #3064 Crash under g_object_unref()
  - #3093 GDBusMessage: should validate the type of all known headers (Philip
    Withnall)
  - #3207 Add support for syslog to Structured Logging
  - #3216 Feedback on gobject-introspection: Casting to and from GIBaseInfo*
    (Philip Withnall)
  - #3222 pthread_t usages lack type name (Emmanuele Bassi)
  - #3223 CLang, GMutexLocker: error: unused variable 'locker'
    [-Werror,-Wunused-variable]
  - #3225 2.79 regression: gdatetime test failing on 64-bit big-endian since
    #3119
  - #3226 resource test fails on Debian mips64el: test5.gresource is not linked
    but the test assumes it should be (Simon McVittie)
  - !3774 [th/g-object-priv] add private data to GObject and use per-object
    locking
  - !3780 girepository: Use standard types instead of glib specific
  - !3789 gdatetime: Fix title of documentation comment
  - !3792 build: Tell gi-docgen where to find the GIR files
  - !3793 Shorten the title for D-Bus interface docs
  - !3794 Add boxed GType for GRand
  - !3795 girepository: Skip GIRepository versions not matching GIRepository-3.0
  - !3798 docs: Drop outdated .gitignore files
  - !3799 tests: Fix a minor leak in the new GParamSpecPool test
  - !3800 ci: Re-enable and fix FreeBSD CI
  - !3801 gmessages: Port all doc comments to gi-docgen
  - !3802 [th/g-pointer-bit-lock-ext] glib: add g_pointer_bit_unlock_and_set()
    and g_pointer_bit_lock_mask_ptr()
  - !3803 ci: Fix tarballing the docs on dist
  - !3805 girepository: Various small API cleanups
  - !3806 gsignal.c: drop an optimization that is undefined behaviour
  - !3808 glib/deprecated: Skip all the deprecated gthread api
  - !3809 docs: Fix links to symbols outside the allowed namsepace
  - !3810 gstrfuncs: Improve and port g_set_str() docs to gi-docgen
  - !3811 gvariant-parser: Mention annotated types
  - !3812 brz.c: Use uintptr_t instead of a hardcoded list of 64-bit arches
  - !3813 gobject: define HAVE_OPTIONAL_FLAGS for sizeof(void*) > 8
  - !3814 Fix typo in GPOINTER_TO_SIZE documentation
  - !3817 docs: Allow building man pages without the reference documentation
  - !3818 docs: Clarify >=2.76 changes to g_module_open()
  - !3821 tests: Fix a minor leak in the socket test
  - !3823 girepository: Misc cleanups
  - !3826 genums: use g_once_init_enter_pointer for GType initializers
  - !3827 array-test: Don't assume sizeof(void*)==sizeof(gsize)
  - !3831 gvariant-core: Don’t call posix_memalign() with size==0
  - !3833 girepository: Change various alignments to use size_t
  - !3835 build: Ignore branches in g_clear_*() functions under lcov
  - !3837 tests: A couple of test isolation improvements
  - !3839 gvarianttype: Fix typos
  - !3840 girepository: Exclude private symbols from the ABI
  - !3841 docs: Fix member names of GLib.LogLevelFlags
  - !3842 gio, gmodule, gthread: compile windows resources only in shared build
    2.79.0
* Port to gi-docgen and drop gtk-doc support — dependencies have changed, and
   Meson needs `-Ddocumentation` now rather than `-Dgtk_doc` (#3037, work by
   multiple people)
* Move libgirepository into glib.git from gobject-introspection.git — but tools
   like `g-ir-scanner` are currently still in gobject-introspection.git. For the
   moment, glib.git needs to be built twice, once with `-Dintrospection=false`,
   then build gobject-introspection.git, then re-build glib.git with
   `-Dintrospection=true`. This process will evolve throughout the GLib 2.80
   cycle. The API and ABI of libgirepository has changed, and accordingly its
   version number has been bumped from 1.0 to 2.0 (note: the version number of
   `GIRepository-*.gir` has been bumped from 2.0 to 3.0; see !3786). The GIR and
   typelib file formats have not been changed, and are still at version 1.0.
   (#3155, work by multiple people)
* Match behaviour for `GAppInfo` searches has changed (#3082, work by Nelson
   Benítez León)
* Rename `GTK_USE_PORTAL` environment variable to `GIO_USE_PORTALS` (#3107,
   work by Philip Withnall)
* Bump Meson dependency to 1.2.0 and depend on Python `packaging` module
   (!3666, !3752)
Bugs fixed:
  - #596 GApplication in Garbage Collected environments would benefit from a
    g_application_command_line_exit() to enable remote instances to exit.
    (Aleksandr Mezin)
  - #791 Wish: Add a "nodelay" property to GSocket or GTcpConnection (Philip
    Withnall)
  - #2810 thread-pool-slow intermittent assertion failure in
    test_thread_sort_entry_func() (Philip Withnall)
  - #2824 G_REGEX_OPTIMIZE causes incorrect regex behaviour
  - #2991 Drop translatable pspec nick/blurbs from properties in GIO (Sophie
    Herold)
  - #3082 Investigate prioritising prefix matches on GAppInfo keywords over
    substring matches on names (Nelson Benítez León)
  - #3087 glib doesn't cleanly unload on Windows (Luca Bacci)
  - #3098 Make invalid escape sequences in GKeyFile fatal (Philip Withnall)
  - #3103 mkenums: Can't parse an enum value with value ',' (Lukáš Tyrychtr)
  - #3105 NetworkManager 1.44.0 crashes repeatedly with glib 2.78.0 (Philip
    Withnall)
  - #3107 Rename GTK_USE_PORTAL to avoid portal services being run with portals
    force-enabled (Philip Withnall)
  - #3111 gsubprocess-testprog.c: build error with cygwin (sys/ptrace.h: No such
    file or directory) (Philip Withnall)
  - #3112 Update to Unicode 15.1 (Philip Withnall)
  - #3115 Support for additional strftime formatting capabilities
  - #3116 gio clears modification time in microseconds when setting with
    `set_modification_date_time` (Lukáš Tyrychtr)
  - #3119 Add support for `%Ey` to g_date_time_format() (Philip Withnall)
  - #3120 Build of glib 2.78.0 ignores -Dlibelf=disabled (Philip Withnall)
  - #3128 glib-2.78.0 fails at gio/tests/gsubprocess.p/gsubprocess.c.o
  - #3130 Segfault when creating GIO GPropertyAction without properties
  - #3134 glib incompatible with Python 3.12 due to distutils usage
  - #3135 Add GNU/Hurd CI
  - #3140 Add a flag to not copy modification time when copying files (Khalid
    Abu Shawarib)
  - #3144 `g_file_set_contents_full()` doesn't truncate the file (without
    `G_FILE_SET_CONTENTS_CONSISTENT`) (Philip Withnall)
  - #3156 check for #ifdef PTRACE_O_EXITKILL will always fail since it isn't a
    macro (Alessandro Bono)
  - #3157 gsubprocess build-time test intermittently timing out since 2.78.1
    (Simon McVittie)
  - #3158 "CRITICAL" log when using --attributes option for "gio info" (Philip
    Withnall)
  - #3159 glib regex test fails JIT compiler tests under musl libc (Pablo Correa
    Gómez)
  - #3161 codegen installation is broken
  - #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
    due to filename with bad encoding (Ondrej Holy)
  - #3183 g_dbus_connection_signal_subscribe with flag
    G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_PATH doesn't work with an arg0 that is an
    object path (Philip Withnall)
  - #3185 g_utf8_collate_key() segfaults when passed an invalid length
  - #3186 [RFE] Increase gio sniff buffer for mime type magic detection to 16K
    or so (Philip Withnall)
  - #3187 g_vasprintf crashes when passed invalid UTF-8 (Philip Withnall)
  - #3191 Crash in __gio_xdg_cache_mime_type_subclass (Philip Withnall)
  - #3203 Fdo notification fails without AppID (Michael Catanzaro)
  - !3143 gatomic: Use g(u)intptr where appropriate
  - !3316 gobject: Separate GWeakRef from GWeakNotify
  - !3394 gsocketclient: Document delays/timeouts better
  - !3457 glib-unix: Add convenience API for pipes
  - !3524 add muslc ci
  - !3552 gutils: Use international symbol for bits
  - !3566 Update annotations for GAsyncQueue and GDir
  - !3567 Update annotations for GHmac
  - !3568 Update GOptionContext annotations
  - !3569 Small fixes and cleanups for Vectored Exception Handlers
  - !3571 Update GStringChunk annotations
  - !3572 Update GRand annotations
  - !3573 Update GTimer annotations
  - !3576 guniprop.c: Avoid creating (temporarily) out-of-bounds pointers
  - !3577 gthread: introduce g_once_init_{enter,leave}_pointer
  - !3578 GType: Use guintptr as the underlying storage if larger than gsize
  - !3579 Fixes for integer cast warnings when targeting CHERI
  - !3580 Fix test_find_program on FreeBSD
  - !3581 gthread: Fix optional/nullable annotations for g_once_init_*()
  - !3582 Buffer needs to be aligned correctly to receive linux_dirent64.
  - !3589 gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC
    (Chun-wei Fan)
  - !3590 gtestutils.h: Fix warning with -Wsign-conversion caused by
    g_assert_cmpint
  - !3591 Switch to using gi-docgen for docs (batch 1)
  - !3594 Fix gutils-user-database test on macOS
  - !3595 gobject: cache flags needed for g_type_create_instance()
  - !3596 Add value annotation to G_TYPE_FUNDAMENTAL_MAX
  - !3597 Expand security policy to cover previous stable branch
  - !3598 Document NULL pointer pitfall in toolchain requirements
  - !3601 meson: Fix Windows build with PCRE2 as sibling subproject
  - !3603 Add GBytes variants for GSocket receive methods
  - !3605 build: Post-release version bump
  - !3607 Make sure the `GTask` is freed on a graceful disconnect
  - !3610 gdesktopappinfo: Do not search Comment field
  - !3611 tests/constructor: Fix "unknown pragma ignored" warning on clang
  - !3612 Update GStrv annotations
  - !3613 tests: Fix gdatetime test on non-UTC systems
  - !3620 gmain: avoid a GList traversal when removing source
  - !3621 wakeup: do single read when using eventfd()
  - !3623 Windows: Compile with the UNICODE / _UNICODE macros
  - !3624 wakeup: Fix g_wakeup_acknowledge if signal comes in
  - !3627 Add Hurd code owners
  - !3628 glib-unix: Use full path to gstdio.h include
  - !3629 glib/tests/meson.build: remove identical build targets
  - !3630 glib-compile-resources: ensure alignment is at least sizeof(void *)
  - !3632 Stop using enums in bitfields
  - !3633 Use g_task_return in task threads
  - !3634 Switch to using gi-docgen for docs (batch 2)
  - !3635 Fix warnings with Clang on Windows and enable --Werror in CI
  - !3636 Generate introspection data
  - !3637 gstrvbuilder: Add g_strv_builder_take
  - !3638 Cleanup and add content to glib debugging using gdb scripts
  - !3640 GIO/tests: skip test_resources_binary on MIPS platforms
  - !3641 build: Simplify MIPS test check
  - !3645 Switch to using gi-docgen for docs (batch 3)
  - !3646 ci: Update from clang-format-11 to clang-format-14
  - !3647 Switch to using gi-docgen for docs (batch 4)
  - !3652 GApplicationCommandLine: add print[err]_literal()
  - !3654 gdatetime: Fix minor leaks from strup/strdown calls
  - !3655 gdatetime: Fix incorrect alt-digits being used after changing locale
  - !3656 gmodule-dl: Use RTLD_DEFAULT on FreeBSD too
  - !3660 Switch to using gi-docgen for docs (batch 5)
  - !3661 Switch to using gi-docgen for docs (batch 6)
  - !3662 Switch to using gi-docgen for docs (batch 7)
  - !3663 gdbusconnection: don't cache G_IO_ERROR_CANCELLED errors
  - !3664 gmain: optimize "context->sources" hash table to use as set
  - !3665 ci: Remove .build-linux from Hurd CI scheduled job
  - !3666 build: Bump Meson dependency to 1.2.0
  - !3667 Switch to using gi-docgen for docs (batch 8)
  - !3668 Socket & readiness fixes
  - !3671 gio/tests: Add test generated txt as the resources test dependency
  - !3672 glib-private: Check for LSAN support at runtime when controlling it
  - !3674 gtask: Add g_task_return_prefixed_error()
  - !3677 Make GQuark register intentional leaks
  - !3678 gsignalgroup: Avoid function call with side effect in g_return_* macro
  - !3679 gmessages: fix dropping irrelevant log domains
  - !3682 tests: Fix dependency of test.gresource on test-generated.txt
  - !3683 glib: Disable dynamic asan loading on macOS
  - !3687 fix: about libproc.h and PROC_PIDLISTFD_SIZE
  - !3688 build: Fix the inclusion paths for GIR files in gi-docgen
  - !3689 meson: Add missing dependencies for utility files for gdbus-codegen
  - !3690 Switch to using gi-docgen for docs (batch 9)
  - !3695 gvalue: add "steal_string"
  - !3699 [th/prgname] use atomic pointers for g_prgname/g_application_name and
    add g_set_prgname_once()
  - !3701 tests: Fix gio-tool.py test on macOS
  - !3702 glib.supp: Suppress the global_mime_dirs allocations
  - !3703 Port GIRepository to GTypeInstance and add introspection
  - !3704 girepository: Rename symbols to the GI namespace
  - !3707 girepository: Ignore set-but-not-used warnings with G_DISABLE_ASSERT
  - !3708 Fix various leaks in cmph-bdz-test and gutils
  - !3709 Switch to using gi-docgen for docs (batch 10)
  - !3710 gmessages: introduce g_log_writer_default_set_debug_domains()
  - !3711 ghmac: Add a boxed type for GHmac and fix introspection build
    accordingly
  - !3712 Switch to using gi-docgen for docs (batch 11)
  - !3713 gfileutils: Fix g_file_get_contents() silent under-read of large files
    when off_t is wider than size_t
  - !3714 xdgmime: Handle buggy type definitions with circular inheritance
  - !3715 goption: Fix a typo
  - !3716 tests: Improve build of cmph tests in girepository
  - !3717 tests: provide reason for disabling convert test under musl
  - !3721 gtestutils: Add g_test_trap_subprocess_with_envp() for testing envs
  - !3722 gdir, gstrvbuilder: Add refcounting support and a boxed type
  - !3723 gwin32: Un-hide symbols when building GIR
  - !3726 tests: Fix fileutils build on FreeBSD and macOS
  - !3731 tests: Fix string test failure on BSDs
  - !3732 gspawn: Stop spewing debug messages
  - !3733 ci: Make the Alpine CI name more consistent
  - !3734 gdatetime: Disable ERA support on platforms which don’t support this
  - !3735 ci: Fix printing info message at end of run-style-check-diff.sh
  - !3736 build: Rename -Dgtk_doc option to -Ddocumentation and fix some
    g-ir-scanner warnings
  - !3739 Documentation only: Added clarification about GWeakNotify and removed
    ambiguous text
  - !3741 hash: Explicitly annotate key in iter_next as nullable
  - !3743 ci: Install correct version of Meson on Alpine CI image
  - !3745 tests: Assert there no errors first in gdbus-test-codegen
  - !3751 Fix generated RST anchors for methods, signals and properties
  - !3752 build: Make packaging module required
  - !3753 gobject_gdb.py: Do not break bt on optimized build
  - !3755 tests: Use textwrap.dedent to indent expected strings pleasingly
  - !3757 ci: Re-add explicit Meson version to Alpine CI image
  - !3758 docs: Add a section on version checking macros
  - !3760 girepository: Various API cleanups
  - !3761 gerror: Fix an old allow-none annotation
  - !3762 [th/notify-queue] some optimization around
    g_object_freeze_notify()/g_object_thaw_notify()
  - !3763 girepository: Drop libgio dependency from gdump.c
  - !3764 gsignal: fix reference to signals documentation page
  - !3765 gapplication: Fix minor typo in docs
  - !3767 girepository: Port documentation to gi-docgen and update
  - !3768 ci: Build docs artifacts for deployment to docs.gtk.org
  - !3770 GDateTime: Add usec precision API for unix time
  - !3771 gtask: Add g_task_return_new_error_literal()
  - !3772 gobject: Make GLib-2.0 gir build depend on GObject dependency
  - !3773 girepository: Return enumerated versions and search paths as a GStrv
  - !3776 glocalvfs: Remove unnecessary and buggy code
  - !3777 Fix detecting size_t size when `-Wmissing-prototypes` is in CFLAGS
  - !3779 gtypemodule: Add assertions in finalize()
  - !3782 docs: fix a typo
  - !3786 girepository: Re-number GIR file from 2.0 to 3.0
  - !3787 docs: Install the gi-docgen docs
    2.78.0
* Bugs fixed:
  - #3095 Error handling of invalid GKeyFile string escape sequences changed in
    GLib 2.77.3 (Philip Withnall)
  - !3559 gdb: Workaround optimized out quark_seq_id
  - !3561 meson: fix `gnetworking.h` install tag
  - !3562 gthread: Annotate g_thread_exit() with G_NORETURN
  - !3564 Fix gutils-user-database unit test
    2.77.3
* Bugs fixed:
  - #2575 GSettings schemas default value translations don't work when using
    l10n=time (Michael Catanzaro)
  - #3032 gdbus-codegen eats indentation in RST in XML comments (André)
  - #3051 g_dbus_connection_export_menu_model() is not thread_safe
  - #3061 Possible SEGV (null pointer deref) in distribute_method_call() (Philip
    Withnall)
  - #3083 `arg_data`  in GOptionEntry is not a list (Philip Withnall)
  - #3090 Possible SEGV (null pointer deref) in _g_resource_file_new() (Philip
    Withnall)
  - !3459 glib-unix: Clean up use of O_NONBLOCK
  - !3503 interim solution for macOS CI
  - !3519 meson: warn if -mms-bitfields is necessary
  - !3526 gnetworkaddress: use reentrant getservbyname_r() if available
  - !3527 tests: Use g_assert_*() rather than g_assert() in tree tests
  - !3528 gio-tool-info: Move translator comments so they’re visible
  - !3530 gregex: set default max stack size for PCRE2 JIT compiler to 512KiB
  - !3532 tests: Disable use of ptrace() in tests on BSD and macOS
  - !3533 ci: Only run pages CI job on scheduled job runs
  - !3534 ci: Further fix to pages CI job
  - !3535 Use 'meson setup' to configure
  - !3538 glib-unix: Accept O_CLOEXEC as well as FD_CLOEXEC in
    g_unix_open_pipe()
  - !3540 gio: Add gresource.dtd
  - !3541 gtestutils: Mention not ignoring SIGCHLD in g_test_trap_subprocess()
    docs
  - !3542 [th/gchildwatch-fail-message] gmain: improve g_warning() for failure
    in g_child_watch_dispatch()
  - !3543 [th/use-localtime-r] use localtime_r() in g_log_writer_format_fields()
  - !3545 gregex: if JIT stack limit is reached, fall back to interpretive
    matching
  - !3547 glib/gfileutils.c: use 64 bits for value in get_tmp_file()
  - !3550 glib/tests/asyncqueue.c: skip test_async_queue_timed in 2038 or later
  - !3553 Generate missing docs for out arguments
  - !3555 gkeyfile: Fix overwriting of GError
    2.77.2
* Bugs fixed:
  - #3071 g_test_trap_subprocess and g_test_subprocess broken in 2.77.1 (Jonas
    Ådahl)
  - !3432 ci: Don’t run pipeline after merging a MR
  - !3520 Fix typos
  - !3521 GTree: Handle node counter overflow and return it as an unsigned value
  - !3523 gspawn, gdataset: Restore nullable callback functions
    2.77.1
* Fix some regressions with `GKeyFile` comment handling (#3047, work by Gaël Bonithon)
* Improve handling of query and fragment components in `file:` URIs (#3050, work by Lukáš Tyrychtr)
* Bugs fixed:
  - #473 systemtap probes for gvariant (Allison Karlitskaya)
  - #623 g_type_query() doesn't work for dynamic types (Philip Withnall)
  - #931 Optimise GPrivate by removing one malloc (Allison Karlitskaya)
  - #2929 gio: Failing build due to race generating glib/gversionmacros.h (Eric
    van Gyzen)
  - #3045 2.77.0: gio pkg-config test has incorrect install location for gio-
    querymodules & glib-compile-schemas (Philip Withnall)
  - #3047 2.77.0 changes formatting of keyfiles (Gaël Bonithon)
  - #3048 Forcing fallback for libintl does not work (Brendan Shanks)
  - #3050 g_file_new_for_uri() handles query strings incorrectly ("?") (Lukáš
    Tyrychtr)
  - #3054 Fedora installer (anaconda) crashes early with glib 2.77.0 due to
    "Attempt to unlock mutex that was not locked", when it runs `hwclock` and
    changes the system time (Thomas Haller, Philip Withnall)
  - !3287 Audit and fix incorrect use of (closure) in glib
  - !3461 gfileinfo: add file_path methods for language bindings
  - !3485 docs: Expand supported platforms documentation a little
  - !3494 ci: Manually fetch submodules for style-check CI jobs
  - !3495 gdbus-codegen: Error on invalid dbus types
  - !3496 garray: Fix typo in doc comment of g_ptr_array_sort[_with_data]()
  - !3499 strfuncs: Add missing ownership annotations for returned string
    vectors
  - !3504 Revert "build/gmodule-2.0.pc: Move compiler flags from Libs to Cflags"
  - !3505 meson: help gobject-introspection locate source and build dirs
  - !3509 build-sys: drop -mms-bitfields GCC flag
  - !3510 testutils: Use prctl PR_SET_DUMPABLE to silence core dumps on Linux
  - !3514 Revert "build-sys: drop -mms-bitfields GCC flag"
  - !3515 gnetworkmonitor: Expand guidelines for metered data use
  - !3517 tests: Add some more tests for g_type_query()
  - !3518 m4macros: drop unused m4 files

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

gdb: Update to version 15.2

- Update from version 14.2 to 15.2
- Update of rootfile
- Changelog
    15.2
      fixes and enhancements
* PR gdb/31727 (-exec-next fails in mingw (infrun.c:2794: internal-error:
   resume_1: Assertion `pc_in_thread_step_range (pc, tp)' failed))
* PR c++/31900 (libstdc++-prettyprinters/debug.cc print redirected fails
   since gdb-14-branchpoint-2123-g4e417d7bb1c)
* PR python/31946 (sys.exit from Python no longer exits the GDB process)
* PR record/31971 (Loading a saved record file asserts if we try to execute
   the inferior)
* PR gdb/32005 (frv_current_sos doesn't set solib::lm_info)
* PR exp/32015 (GDB crashes while printing large D array)
* PR gdb/32025 (Fatal error when the disassemble command is interrupted with
   SIGINT)
* PR gdb/32143 ([15 Regression] arch/amd64.c:71: internal-error:
   amd64_create_target_description: Assertion `!is_x32' failed)
* PR symtab/32158 ([gdb/symtab] enum class enumerator has incorrect parent in
   cooked index)
* PR symtab/32160 ([gdb/symtab] Parent map: die parent or scope parent?)
    15.1
      changes and enhancements:
* Building GDB and GDBserver now requires a C++17 compiler (for instance,
  GCC 9 or later).
* Enhanced Python support
  ** New function gdb.notify_mi(NAME, DATA), that emits custom
     GDB/MI async notification.
  ** New read/write attribute gdb.Value.bytes that contains a bytes
     object holding the contents of this value.
  ** New module gdb.missing_debug that facilitates dealing with
     objfiles that are missing any debug information.
  ** New function gdb.missing_debug.register_handler that can register
     an instance of a sub-class of gdb.missing_debug.MissingDebugInfo
     as a handler for objfiles that are missing debug information.
  ** New class gdb.missing_debug.MissingDebugInfo which can be
     sub-classed to create handlers for objfiles with missing debug
     information.
  ** Stop events now have a "details" attribute that holds a
     dictionary that carries the same information as an MI "*stopped"
     event.
  ** New function gdb.interrupt(), that interrupts GDB as if the user
     typed control-c.
  ** New gdb.InferiorThread.ptid_string attribute.  This read-only
     attribute contains the string that appears in the 'Target Id'
     column of the 'info threads' command output.
  ** It is no longer possible to create new gdb.Progspace object using
     'gdb.Progspace()', this will result in a TypeError.  Progspace
     objects can still be obtained through calling other API
     functions, for example 'gdb.current_progspace()'.
  ** User defined attributes can be added to a gdb.Inferior object,
     these will be stored in the object's new Inferior.__dict__
     attribute.
  ** User defined attributes can be added to a gdb.InferiorThread
     object, these will be stored in the object's new
     InferiorThread.__dict__ attribute.
  ** New constants gdb.SYMBOL_TYPE_DOMAIN, gdb.SYMBOL_FUNCTION_DOMAIN,
     and gdb.SEARCH_*_DOMAIN
* Debugger Adapter Protocol changes
  ** GDB now emits the "process" event.
  ** GDB now supports the "cancel" request.
  ** The "attach" request now supports specifying the program.
  ** New command "set debug dap-log-level" controls DAP logging.
* Remote protocol
  ** New stop reason: clone
  ** QThreadOptions in qSupported
  ** New remote packets: QThreadOptions, qIsAddressTagged
  ** New "set/show remote thread-options-packet" commands
* GDBserver
  ** The --remote-debug and --event-loop-debug command line options
     have been removed.
  ** The --debug command line option now takes an optional comma
     separated list of components to emit debug for.  The currently
     supported components are: all, threads, event-loop, and remote.
     If no components are given then threads is assumed.
  ** The 'monitor set remote-debug' and 'monitor set event-loop-debug'
     command have been removed.
  ** The 'monitor set debug 0|1' command has been extended to take a
     component name, e.g.: 'monitor set debug COMPONENT off|on'.
     Possible component names are: all, threads, event-loop, and
     remote.
* Deprecated or removed
  ** The MPX commands "show/set mpx bound" have been deprecated, as Intel
     listed MPX as removed in 2019.
* Miscellaneous
  ** Guile API: New constants SYMBOL_TYPE_DOMAIN, SYMBOL_FUNCTION_DOMAIN,
     and SEARCH_*_DOMAIN
  ** New "set/show direct-call-timeout" commands.
  ** New "set/show indirect-call-timeout" commands.
  ** New "set/show unwind-on-timeout on|off" commands.
  ** New "set/show unwind-on-signal on|off" commands, renaming the old
     "set/show unwindonsignal" commands. The old commands are maintained
     as an alias.
  ** The "gcore" and "generate-core-file" commands now generates sparse
     core files, on systems that support it.
  ** The "maintenance info line-table" command now includes a new
     EPILOGUE-BEGIN column indicating the start of the function's epilogue.
  ** Simultaneous use of the 'r' and 'b' flags in the "disassemble" command
     now triggers an error.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship gawk

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

gawk: Update to version 5.3.1

- Update from version 5.3.0 to 5.3.1
- Update of rootfile
- Changelog
    5.3.1
1. More subtle issues related to uninitialized array elements have
   been fixed.
2. A number of bugs in the debugger related to handling of arrays
   have been fixed.
3. Some subtle bugs in the API have been fixed.
4. Use of MPFR is now possible again on 32-bit Power PC Mac systems.
5. Race conditions around broken pipes for system() and read and write
   pipes should now be closed off.
6. Support for OSF/1 has been removed.
7. The never-documented --nostalgia option has been removed. It was
   causing bug reports.
8. The implementation of printf/sprintf has been thoroughly reworked
   in order to make the code more maintainable and to fix a goodly
   number of corner cases.
9. As usual, there have been several minor code cleanups and bug fixes.
   See the ChangeLog for details.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship bash

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

bash: Update the bash patches to -037

- Update from patches 1-32 to 1-37
- Update of rootfile not required
- Changelog
    Patch 33
A typo in the autoconf test for strtold causes false negatives for strtold
being available and working when compiled with gcc-14.
    Patch 34
If we parse a compound assignment during an alias expansion, it's possible
to have the current input string popped out from underneath the parse. In
this case, we should not restore the input we were using when we began to
parse the compound assignment.
    Patch 35
There are systems that supply one of select or pselect, but not both.
    Patch 36
When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
    Patch 37
Fix the case where text to be completed from the line buffer (quoted) is
compared to the common prefix of the possible matches (unquoted) and the
quoting makes the former appear to be longer than the latter. Readline
assumes the match doesn't add any characters to the word and doesn't display
multiple matches.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship elinks and libidn2

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libidn2: Required for elinks in place of libidn

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

elinks: Update to version 0.17.1.1

- Update from version 0.16.0 to 0.17.1.1
- Update of rootfile not required
- elinks now requires libidn2 as a run time dependency in place of libidn. libidn is also
   required by ghostscript. If the cups removal patch is accepted, which also removes
   ghostscript, then at the same time libidn can be removed.
- The addition of libidn2 is in another patch combined with this one.
- Changelog
    0.17.1.1
* bump requirements: libCSS to 0.9.2 and libdom to 0.4.2
* revert "[head] addcrlf". #281
* main, article and nav elements #282
* bashism in configure.ac #285
* eliminate GNUism in sed #305
* python module imp is deprecated #313
* fix hooks.py detection #333
* cast to unsigned char * in inpfield #315
* fix suspend in session master when fork_on_start #296
* remove 300ms startup delay and optimize fork_on_start #297
* missing <sys/cdefs.h> on systems with musl libc #306
    0.17.0
* fix for some 32-bit systems and select-only builds
* fix for gettext in Windows builds
    0.17.0rc1
* configuration files are now saved to ~/.config/elinks/ or
  $XDG_CONFIG_HOME/elinks/ #199
  User must copy files from ~/.elinks/ to ~/.config/elinks/ himself or herself
* HOME_ETC support was dropped, you can set ELINKS_CONFDIR instead
* idn2 in place of idn #206
* libcss support (a few netsurf's libraries are required). Set
  document.css.libcss = 1 to enable
* experimental libsixel support (image/*; img2sixel %s; copiousoutput) in
  ~/.mailcap
  Must be enabled in a few places in configuration: set document.plain.sixel = 1
  and in terminal options. Do not try it on metered remote connections
* testing libcurl support (explicit FTPS and SFTP among others)
  To enable set protocol.ftp.use_curl = 1
  set protocol.http.use_curl = 1 for http/https
* ui.sessions.postpone_unlink option. Delete temporary files at exit instead
  of immediately after
  closing viewer #257
* redefined isspace #249
* Serbian translation update
* compilation fixes
    0.16.1.1
* updated POTFILES #230
    0.16.1
* handle SECTION html element #207
* allocate more memory for BLOCKQUOTE #214
* encode A href to terminal codepage and encode bytes with highest bit set as
  %HEX #221
* Serbian translation update
* install doc by default in meson #224
* tests fixes

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship perl-Imager

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

perl-Imager: Update to version 1.024

- Update from version 1.012 (2020) to 1.024
- Update of rootfile
- Addition of patch to fix inclusion of t1tables.h for FT_Has_PS_Glyph_Names which is
   no longer pulled in by ftmm.h since FreeType 2.13.3
- Changelog
    1.024
- TIFF: improve reporting from a test on failure.
- TIFF: support back to libtiff 4.0.8, for compatibility with RHEL
   and its clones.
   https://github.com/tonycoz/imager/issues/527
    1.023
- TIFF: don't read after free when looking up a compression codec
   by the libtiff defined name,
   https://github.com/tonycoz/imager/issues/524
    1.022
- TIFF: We can no longer be lazy in implementing the size callback.
   https://github.com/tonycoz/imager/issues/522
   https://bugs.debian.org/1057270
    1.021
Several TIFF changes:
- require libtiff 4.1.0 or later
- add buildversion, builddate and libversion methods
- add the codecs method which fetches a list of available TIFF
   compression codes
- avoid deprecation warnings from libtiff about using the old
   libtiff defined integer types
- require vsnprintf() (C99)
- remove my adaption of TIFFReadRGBATile() since libtiff now provides
   TIFFReadRGBATileExt() which can do the same thing
- use pkg-config to find libtiff if possible
- for sufficiently modern libtiff (4.5.0) use TIFFClientOptions to
   specify the warning and error handlers, this means we no longer
   need a mutex for 4.5.0 and later.
- collect warnings using a buffer chain instead of custom allocation
   code.
- include the "module" name (typically a libtiff function name) when
   recording libtiff warnings.
- add CI to test Imager::File::TIFF against libtiff 4.1.0 through 4.6.0
- other minor fixes
Other changes:
- prevent CodeQL from complaining about an implicit conversion to
   unsigned char
    1.020
- masked(): disallow negative width/height masked images
- masked(): adjust source corners as bottom right relative if they
   are negative.
- masked(): reject image source corners where either co-ordinate is
   negative after the above adjustment.
- Imager::Files: update external image file support modules list
- internal test: don't fail on Imager::File::APNG link
- disable Imager::Font::T1 and Freetype 1.x fonts by default.
   Unpatched t1lib simply doesn't work on 64 bit systems, and no-one
   ships the patched version anymore.
   https://github.com/tonycoz/imager/issues/510
    1.019
- fix palette/transparency table generation when writing paletted PNG
   images with tranparency.  This happened to work for the test case,
   but the mechanism used to generate the palette order preserved most
   palette index positions, which hid the problem with actually
   generating the PLTE and tRNS chunks.
   https://github.com/tonycoz/imager/issues/499
- added lowish-level read() and write() class methods to
   Imager::File::PNG, these are mostly intended for
   Imager::File::APNG, but are documented and usable elsewhere.
- document in Imager::Install how to install Imager without any of
   the bundled-but-also-on-CPAN modules being installed.
   https://github.com/tonycoz/imager/issues/498
    1.018
- skip trying to produce deprecation warnings before perl 5.14, since
   that doesn't support custom warning categories within a package.
   This prevents pointless failures on these old versions of perl.
    1.017
Bug fix:
- fix a one bytes underallocation for Imager::TrimColorList.  On
   older perls this could lead to writing a zero byte one past the end
   of the allocated block.
Documentation:
- expand on why you might want to call Imager->preload() and that you
   probably don't need to.
    1.016
Upcoming backward incompatible changes:
- deprecate setting/deleting tags by code.  If this causes you a
   problem please open an issue.  You can disable the warning produced
   with:
    no warnings 'Imager::tagcodes';
- deprecate image channel masks.  If this causes you a problem please
   open an issue.  You can disable the warning produced with:
    no warnings 'Imager::channelmask';
If you use either of these features please let me know.
Minor features:
- add magic/extension support for AVIF files, see Imager::File::AVIF
   on CPAN.
- treat an unknown extension of two or more characters as a potential
   file type on write.
Bug fixes:
- prevent a possible undefined value warning from t/t10jpeg.t
- update MANIFEST.SKIPs, update MANIFESTs and improve MANIFEST testing.
- TGA: failing to read in the palette of a paletted TGA file would
   leak memory.
- JPEG: supplying invalid values for the new JPEG write tags could
   leak memory.
- PNG: fix validation of Latin1 only tags when writing PNGs.
   (detected by clang)
- matrix_transform: correctly use fabs() instead of abs() on floating
   point values when deciding whether to divide for a perspective
   transform. (detected by clang)
- fix the i_poly_aa_cfill_m() API macro
Cage cleaning:
- eliminate IO::File usage from the Imager code base
- fix a type error harmlessly ignored by gcc but found by clang
- eliminate memory leaks in sub-module Makefile.PL probe test code to
   allow the probes to succeed under LeakSanitizer.
- BMP: fix some otherwise harmless clang warnings
- remove some code meant to work around some unspecified old Solaris
   linker bug.
- i_noise: prevent a harmless conversion warning from clang
- fountain fill/filter: limit ssample_param to 1000 to simplify code.
    1.015
- rename the "virtual" member of i_img to "isvirtual" to allow the
   API to be used from C++, this may break source compatibility, using
   the i_img_virtual() accessor is backward compatible.
- add cookbook entry to populating an image from raw RGB samples
   https://github.com/tonycoz/imager/issues/471
- Imager::Probe now puts the existing value of PKG_CONFIG_PATH at the
   front of the PKG_CONFIG_PATH used when it calls pkg-config.
- setup CodeQL workflow and fix detected warnings
JPEG updates:
- detect libjpeg (of whichever variety) via pkg-config if possible
- add specific support for mozjpeg (turn its optimization off by
   default so tests pass.)
- add libjpeg_version(), is_mozjpeg(), is_turbojpeg() and
   has_arith_coding() methods
- add jpeg_compress_profile output tag, which only matters for
   mozjpeg
- the libjpeg_version() method replaces the old
   Imager::File::JPEG::i_libjpeg_version() function, and the format
   has changed.
- various obscure jpeg output controls:
   - add support for JPEG arithmetic coding when the supplied libjpeg
     supports it.  Note that not all JPEG decoders can handle arithmetic
     coded JPEGs.
   - add support for disabling the JFIF header for JPEG files using the
     jpeg_jfif tag.
   - add support for smoothing to eliminate dithering noise (like cjpeg
     -smooth) using the jpeg_smooth tag.
   - add support for producing JPEG restart markers (like cjpeg -restart
     N), using the jpeg_restart tag.
   - add control over subsample for JPEG (like the cjpeg -sample
     parameter) using the jpeg_sample tag
   - added tags for the rest of the MozJPEG API parameters.
   - add jpeg_tune tag, corresponding to the MozJPEG cjpeg -tune-*
     options.
    1.014
Bug fixes:
- fix failed to build on non-threaded perls.
   https://github.com/tonycoz/imager/issues/472
- when writing a paletted image with an alpha channel to PNG only
   set the tRNS chunk if the image has transparent colours.  With
   older libpng this could add an erroneous tRNS chunk (or possibly
   undefined behaviour if I understand the libpng code).
   https://github.com/tonycoz/imager/issues/459
Features:
- Imager::Color and Imager::Color::Float objects can now be created
   from CSS style rgb(...) strings.
   https://github.com/tonycoz/imager/issues/463
- added the as_css_rgb() method to both Imager::Color and
   Imager::Color::Float to format the supplied color as a CSS style
   rgb() string.
   https://github.com/tonycoz/imager/issues/463
- Imager::Color and Imager::Color::Float objects can now be created
   (copied) or set from other Imager::Color or Imager::Color::Float
   objects.
    1.013
- added rgb_difference() method
   Thanks to Andreas König
   https://github.com/tonycoz/imager/pull/462
- update ppport.h to prevent a redefinition diagnostic
- update bug tracker URLs to point at github
   https://github.com/tonycoz/imager/pull/466
- update some other bug tracker URLs too.
- add the trim() and trim_rect() methods, to trim borders off an
   image.
- add the as_float() method to Imager::Color and the as_8bit() method
   to Imager::Color::Float to convert between the two types.
- update ppport.h to avoid a diagnostic in more modern perls.
- add detection for HEIF, JPEG XL and QOI image formats

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship libnetfilter_conntrack

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

libnetfilter_conntrack: Update to version 1.1.0

- Update from version 1.0.9 to 1.1.0
- Update of rootfile not required
- Changelog
    1.1.0
- Enhancements for filtering dump and flush commands,
  see struct nfct_filter_dump and nfct_nlmsg_build_filter().
- ctnetlink event BPF fixes (endianness issue, IPv6 matching) and
  enhancements (zone matching).
- fix for musl compilation.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship iptables

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

iptables: Update to version 1.8.11

- Update from version 1.8.10 to 1.8.11
- Update of rootfile not required
- Changelog
    1.8.11
new features:
- New arptables-translate tool
- ebtables-nft:
  - Support for --change-counters command, albeit not atomic
  - Specify rule counters using iptables' '-c N,M' syntax
  - Support --replace and --list-rules commands
  - Support zeroing individual rules
  - Print negations (exclamation marks) extrapositioned (i.e., before
    the match they invert) for consistency with iptables
- iptables-translate:
  - Align protocol name lookups with iptables
  - iptables-translate: Support socket match and TPROXY target
  - iptables-translate: Slightly improved avoidance of redundant 'ip
    protocol'/'meta l4proto' matches
- iptables:
  - Undo numeric protocol printing of v1.8.9 for well-known protocols
    for consistency with iptables-save
  - Enable implicit extension lookup for dccp and ipcomp protocols (so
    no extra '-m <proto>' is needed after '-p <proto>')
- iptables-save: Avoid calls to getprotobynumber() for consistency and
  improved performance with huge rule sets
- libxtables: Support use of both xtables_ipaddr_to_numeric() and
  xtables_ipmask_to_numeric() as parameters to the same function call
- configure: Support disabling use of libnfnetlink
- Prefix xtables-monitor rule events by a typical command (iptables,
  ip6tables) instead of -4/-6 flags for consistency with ebtables and
  arptables events
fixes:
- arptables-nft:
  - Ineffective masks when specified in --h-type, --opcode and
    --proto-type matches
  - Wrong formatting of --h-type values and --proto-type masks causing
    misinterpretation by  arptables-restore
- iptables-nft:
  - Wrong error messages in corner-case error conditions
  - Zeroing single rule counters broken (again!)
  - Incorrect combination of inverted payload matches
  - Spurious error when zeroing a specific builtin chain which doesn't
    exist - Calling -Z command with bogus rule number must fail
- libiptc: Corner-case segfault upon renaming a chain
- ebtables-restore:
  - Corner-case bug with --noflush
  - Spurious failures when deleting multiple rules with among matches
- ebtables-nft:
  - Different line number (--Ln) formatting than ebtables-legacy
  - Off-by-one rule number when using -S command with rule number
- iptables-legacy: Broken --wait without timeout
- libxtables: Leak of matches' udata buffer
- Some matches stripped full value ranges from output even if inverted
- Illegal memory access when parsing '-c ""' (i.e., empty string
  argument)
- Inverted full interface wildcards (e.g. '! -i +') stripped from
  iptables-save output
- xtables-monitor:
  - Incorrect output when not called with -4 or -6 options
  - Flush stdout after each line to prevent buffers and help with
    scripting
  - Align output for builtin chains with that of tables
  - Capture arptables chain events, too
  - Empty 'EVENT:' lines printed for ebtables rule changes
- Fix for compiling against musl libc
- xtables-translate: Fix translation of TPROXY target
documentation updates:
- Extensions: string: Starting with linux-6.7, pattern matching no
  longer extends past 'to' offset - update the man page accordingly
- Extensions: recent: Clarify ip_list_hash_size default value and
  obsoleted state of ip_pkt_list_tot
- ebtables-nft.8: Note that --concurrent is a NOP
- Misc. typesetting, spelling and grammar fixes in man pages

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship fuse

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

fuse: Update to version 3.16.2

- Update from version 3.15.0 to 3.16.2
- Update of rootfile not required
- Changelog
    3.16.2
Various small fixes and improvements.
    3.16.1
Readdir kernel cache can be enabled from high-level API.
    3.15.1
Future libfuse releases will be signed with `signify`_ rather than PGP
(rationale_). This release is the last to be signed with PGP and contains the
signify public key for current (3.15.X) and upcoming  (3.16.X) minor release
cycle.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: fribidi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

fribidi: Update to version 1.0.16

- Update from version 1.0.12 to 1.0.16
- Update of rootfile not required
- Changelog
    1.0.16
Update Unicode character databases to v16.0.0
    1.0.15
Fixed the bad tarball from 1.0.14 with stall include files. There are no other
changes
    1.0.14
Updated Unicode tables to version 15.1
    1.0.13
Adding missing man pages to the tar release file.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship freetype

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

freetype: Update to version 2.13.3

- Update from version 2.13.2 to 2.13.3
- Update of rootfile
- Changelog is too large to include here. For details see the contents of the file
ChangeLog in the source tarball.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship elfutils

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

elfutils: Update to version 0.192

- Update from version 0.191 to 0.192
- Update of rootfile
- Changelog
    0.192
CONDUCT:    A new code of conduct has been adopted.  See the
     CONDUCT file for more information.
debuginfod: Add per-file signature verification for integrity
             checking, using RPM IMA scheme from Fedora/RHEL.
    New API for metadata queries: file name -> buildid.
    Server-side extraction of files from kernel debuginfo
     packages is significantly faster. Now takes < 0.25 seconds,
     down from ~50 seconds.
libdw:     New functions dwfl_set_sysroot, dwfl_frame_unwound_source
     and dwfl_unwound_source_str.
stacktrace: Experimental new tool that can process a stream of stack
             samples from the Sysprof profiler and unwind them into call
             chains. Enable on x86 with --enable-stacktrace. See
             README.eu-stacktrace in the development branch for detailed
             usage instructions:
             https://sourceware.org/cgit/elfutils/tree/README.eu-stacktrace?h=users/serhei/eu-stacktrace

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship conntrack-tools

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

conntrack-tools: Update to version 1.4.8

- Update from version 1.4.7 to 1.4.8
- Update of rootfile not required
- Changelog
1.4.8
bugfixes:
- fix spurious EOPNOSUPP and ENOBUFS errors with -U/--update command.
- fix spurious ENOENT -D/--delete.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship cairo

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

cairo: Update to version 1.18.2

- Update from version 1.17.6 to 1.18.2
- Update of rootfile
- Changelog
    1.18.2
The malloc-stats code has been removed from the tests directory [#640]; the
canonical location for it is: https://github.com/behdad/malloc-stats
Cairo now requires a version of pixman equal to, or newer than, 0.40. [!522]
There have been multiple build fixes for newer versions of GCC [!525, !542];
for MSVC [#808]; for Solaris [!540]; and on macOS 10.7 [#810].
PNG errors caused by loading malformed data are correctly propagated to
callers, so they can handle the case. [!524]
Both stroke and fill colors are now set when showing glyphs on a PDF
surface. [#813]
All the font options are copied when creating a fallback font object. [#819]
When drawing text on macOS, Cairo now tries harder to select the appropriate
font name. [#811]
Cairo now prefers the COLRv1 table inside a font, if one is available. [!537]
Cairo requires a C11 toolchain when building. [!479]
    1.18.0
All the API added in the 1.17 development cycle is now considered stable, and
will not change.
Many thanks to all the contributors for this release.
The cairo-sphinx tool has been removed; we could not find any instruction on
how to use it, and no user answered our call for help. If you were using
cairo-sphinx, please reach out to the cairo maintainers.
Cairo now implements Type 3 color fonts for PDF. Thanks to Adrian Johnson for
his work on this feature.
Khaled Hosny contributed multiple documentation fixes, to ensure that the
cairo API reference is up to date. Khaled also fixed multiple compiler
warnings generated when building cairo.
The XML surface has been removed; it was disabled by default when building
cairo, and we could not find any downstream distributor that would enable
it.
The Tee surface is now automatically enabled. Downstream distributors of
cairo have been enabling for years it in order to build Firefox.
Fujii Hironori and Adrian Johnson fixed multiple issues with the DWrite
font backend.
John Ralls improved the Quartz surface; mainly, Quartz surfaces now use
the main display ColorSpace, speeding up rendering operations.
Cairo now hides all private symbols by default on every platform; the old
"slim" symbols hack to alias internally used symbols has been dropped, in
favor of using `-Bsymbolic-functions` with toolchains that support it.
Uli Schlachter fixed multiple memory leaks in the code base and test suite,
and helped with many reviews and general maintenance.
Marc Jeanmougin added new API to expose the Pixman dithering filter to cairo
patterns; this is currently implemented only for image surfaces.
    1.17.8
In a continuing effort to reduce the amount of legacy code, and increase
the long-term maintainability of cairo, the following backends have been
removed:
- GL and GLES drawing
Additionally, cairo's Autotools build system has been removed; from now on,
cairo will only support the Meson build system. While the end result should
be identical, further testing is appreciated.
In this snapshot, cairo gained support for rendering COLRv1 fonts, and
rendering SVG and COLRv1 fonts with custom palettes.
Support for macOS and Windows has been improved, with lots of build and bug
fixes.
Lots of safety issues have been fixed, with array bounds checking and
plugging memory leaks, as well as fixes for bugs identified via fuzzying.
This is going to be the last snapshot of the 1.17 development cycle; we only
expect minor bug fixing and improvements until the 1.18.0 release.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

core191: ship beep

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>