Adolf Belka [Tue, 9 Sep 2025 16:51:34 +0000 (18:51 +0200)]
libconfig: Update to version 1.8.1
- Update from version 1.8 to 1.8.1
- Update of rootfile
- sobump but find-dependencies did not flag anu issues up.
- Changelog
1.8.1
Various bugfixes, portability fixes, and documentation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:32 +0000 (18:51 +0200)]
iproute2: Update to version 6.16.0
- Update from version 6.15.0 to 6.16.0
- Update of rootfile not required
- Changelog is not provided. Details of changes can be found from the git commit changes
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:31 +0000 (18:51 +0200)]
cmake: Update to version 4.1.1
- Update from version 4.0.2 to 4.1.1
- Update of rootfile
- Changelog
4.1.1
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
4.1.0
File-Based API
The cmake-file-api(7) v1 now writes partial replies when buildsystem
generation fails with an error. See the v1 Reply Error Index.
Generators
Makefile Generators and Ninja Generators gained support for adding a
linker launcher with Fortran, CUDA, and HIP. See the
CMAKE_<LANG>_LINKER_LAUNCHER variable and <LANG>_LINKER_LAUNCHER target
property for details.
Command-Line
The cmake --build command-line tool, when used with the Xcode generator,
now detects when a third-party tool has wrapped the generated .xcodeproj
in a .xcworkspace, and drives the build through the workspace instead.
Configure Log
The cmake-configure-log(7) now reports events from find_package()
(in CONFIG mode), find_path(), find_file(), find_library(), and
find_program() commands when first invoked, when their results
transition between "not found" and "found", or when enabled explicitly
by the --debug-find command-line option. See Event Kind find and Event
Kind find_package. Logging may also be controlled by the
CMAKE_FIND_DEBUG_MODE and CMAKE_FIND_DEBUG_MODE_NO_IMPLICIT_CONFIGURE_LOG
variables.
Compilers
Diab compilers from Wind River Systems, versions 5.9.x+, are now
supported with compiler id Diab for languages ASM, C, and CXX.
Renesas Compilers are now supported with compiler id Renesas for
languages ASM and C.
Commands
The add_dependencies() command may be called with no dependencies.
The cmake_pkg_config() command now supports the IMPORT and POPULATE
subcommands for interfacing CMake targets with pkg-config based
dependencies.
The project() command now has experimental support for the COMPAT_VERSION
keyword, gated by CMAKE_EXPERIMENTAL_EXPORT_PACKAGE_INFO.
Variables
The CMAKE_FIND_REQUIRED variable was added to tell find_package(),
find_path(), find_file(), find_library(), and find_program() to be
REQUIRED by default. The commands also gained an OPTIONAL keyword to
ignore the variable for a specific call.
The CMAKE_<LANG>_COMPILER_ARCHITECTURE_ID variable is now populated for
most compilers, and documented for public use.
The CMAKE_<LANG>_ICSTAT variable and corresponding <LANG>_ICSTAT target
property were added to tell the Makefile Generators and the Ninja
Generators to run the IAR icstat tool along with the compiler for C and
CXX languages.
Environment Variables
The CMAKE_<LANG>_IMPLICIT_LINK_LIBRARIES_EXCLUDE environment variable was
added to optionally exclude specific libraries from the detected set of
CMAKE_<LANG>_IMPLICIT_LINK_LIBRARIES.
Properties
The AUTOMOC_INCLUDE_DIRECTORIES target property and associated
CMAKE_AUTOMOC_INCLUDE_DIRECTORIES variable were added to override the
automatic discovery of moc includes from a target's transitive include
directories.
The MACOSX_PACKAGE_LOCATION source file property now works when set on a
source directory, and copies its entire tree into the bundle.
The PDB_NAME and COMPILE_PDB_NAME target properties now support generator
expressions.
Modules
The FindASPELL module now provides a version variable, imported targets,
and components to optionally select the Aspell library and executable
separately.
The FindBLAS and FindLAPACK modules now support the NVIDIA Performance
Libraries (NVPL).
The FindProtobuf module's protobuf_generate(DEPENDENCIES) command
argument now accepts multiple values.
The FindProtobuf module's protobuf_generate_cpp() and
protobuf_generate_python() commands, together with their
Protobuf_IMPORT_DIRS and PROTOBUF_GENERATE_CPP_APPEND_PATH hint
variables, are now deprecated in favor of the protobuf_generate() command.
Regular Expressions
The string(REGEX MATCHALL), string(REGEX REPLACE), and
list(TRANSFORM REPLACE) commands now match the regular expression ^
anchor at most once in repeated searches, at the start of the input.
See policy CMP0186.
The string(REGEX REPLACE) command now allows references to unmatched
groups. They are replaced with empty strings.
The string(REGEX MATCH), string(REGEX MATCHALL), and string(REGEX REPLACE)
commands now allow zero-length matches.
CTest
ctest(1) gained a --schedule-random-seed option to specify a numeric
random seed to make ctest --schedule-random deterministic for reproduction.
CPack
The CPack NuGet Generator gained option CPACK_NUGET_SYMBOL_PACKAGE to
generate NuGet symbol packages containing PDB files.
The CPack RPM Generator gained CPACK_RPM_PACKAGE_ENHANCES,
CPACK_RPM_PACKAGE_RECOMMENDS, and CPACK_RPM_PACKAGE_SUPPLEMENTS
variables to specify the corresponding RPM spec fields.
Deprecated and Removed Features
The FindGTest module's result variables GTEST_INCLUDE_DIRS,
GTEST_LIBRARIES, GTEST_MAIN_LIBRARIES, and GTEST_BOTH_LIBRARIES are now
deprecated in favor of using GTest::gtest and GTest::gtest_main imported
targets.
The FindGCCXML module has been deprecated via policy CMP0188. Port
projects to CastXML instead.
The FindCABLE module has been deprecated via policy CMP0191.
The CMakeDetermineVSServicePack module has been deprecated via policy
CMP0196. Port projects to the CMAKE_<LANG>_COMPILER_VERSION variable
instead.
Other Changes
The ExternalProject module no longer checks the URL archive file
extension. Any archive type that cmake -E tar can extract is now allowed.
Modules FindPython3, FindPython2 and FindPython now enforce consistency
of artifacts in cross-compiling mode. This prevents mixing host and
target artifacts. See policy CMP0190.
The GNUInstallDirs module now prefers to default SYSCONFDIR,
LOCALSTATEDIR, and RUNSTATEDIR to absolute paths when installing to
special prefixes. See policy CMP0192.
The GNUInstallDirs module now caches CMAKE_INSTALL_* variables with their
leading usr/ for install prefix /. See policy CMP0193.
The install(TARGETS) command no longer ignores file sets which haven't
been defined at the point it is called. The ordering of
target_sources(FILE_SET) and install(TARGETS) is no longer semantically
relevant.
Enabling ASM no longer accidentally succeeds using MSVC's cl C compiler
as an assembler. See policy CMP0194.
The MSVC link -machine: flag is no longer added to the
CMAKE_*_LINKER_FLAGS variables. See policy CMP0197.
The TARGET_PROPERTY generator expression now evaluates the LINK_LIBRARIES
and INTERFACE_LINK_LIBRARIES target properties transitively. See policy
CMP0189.
4.0.4
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
4.0.3
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 11 Aug 2025 17:39:01 +0000 (19:39 +0200)]
ids.cgi: Auto fill form inputs with their temporary stored values in
error case
If an user provides any invalid input in the form an error message will be
displayed. In this case, all the form elements (inputs) will be filled
with their temporary stored values from the cgiparams hash.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Aug 2025 10:47:49 +0000 (11:47 +0100)]
ids.cgi: Fix table flows
This slightly changes how we list interfaces, but since that got a
little bit tight if lots of interfaces were available (and which
language has been used), this is probably a good idea to change it to
rows.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 7 Aug 2025 09:35:58 +0000 (09:35 +0000)]
python3-setuptools: Update to 80.9.0
This patch also removes this as a package. There is no point to ship
this package as the dependencies are not available and there should not
be enough tools around to actually build anything.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:42 +0000 (09:30 +0200)]
harfbuzz: Update to version 11.4.5
- Update from version 11.4.3 to 11.4.5
- Update of rootfile
- Changelog
11.4.5
- Bug fixes for “AAT” shaping, and other shaping micro optimizations.
11.4.4
- Fix a shaping regression affecting mark glyphs in certain fonts.
- Fix pruning of mark filtering sets when subsetting fonts, which caused
changes in shaping behaviour.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:43 +0000 (09:30 +0200)]
libtirpc: Update to version 1.3.7
- Update from version 1.3.6 to 1.3.7
- Update of rootfile not required
- Changelog
1.3.7
Add conditional version script support
This patch adds conditional symbol versioning to libtirpc, allowing
GSS-API, DES crypto, and RPC database symbols to be conditionally
included in the version script based on build configuration.
LLD is strict about undefined symbols referenced in a version script.
Some libtirpc symbols (rpcsec_gss, old DES helpers, rpc database
helpers) are optional and may not be built depending on configure
options or missing deps. GNU ld tolerated this; LLD errors out.
This change keeps the canonical symbol map in src/libtirpc.map, but
adds a make-time rule to generate a filtered copy
where names from disabled features are deleted. The lib is then linked
against the generated linker map file.
Fixes linking errors when these features are not available.
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
update signal and key_call declarations to allow compile with gcc-15
Follow up patch addressing the following declarations:
sed -n 75,77p libtirpc-1.3.6/src/key_call.c
cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
des_block *(*__key_gendes_LOCAL)() = 0;
Update declarations to allow compile with gcc-15
This patch fixes some of the compile errors with gcc 15-20241117.
In addition the follow declarations need to be fixed:
sed -n 75,77p libtirpc-1.3.6/src/key_call.c
cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
des_block *(*__key_gendes_LOCAL)() = 0;
Revert "getnetconfig.c: free linep to avoid memory leakage"
This reverts commit f138e68e7ffefa3f4d71857ddb137fff877fd1d0.
There was no memory leak and freeing allocated memory is not a good thing
getnetconfig.c: free linep to avoid memory leakage
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:44 +0000 (09:30 +0200)]
pcre2: Update to version 10.46
- Update from version 10.45 to 10.46
- Update of rootfile
- Changelog
10.46
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to prevent a
read-past-the-end memory error, of arbitrary length. An attacker-controlled
regex pattern is required, and it cannot be triggered by providing crafted
subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used
together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information disclosure,
and could potentially be used to escalate other vulnerabilities in a system
(such as information disclosure being used to escalate the severity of an
unrelated bug in another system).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Aug 2025 13:27:15 +0000 (15:27 +0200)]
fireinfo: housekeeping to merge patches into version v2.2.1
- As the last update was 5 years ago, I thought it good housekeeping to merge the four
patches into the fireinfo tarball
- Update of rootfile not required
- Changelog
v2.2.1
Inclusion of previous four patches into tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 29 Aug 2025 19:26:00 +0000 (21:26 +0200)]
tshark: Update to version 4.4.9
- Update from version 4.4.8 to 4.4.9
- Update of rootfile
- Changelog
4.4.9
Bug Fixes
wnpa-sec-2025-03 SSH dissector crash. Issue 20642.
RDM Product Detail List ID Disect incorrect. Issue 20612.
SCCP LUDT segmentation decoding fails. Issue 20647.
Ciscodump fails to start capture on Cisco IOS. Issue 20655.
[BACnet] WritePropertyMultiple closing context tag 1 not showing. Issue 20665.
Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit
length. Issue 20671.
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BACapp, LIN, MySQL, RDM, SABP, SCCP, sFlow, and SSH
New and Updated Capture File Support
There is no new or updated capture file support in this release.
Updated File Format Decoding Support
There is no updated file format support in this release.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 29 Aug 2025 19:25:59 +0000 (21:25 +0200)]
meson: Update to version 1.9.0
- Update from version 1.8.0 to 1.9.0
- Update of rootfile
- Changelog
1.9.0
Array .flatten() method
Arrays now have a .flatten() method, which turns nested arrays into a
single flat array. This provides the same effect that Meson often
does to arrays internally, such as when passed to most function
arguments.
clang-tidy's auto-generated targets correctly select source files
In previous versions, the target would run clang-tidy on every C-like
source files (.c, .h, .cpp, .hpp). It did not work correctly because
some files, especially headers, are not intended to be consumed as is.
It will now run only on source files participating in targets.
Added Qualcomm's embedded linker, eld
Qualcomm recently open-sourced their embedded linker.
https://github.com/qualcomm/eld
Meson users can now use this linker.
Added suffix function to the FS module
The basename and stem were already available. For completeness, expose
also the suffix.
Support response files for custom targets
When using the Ninja backend, Meson can now pass arguments to
supported tools through response files.
In this release it's enabled only for the Gnome module, fixing calling
gnome.mkenums() with a large set of files on Windows (requires
Glib 2.59 or higher).
meson format now has a --source-file-path argument when reading from stdin
This argument is mandatory to mix stdin reading with the use of editor
config. It allows to know where to look for the .editorconfig, and to
use the right section of .editorconfig based on the parsed file name.
Added license keyword to pkgconfig.generate
When specified, it will add a License: attribute to the generated .pc
file.
New experimental option rust_dynamic_std
A new option rust_dynamic_std can be used to link Rust programs so
that they use a dynamic library for the Rust libstd.
Right now, staticlib crates cannot be produced if rust_dynamic_std is
true, but this may change in the future.
Rust and non-Rust sources in the same target
Meson now supports creating a single target with Rust and non Rust
sources mixed together. In this case, if specified, link_language
must be set to rust.
Explicitly setting Swift module name is now supported
It is now possible to set the Swift module name for a target via the
swift_module_name target kwarg, overriding the default inferred from
the target name.
lib = library('foo', 'foo.swift', swift_module_name: 'Foo')
Top-level statement handling in Swift libraries
The Swift compiler normally treats modules with a single source file
(and files named main.swift) to run top-level code at program start.
This emits a main symbol which is usually undesirable in a library
target. Meson now automatically passes the -parse-as-library flag to
the Swift compiler in case of single-file library targets to disable
this behavior unless the source file is called main.swift.
Swift compiler receives select C family compiler options
Meson now passes select few C family (C/C++/Obj-C/Obj-C++) compiler
options to the Swift compiler, notably -std=, in order to improve the
compatibility of C code as interpreted by the C compiler and the
Swift compiler.
NB: This does not include any of the options set in the target's c_flags.
Swift/C++ interoperability is now supported
It is now possible to create Swift executables that can link to C++ or
Objective-C++ libraries. To enable this feature, set the target kwarg
swift_interoperability_mode to 'cpp'.
To import C++ code, specify a bridging header in the Swift target's
sources, or use another way such as adding a directory containing a
Clang module map to its include path.
Note: Enabling C++ interoperability in a library target is a breaking
change. Swift libraries that enable it need their consumers to enable
it as well, as per the Swift documentation.
Swift 5.9 is required to use this feature. Xcode 15 is required if the
Xcode backend is used.
lib = static_library('mylib', 'mylib.cpp')
exe = executable('prog', 'main.swift', 'mylib.h', link_with: lib,
swift_interoperability_mode: 'cpp')
Support for MASM in Visual Studio backends
Previously, assembling .masm files with Microsoft's Macro Assembler is
only available on the Ninja backend. This now also works on Visual
Studio backends.
Note that building ARM64EC code using ml64.exe is currently
unimplemented in both of the backends. If you need mixing x64 and
Arm64 in your project, please file an issue on GitHub.
Limited support for WrapDB v1
WrapDB v1 has been discontinued for several years, Meson will now
print a deprecation warning if a v1 URL is still being used. Wraps
can be updated to latest version using meson wrap update command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20250127.0 to 20250814.0
- Update of rootfile
- Changelog 20250814.0
What's New:
absl::Mutex now contains lower-case method names like lock() and
shared_lock() to align with standard C++ mutex methods. This allows
absl::Mutex to be used with std::scoped_lock and friends. The old names
are still present but may be removed in a future release.
The RAII Mutex-locker types like absl::MutexLock, absl::ReaderMutexLock,
and friends now accept references to absl::Mutex. The pointer-accepting
constructors are now deprecated, and may be removed in a future release.
Breaking Changes:
Nullability template types, which were deprecated in the May 2025 release,
have been removed.
absl::string_view(nullptr), which is undefined behavior according to the
C++ standard, now triggers an assert failure. Note that unless you
changed absl/base/options.h, absl::string_view is an alias for
std::string_view, so by default you will be inheriting the behavior of
your standard library instead of using the Abseil implementation.
Abseil's hash tables now require a hash function that has a return type
with size >= sizeof(size_t).
Known Issues
CHECK_<OP> is failing to compile on older versions of GCC when one of the
arguments is a C-style string. This is fixed by ba9a180 and will be
included in a future patch release. 20250512.1
What's New:
The polyfill types absl::any, absl::optional, and absl::variant are now
aliases for std::any, std::optional, and std::variant in all builds.
(Note that the polyfill implementation absl::string_view remains at the
present time, but it defaults to being an alias std::string_view in all
builds.)
Added absl::FastTypeId<Type>(), which evaluates at compile-time to a
unique id for the passed-in type.
Added absl::endian and absl::byteswap polyfills (25bce12).
Breaking Changes:
Abseil now requires at least C++17 and follows Google's Foundational C++
Support Policy. See this table for a list of currently supported versions
compilers, platforms, and build tools.
Nullability template types are deprecated and will be removed in a future
release. The macro-style annotations (absl_nonnull, absl_nullable) should
be used instead (caf854d).
Known Issues
None known at this time. 20250512.0
What's New:
The polyfill types absl::any, absl::optional, and absl::variant are now
aliases for std::any, std::optional, and std::variant in all builds.
(Note that the polyfill implementation absl::string_view remains at the
present time, but it defaults to being an alias std::string_view in all
builds.)
Added absl::FastTypeId<Type>(), which evaluates at compile-time to a
unique id for the passed-in type.
Added absl::endian and absl::byteswap polyfills (25bce12).
Breaking Changes:
Abseil now requires at least C++17 and follows Google's Foundational C++
Support Policy. See this table for a list of currently supported versions
compilers, platforms, and build tools.
Nullability template types are deprecated and will be removed in a future
release. The macro-style annotations (absl_nonnull, absl_nullable) should
be used instead (caf854d).
Known Issues
This release fails to compile with GCC7 and GCC8. This is fixed in 20250512.1. 20250127.1
What's New:
Added support for Bazel 8.0
Added support for Bazel Platforms for better portability
Added ABSL_ATTRIBUTE_VIEW and ABSL_ATTRIBUTE_OWNER for diagnosing certain
lifetime issues
Many performance improvements
A security issue in hash container create/resize has been fixed. Note that
the latest patch releases for previous LTS versions also address this issue.
Breaking Changes:
Bazel BUILD files now reference repositories by their canonical names from
the Bazel Central Registry. For example, Abseil is now @abseil-cpp
instead of @com_google_absl, and GoogleTest is now @googletest instead of
@com_google_googletest. Users still using the old WORKSPACE system may
need to use repo_mapping on repositories that still use the old names.
See 90a7ba6 for an example.
Other:
This will be the last release to support C++14. Future releases will
require at least C++17.
Known Issues
None known at this time.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 29 Aug 2025 20:54:17 +0000 (21:54 +0100)]
ovpnmain.cgi: Explicitely pass the gateway for static routes
OpenVPN seems to fail to use the correct gateway if the client does not
use the default pool. In that case, we need to explicitely push the
correct gateway.
Fixes: #13872 - Warning: route gateway is not reachable on any active network adapters Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 29 Aug 2025 11:36:44 +0000 (13:36 +0200)]
samba: Update to version 4.22.4
- Update from version 4.22.3 to 4.22.4
- Update of rootfile not required for any of the architectures
- Changelog
4.22.4
* BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0.
* BUG 15844: getpwuid does not shift to new DC when current DC is down.
* BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName-
* BUG 15881: Unresponsive second DC can cause idmapping failure when using
idmap_ad-
* BUG 15840: kinit command is failing with Missing cache Error.
* BUG 15891: Figuring out the DC name from IP address fails and breaks
fork_domain_child().
* BUG 15816: vfs_streams_depot fstatat broken.
* BUG 15892: Delayed leader broadcast can block ctdb forever.
* BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0.
* BUG 15663: Apparently there is a conflict between shadow_copy2 module and
virusfilter (action quarantine).
* BUG 15877: Fix handling of empty GPO link.
* BUG 15880: SMB ACL inheritance doesn't work for files created.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Aug 2025 18:49:03 +0000 (20:49 +0200)]
whois: Update to version 5.6.4
- Update from version 5.6.1 to 5.6.4
- Update of rootfile not required
- Changelog
5.6.4
* Updated the .cm and .to TLD servers.
5.6.3
* Added the .sr and .мон (.xn--l1acc, Mongolia) TLD servers.
* Use readpassphrase(3) on OpenBSD and FreeBSD.
5.6.2
* Updated the .post and .in (and related IDN TLDs) TLD servers.
* Removed 1 new gTLDs which is no longer active.
* Build-Depend on libcrypt-dev. (Closes: #1106977)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Aug 2025 18:49:02 +0000 (20:49 +0200)]
sudo: Update to version 1.9.17p2
- Update from version 1.9.17p1 to 1.9.17p2
- Update of rootfile not required
- Changelog
1.9.17p2
* Fixed a bug introduced in sudo 1.9.16 that could result in sudo
sending SIGHUP to all processes on the system in certain rare
cases. The bug could manifest if sudo is running a command in
a pseudo-terminal, sudo terminates the command due to an internal
error, and the user's terminal is revoked. GitHub issue #458.
* Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort
when the "intercept" and "intercept_verify" options are enabled
in sudoers and either the command line arguments or the environment
contains a string larger than the page size (usually 4096). This
only Linux affects systems that support the ptrace_readv_string()
function. GitHub issue #453.
* Fixed a bug in sudo's configure script introduced in sudo 1.9.17
that prevented mdoc-format man pages from being used on systems
without the mandoc utility. Bug #1077.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Aug 2025 18:49:01 +0000 (20:49 +0200)]
rpcbind: Update to version 1.2.8
- Update from version 1.2.7 to 1.2.8
- Update of rootfile not required
- Changelog
1.2.8
rpcinfo: Removed a number of "old-style function definition" warnings
rpcbind: Add -v flag to print version and config
This helps to see compiled time options, e.g. remote calls enablement.
$ ./rpcbind -v
rpcbind 1.2.7
debug: no, libset debug: no, libwrap: no, nss modules: files,
remote calls: no, statedir: /run/rpcbind, systemd: yes,
user: root, warm start: no
man/rpcbind: Update list of options
-L was removed in 718ab7e, -w added in 9b1aaa6, -f added in eb36cf1. Fixes: 718ab7e ("Removed the documentation about the non-existent '-L' flag") Fixes: 9b1aaa6 ("Allow the warms start code to be enabled at compile
time...") Fixes: eb36cf1 ("rpcbind: add no-fork mode")
Comment out ListenStream=@/run/rpcbind.sock
[nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc() Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2173869
Move rpbind's default configuration to /run verses /var/run
Move rpcbind.lock to /run
Most of the distros have /var/run as symlink to /run.
Because /var may be a separate partition, and could even be mounted via
NFS, having to look directly to /run help to avoid issues rpcbind
startup early in boot when /var might not be available.
systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup
Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora
rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2]
where /var/run/rpcbind.lock cannot be created due missing /var/run/
directory. But the suggestion to add RequiresMountFor=... was
implemented in ee569be ("Fix boot dependency in systemd service file").
But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and
/run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind
1.2.6:
rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind:
Read-only file system
Adding systemd-tmpfiles-setup.service fixes it.
NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but
systemd-tmpfiles-setup.service looks to me more specific).
openSUSE uses only After=sysinit.target as a result of #1117217 [3]
(also works).
[1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561
[3] https://bugzilla.suse.com/show_bug.cgi?id=1117217
systemd/rpcbind.service.in: Add various hardenings options
We've been running rpcbind 1.2.6 with it in openSUSE since 2021.
NOTE: In systemd < 244 (released Nov 2019) some of these options are
unknown and will produce warnings, see
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
man/rpcbind: Add Files section to manpage
Previous commit added 3 non-default files, mention them in man page.
systemd/rpcbind.service.in: Add few default EnvironmentFile
Add some defaults so that distros can drop patches to configure it.
* openSUSE and Fedora use /etc/sysconfig/rpcbind
https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1
https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch
* Debian uses /etc/rpcbind.conf and /etc/default/rpcbind
https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads
Add all these 3 in order:
* /etc/rpcbind.conf
* /etc/default/rpcbind
* /etc/sysconfig/rpcbind
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Aug 2025 18:48:59 +0000 (20:48 +0200)]
nano: Update to version 8.6
- Update from version 8.5 to 8.6
- Update of rootfile not required
- Changelog
8.6
• The GotoLine menu accepts the prefixes ++ and -- for jumping
a number of lines forward or backward.
• Anchors are not forgotten when a line number is given on the
command line.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
