Michael Tremer [Fri, 23 May 2025 15:23:25 +0000 (15:23 +0000)]
dnsdist: Update to 1.9.10
We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible.
While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests.
Adolf Belka [Tue, 20 May 2025 10:57:39 +0000 (12:57 +0200)]
http-client-functions.pl: Fixes bug13852
Suggested-by: Adam G <ag@ipfire.org> Fixes: bug13852 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Adam G <ag@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:31 +0000 (15:08 +0200)]
libarchive: Update to version 3.8.0
- Update from version 3.7.9 to 3.8.0
- Update of rootfile
- Changelog
3.8.0
New features:
bsdtar: support --mtime and --clamp-mtime (#2601)
lib: mbedtls 3.x compatibility (#2602)
7-zip reader: improve self-extracting archive detection (#2088)
xar: xmllite support for the XAR reader and writer (#2388)
zip writer: added XZ, LZMA, ZSTD and BZIP2 support (#2137, #2284, #2391)
zip writer: added LZMA + RISCV BCJ filter (#2403)
Notable security fixes:
rar: do not skip past EOF while reading (#2584)
rar: fix double free with over 4 billion nodes (#2598)
rar: fix heap-buffer-overflow (#2599)
warc: prevent signed integer overflow (#2568)
tar: fix overflow in build_ustar_entry (#2588)
Notable bugfixes:
bsdtar: don't hardlink negative inode files together (#2587)
gz: allow setting the original filename for gzip compressed files (#2544)
lib: improve lseek handling (#2564)
lib: support @-prefixed Unix epoch timestamps as date strings (#2606)
rar: support large headers on 32 bit systems (#2596)
tar reader: Improve LFS support on 32 bit systems (#2582)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:30 +0000 (15:08 +0200)]
bind: Update to version 9.20.9
- Update from version 9.20.8 to 9.20.9
- Update of rootfile
- Changelog
9.20.9
Security Fixes
- [CVE-2025-40775] Prevent assertion when processing TSIG algorithm.
``b8c198ac5ca``
DNS messages that included a Transaction Signature (TSIG) containing
an invalid value in the algorithm field caused :iscman:`named` to
crash with an assertion failure. This has been fixed.
:cve:`2025-40775` :gl:`#5300`
Feature Changes
- Use jinja2 templates in system tests. ``8f545784ff0``
`python-jinja2` is now required to run system tests. :gl:`#4938`
:gl:`!10396`
Bug Fixes
- Fix EDNS yaml output. ``8c3b226d89b``
`dig` was producing invalid YAML when displaying some EDNS options.
This has been corrected.
Several other improvements have been made to the display of EDNS
option data: - We now use the correct name for the UPDATE-LEASE
option, which was previously displayed as "UL", and split it into
separate LEASE and LEASE-KEY components in YAML mode. - Human-readable
durations are now displayed as comments in YAML mode so as not to
interfere with machine parsing. - KEY-TAG options are now displayed as
an array of integers in YAML mode. - EDNS COOKIE options are displayed
as separate CLIENT and SERVER components, and cookie STATUS is a
retrievable variable in YAML mode. :gl:`#5014` :gl:`!10414`
- Return DNS COOKIE and NSID with BADVERS. ``34b7323bad6``
This change allows the client to identify the server that returns the
BADVERS and to provide a DNS SERVER COOKIE to be included in the
resend of the request. :gl:`#5235` :gl:`!10392`
- Disable own memory context for libxml2 on macOS. ``51e51d5ea8f``
Apple broke custom memory allocation functions in the system-wide
libxml2 starting with macOS Sequoia 15.4. Usage of the custom memory
allocation functions has been disabled on macOS. :gl:`#5268`
:gl:`!10411`
- `check_private` failed to account for the length byte before the OID.
``2b827380e75``
In PRIVATEOID keys, the key data begins with a length byte followed
by an ASN.1 object identifier that indicates the cryptographic
algorithm to use. Previously, the length byte was not accounted for
when checking the contents of keys and signatures, which could have
led to interoperability problems with any zones signed using
PRIVATEOID. This has been fixed. :gl:`#5270` :gl:`!10376`
- Fix a serve-stale issue with a delegated zone. ``d839d11bf62``
When ``stale-answer-client-timeout 0`` option was enabled, it could be
ignored when resolving a zone which is a delegation of an
authoritative zone belonging to the resolver. This has been fixed.
:gl:`#5275` :gl:`!10420`
- Fix the ksr two-tone test. ``3e2b255b5b7``
The two-tone ksr subtest (test_ksr_twotone) depended on the
dnssec-policy keys algorithm values in named.conf being entered in
numerical order. As the algorithms used in the test can be selected
randomly this does not always happen. Sort the dnssec-policy keys by
algorithm when adding them to the key list from named.conf.
:gl:`#5286` :gl:`!10435`
- Revert NSEC3 closest encloser lookup improvements. ``ac41f158fad``
The performance improvements for NSEC3 closest encloser lookups that
were restored in BIND 9.20.8 turned out to cause incorrect NSEC3
records to be returned in nonexistence proofs and were therefore
reverted again. :gl:`#5292` :gl:`!10443`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:29 +0000 (15:08 +0200)]
apr: Update to version 1.7.6
- Update from version 1.7.5 to 1.7.6
- Update of rootfile
- Changelog
1.7.6
*) test/testsock.c (test_get_addr): Fix test to portably switch
the socket to non-blocking mode using apr_socket_timeout_set().
Also make the test SKIP for the case where the connect() completes
synchronously. [Ivan Zhakov]
*) network_io/win32/sockets.c: (apr_socket_connect): Copy the remote
address by value rather than by reference. This ensures that the
sockaddr object returned by apr_socket_addr_get is allocated from
the same pool as the socket object itself, as apr_socket_accept
does; avoiding any potential lifetime mismatches. [Ivan Zhakov]
*) CMake: Install include/apr_encode.h. [Ivan Zhakov]
*) CMake: Fix installation PDB files with multi-config generators.
[Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:27 +0000 (11:09 +0200)]
man-pages: Update to version 6.14
- Update from version 6.9.1 to 6.14
- Update of rootfile
- -R had to be added in to make command. See changelog Global changes for version 6.11
The -R will be able to be removed after make version 4.5 has been released.
- Changelog
6.14
New and rewritten pages
man2const/
UFFDIO_MOVE.2const
man7/
mctp.7
Newly documented interfaces in existing pages
man2/
fanotify_init.2
FAN_REPORT_FD_ERROR
FAN_REPORT_MNT
fanotify_mark.2
FAN_PRE_ACCESS
FAN_MARK_MNTNS
FAN_MNT_ATTACH, FAN_MNT_DETACH
open_by_handle_at.2
AT_HANDLE_CONNECTABLE
AT_HANDLE_MNT_ID_UNIQUE
man2const/
TIOCLINUX.2const
TIOCL_SELCHAR
TIOCL_SELWORD
TIOCL_SELLINE
TIOCL_SELPOINTER
TIOCL_SELCLEAR
TIOCL_SELMOUSEREPORT
man3/
abs.3
uabs(3)
ulabs(3)
ullabs(3)
uimaxabs(3)
man7/
fanotify.7
FAN_DENY_ERRNO()
FAN_REPORT_FD_ERROR
FAN_PRE_ACCESS
FAN_RESPONSE_INFO_AUDIT_RULE
FAN_REPORT_MNT
FAN_MNT_ATTACH, FAN_MNT_DETACH
FAN_EVENT_INFO_TYPE_MNT
New and changed links
man3/
uabs.3 (abs(3))
ulabs.3 (abs(3))
ullabs.3 (abs(3))
uimaxabs.3 (abs(3))
Global changes
- CREDITS, *
- Move in-source contribution records to a new CREDITS file, and
update copyright notices to be uniform across the project.
- man/
- Use GNU forward declarations of parameters for sizes of array
parameters.
- \fX => \f[X]
- Use 'path' instead of 'pathname' for parameters.
6.13
Newly documented interfaces in existing pages
man7/
landlock.7
Landlock ABI v6
LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
LANDLOCK_SCOPE_SIGNAL
Global changes
- Build system:
- PDF book:
- Add support for UNIX V10 sources.
- Makefiles:
- Don't pass an escaped # to grep(1). Use a trick to work with
both new and old systems. This fixes a regressions in the
build system from man-pages-6.11, which was itself introduced
while fixing a regression introduced in man-pages-6.10.
6.12
Newly documented interfaces in existing pages
man2/
mbind.2
MPOL_PREFERRED_MANY
set_mempolicy.2
MPOL_PREFERRED_MANY
Global changes
- Build system:
- Use ifndef and := instead of ?= (fixes regression introduced in
6.11, which affected at least the version string).
6.11
New and rewritten pages
man7/
pathname.7
Global changes
- Build system:
- [Breaking change!]
Require the user to pass '-R' to make(1). This is necessary to be
able to do the following change. When GNU make(1) releases a new
version, it will not be necessary to pass -R, but in current
versions of make(1) it is necessary.
- [Breaking change!]
Use '?=' assignments instead of ':=', to support setting make(1)
variables in the environment. Now one can do this:
$ export prefix=/usr
$ make -R
$ sudo make install -R
(The -R is only necessary in GNU make(1) versions prior to the
yet-unreleased 4.5.)
- Escape '#' in regexes, to support old versions of GNU make(1).
This fixes a regression in man-pages-6.10, which caused issues in
users with an old-enough version of GNU make(1), such as the one
present in Debian old-old-stable.
- Fix duplicate overview-panel entries in the PDF book.
- CONTRIBUTING.d/:
- Add C coding style guide.
- RELEASE:
- Document the production of the book.
- man/:
- Refresh bpf-helpers(7) from Linux v6.13.
6.10
New and rewritten pages
man1/
diffman-git.1
mansect.1
pdfman.1
sortman.1
man2/
keyctl.2 (split into many pages)
listmount.2
statmount.2
uretprobe.2
man2const/
KEYCTL_ASSUME_AUTHORITY.2const (previously, keyctl.2)
KEYCTL_CHOWN.2const (previously, keyctl.2)
KEYCTL_CLEAR.2const (previously, keyctl.2)
KEYCTL_DESCRIBE.2const (previously, keyctl.2)
KEYCTL_DH_COMPUTE.2const (previously, keyctl.2)
KEYCTL_GET_KEYRING_ID.2const (previously, keyctl.2)
KEYCTL_GET_PERSISTENT.2const (previously, keyctl.2)
KEYCTL_GET_SECURITY.2const (previously, keyctl.2)
KEYCTL_INSTANTIATE.2const (previously, keyctl.2)
KEYCTL_INVALIDATE.2const (previously, keyctl.2)
KEYCTL_JOIN_SESSION_KEYRING.2const (previously, keyctl.2)
KEYCTL_LINK.2const (previously, keyctl.2)
KEYCTL_READ.2const (previously, keyctl.2)
KEYCTL_RESTRICT_KEYRING.2const (previously, keyctl.2)
KEYCTL_REVOKE.2const (previously, keyctl.2)
KEYCTL_SEARCH.2const (previously, keyctl.2)
KEYCTL_SESSION_TO_PARENT.2const (previously, keyctl.2)
KEYCTL_SETPERM.2const (previously, keyctl.2)
KEYCTL_SET_REQKEY_KEYRING.2const (previously, keyctl.2)
KEYCTL_SET_TIMEOUT.2const (previously, keyctl.2)
KEYCTL_UNLINK.2const (previously, keyctl.2)
KEYCTL_UPDATE.2const (previously, keyctl.2)
PR_RISCV_SET_ICACHE_FLUSH_CTX.2const
man3/
__riscv_flush_icache.3
timespec_get.3
wcscasecmp.3 (merged wcsncasecmp.3 with it)
wcsncasecmp.3 (merged into wcsncasecmp.3)
Newly documented interfaces in existing pages
man2/
io_submit.2
RWF_ATOMIC
RWF_NOAPPEND
landlock_add_rule.2
Landlock ABI v4
landlock_create_ruleset.2
Landlock ABI v4
madvise.2
MADV_GUARD_INSTALL
MADV_GUARD_REMOVE
perf_event_open.2
struct perf_event_attr::inherit && cpus=-1
posix_fadvise.2
POSIX_FADV_NOREUSE
prctl.2
PR_RISCV_SET_ICACHE_FLUSH_CTX
process_madvise.2
All flags permitted for calling process
readv.2
RWF_ATOMIC
RWF_NOAPPEND
stat.2
AT_EMPTY_PATH && NULL
statx.2
AT_EMPTY_PATH && NULL
STATX_DIO_READ_ALIGN
STATX_MNT_ID_UNIQUE
STATX_SUBVOL
STATX_WRITE_ATOMIC
man3/
dlinfo.3
RTLD_DI_PHDR
fnmatch.3
FNM_IGNORECASE
man7/
landlock.7
Landlock ABI v4
Landlock ABI v5
rtnetlink.7
struct ifa_cacheinfo
New and changed links
man2/
riscv_flush_icache.2 (__riscv_flush_icache(3))
man2const/
KEYCTL_INSTANTIATE_IOV.2const (KEYCTL_INSTANTIATE(2const))
KEYCTL_NEGATE.2const (KEYCTL_INSTANTIATE(2const))
KEYCTL_REJECT.2const (KEYCTL_INSTANTIATE(2const))
man3/
timespec_getres.3 (timespec_get(3))
wcsncasecmp.3 (wcscasecmp(3))
Global changes
- src/bin/
- Add a few programs that are useful for maintaining manual pages:
diffman-git(1), mansect(1), pdfman(1), sortman(1)
- SPONSORS
- Add file listing the sponsors of this project.
- CONTRIBUTING*
- Expand documentation for contributing to the project. Especially,
regarding help using git(1).
- man/
- Split keyctl.2
- man2/, man3/: SYNOPSIS: Rename function parameters for consistency
and correctness.
- man2/, man3/: SYNOPSIS: Use typeof() to improve readability of
function pointers.
- man1/: SYNOPSIS: Use .SY/.YS for formatting commands.
- share/mk/
- Refactor *FLAGS and LDLIBS variables, as requested by some
distros.
- LICENSES/
- Add GPL-3.0-or-later.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:26 +0000 (11:09 +0200)]
libgcrypt: Update to version 1.11.1
- Update from version 1.11.0 to 1.11.1
- Update of rootfile
- Changelog
1.11.1
* Bug fixes:
- Fix build regression on 32 bit Windows using Clang. [T7175]
- Fix build regression on macOS due to symbol naming. [T7170]
- Fix Kyber secret-dependent branch introduced by recent versions
of Clang. [rCf765778e82]
- Fix build regression due to the use of AVX512 in Blake. [T7184]
- Do not build i386 asm on amd64 and vice versa. [T7220]
- Fix build regression on armhf with gcc-14. [T7226]
- Return the proper error code on malloc failure in hex2buffer.
[rCc51151f5b0]
- Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
* Performance:
- Add AES Vector Permute intrinsics implementation for AArch64.
[rC94a63aedbb]
- Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
- Add RISC-V vector permute AES. [rCb24ebd6163]
- Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
- Add ChaCha20 RISC-V vector intrinsics implementation.
[rC8dbee93ac2]
- Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
* Other:
- Add CET support for i386 and amd64 assembly. [T7220]
- Add PAC/BTI support for AArch64 asm. [T7220]
- Apply changes to Kyber from upstream for final FIPS 203.
[rCcc95c36e7f]
- Introduce an internal API for a revampled FIPS service indicator.
[T7340]
- Several improvements for constant time operation by the
introduction of Least Leak Intended (LLI) variants of internal
functions. [T7519,T7490]
- Remove WindowsCE support. [T7486]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:25 +0000 (11:09 +0200)]
iperf3: Update to version 3.19
- Update from version 3.16 to 3.19
- Update of rootfile not required
- CVE fix in version 3.18 and another in 3.17. The CVE fix in 3.17 results in a breaking
change. The vulnerable option can be enabled in the build but that doesn't seem to be
a good approach for IPFire. I am not sure that the non backwards compatible changed
padding on encrypted strings would create a problem for us. I suspect this is more
if iperf3 is being used in a continuous measuring mode and in IPFire it is an addon
that is used to measure throughput rates when required.
- Changelog
3.19
Notable user-visible changes
iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux
with the use of the -m or --mptcp flag. (PR #1661)
iperf3 now supports a --cntl-ka option to enable TCP keepalives
on the control connection. (#812, #835, PR #1423)
iperf3 now supports the MSG_TRUNC receive option, specified by
the --skip-rx-copy. This theoretically improves the rated
throughput of tests at high bitrates by not delivering network
payload data to userspace. (#1678, PR #1717)
A bug that caused the bitrate setting to be ignored when bursts
are set, has been fixed. (#1773, #1820, PR #1821, PR #1848)
The congestion control protocol setting, if used, is now
properly reset between tests. (PR #1812)
iperf3 now exits with a non-error 0 exit code if exiting via a
SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829)
The current behavior of iperf3 with respect to the -n and -k
options is now documented as correct. (#1768, #1775, #596, PR #1800)
Notable developer-visible changes
iperf3 now supports a callback function to get the JSON output
strings. (#1711, PR #1798)
iperf3 now builds correctly with gcc-15 (#1838, PR #1805)
Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822)
A potential segfault crash was fixed (#1807)
Improved warning messages when reading malformed JSON messages
(PR #1817)
The Github CI configuration was changed to use a more up-to-date
set of runners (PR #1864)
3.18
Notable user-visible changes
SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a
JSON type security vulnerability that caused a
segmentation fault in the
server. (CVE-2024-53580) This has now been
fixed. (PR#1810)
UDP packets per second now reports the correct number of
packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR
errno if no data was sent (#1367/PR#1379).
Several segmentation faults related to threading were fixed. One
where pthread_cancel was called on an improperly initialized
thread (#1801), another where threads were being recycled
(#1760/PR#1761), and another where threads were improperly
handling signals (#1750/PR#1752).
A segmentation fault from calling freeaddrinfo with NULL was
fixed (PR#1755).
Some JSON options were fixed, including checking the size for
json_read (PR#1709), but the size limit was removed for
received server output (PR#1779).
A rcv-timeout error has been fixed. The Nread timeout was
hardcoded and timed out before the --rcv-timeout option
(PR#1744).
There is no longer a limit on the omit time period
(#1770/PR#1774).
Fixed an output crash under 32-bit big-endian systems (PR#1713).
An issue was fixed where CPU utilization was unexpectedly high
during limited baud rate tests. The --pacing-timer option was
removed, but it is still available in the library
(#1741/PR#1743).
Add SCTP information to --json output and fixed compile error
when SCTP is not supported (#1731).
--fq-rate was changed from a uint to a uint64 to allow pacing above
32G. Not yet tested on big-endian systems (PR#1728).
Notable developer-visible changes
Clang compilation failure on Android were fixed (PR#1687).
iperf_time_add() was optimizated to improve performance
(PR#1742).
Debug messages were added when the state changes (PR#1734).
To increase performance, the old UDP prot_listener is cleared
and removed after each test (PR#1708).
A file descriptor leak was closed (PR#1619).
3.17.1
Notable user-visible changes
Version number has been corrected. (#1699)
Notable developer-visible changes
No longer signing tags
3.17
Notable user-visible changes
BREAKING CHANGE: iperf3's authentication features, when used with
OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
timing attack. To address this flaw, a change has been made to the
padding applied to encrypted strings. This change is not backwards
compatible with older versions of iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
UDP tests now work correctly between different endian hosts
(#1415).
The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).
The statistics reporting interval is now available in the --json
start test object (#1663).
A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
Notable developer-visible changes
Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 May 2025 15:46:11 +0000 (17:46 +0200)]
dhcpcd: Update to version 10.2.3
- Update from version 10.2.2 to 10.2.3
- Update of rootfile not required
- Changelog
10.2.3
Restore logic on when to open an address specific socket by @dougnazar in #502
[Fix] DHCP Failure on WAN Interface Rename (Fixes #504) by @ngxquanganh in #505
BSD: routes via P2P interfaces now find their out-going interface
-b --background fixed
resolv: Fix processing more DNSSL options than RDNSS]
dhcpcd: Remove option rapid_commit from dhcpcd.conf
privsep: Fix valgrind and hardened-malloc on Linux with SECCOMP
route: Don't spam route changes for lifetime
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 May 2025 10:37:32 +0000 (12:37 +0200)]
fr.pl: Fixes bug 12060 - remove extraneous spaces at end of lines
- All lines where there was a space at the end of the french translation, and the
other language files did not have a space for that line, had the space removed.
- ./make.sh lang was run but nothing else was created by that.
Fixes: bug12060 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 16 May 2025 11:20:46 +0000 (13:20 +0200)]
include: Add wireguard directory to the backup include file
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 17 May 2025 11:42:50 +0000 (13:42 +0200)]
m4: Update to version 1.4.20
- Update from version 1.4.19 to 1.4.20
- Update of rootfile
- Changelog
1.4.20
** Fix a bug in the `eval' builtin where it does not suppress warnings
about division by zero that occurs within a more complex expression on
the right hand side of || or && (present since short-circuiting was
introduced in 1.4.8b).
** The `syscmd' and `esyscmd' builtins no longer mishandle a command line
starting with `-' or `+' (present since "the beginning").
** Fix regression introduced in 1.4.19 where trace output (such as with
`debugmode(t)') could read invalid memory when tracing a series of
pushed macros that are popped during argument collection.
** Fix regression introduced in 1.4.19 where the `format' builtin
inadvertently took on locale-dependent parsing and output of floating
point numbers as a side-effect of introducing message translations.
While it would be nice for m4 to be fully locale-aware, such a behavior
change belongs in a major version release such as 1.6, and not a minor
release.
** Fix regression introduced in 1.4.11 where the experimental `changeword'
builtin could cause a crash if given a regex that does not match all
one-byte prefixes of valid longer matches. As a reminder, `changeword'
is not recommended for production use, and will likely not be present
in the next major version release.
** On non-Unix platforms where binary files differ from text, loading a
frozen file (which should be cross-platform compatible) now correctly
uses binary mode.
** Several documentation improvements to the manual.
** Update to comply with newer C standards, and inherit portability
improvements from gnulib.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 17 May 2025 11:42:06 +0000 (13:42 +0200)]
harfbuzz: Update to version 11.2.1
- Update from version 11.2.0 to 11.2.1
- Update of rootfile
- Changelog
11.2.1
- Various build improvements.
- Fix build with HB_NO_DRAW and HB_NO_PAINT
- Add an optional “harfruzz” shaper that uses HarfRuzz; an ongoing Rust port of
HarfBuzz shaping. This shaper is mainly used for testing the output of the
Rust implementation.
- Fox regression that caused applying unsafe_to_break() to the whole buffer to
be ignored.
- Update USE data files.
- Fix getting advances of out-of-rage glyph indices in DirectWrite font
functions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 17 May 2025 11:41:41 +0000 (13:41 +0200)]
fmt: Update to version 11.2.0
- Update from version 11.1.3 to 11.2.0
- Update of rootfile
- Changelog
11.2.0
Added the s specifier for std::error_code. It allows formatting an error
message as a string. For example:
#include <fmt/std.h>
int main() {
auto ec = std::make_error_code(std::errc::no_such_file_or_directory);
fmt::print("{:s}\n", ec);
}
prints
No such file or directory
(The actual message is platform-specific.)
Fixed formatting of std::chrono::local_time and tm (#3815, #4350). For example
(godbolt):
#include <fmt/chrono.h>
int main() {
std::chrono::zoned_time zt(
std::chrono::current_zone(),
std::chrono::system_clock::now());
fmt::print("{}", zt.get_local_time());
}
is now formatted consistenly across platforms.
Added diagnostics for cases when timezone information is not available. For
example:
fmt::print("{:Z}", std::chrono::local_seconds());
now gives a compile-time error.
Deprecated fmt::localtime in favor of std::localtime.
Fixed compilation with GCC 15 and C++20 modules enabled (#4347). Thanks @tkhyn.
Fixed handling of named arguments in format specs (#4360, #4361). Thanks
@dinomight.
Added error reporting for duplicate named arguments (#4367). Thanks @dinomight.
Fixed formatting of long with FMT_BUILTIN_TYPES=0 (#4375, #4394).
Optimized text_style using bit packing (#4363). Thanks @LocalSpook.
Added support for incomplete types (#3180, #4383). Thanks @LocalSpook.
Fixed a flush issue in fmt::print when using libstdc++ (#4398).
Fixed fmt::println usage with FMT_ENFORCE_COMPILE_STRING and legacy
compile-time checks (#4407). Thanks @madmaxoft.
Removed legacy header fmt/core.h from docs (#4421, #4422). Thanks
@krzysztofkortas.
Worked around limitations of __builtin_strlen during constant evaluation
(#4423, #4429). Thanks @brevzin.
Worked around a bug in MSVC v141 (#4412, #4413). Thanks @hirohira9119.
Removed the fmt_detail namespace (#4324).
Removed specializations of std::is_floating_point in tests (#4417).
Fixed a CMake error when setting CMAKE_MODULE_PATH in the pedantic mode
(#4426). Thanks @rlalik.
Updated the Bazel config (#4400). Thanks @Vertexwahn.
11.1.4
Fixed ABI compatibility with earlier 11.x versions on Windows (#4359).
Improved the logic of switching between fixed and exponential format for float (#3649).
Moved is_compiled_string to the public API (#4342). Thanks @SwooshyCueb.
Simplified implementation of operator""_cf (#4349). Thanks @LocalSpook.
Fixed __builtin_strlen detection (#4329). Thanks @LocalSpook.
Fixed handling of BMI paths with the Ninja generator (#4344). Thanks @tkhyn.
Fixed gcc 8.3 compile errors (#4331, #4336). Thanks @sergiud.
Fixed a bogus MSVC warning (#4356). Thanks @dinomight.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 17 May 2025 11:41:19 +0000 (13:41 +0200)]
exfatprogs: Update to version 1.2.9
- Update from version 1.2.5 to 1.2.9
- Update of rootfile not required
- Changelog
1.2.9
NEW FEATURES :
* dump.exfat: support dumping directory entry sets,
which prints all fields of directory entries and
cluster chains. See a man page.
CHANGES :
* exfatprogs: update the Github action for build test
with Debain + clang + lld.
1.2.8
BUG FIXES :
* dump.exfat: fix an incorrect output of an entry
position in 32-bit system.
* mkfs.exfat: fill an oem sector with zero instead
of one.
* exfatprogs: fix compilation on musl based systems
due to loff_t type. And update the Github action
to validate builds on the system.
1.2.7
NEW FEATURES :
* fsck.exfat: support repairing the upcase table.
CHANGES :
* exfatprogs: make sure to load the tbl preprocessor
for man pages.
BUG FIXES :
* exfatprogs: fix a double free memory error.
* dump.exfat: fix a constraint that volume label, bitmap,
upcase table must be located at the beginning of a root
directory.
1.2.6
CHANGES :
* exfatprogs: replace obsolete autoconf and libtool
macros.
* mkfs.exfat: prefer the physical block size over
the logical block size for the exFAT sector size.
* mkfs.exfat: add notes about the format of the volume
GUID to the man page.
* mkfs.exfat: fix an incorrect calculation of the number
of used clusters.
BUG FIXES :
* exfatlabel: fix an user input error when setting
a volume serial or label.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 20:51:38 +0000 (22:51 +0200)]
hwdata: Update to version 0.395
- Update from version 0.394 to 0.395
- Update of rootfile not required
- Removal of the old hwdata directory as no longer required with the source tarball
approach implemented from CU191 onwards.
- Changelog
0.395
Update usb and vendor ids
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 16:25:25 +0000 (18:25 +0200)]
screen: Update to version 5.0.1
- Update from version 5.0.0 to 5.0.1
- Update of rootfile
- 5 CVE fixes included in this version
- Changelog
5.0.1
Security fix
CVE-2025-46805: do NOT send signals with root privileges
CVE-2025-46804: avoid file existence test information leaks
CVE-2025-46803: apply safe PTY default mode of 0620
CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
CVE-2025-23395: reintroduce lf_secreopen() for logfile
buffer overflow due bad strncpy()
uninitialized variables warnings
typos
combining char handling that could lead to a segfault
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 15 May 2025 16:03:00 +0000 (16:03 +0000)]
Tor: Update to 0.4.8.16
Full changelog since version 0.4.8.13:
Changes in version 0.4.8.16 - 2025-03-24
This is quick second release since 0.4.8.15 due to a typo in a directory
authority rule file. This only affects directory authorities. Regardless,
upgrading to latest stable is always desired.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/24.
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
41035; bugfix on 0.4.8.15
Changes in version 0.4.8.15 - 2025-03-20
This is a minor release fixing a sandbox issue for bandwidth authority and a
conflux issue on the control port. It also has a client fix about relay flag
usage. We strongly recommend to update as soon as possible as usual.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (continuous integration):
- Upgrade CI runners to use Debian Bookworm instead of Bullseye.
Closes ticket 41029.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 20, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/20.
o Minor bugfixes (control port):
- Correctly report conflux pair information to controller fields
Fixes bug 40872; bugfix on 0.4.8.1-alpha
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
Changes in version 0.4.8.14 - 2025-02-05
Minor release fixing a major bug affecting onion service directory cache,
also known as HSDir. Furthermore, the fallbackdir list had more than 25% of
its entries unreachable or gone from the consensus. As usual, we strongly
recommend to update to this version as soon as possible.
o Major bugfixes (onion service directory cache):
- When the OOM killer kicks in, cleanup the descriptor cache of an
HSDir by looking at the lowest downloaded count instead of time in
cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.
o Minor feature (testing):
- test-network now unconditionally includes IPv6 instead of trying
to detect IPv6 support.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 05, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/02/05.
o Minor bugfixes (memory):
- Fix a pointer free that wasn't set to NULL afterwards which could
be reused by calling back in the free all function. Fixes bug
40989; bugfix on 0.4.8.13.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 11:49:20 +0000 (13:49 +0200)]
graphs.pl: Update of rrd file names from the collectd-5 update
- Some additional rrd file name changes missed from collect-5 update.
- This was identified as part of fixing bug13834
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 11:49:19 +0000 (13:49 +0200)]
red: Fixes rrd file name updates from collectd-5 update
- Some additional rrd file name changes missed from collect-5 update.
- This was identified as part of fixing bug13834
- Couldn't test this as I don't have a ppp0 connection available but the chnage is inline
with the other rrd changes which have been tested as working.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 11:49:18 +0000 (13:49 +0200)]
netovpnsrv.cgi: Fixes rrd file names for n2n openvpn graphs
- An additional rrd file name change missed from collect-5 update.
- This was identified as part of fixing bug13834
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 15 May 2025 11:49:17 +0000 (13:49 +0200)]
netexternal.cgi: Fixed bug13834 - tun0 graph missing in external net traffic
- Some additional rrd directory and file name changes missed from collect-5 update.
Fixes: bug13834 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 May 2025 13:15:13 +0000 (15:15 +0200)]
libloc: Addition of patch to deal with gettext update to 0.25
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 May 2025 13:15:12 +0000 (15:15 +0200)]
ddns: Addition of patch to deal with gettext update to 0.25
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 May 2025 13:15:11 +0000 (15:15 +0200)]
fireperf: Addition of patch to deal with gettext update to 0.25
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 May 2025 13:15:10 +0000 (15:15 +0200)]
gettext: Update to version 0.25
- Update from version 0.24 to 0.25
- Update of rootfile
- This is part of a patch set as the gettext update required some patches to other
packages to get them to build
- Changelog
0.25
# Programming languages support:
* Go:
- xgettext now supports Go.
- 'msgfmt -c' now verifies the syntax of translations of Go format
strings.
- New examples 'hello-go' and 'hello-go-http' have been added.
* TypeScript:
- xgettext now supports TypeScript and TSX (= TypeScript with JSX
extensions).
* D:
- A new library libintl_d.a contains the runtime for using GNU gettext
message catalogs in the D programming language.
- xgettext now supports D.
- 'msgfmt -c' now verifies the syntax of translations of D format
strings.
- A new example 'hello-d' has been added.
* Modula-2:
- A new library libintl_m2.so contains the runtime for using GNU gettext
message catalogs in the Modula-2 programming language.
- xgettext now supports Modula-2.
- 'msgfmt -c' now verifies the syntax of translations of Modula-2 format
strings.
- A new example 'hello-modula2' has been added.
# Improvements for maintainers:
* xgettext has a new option '--generated' that customizes the way the
'POT-Creation-Date' in the POT file is computed.
0.24.1
* Bug fixes:
- Fix bad interactions between autoreconf and autopoint.
- xgettext: Creating the POT file of a package under Git version control
is now faster. Also, the use of Git can be turned off by specifying
the option '--no-git'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 13 May 2025 16:03:39 +0000 (18:03 +0200)]
libpng: Update to version 1.6.48
- Update from version 1.6.45 to 1.6.48
- Update of rootfile
- Changelog
1.6.48
Fixed the floating-point version of the mDCv setter `png_set_mDCv`.
(Reported by Mohit Bakshi; fixed by John Bowler)
Added #error directives to discourage the inclusion of private
libpng implementation header files in PNG-supporting applications.
Added the CMake build option `PNG_LIBCONF_HEADER`, to be used as an
alternative to `DFA_XTRA`.
Removed the Travis CI configuration files, with heartfelt thanks for
their generous support of our project over the past five years!
1.6.47
Modified the behaviour of colorspace chunks in order to adhere
to the new precedence rules formulated in the latest draft of
the PNG Specification.
(Contributed by John Bowler)
Fixed a latent bug in `png_write_iCCP`.
This would have been a read-beyond-end-of-malloc vulnerability,
introduced early in the libpng-1.6.0 development, yet (fortunately!)
it was inaccessible before the above-mentioned modification of the
colorspace precedence rules, due to pre-existing colorspace checks.
(Reported by Bob Friesenhahn; fixed by John Bowler)
1.6.46
Added support for the mDCV and cLLI chunks.
(Contributed by John Bowler)
Fixed a build issue affecting C89 compilers.
This was a regression introduced in libpng-1.6.45.
(Contributed by John Bowler)
Added makefile.c89, specifically for testing C89 compilers.
Cleaned up contrib/pngminus: corrected an old typo, removed an old
workaround, and updated the CMake file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 13 May 2025 16:03:41 +0000 (18:03 +0200)]
lvm2: Update to version 2.03.32
- Update from version 2.03.31 to 2.03.32
- Update of rootfile not required
- Changelog
2.03.32
Lvconvert vdopool conversion propperly validates acceptable LVs.
Accept thin pool data LV as cachable LV.
Allow using zram block devices (likely for testing).
Fix lvresize when resizing COW snapshots already covering origin.
Fix lvmdbusd read of executed lvm commands output.
Fix construction of DM UUID for cachevol _cdata and _cmeta devices.
Ignore PV claims from old metadata when then PV belongs to a new VG.
Fix integrity metadata rounding.
Accept --autobackup option in pvresize.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 13 May 2025 16:03:42 +0000 (18:03 +0200)]
pixman: Update to version 0.46.0
- Update from version 0.44.0 to 0.46.0
- Update of rootfile
- Changelog
0.46.0
This release notably adds fast paths for RISC-V using the "V" vector
extension, contributed by developers at Samsung.
RISC-V: Only enable RVV on linux if hwcap headers are available
Test case for compositing with a negative stride
Fix arm64 advanced prefetcher
region: add parametric primitive type to generalize implementation detail
region: make print specifier parametric
region: add fractional implementation based on 64bit floating point numbe
region: add rectf convenience functions
region: add pixman_region32_copy_from_region64f utility function
region: add image clip and composite functions for fractional regions
test/region: add fractional region tests
Add a16b16g16r16 format
test/stress-test: add a16b16g16r16
ci: Improve coverage and artifact handling
ci: Use newer version of QEMU for Bookworm
test: Increase timeout for alpha-loop test
ci: Enable cross PPC tests
ci: Clean up after disabling failing targets
ci: Add option to change the default runner tag
ci: Move Docker build to a CI template
ci: Use native ARM runners for Linux ARM targets
ci: Improve Windows images
ci: Use regular Debian as base Windows for ARM
ci: Fix runner tag variable expansion
Fix some build warning
rvv: Pass through clang-format
docker: Update Wine to 10.5 and update LLVM-MinGW
docker: Update Meson to 1.7
docker: Move LLVM archive to a separate thin layer
docker: Decrease build time for gcovr
test: Add lowlevel-blt-bench result comparison script
rvv: Add float suffix to float implementation
rvv: Add integer operations
ci: Build Wine for windows-amd64 from source
ci: Use untagged runners if possible
ci: Increase number of retries for Windows targets
Post-release version bump to 0.44.3
vmx: Remove unnecessary variable
vmx: Remove unpack_565_to_8888() and associated constants
vmx: Remove unpack_128_2x128_16()
vmx: Remove unpack{hi,lo}_128_8x16 functions
vmx: Move and use unpack{hi,lo}_128_16x8 in pix_multiply()
vmx: Use create_mask_32_128() more places
vmx: Use appropriate types
vmx: Add and use create_mask_16_128() function
vmx: Use selector variables
vmx: Add and use `vzero` constant
vmx: Simplify over() function
vmx: Make in_over() a real function
vmx: Simplify unpack{hi,lo}_128_16x8() function
vmx: Move create_mask_32_128() function
vmx: Avoid two shifts in pix_multiply() function
vmx: Optimize pix_multiply()
vmx: Declare iterator variable in for loop
vmx: Disable clang-format around some data structure declarations
vmx: Run clang-format
ci: Enable LLVM testing on linux-arm-v7
ci: Allow failures in windows-amd64 jobs
Pre-release version bump to 0.46.0
arm: Move the .fpu neon directive around
.clang-format: Add
0.44.2
meson: require Meson >= 1.3.0
ci: Rename mips64el to mips64le
ci: Enable ppc64le testing with clang
Post-release version bump to 0.44.1
vmx: Fix is_opaque, is_zero, is_transparent functions
release.sh: Some improvements
Pre-release version bump to 0.44.2
RISC-V: fix rvv auto-detection on `gcc-13`
release.sh: Add script
RISC-V: Force spec 1p0 in architecture definiton
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 13 May 2025 16:03:43 +0000 (18:03 +0200)]
sdl2: Update to version 2.32.6
- Update from version 2.30.6 to 2.32.6
- Update of rootfile
- Changelog
2.32.6
Fixed reliability of initializing Switch controllers on macOS
Fixed crash when controllers are disconnected on macOS
2.32.4
Fixed controller GUIDs changing randomly on Windows
Fixed detecting PlayStation controller sensors on Linux when HIDAPI isn't being used
Fixed a crash enumerating some input devices
2.32.2
Fixed stack overflow when setting thread debug names on Windows
Fixed flushing audio forever in some cases when recording PulseAudio on Linux
Fixed a crash when initializing with controllers connected on macOS
Added SDL_HINT_JOYSTICK_HAPTIC_AXES to specify how many haptic axes a device has
2.32.0
Allow destroying a window and its renderer in either order
Added cursor-shape-v1 protocol support on Wayland
Fixed full immersive mode in Android 9 and higher
Improved event processing latency when gamepad/sensor is open
Added SDL_HINT_APPLE_RWFROMFILE_USE_RESOURCES to control whether SDL tries to open files from the app's resource directory on macOS
Fixed conditional effect playback on Moza Racing devices
Fixed input for Thrustmaster PlayStation wheels when hid-tmff2 is installed
Enabled direct VRAM access when using the window surface API on PSP
Improved window surface support on Nintendo 3DS
Fixed condition variable implementation on Nintendo 3DS
Fixed byte order detection on Solaris
Implemented SDL_TriggerBreakpoint() on aarch64-w64-mingw32
2.30.12
Improved XInput controller detection on Windows
Added support for the 8BitDo Ultimate 2C Wireless in Bluetooth mode
Fixed Steam Deck controller not being visible to games running on Proton 9 and older
Fixed a crash when hot-plugging keyboards and mice on Linux
Fixed a crash when disconnecting a Bluetooth audio device on macOS
Fixed building with Xcode using older Apple SDKs
Fixed a crash when disconnecting an external display on iOS
Fixed detection of function keys on Emscripten
2.30.11
Fixed a crash if the controller product name is NULL
Fixed the PS3 controller mapping on Windows
Allow rendering during the modal resize loop on macOS
Corrected CoreAudio surround sound channel layouts
Enabled high refresh rates on iOS
Fixed SDL_OpenURL() on iOS 18.2 and newer
Implemented SDL_OpenURL() on tvOS
Fixed Chinese locales on PSP
2.30.10
Improved the performance of whole surface fill operations
Fixed an assertion when connecting/disconnecting over RDP
Switched the default audio driver on Android to OpenSLES
Added support for mouse wheel and extended buttons on PS Vita
Fixed a rare crash on KMSDRM
2.30.9
Fixed audio issues on Android 15
Fixed rare audio distortion and crash when audio devices are changed on Windows
Fixed the PS5 controller face buttons on Amazon Fire TV
Fixed detecting the Steam Virtual Gamepad on macOS
Added support for wired XBox controllers on macOS 15.0 Sequoia
Added support for the Steam Virtual Gamepad on macOS Sequoia
Fixed the Steam Virtual Gamepad from showing up when games aren't running under Steam
Fixed flicker when entering/exiting fullscreen or moving the window between scaled and non-scaled displays under Wayland.
Fixes for data addresses above 2gb on Emscripten
Fixed horizontal mousewheel scale on Emscripten
2.30.8
Fixed a crash in XInput code at startup
Fixed flooding the OS with I/O when a PS4/PS5 controller is disconnected
Added SDL_VIDEO_DOUBLE_BUFFER support to the Wayland backend
SDL_WINDOWEVENT_EXPOSED is sent appropriately when using Wayland
Fixed hang at startup in audio code when the application has large stack usage on Linux
Fixed initializing KMSDRM on older Linux systems
The pre-built SDL2.dll no longer depends on ucrtbase.dll
2.30.7
Added support for the Retro-bit Controller in PS3 mode
Fixed the cursor becoming visible when using relative mode under XWayland
Fixed DRM initialization failure on some Linux systems
Fixed a crash when the current mouse capture window is destroyed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 12 May 2025 17:08:18 +0000 (17:08 +0000)]
OpenVPN: Add auth-user-pass to the client configuration
Since we are doing a fake user authentication to get 2FA going, we need
to explicitley enable this. Usually clients were happy without this, but
somewhere it must have changed recently that clients require this set
explicitely.
Fixes: #13109 - openVPN, 2FA - client does not ask for One Time Token Reported-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 10 May 2025 10:30:57 +0000 (12:30 +0200)]
langs: Update of language files in line with bug12755 fix
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 10 May 2025 10:30:56 +0000 (12:30 +0200)]
chpasswd.cgi: Fixes bug12755 - v3 with password verification correction
- v3 version based on feedback from @Michael to use the status value returned from
using the htpasswd command.
- Also simplified the whole section to carry out the change if the status is 0, ie all
went well, otherwise give an error but without identifying if the error is in the
username or the password. This makes it more secure as any attacker only knows it
failed and doesn't know if any part of the authentication was correct or not.
- Changed the error messages in line with this so the language file changes are in the
other part of this patch set submission.
- Tested out on my vm test bed and worked fine. If the username was incorrect or the
password was incorrect or both were incorrect the same error message is given. If
both are correct then the update is carried out.
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 1 May 2025 07:41:03 +0000 (09:41 +0200)]
core194: Fix cert name and change other check to ! -s
- This v2 version corrects the b! -z to ! -s
- Error in hostcert extension
- -z is for use with strings and not with files. This should have been ! -s. Thanks to
@Nick for spotting this and flagging it up. Th ! -z would do the test against the
filename string and as this doesn't change then it would always come up true.
- I thought I had tested the original patch of this change but obviously not because
there was missing whitespace and filenames not quoted plus the fixes I have added
in this patch.
- I definitely tested this out this time by copying it from the update.sh and applying
it to my vm system. I have also tested this out with the hostcert.pem file present
and not and with the index.txt file empty and containing something. This now works
as it should, which is to only carry out the edit on the serial file if the
hostcert.pem file is present AND the index.txt file is empty.
- I clearly need to look more carefully at and test even more carefully at any bash
statements that I put together.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 10 May 2025 10:30:57 +0000 (12:30 +0200)]
langs: Update of language files in line with bug12755 fix
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 10 May 2025 10:30:56 +0000 (12:30 +0200)]
chpasswd.cgi: Fixes bug12755 - v3 with password verification correction
- v3 version based on feedback from @Michael to use the status value returned from
using the htpasswd command.
- Also simplified the whole section to carry out the change if the status is 0, ie all
went well, otherwise give an error but without identifying if the error is in the
username or the password. This makes it more secure as any attacker only knows it
failed and doesn't know if any part of the authentication was correct or not.
- Changed the error messages in line with this so the language file changes are in the
other part of this patch set submission.
- Tested out on my vm test bed and worked fine. If the username was incorrect or the
password was incorrect or both were incorrect the same error message is given. If
both are correct then the update is carried out.
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephen Cuka [Sat, 10 May 2025 16:19:37 +0000 (10:19 -0600)]
pakfire.cgi: Changes to install and remove confirmation pages
- On install confirmation page, add list of packages to install
- if package is already installed, don't show it on the list
- On install and remove confirmation pages, pad out translation
of "Package:" to length of 10 so that the column spacing doesn't
change for different languages.
- Display dependencies for package(s) to remove in 'parent -> child'
format.
- Display packages in use in 'parent -> child' format.
- Add translations for new text in all langs.
- functional changes
- When removing a package, remove it's dependencies.
- Don't allow a package or dependency to be removed if other
installed packages depend on it.
Signed-off-by: Stephen Cuka <stephen@firemypi.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:13:04 +0000 (12:13 +0200)]
transmission: Update to CMakeLists.txt of min cmake version
- The main CMakeLists.txt was okay but a lot of the CMakeLists.txt files in the third
part folder had min version prior to 3.5
- A patch set has been made in the transmission source but it was also changing a lot of
other things. I just created my own patch to update the files in the third party
folder and the build was successfull with that.
- If a new version is released then this patch can be removed but it will depend on
if that new version includes the fix to the bug in 4.0.6 that has resulted in a
variety of torrent mirrors banning transmission-4.0.6. This caused the transmission
update in IPFire to be reverted to 4.0.5
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:13:03 +0000 (12:13 +0200)]
soxr: Update CMakeLists.txt with cmake min version
- The last update and commit on this package was 7 years ago so unlikely that there will
be an update for this.
- An issue has been raised on the github site but as none of the other raised issues
have been dealt with in the last 7 years it looks like this repo is dead.
- Will raise a separate discussion on whether this package should be left in IPFire.
- Patch created to update the min cmake version to 3.10 and the build completed
successfully with that.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:13:02 +0000 (12:13 +0200)]
libssh: Update to version 0.11.1 - fixes min cmake version
- Update from version 0.10.6 to 0.11.1
- Update of rootfile
- Changelog
0.11.1
* Fixed default TTY modes that are set when stdin is not connected to tty (#270)
* Fixed zlib cleanup procedure, which could crash on i386
* Various test fixes improving their stability
* Fixed cygwin build
0.11.0
* Deprecations and Removals:
* Dropped support for DSA
* Deprecated Blowfish cipher (will be removed in next release)
* Deprecated SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY
* Removed the usage of deprecated OpenSSL APIs (Note: Minimum supported
OpenSSL version is 1.1.1)
* Disabled preauth compression (zlib) by default
* Support for pkcs#11 engines are deprecated, pkcs11-provider is used instead
* Deprecation of old async SFTP API
* libgcrypt cryptographic backend is deprecated
* Deprecation of knownhosts hashing
* SFTP Improvements:
* Added support for async SFTP IO
* Added support for sftp_limits() and applied capping to SFTP read/write
operations accordingly
* Added sftp_home_directory() API support for sftp extension "home-directory"
* Added sftp_lsetstat() API for lsetstat extensions
* Added sftp_expand_path() to canonicalize path using expand-path@openssh.com
extension
* Implemented stat and realpath in sftpserver
* Added sftp_readlink() API to support hardlink@openssh.com
* New extensible callback based SFTP server
* Introduced the posix-rename@openssh.com extension
* New functions and features:
* Added support for PKCS #11 provider for OpenSSL 3.0
* Added testing for GSSAPI Authentication
* Implemented proxy jump using libssh
* Recategorized loglevels to show fatal errors and alignment with OpenSSH
log levels
* Added ssh_channel_request_pty_size_modes() API to set terminal modes for
PTYs
* Added function to check username syntax
* Added support to check all keys in authorized_keys instead of one in
example server implementation
* Handled hostkey similar to OpenSSH
* Added ssh_session_socket_close() API in order to not close socket passed
through options on error conditions
* Added option SSH_BIND_OPTIONS_IMPORT_KEY_STR to read user-supplied key
string in ssh_bind_options_set()
* Improved log handling around ssh_set_callbacks
* Added ssh_set_error_invalid in ssh_options_set()
* Prevented signature blob to start with 1 bit in libgcrypt
* Added support to unbreak key comparison of Ed25519 keys imported from PEM
or OpenSSH container
* Added support to calculate missing CRT parameters when building RSA key
* Added ssh_pki_export_privkey_base64_format() and
ssh_pki_export_privkey_file_format() to support exporting keys in different
formats (PEM, OpenSSH)
* Added support to compare certificates and handle automatic certificate
authentication
* Added support to make compile-commands generation conditional
* Built fuzzers for normal testing
* Avoided passing other events to callbacks when called recursively
* Added control master and path options
* Refactored channel_rcv_data, check for errors and report more useful errors
* Added support to connect to other host addresses than just the first one
* Terminated the server properly when the MaxAuthTries is reached
* Added support for no-more-sessions@openssh.com request in both client and
server
* Added callback to support forwarded-tcpip requests
* Bumped minimal CMake version to 3.12
* Added support for MBedTLS 3.6.x
* Added support for +,-,^ modifiers in front of algorithm lists in options
* Added callbacks for channel open response, and channel request response
* Replaced chroot() from chroot_wrapper internal library with chroot()
from priv_wrapper package
* Added a placeholder for non-expanded identities
* Improved handling of channel transfer window sizes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:12:59 +0000 (12:12 +0200)]
xorriso: Package to replace cdrkit
- This package is the command line standalong package from the libburnia project.
- Build successfully created an iso package and this was used to install IPFire onto
a vm on my testbed system. This worked successfully so xorriso successfully
craeted a bootable iso image.
- The build was also tested on a Core Update 193 repo and installed and it successfully
created a bootable iso image with the backupiso process.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:12:57 +0000 (12:12 +0200)]
cmake: Update to version 4.0.2
- Update from version 3.25.2 to 4.0.2
- Update of rootfile
- Version 4.0.0 removed compatibility with versions older than 3.5 so all package
builds using cmake must have the min version at 3.5 or higher otherwise the build
fails.
- Version 3.31 has deprecated compatibility with versions older than 3.10 and this will
be removed in some future version.
- The rest of this patch set are the packages using cmake for the build that required
some changes to the min version.
- Changelog is too large to include here. Details can be found at
https://cmake.org/cmake/help/v4.0/release/index.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 11 May 2025 10:12:56 +0000 (12:12 +0200)]
curl: Update to version 8.13.0
- Update from version 8.11.0 to 8.13.0
- Update of rootfile
- Knock on effect of this update is to require a newer version of cmake due to changes
in some variable from curl that cmake uses.
- This therefore the first of a patch set.
- Changelog
8.13.0
Changes:
curl: add write-out variable 'tls_earlydata'
curl: make --url support a file with URLs
gnutls: set priority via --ciphers
IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
OpenSSL/quictls: add support for TLSv1.3 early data
rustls: add support for CERTINFO
rustls: add support for SSLKEYLOGFILE
rustls: support ECH w/ DoH lookup for config
rustls: support native platform verifier
var: add a '64dec' function that can base64 decode a string
wolfssl: tls early data support
Bugfixes:
addrinfo: add curl macro to avoid redefining foreign symbols
asyn-thread: avoid the separate 'struct resdata' alloc
asyn-thread: avoid the separate curl_mutex_t alloc
asyn-thread: do not allocate thread_data separately
asyn-thread: remove 'status' from struct Curl_async
autotools: fix `dllmain.c` in unity builds
autotools: fix `libtest` bundle to depend on `FIRSTFILES`
autotools: use `CURLDEBUG` to exclude TrackMemory code from unity
aws_sigv4: cannot be used for proxy
aws_sigv4: merge repeated headers in canonical request
aws_sigv4: use strparse more for parsing
base64: drop `BUILDING_CURL` macro, always include in tests/server
build: add Windows CE / CeGCC support, with CI jobs
build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls)
build: do not apply curl debug macros to `tests/server` by default
build: drop unused `getpart` tool
build: enable -Wjump-misses-init for GCC 4.5+
build: enable `-Wcast-qual`, fix or silence compiler warnings
build: fix compiler warnings in feature detections
build: replace Curl_ prefix with curlx_ for functions used in servers
build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts
build: set `HAVE_STDINT_H` if `stdint.h` is available
build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds
build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4
build: silence mingw32ce C99 format warnings, simplify CI
build: tidy-ups around `inet_pton`
c-ares httpsrr: fix ifdef
c-ares: error out for unsupported versions, drop unused macros
ca-native.md: sync with CURLSSLOPT_NATIVE_CA
cf-socket: deduplicate Windows Vista detection
cf-socket: remove empty switch
client writer: handle pause before decoding
cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg)
cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer
cmake: add custom command scripts as dependencies where missing
cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills
cmake: add shell completion support
cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe
cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds
cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection
cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection
cmake: disable HTTPS-proxy as a feature if proxy is disabled
cmake: drop `CURL_DISABLE_TESTS` option
cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc
cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
cmake: drop two stray TLS feature checks for wolfSSL
cmake: exclude `-MP` for `clang-cl` again
cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl
cmake: fix clang-tidy builds to verify tests, fix fallouts
cmake: fix detection pre-fills for iOS
cmake: fix ECH detection in custom-patched OpenSSL
cmake: fix typo in ECH config error msg
cmake: hide empty `MINGW64_VERSION` output for mingw32ce
cmake: improve httpd detection for pytest
cmake: mention 'insecure' in the debug build warning
cmake: misc tidy-ups
cmake: pre-fill known type sizes for Windows OSes
cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID
cmake: replace exec_program() with execute_process()
cmake: restrict static CRT builds to static curl exe, test in CI
cmake: sync cutoff version with autotools for picky option `-ftree-vrp`
cmake: sync OpenSSL(-fork) feature checks with `./configure`
cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets
CODE_STYLE: readability and banned functions
config-win32: set `HAVE_STDINT_H` where available
configure: call the blocking resolver "blocking", not "default"
configure: fix ECH detection with MultiSSL
configure: silence compiler warnings in feature checks, drop duplicates
configure: tidy up shell completion rules
configure: use `curl_cv_apple` variable
conn: eliminate `conn->now`
conn: fix connection reuse when SSL is optional
conncache: eliminate `conn->destination_len` as premature optimization
contributors.sh: lowercase 'github' for consistency
contrithanks.sh: update docs/THANKS in place
cookie: do prefix matching case-sensitively
cookie: minor parser simplification
cookie: simplify invalid_octets()
core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes
curl.h: change some enums to defines with L suffix
curl.h: convert CURLUSESSL* names to defines
curl.h: stop defining non-curl `__has_declspec_attribute`
curl.h: switch `CURL_HTTP_VERSION*` enums to long constants
curl/system.h: drop leftover comment about 32 bit curl_off_t
curl: add my_setopt_long() and _offt()
curl_msh3: remove verify bypass from DEBUGBUILDs
curl_setup: drop `ERANGE` (for WinCE), no longer used
curl_setup_once: drop `E*` macro redefines unused (with winsock2)
curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code
curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS
curl_ws_recv.md: expand a little on the fragments the API delivers
CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation
CURLOPT_HTTPHEADER.md: add comments to the example
CURLOPT_HTTPHEADER.md: rephrases
curltime: use libcurl time functions in src and tests/server
DISABLED: add 313 for sectransp (move from GHA/macos)
docs/cmdline-opts: use imperative form
docs: adapt to removed --with-random
docs: add FD_ZERO to curl_multi_fdset example
docs: bump `rustls` to 0.14.1
docs: correct argument names & URL redirection
docs: minor edits to please the new spellchecker regime
docs: rework RUSTLS install instructions
docs: unify HTTP version style in --help output
docs: vulnerabilities in debug code are not eligible for a bounty
doh: improve HTTPS RR svcparams parsing
doh: remove wrong but unreachable exit path from doh_decode_rdata_name
dynbuf: assert init on free
easy: drop `break` after `return`
easy: fix warning about possible comma misuse
eventfd: allow use on all CPUs
examples: prefer `return` over `exit()` (cont.)
ftp/sftp: strdup data info memory
ftp: fix comment
gnutls: fix connection state check on handshake
gnutls: fix use of pkcs11 urls for keys/certs
gtls: fix uninitialized variable
hash: use single linked list for entries
hostip: don't use alarm() for DoH resolves
hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses
http2: add on_invalid_frame callback for error detection
http2: detect session being closed on ingress handling
http2: enhance error messages on Curl_dyn* upon receiving headers
http2: fix stream assignemnt for pushes
http2: reset stream on response header error
HTTP3.md: only speak about minimal versions
http: convert parsers to strparse
http: fix NTLM info message typo
http: fix the auth check
http: make the RTSP version check stricter
http: negotiation and room for alt-svc/https rr to navigate
http: remove a HTTP method size restriction
http: version negotiation
http_chunks: replace a strofft call with curl_str_hex
https-rr: implementation improvements
httpsrr: fix port detection
httpsrr: fix the HTTPS-RR threaded-resolver build combo
INFRASTRUCTURE.md: add IRC and Matrix details
INSTALL-CMAKE.md: CMake usage updates
INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS`
lib1156: pass longs to `curl_easy_setopt()`
lib1560: test set path containing LR or CR
lib2302: fix crash due to stack overflow on MSVC and clang Windows
lib696: fix building on Windows in non-bundle mode
lib: better optimized casecompare() and ncasecompare()
lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use
lib: fix two curlx_strtoofft invokes
lib: rename curlx_strtoofft to Curl_str_numblanks()
lib: replace while(ISBLANK()) loops with Curl_str_passblanks()
lib: simplify more white space loops
lib: strtoofft.h header cleanup
lib: use Curl_str_* instead of strtok_r()
lib: use Curl_str_number() for parsing decimal numbers
libssh2: fix freeing of resources in disconnect
libssh2: fix memory leak in `SSH_SFTP_REALPATH` state
libssh2: fix to ignore `known_hosts` if SHA256 host public key is set
libssh2: print user with verbose flag
libssh2: show crypto backend in the verbose connect log
libssh: fix freeing of resources in disconnect
libssh: fix scp large file upload for 32-bit size_t systems
libtest/first.c: remove the Test: stderr output for unity builds
libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long
managen: accept more markdown-quote-markers
managen: correct the warning for un-escaped '<' and '>'
mbedtls: re-enable an error check
memdebug.h: avoid `-Wredundant-decls` with an extra guard
memdebug: drop dynamic allocation from `curl_dbg_log()`
mprintf: switch three number parsers to use strparse
mqtt: convert sendleftovers to dynbuf
msvc: drop support for VS2005 and older
multi: call protocol handler done() if PROTOCONNECT or later
multi: event based rework
multi: kill off remaining internal handles in curl_multi_cleanup
multi: start the loop over when handles are removed
multi_ev: fixes regarding connection shutdowns
ngtcp2: do not iterate over multi handles
ntlm: merge ntlm.h into ntlm.c
openssl-quic: do not iterate over multi handles
openssl: check return value of X509_get0_pubkey
openssl: drop support for old OpenSSL/LibreSSL versions
openssl: fix crash on missing cert password
openssl: fix pkcs11 URI checking for key files.
openssl: remove bad `goto`s into other scope
prox/preproxy.md: document argument within <brackets>
pytest: test negotiate with http proxy
quiche: do not iterate over multi handles
RELEASE-PROCEDURE.md: explain release candidates
request: clear sendbuf_hds_len when resetting request bufq
resolve: fix building without Unix sockets and `CURLDEBUG`
runtests: accept `CURL_DIRSUFFIX` without ending slash
runtests: add feature-based filtering
runtests: check and report if `diff` tool is missing
runtests: drop logic calling the `handle` tool (Windows)
runtests: drop recognizing 'winssl' as Schannel
runtests: drop ref to unused external function
runtests: fix bundled test invocation with `-g` option
runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs
runtests: fix test key format for libssh2 WinCNG (and others)
runtests: generate certs dynamically, bump to EC-256, tidy up
runtests: recognize AWS-LC as OpenSSL
runtests: rewrite `genserv.sh` in Perl
runtests: support multi-target cmake, drop workarounds from CI
runtests: support running tests under wine or qemu (cont.)
runtests: support running tests under wine or qemu
runtests: use `setfacl` on Cygwin/MSYS, if present
rustls: add ECH support w/ string ECH config
rustls: cap maximum allowed CRL file size to 8MB
rustls: support ECH GREASE
rustls: use client cert and key if available
schannel: deduplicate Windows Vista detection
schannel: enable ALPN support under WINE 6.0+
schannel: enable ALPN with MinGW, fix ALPN for UWP builds
schannel: guard ALPN init code to ALPN builds
scripts/managen: fix option 'single'
scripts/managen: fix parsing of markdown code sections
scripts: update completion.pl to parse options from docs
sectransp: add support for HTTP/2 in gcc builds
sendf: client reader line conversion: do not change data->state.infilesize
setopt: illegal CURLOPT_SOCKS5_AUTH should return error
setopt: remove unnecessary void pointer typecasts
setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine
shutdowns: split shutdown handling from connection pool
socks: remove bad assert from do_SOCKS5()
src: avoid strdup on platforms not doing UTF-8 conversions
src: cleanup ISBLANK vs ISSPACE
src: remove Curl_ prefix from tool-specific function
src: remove final uses of Curl_ symbol prefixes in tool code
src: replace strto[u][ld] with curlx_str_ parsers
ssh: consider sftp quote commands case sensitive
sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version
sshserver.pl: use Perl `chmod`
sshserver: fix excluding obsolete client config lines
ssl session cache: add exportable flag
SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR
strparse: make Curl_str_number() return error for no digits
strparse: switch the API to work on 'const char *'
strparse: switch to curl_off_t as base data type
test1022: add support for rc releases
test1167: catch #defines with extra whitespace
test313: disable CRL test for Schannel due to lack of support and flakiness
test313: disable via `<features>` for backends without CRL support
test489: set output dir
test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI
test613: make it pass on Windows, fix postprocess, unignore in CI
test615: fix for Cygwin, unignore in CI
tests/certs: cleanup
tests/server: drop unused `base64.pl`
tests/server: fix to check against winsock2 error codes on Windows
tests/server: give global `path` variable a more descriptive name
tests/server: make the signal handler signal-safe
tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws
tests/server: replace `strerror` with `sstrerror` in socksd
tests/server: support bundle binary
tests/server: sync `wait_ms()` with the libcurl implementation
tests/server: use `curlx_str_numblanks()` to avoid `errno`
tests/servers.pm: remove unused variable 'portrange'
tests: build non-debug unit tests with autotools, run them
tests: fix comment in lib533
tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers`
tests: make sure 'commands.log' is generated in the correct logdir
tests: mark tests 1631, 1632 flaky
tests: reformat error messages to avoid tripping MSBuild
tests: remove base64 encoded sections
tests: Remove unused variables
tests: replace remaining non-ASCII bytes with hex markup
tftpd: prefix TFTP protocol error `E*` constants with `TFTP_`
tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump
tidy-up: delete, comment or scope C macros reported unused
tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type
tidy-up: use `CURL_ARRAYSIZE()`
timediff: fix comment for curlx_mstotv()
timediff: remove unnecessary double typecast
tool_dirhie: create dir hierarchy without strtok
tool_getparam: clear sensitive arguments better
tool_getparam: do parse_upload_flags without the alloc/free
tool_getparam: parse --trace-config without strdup()/free()
tool_getparam: parse_header() without strtok
tool_operate: change "1 retries" to "1 retry"
tool_operate: fail SSH transfers without server auth
tool_operate: fix pluralization of seconds
tool_operate: remove unnecessary (long) typecasts
tool_paramhlp: do --proto parsing without strtok
tool_parsecfg: make my_get_line skip comments and newlines
tool_setopt: reduce use of "code hiding" macros
url: call protocol handler's disconnect in Curl_conn_free
urlapi: fix redirect from file:// with query, and simplify
urlapi: remove percent encoded dot sequences from the URL path
urlapi: simplify junkscan
urldata: remove 'hostname' from struct Curl_async
variable.md: clarify 'trim' example
vquic: obey IOV_MAX
vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS
winbuild: reduce command-line length by dropping whitespace
windows: do not use winsock2 `inet_ntop()`/`inet_pton()`
windows: drop code and curl manifest targeting W2K and older
windows: fix issues detected by clang-tidy, and some more
wolfssh: fix freeing of resources in disconnect
wolfssh: retrieve the error using wolfSSH_get_error
wolfssl: fix CA certificate multiple location import
wolfssl: fix unused variable warning
wolfssl: warn if CA native import option is ignored
wolfssl: when using PQ KEM, use ML-KEM, not Kyber
ws: corrected curlws_cont to reflect its documented purpose
ws: fix and extend CURLWS_CONT handling
zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4)
8.12.1
Bugfixes:
all: remove FIXME and TODO comments
asyn-thread: fix build with `CURL_DISABLE_SOCKETPAIR`
asyn-thread: fix HTTPS RR crash
asyn-thread: fix the returned bitmask from Curl_resolver_getsock
asyn-thread: survive a c-ares channel set to NULL
build: add tool_hugehelp.c into IBMi build
checksrc.pl: warn on FIXME/TODO comments
cmake/Find: set `<Modulename>_FOUND` for compatibility when found via
`pkg-config`
cmake: add integration tests, run them in CI
cmake: always reference OpenSSL and ZLIB via imported targets
cmake: avoid unnecessary `-L` for implicit link dirs
cmake: drop `LDAP_DEPRECATED=1` macro, to sync with autotools
cmake: fix `HAVE_GETHOSTBYNAME_R_*` detections with `CURL_WERROR=ON`
cmake: fix to detect `HAVE_OPENSSL_SRP` in MSVC UWP builds
cmake: fix/add missing feature detections for Windows/MS-DOS
cmake: initialize variables where missing
cmake: lib order fixes for picky linkers (e.g. binutils `ld`)
cmake: normalize before matching paths with syspaths
cmake: respect `GNUTLS_CFLAGS` when detected via `pkg-config`
cmake: respect `GNUTLS_LIBRARY_DIRS` in `libcurl.pc` and `curl-config`
cmake: save a line with `CMAKE_C_IMPLICIT_LINK_DIRECTORIES` exclusion
cmake: tidy up string append and list prepend syntax
configure/cmake: check for realpath
configure/cmake: set asyn-rr a feature only if httpsrr is enabled
content_encoding: #error on too old zlib
curl_global_sslset.md: Add SSL backend names
CURLOPT_SSH_KNOWNHOSTS.md: strongly recommend using this
CURLSHOPT_SHARE.md: adjust for the new SSL session cache
docs: better explain multi-part byte range behavior
docs: use valid example domain names
generate.bat: remove curl_get_line.c from the curlx file list
header.md: mention `Authorization:` and `Cookie:` special treatment
imap: TLS upgrade fix
INTERNALS: fix c-ares, as we actually support 1.6.0 or later
ldap: drop support for legacy Novell LDAP SDK
lib: include necessary headers for `inet_ntop`/`inet_pton`
lib: silence LibreSSL collision warning on non-MSVC Windows
libssh2: comparison is always true because rc <= -1
libssh2: raise lowest supported version to 1.2.8
libssh: drop support for libssh older than 0.9.0
libssh: silence `-Wconversion` with a cast (Windows 32-bit)
netrc: return code cleanup, fix missing file error
openssl-quic: ignore ciphers for h3
openssl: fix out of scope variables in goto
pop3: TLS upgrade fix
runtests: fix the disabling of the memory tracking
runtests: quote commands to support paths with spaces
scache: add magic checks
smb: silence `-Warray-bounds` with gcc 13+
smtp: TLS upgrade fix
SPONSORS.md: clarify that we don't promise goods or services
test1516: avoid failure due to spaces in path
test2080: simplify, avoid the null byte
tests: fix test 558, 1330 for MSVC, allow TrackMemory with MSVC in cmake
tidy-up: make per-file `ARRAYSIZE` macros global as `CURL_ARRAYSIZE`
tool_cfgable: sort struct fields by size, use bitfields for booleans
tool_getparam: add "TLS required" flag for each such option
tool_progress: fix percent output of large parallel transfers
tool_ssls: switch to tool-specific get_line function
verbose.md: mention how carriage-return might occur in headers
vquic: make the "disable GSO" use infof, not failf
vtls: fix multissl-init
vtsl: eliminate 'data->state.ssl_scache'
wakeup_write: make sure the eventfd write sends eight bytes
wolfssl: silence compiler warning (MSVC 2019), simplify existing
8.12.0
Changes:
curl: add byte range support to --variable reading from file
curl: make --etag-save acknowledge --create-dirs
getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
getinfo: provide info which auth was used for HTTP and proxy
hyper: drop support
openssl: add support to use keys and certificates from PKCS#11 provider
QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
vtls: feature ssls-export for SSL session im-/export
Bugfixes:
altsvc: avoid integer overflow in expire calculation
altsvc: return error on dot-only name
android: add CI jobs, buildinfo, cmake docs, disable `CURL_USE_PKGCONFIG`
by default
asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
asyn-ares: fix memory leak
asyn-ares: initial HTTPS resolve support
asyn-thread: use c-ares to resolve HTTPS RR
async-thread: avoid closing eventfd twice
autotools: add support for mingw UWP builds
autotools: silence gcc warnings in libtool code
binmode: convert to macro and use it from tests
build: delete `-Wsign-conversion` related FIXMEs
build: drop `-Winline` picky warning
build: drop `tool_hugehelp.c.cvs`, tidy up macros, drop `buildconf.bat`
build: drop unused feature macros, update exception list
build: fix `-Wtrampolines` picky warning for gcc 4.x versions
build: fix compiling with GCC 4.x versions
build: fix the tidy targets for autotools
build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS
build: replace configure check with PP condition (Android <21)
build: stop detecting `sched_yield()` on Windows
c-ares: fix/tidy-up macro initializations, avoid a deprecated function
cd2nroff: do not insist on quoted <> within backticks
cd2nroff: support "none" as a TLS backend
cf-https-connect: look into httpsrr alpns when available
cf-socket: error if address can't be copied
cfilters: kill connection filter events attach+detach
checksrc.bat: remove explicit SNPRINTF bypass
checksrc: ban use of sscanf()
checksrc: check for return with parens around a value/name
checksrc: exclude generated bundle files to avoid race condition
checksrc: fix the return() checker
checksrc: introduce 'banfunc' to ban specific functions
cmake/Find: add `iphlpapi` for c-ares, omit syslibs if dep not found
cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module
cmake/FindLDAP: avoid framework locations for libs too (Apple)
cmake/FindLibpsl: protect against `pkg-config` "half-detection"
cmake/FindLibssh: sync header comment with other modules
cmake/FindMbedTLS: drop lib duplicates early
cmake: add `librtmp` Find module
cmake: add LDAP Find module
cmake: add native `pkg-config` detection for remaining Find modules
cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI
cmake: clang-cl improvements
cmake: delete accidental debug message
cmake: deprecate winbuild, add migration guide from legacy build methods
cmake: detect mingw-w64 version, pre-fill `HAVE_STRTOK_R`
cmake: do not store `MINGW64_VERSION` in cache
cmake: drop `CURL_USE_PKGCONFIG` from `curl-config.cmake.in`
cmake: drop `fseeko()` pre-fill and check for Windows
cmake: drop duplicate Windows cache value
cmake: drop redundant FOUND checks (libgsasl, libssh, libuv)
cmake: drop redundant opening/closing `.*` from `MATCH` expressions
cmake: drop unused `HAVE_SYS_XATTR_H` detection
cmake: drop VS2010 "Dialog Hell" workaround added in 2013
cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found
cmake: fix `net/in.h` detection for MS-DOS
cmake: improve `curl_dumpvars()` and move to `Utilities.cmake`
cmake: make libpsl required by default
cmake: make system libraries `dl`, `m`, `pthread` customizable
cmake: move `pkg-config` names to Find modules
cmake: move GSS init before feature detections
cmake: move mingw UWP workaround from GHA to `CMakeLists.txt`
cmake: namespace functions and macros
cmake: optimize out 4 picky warning option detections with gcc
cmake: pick a better IPv6 feature flag when assembling the feature list
cmake: pre-fill `HAVE_STDATOMIC_H`, `HAVE_ATOMIC` for mingw-w64
cmake: pre-fill `HAVE_STDINT_H` on Windows
cmake: prefer dash-style MSVC options
cmake: publish/check supported protocols/features via `CURLConfig.cmake`
cmake: replace `unset(VAR)` with `set(VAR "")` for init
cmake: sync OpenSSL QUIC fork detection with autotools
cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES`
cmake: use `STREQUAL` to detect Linux
cmake: warn for OpenSSL versions missing TLS 1.3 support
cmdline-opts/version.md: describe multissl, mention SSLS-EXPORT
completion.pl: add completion for paths after @ for fish
config-mac: drop `MACOS_SSL_SUPPORT` macro
config: drop unused code and variables
configure: do not inline 'dnl' comments
configure: drop unused detections and macros
configure: streamline Windows large file feature check
configure: UWP and Android follow-up fixes
conncache: count shutdowns against host and max limits
conncache: result_cb comment removed from function docs
content_encoding: drop support for zlib before 1.2.0.4
content_encoding: namespace GZIP flag constants
content_encoding: put the decomp buffers into the writer structs
content_encoding: support use of custom libzstd memory functions
cookie: cap expire times to 400 days
cookie: fix crash in netscape cookie parsing
cookie: parse only the exact expire date
curl-functions.m4: fix indentation in `CURL_SIZEOF()`
curl: return error if etag options are used with multiple URLs
curl_multi_fdset: include the shutdown connections in the set
curl_multi_waitfds.md: tidy up the example
curl_multibyte: support Windows paths longer than MAX_PATH
curl_setup: fix missing `ADDRESS_FAMILY` type in rare build cases
curl_sha512_256: rename symbols to the curl namespace
curl_url_set.md: adjust the added-in to 7.62.0
curl_ws_recv.md: fix typo
CURLOPT_CONNECT_ONLY.md: an easy handle with this option set cannot be reused
CURLOPT_PROXY.md: clarify the crendential support in proxy URLs
CURLOPT_RESOLVE.md: fix wording
CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only)
docs/BUGS.md: remove leading space from a link
docs/cmdline-opts/_ENVIRONMENT.md: minor language fix
docs/cmdline-opts/location.md: fix typos for location flag
docs/HTTP-COOKIES.md: link to more information
docs/HTTPSRR.md: initial HTTPS RR documentation
docs/libcurl/opts: clarify the return values
docs/libcurl: return value overhall
docs/TLS-SESSIONS: fix typo, the->they
docs: document the behavior of -- in the curl command line
docs: use lowercase curl and libcurl
doh: cleanups and extended HTTPS RR code
doh: send HTTPS RR requests for all HTTP(S) transfers
easy: allow connect-only handle reuse with easy_perform
easy: make curl_easy_perform() return error if connection still there
easy_lock: use Sleep(1) for thread yield on old Windows
ECH: update APIs to those agreed with OpenSSL maintainers
examples/block-ip: drop redundant `memory.h` include
examples/block-ip: show how to block IP addresses
examples/complicated: fix warnings, bump deprecated callback, tidy up
examples/synctime.c: remove references to dead URLs and functionality
examples: make them compile with compatibility functions disabled (Windows)
examples: use return according to code style
file: drop `OPEN_NEEDS_ARG3` option
file: fix Android compiler warning
gitignore: add generated unity sources for lib and src
GnuTLS: fix 'time_appconnect' for early data
hash: add asserts in hash_element_dtor()
HTTP/2: strip TE request header
http2: fix data_pending check
http2: fix value stored to 'result' is never read
http: fix build with `CURL_DISABLE_COOKIES`
http: ignore invalid Retry-After times
http_aws_sigv4: Fix invalid compare function handling zero-length pairs
https-connect: start next immediately on failure
INFRASTRUCTURE.md: project infra
INSTALL-CMAKE.md: fix punctuation
INSTALL.md: add CMake examples for macOS and iOS
INSTALL.md: document VS2008 and mingw-w64
INTERNALS.md: sync wolfSSL version requirement with source code
lib517: extend the getdate test with quotes and leading "junk"
lib: clarify 'conn->httpversion'
lib: redirect handling by protocol handler
lib: remove `__EMX__` guards
lib: replace `inline` redefine with `CURL_INLINE` macro
lib: supress deprecation warnings in apple builds
lib: TLS session ticket caching reworked
libcurl/opts: do not save files in dirs where attackers have access
Makefile.dist: delete
Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3)
mbedtls: fix handling of blocked sends
mbedtls: PSA can be used independently of TLS 1.3 (avoid runtime errors)
mime: explicitly rewind subparts at attachment time.
mprintf: fix integer handling in float precision
mprintf: terminate snprintf output on windows
msvc: add missing push/pop for warning pragmas
msvc: assume `_INTEGRAL_MAX_BITS >= 64`
msvc: drop checks for ancient versions
msvc: fix building with `HAVE_INET_NTOP` and MSVC <=1900
msvc: require VS2005 for large file support
msvc: tidy up `_CRT_*_NO_DEPRECATE` definitions
multi: fix curl_multi_waitfds reporting of fd_count
multi: fix return code for an already-removed easy handle
multihandle: add an ssl_scache here
multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL
multissl: make openssl + wolfssl builds work
netrc: 'default' with no credentials is not a match
netrc: fix password-only entries
netrc: restore _netrc fallback logic
ngtcp2: fix memory leak on connect failure
ngtcp2: fix two cases of value stored never read
openssl: define `HAVE_KEYLOG_CALLBACK` before use
openssl: drop unused `HAVE_SSL_GET_SHUTDOWN` macro
openssl: fix ECH logic
osslq: use SSL_poll to determine writeability of QUIC streams
projects/Windows: remove wolfSSL from legacy projects
projects: fix `INSTALL-CMAKE.md` references
pytest: remove 'repeat' parameter
pytest: use httpd/apache2 directly, no apachectl
RELEASE-PROCEDURE.md: mention how to publish security advisories
runtests.pl: fix precedence issue
scripts/mdlinkcheck: markdown link checker
sectransp: free certificate on error
select: avoid a NULL deref in cwfds_add_sock
smb: fix compiler warning
src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows
src: drop support for `CURL_TESTDIR` debug env
src: omit hugehelp and ca-embed from libcurltool
ssl session cache: change cache dimensions
strparse: string parsing helper functions
symbols-in-versions: update version for LIBCURL_VERSION and
LIBCURL_VERSION_NUM
system.h: add 64-bit curl_off_t definitions for NonStop
system.h: drop compilers lacking 64-bit integer type (Windows/MS-DOS)
system.h: drop duplicate and no-op code
system.h: fix indentation
telnet: handle single-byte input option
test1960: don't close the socket too early
test483: require cookie support
tests/http/clients: use proper sleep() call on NonStop
tests: change the behavior of swsbounce
tests: stop promoting perl warnings to fatal errors
TheArtOfHttpScripting.md: rewrite double 'that'
tidy-up: `curl_setup.h`, `curl_setup_once.h`, `config-win32ce.h`
tidy-up: drop parenthesis around `return` expression
tidy-up: drop parenthesis around `return` values
tidy-up: extend `CURL_O_BINARY` to lib and tests
TLS: check connection for SSL use, not handler
tool_formparse.c: make curlx_uztoso a static in here
tool_formparse: accept digits in --form type= strings
tool_getparam: ECH param parsing refix
tool_getparam: fail --hostpubsha256 if libssh2 is not used
tool_getparam: fix "Ignored Return Value"
tool_getparam: fix memory leak on error in parse_ech
tool_getparam: fix the ECH parser
tool_operate: make --etag-compare always accept a non-existing file
transfer: fix CURLOPT_CURLU override logic
urlapi: fix redirect to a new fragment or query (only)
urldata: tweak the UserDefined struct
variable.md: mention --expand-variable for variables to variables
variable.md: show function use with examples
version: fix the IDN feature for winidn and appleidn
vquic: fix 4th function call argument is an uninitialized value
vquic: make vquic_send_packets not return without setting psent
vtls: fix default SSL backend as a fallback
vtls: only remember the expiry timestamp in session cache
vtls: remove 'detach/attach' functions from TLS handler struct
vtls: remove unusued 'check_cxn' from TLS handler struct
vtls: replace "none"-functions with NULL pointers
VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS
VULN-DISCLOSURE-POLICY: on legacy dependencies
websocket: fix message send corruption
windows: drop dupe macros, detect `CURL_OS` for WinCE ARM, indentation
windows: drop redundant `USE_WIN32_SMALL_FILES` macro
windows: drop two missed `buildconf.bat` references
windows: merge `config-win32ce.h` into `config-win32.h`
ws-docs: extend WebSocket documentation
ws-docs: remove the outdated texts saying ws support is experimental
ws: reject frames with unknown reserved bits set
x509asn1: add parse recursion limit
8.11.1
Bugfixes:
build: fix ECH to always enable HTTPS RR
build: fix MSVC UWP builds
build: omit certain deps from `libcurl.pc` unless found via `pkg-config`
build: use `_fseeki64()` on Windows, drop detections
cmake: do not echo most inherited `LDFLAGS` to config files
cmake: drop cmake args list from `buildinfo.txt`
cmake: include `wolfssl/options.h` first
cmake: remove legacy unused IMMEDIATE keyword
cmake: restore cmake args list in `buildinfo.txt`
cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF`
cmake: sync GSS config code with other deps
cmake: typo in comment
cmake: work around `ios.toolchain.cmake` breaking feature-detections
cmakelint: fix to check root `CMakeLists.txt`
cmdline/ech.md: formatting cleanups
configure: add FIXMEs for disabled pkg-config references
configure: do not echo most inherited `LDFLAGS` to config files
configure: replace `$#` shell syntax
cookie: treat cookie name case sensitively
curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected
curl.h: mark two error codes as obsolete
curl: --continue-at is mutually exclusive with --no-clobber
curl: --continue-at is mutually exclusive with --range
curl: --continue-at is mutually exclusive with --remove-on-error
curl: --test-duphandle in debug builds runs "duphandled"
curl: do more command line parsing in sub functions
curl: rename struct var to fix AIX build
curl: use realtime in trace timestamps
curl_multi_socket_all.md: soften the deprecation warning
CURLOPT_PREREQFUNCTION.md: add result code on failure
digest: produce a shorter cnonce in Digest headers
DISTROS: update Alt Linux links
dmaketgz: use --no-cache when building docker image
docs: bring back ALTSVC.md and HSTS.md
docs: document default `User-Agent`
docs: suggest --ssl-reqd instead of --ftp-ssl
duphandle: also init netrc
ECH: enable support for the AWS-LC backend
hostip: don't use the resolver for FQDN localhost
http_negotiate: allow for a one byte larger channel binding buffer
http_proxy: move dynhds_add_custom here from http.c
KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN
krb5: fix socket/sockindex confusion, MSVC compiler warnings
lib: fixes for wolfSSL OPENSSL_COEXIST
libssh: use libssh sftp_aio to upload file
libssh: when using IPv6 numerical address, add brackets
macos: disable gcc `availability` workaround as needed
mbedtls: call psa_crypt_init() in global init
mime: fix reader stall on small read lengths
mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
mprintf: fix the integer overflow checks
multi: add clarifying comment for wakeup_write()
multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again
when...
netrc: address several netrc parser flaws
netrc: support large file, longer lines, longer tokens
nghttp2: use custom memory functions
OpenSSL: improvde error message on expired certificate
openssl: remove three "Useless Assignments"
openssl: stop using SSL_CTX_ function prefix for our functions
os400: Fix IBMi builds
os400: Fix IBMi EBCDIC conversion of arguments
pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
rtsp: check EOS in the RTSP receive and return an error code
schannel: remove TLS 1.3 ciphersuite-list support
setopt: fix CURLOPT_HTTP_CONTENT_DECODING
setopt: fix missing options for builds without HTTP & MQTT
show-headers.md: clarify the headers are saved with the data
socket: handle binding to "host!<ip>"
socketpair: fix enabling `USE_EVENTFD`
strtok: use namespaced `strtok_r` macro instead of redefining it
tests: add the ending time stamp in testcurl.pl
tests: re-enable 2086, and 472, 1299, 1613 for Windows
TODO: consider OCSP stapling by default
tool_formparse: remove use of sscanf()
tool_getparam: parse --localport without using sscanf
tool_getpass: fix UWP `-Wnull-dereference`
tool_getpass: replace `getch()` call with `_getch()` on Windows
tool_urlglob: parse character globbing range without sscanf
vtls: fix compile warning when ALPN is not available
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
