Adolf Belka [Fri, 12 Sep 2025 19:54:46 +0000 (21:54 +0200)]
nmap: Update to version 7.98
- Update from version 7.95 to 7.98
- Update of rootfile
- Changelog
7.98
o Updated liblua to 5.4.8
o Fixed an issue in FTP bounce scan where a single null byte is written past
the end of the receive buffer. The issue is triggered by a malicious server
but does not cause a crash with default builds. [Tyler Zars]
o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the
parallel DNS resolver. Additionally, improved performance by processing
responses that come after the request has timed out. [Daniel Miller]
o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys:
"Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers
that are registered as Extension Header values. When the --data option was
used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"
[Daniel Miller]
o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void
receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L)
== 1' failed."
when reading from an SSL connection. [Daniel Miller]
o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per
hostgroup, which led to progressively slower scans and assertion failures in
other scan phases. [Daniel Miller]
o [NSE] Added NSE bindings for more libssh2 functions: channel_request,
channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive.
ssh-brute will now use keyboard-interactive auth if password auth is not
offered. [Daniel Miller, CrowdStrike]
o Fix a bug that was causing Nmap to send empty DNS packets for each target
that was not found up instead of just skipping them for reverse DNS.
o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since
Nmap 7.96. [Daniel Miller]
o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including
post-quantum ciphersuites.
o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces
for forward and reverse DNS lookups. When -e or -S are used, use only DNS
servers that can be connected via that interface or source address.
[Daniel Miller]
o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module.
[Daniel Miller]
o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover
latest strings.
o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being
installed. [Daniel Miller]
o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file"
when Nmap crashes or fails. [Daniel Miller]
o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata
and UmitConfigParser. [Daniel Miller]
o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID
was not prefixed with "urn:". [nnposter]
7.97
o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that
use non-latin character sets. Also changed Nmap to print the time zone as an
offset from UTC instead of as a localized string. [Daniel Miller]
o Fixed an issue with the parallel forward DNS resolver: it had not been
consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
[Daniel Miller]
o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in
the example output of http-malware-host [nnposter]
7.96
o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1,
libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0
o [Windows] Upgraded the included version of Npcap from version 1.79 to the
latest version 1.82, bringing faster packet injection, VLAN header capture,
and support for SR-IOV adapters, along with many other bug fixes and feature
enhancements described at https://npcap.com/changelog
o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
engine that has been reliably performing reverse-DNS lookups for nearly a
decade. Scanning large lists of hostnames is now enormously faster and avoids
the unresponsive wait for blocking system calls, so progress stats can be
shown. In testing, resolving 1 million website names to both IPv4 and IPv6
took just over an hour. The previous system took 49 hours for the same data
set! [Daniel Miller]
o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to
the same release version as Nmap.
o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or
window::dark_mode in zenmap.conf. [Daniel Miller]
o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
+ [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin
service to get the RouterOS version. New service probes were also added for
this service. [deauther890, Daniel Miller]
+ mikrotik-routeros-username-brute brute-forces WinBox usernames for the
router using CVE-2024-54772. [deauther890]
+ targets-ipv6-eui64 generates target IPv6 addresses from a user-provided
file of MAC addresses, using the EUI-64 method. [Daniel Miller]
o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
correctly uninstalling Nmap OEM.
o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted
since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6.
[Daniel Miller]
o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show
'filtered' instead of 'closed', due to differences in understanding timeouts.
o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255.
[nnposter]
o Nmap will now allow targets to be specified both on the command line and in
an input file with -iL. Previously, if targets were provided in both places,
only the targets in the input file would be scanned, and no notice was given
that the command-line targets were ignored. [Daniel Miller]
o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with
error.
o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes
throughout Zenmap.
o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was
not in the PATH. The issue primarily affected macOS users. [Daniel Miller]
o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the
-iR option.
o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of
redis.
o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers
discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
o [Nping] Bind raw socket to device when possible. This was already done for
IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
connections. This makes it more compatible with other netcats. The -k option
will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
[Daniel Miller]
o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL
layer's buffer could not be read until more data arrived on the socket, which
could lead to deadlock. [Daniel Miller]
o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the
same as traditional netcat's -q option. [Daniel Miller]
o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and
EOF conditions that had not been being delivered to the child process.
o [Ncat][Windows] All Nsock engines now work correctly. The default is still
'select', but others can be set with --nsock-engine=iocp or
--nsock-engine=poll [Daniel Miller]
o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by
the libssh2 Lua binding, providing useful output instead of a backtrace.
[Joshua Rogers, Daniel Miller]
o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
libssh2.channel_read_stderr, which was reading stdout instead; add binding
for libssh2_userauth_publickey_frommemory; allow open_channel to avoid
allocating a pty;
o [Nsock] Improvements for platforms without selectable pcap handles (e.g.
Windows). Interleaved pcap and socket events were favoring pcap reads,
possibly resulting in timeouts of the socket events. [Daniel Miller]
o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller]
o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing
errors like "could not find 1 of the purportedly pending events on that IOD."
[Daniel Miller]
o When Nmap is used with --disable-arp-ping, a local IP that cannot be
ARP-resolved will use the "no-route" reason instead of the "unknown-response"
reason, since no response was received.
o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE
library. [johnjaylward, nnposter]
o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for
a given username caused heap corruption. [Julijan Nedic, nnposter]
o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
from a file. [nnposter]
o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE
module did not work correctly when the IV started with a null byte.
[nnposter]
o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now
supported. Script smb-protocols now reports SMB dialects correctly.
[nnposter]
o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 16:45:02 +0000 (18:45 +0200)]
python3-msgpack: Update to version 1.1.0
- Update from version 1.0.8 to 1.1.0
- Update of rootfile
- borgbackup requires python3-msgpack and has updated the version to be up to 1.1.0
- Changelog
1.1.0
use PyLong_* instead of PyInt_* for compatibility with future Cython. (#620)
1.1.0rc2
Update Cython to 3.0.11 for better Python 3.13 support.
Update cibuildwheel to 2.20.0 to build Python 3.13 wheels
1.1.0rc1
Update Cython to 3.0.10 to reduce C warnings and future support for Python 3.13.
Stop using C++ mode in Cython to reduce compile error on some compilers.
Packer() has buf_size option to specify initial size of internal buffer to
reduce reallocation.
The default internal buffer size of Packer() is reduced from 1MiB to 256KiB to
optimize for common use cases. Use buf_size if you are packing large data.
Timestamp.to_datetime() and Timestamp.from_datetime() become more accurate by
avoiding floating point calculations. (#591)
The Cython code for Unpacker has been slightly rewritten for maintainability.
The fallback implementation of Packer() and Unpacker() now uses keyword-only
arguments to improve compatibility with the Cython implementation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 16:45:01 +0000 (18:45 +0200)]
borgbackup: Update to version 1.4.1
- Update from version 1.4.0 to 1.4.1
- Update of rootfile
- Changelog
1.4.1
New features:
- prune: add 13weekly and 3monthly quarterly pruning strategies, #8337
- add BORG_USE_CHUNKS_ARCHIVE env var as a cleaner way to control whether
borg shall use chunks.archive.d/ cache directory. the previous "hack" to
create a non-directory file at that place is still supported.
- compact: support --dry-run (do nothing) to simplify scripting, #8300
- add {unixtime} placeholder, #8522
- macOS: retrieve birthtime in nanosecond precision via system call, #8724
- implement padme chunk size obfuscation (SPEC 250), #8705
Fixes:
- borg exits when assertions are disabled with Python optimizations, #8649
- fix remote repository exception handling / modern exit codes, #8631
- config: fix acceptance of storage_quota 0, #8499
- config: reject additional_free_space < 10M (but accept 0), #6066
- check: more consistent messaging considering --repair, #8533
- yes: deal with UnicodeDecodeError in input(), #6984
- fix WORKAROUNDS=authenticated_no_key support for archive TAM authentication,
#8400
- diff: do not assert on diff if hard link sources are not found due to
exclusions, #8344
- diff:
- suppress modified changes for files which weren't actually modified in JSON
output, #8334
- ensure that 0B changes are hidden from text diffs, too.
- remove 0-added,0-removed modified entries from JSON output.
- try to rebuild cache if an exception is raised, #5213
- freebsd: fix nfs4 acl processing, #8756.
This issue only affected borg extract --numeric-ids when processing NFS4
ACLs, it didn't affect POSIX ACL processing.
Other changes:
- support and test on Python 3.13
- use Cython 3.0.12
- filter LibreSSL related warnings on OpenBSD
- docs:
- update install docs, nothing bundled anymore, #8342
- clarify excluded and included flags for dry-run, #8556
- small changes regarding compression, #8542
- clean up entries regarding SSH settings, link to recommended ones, #8542
- borg/borgfs detects internally under which name it was invoked, #8207
- binary: using the directory build is faster, #8008
- add readme of the binaries
- mount: document on-demand loading, perf tips, #7173
- better link modern return codes, #8370
- update repository URLs in docs to use new syntax, #8361
- align /etc/backups path references in automated backups deployment guide
- mount docs: apply jdchristensen's suggestion, better phrasing.
- FAQ: Why is backing up an unmodified FAT filesystem slow on Linux?
- FAQ: Why are backups slow on a Linux server that is a member of a windows domain?
- FAQ: add entry about pure-python msgpack warning, #8323
- modify docs for automated backup to append to SYSTEMD_WANTS rather than overwrite, #8641
- fix udev rule priority in automated-local.rst, #8639
- clarify requirements when using command line options with special characters within a shell, #8628
- work around sudden failure of sphinx ini lexer
- readthedocs theme fixes
- bring back highlighted content preview in search results.
- fix erroneous warning about missing javascript support.
- tests:
- github CI: windows msys2 build: broken, disable it for now, #8264
- improve borg check --repair healing tests, #8302
- fix hourly prune test failure due to local timezone
- ignore `com.apple.provenance` xattr (macOS specific)
- vagrant:
- pyenv: only use Python 3.11.12, use this for binary build
- macos: give more memory
- install rust on BSD
- add FreeBSD 13 box, for #8266
- fix OpenBSD box, #8506
- use a bento/ubuntu-24.04 box for now
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:45 +0000 (12:10 +0200)]
qemu: Update to version 10.1.0
- Update from version 10.0.2 to 10.1.0
- Update of rootfile
- Changelog for 10.1 can be found at https://wiki.qemu.org/ChangeLog/10.1
- Changelog for 10.0 can be found at https://wiki.qemu.org/ChangeLog/10.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:43 +0000 (12:10 +0200)]
opus: Update to version 1.5.2
- Update from version 1.5.1 to 1.5.2
- Update of rootfile
- Changelog
1.5.2
fixes several build issues that were discovered since the 1.5 release. It also
fixes a misalignment issue in the AVX2 code that could cause crashes under
Windows.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:42 +0000 (12:10 +0200)]
nagios_nrpe: Update to version 4.1.3
- Update from version 4.1.0 to 4.1.3
- Update of rootfile not required
- Changelog
4.1.3
**FIXES**
- Change of ssl.c and ssl.h to nrpe-ssl.c and nrpe-ssl.h
4.1.2
**FIXES**
- Fixed printing of incorrect packet version to just logging the error
- Fixed and updated SSL
4.1.1
**FIXES**
- Use correct HUP signal for Solaris
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:40 +0000 (12:10 +0200)]
libslirp: Update to version 4.9.1
- Update from version 4.7.0 to 4.9.1
- Update of rootfile not required
- 2 security fixes in version 4.8.0
- Changelog
4.9.1
Fixed
- meson: use boolean defaults for boolean options !149
- meson: specify that C++ is only used for host binaries !149
- meson: add dependency override for libslirp !150
- Do not link tests with libslirp.map #84
- apple: Fix getting IPv4 DNS server address when IPv4 and IPv4 are
interleaved #85
- Windows: Fix ICMP generation #87 #88
- tcp: Fix starting the linger2 timer on socket shutdown #86
Changed
- tcp: on input, reset TCPT_KEEP to TCPTV_KEEP_IDLE rather than
TCPTV_KEEPINTVL
- tcp: on input during init, reset TCPT_KEEP to TCPTV_KEEP_INIT
- tcp: Reduce linger time to two minutes
4.9.0
Added
- Add SlirpAddPollSocketCb and {,un}register_poll_socket that can be used from
SLIRP_CONFIG_VERSION_MAX 6 to properly support socket handles on win64.
Fixed
- bootp: Fill siaddr with tftp addr as per RFC2131 !135
- tcp_listen: Fix host forwarding on Windows !137
- tftp: Fix address returned in proxying #82 !147
Changed
- Fix build on mold #77
- Fix static linking !134
- slirp_os_socket abstraction for Windows !136
- cksum: Update implementation to include 64-bit computation support !144
- reduce compilation warnings on Windows !143
4.8.0
Security
- tcp: Fix testing for last fragment
- tftp: Fix use-after-free
Added
- Add support for Haiku !123
- ncsi: Add manufacturer's ID !122
- ncsi: Add Get Version ID command !122
- ncsi: Add out-of-band ethernet address !125
- ncsi: Add Mellanox Get Mac Address handler !125
- icmp6: Add echo request forwarding support
- Add fuzzing infrastructure
Fixed
- Fix missing cleanups
- windows: Build fixes
- ipv6: Use target address from Neighbor Advertisement !129
- dns: Reject domain-search when any entry ends with ".."
- dns: Use localhost as dns when /etc/resolv.conf empty !130
- icmp: Handle ICMP packets as IPPROTO_IP on BSD !133
- eth: pad ethernet frames to 60 bytes #34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:39 +0000 (12:10 +0200)]
iptraf-ng: Update to version 1.2.2
- Update from version 1.2.1 to 1.2.2
- Update of rootfile not required
- CVE fix in this version
- Changelog
1.2.2
- small cleanups: remove unused code/variable, correct format specifiers
- serv.c: fix and validate port/ranges entering/loading/saving
- SECURITY FIX: CVE-2024-52949: interface names: limit length to IFNAMSIZ
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:38 +0000 (12:10 +0200)]
iotop: Update to version 1.30
- Update from version 1.26 to 1.30
- Update of rootfile not required
- Changelog
1.30
kernel commit 0bf2d83 fixes the problem with struct taskstats, now iotop
1.30 handles only v15 of the struct in a different way, retaining
compatibility with both old and new kernels
show zero current values for exited processes
flush stdout after each batch run
1.29
Fix Linux kernel incompatible struct taskstats
1.28
add option to specify bin directory by @mhlavink in #78
fix batch mode
1.27
src/iotop: correct pg_cb signature by @mikoxyz in #64
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Sep 2025 10:10:36 +0000 (12:10 +0200)]
dtc: Update to version 1.7.2
- Update from version 1.7.1 to 1.7.2
- Update of rootfile
- Changelog
1.7.2
Build
- Fix automatic dependency handling for paths with spaces in them
- Fix to allow compilation with swig 4.3.0
- Disable pointless warnings on swig generated code
fdtoverlay
- Improve error message with missing /__symbols__
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:37 +0000 (18:51 +0200)]
xfsprogs: Update to version 6.16.0
- Update from version 6.14.0 to 6.16.0
- Update of rootfile not required
- Changelog
6.16.0
Document current limitation of shrinking fs (Xavier Claude)
mkfs: require reflink for max_atomic_write option (John Garry)
xfs_scrub: remove EXPERIMENTAL warnings (Darrick J. Wong)
mkfs: allow users to configure the desired maximum atomic write size (Darrick J. Wong)
mkfs: try to align AG size based on atomic write capabilities (Darrick J. Wong)
mkfs: autodetect log stripe unit for external log devices (Darrick J. Wong)
mkfs: don't complain about overly large auto-detected log stripe units (Darrick J. Wong)
xfs_io: dump new atomic_write_unit_max_opt statx field (Darrick J. Wong)
xfs_db: create an untorn_max subcommand (Darrick J. Wong)
6.15.0
xfs_mdrestore: don't allow restoring onto zoned block devices (Christoph Hellwig)
man: adjust description of the statx manpage (Darrick J. Wong)
xfs_protofile: fix permission octet when suid/guid is set (Luca Di Maio)
xfs_repair: fix libxfs abstraction mess (Darrick J. Wong)
xfs_growfs: support internal RT devices (Christoph Hellwig)
xfs_mdrestore: support internal RT devices (Christoph Hellwig)
xfs_scrub: support internal RT device (Christoph Hellwig)
xfs_spaceman: handle internal RT devices (Christoph Hellwig)
xfs_io: handle internal RT devices in fsmap output (Christoph Hellwig)
xfs_io: don't re-query fs_path information in fsmap_f (Christoph Hellwig)
xfs_io: correctly report RGs with internal rt dev in bmap output (Christoph Hellwig)
man: document XFS_FSOP_GEOM_FLAGS_ZONED (Christoph Hellwig)
xfs_mkfs: document the new zoned options in the man page (Christoph Hellwig)
xfs_mkfs: reflink conflicts with zoned file systems for now (Christoph Hellwig)
xfs_mkfs: default to rtinherit=1 for zoned file systems (Christoph Hellwig)
xfs_mkfs: calculate zone overprovisioning when specifying size (Christoph Hellwig)
xfs_mkfs: support creating file system with zoned RT devices (Christoph Hellwig)
xfs_mkfs: factor out a validate_rtgroup_geometry helper (Christoph Hellwig)
xfs_repair: validate rt groups vs reported hardware zones (Christoph Hellwig)
xfs_repair: fix the RT device check in process_dinode_int (Christoph Hellwig)
xfs_repair: support repairing zoned file systems (Christoph Hellwig)
libfrog: report the zoned geometry (Christoph Hellwig)
xfs_repair: phase6: scan longform entries before header check (Bill O'Donnell)
xfs_repair: Bump link count if longform_dir2_rebuild yields shortform dir (Eric Sandeen)
mkfs: fix the issue of maxpct set to 0 not taking effect (liuh)
mkfs: fix blkid probe API violations causing weird output (Darrick J. Wong)
xfs_io: make statx mask parsing more generally useful (Darrick J. Wong)
xfs_io: redefine what statx -m all does (Darrick J. Wong)
xfs_io: catch statx fields up to 6.15 (Darrick J. Wong)
man: fix missing cachestat manpage (Darrick J. Wong)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:35 +0000 (18:51 +0200)]
ruby: Update to version 3.4.5
- Update from version 3.4.4 to 3.4.5
- Update of rootfile
- Changelog
3.4.5
Bug #21340: Bump autoconf version to properly handle C23 bool/stdbool
defines - Ruby - Ruby Issue Tracking System
Sync lockfile from rubygems/rubygems by deivid-rodriguez ·
Pull Request #13472
Bug #21438: use-after-free when resizing exivars - Ruby - Ruby Issue
Tracking System
Ensure that memory is not freed before calling
free_fast_fallback_getaddrinfo_* by shioimm · Pull Request #12661
Fix heap-use-after-free in free_fast_fallback_getaddrinfo_entry by
shioimm · Pull Request #13231
Bug #21441: SEGV during thread cleanup if profiler calls
thread_profiles_frames at wrong time - Ruby - Ruby Issue Tracking System
Bug #21255: Can't build Ruby with Windows SDK 10.0.26100 - Ruby - Ruby
Issue Tracking System
Backport GH-13617 for s390x by hsbt · Pull Request #13757
Bump up resolv-0.6.2 for Ruby 3.4 by hsbt · Pull Request #13818
Bug #21197: Prism does not accept newline after defined? keyword - Ruby -
Ruby Issue Tracking System
Bug #21333: heap-use-after-free caused by rehash during update - Ruby -
Ruby Issue Tracking System
Bug #21357: Crash in Hash#merge! with ruby-dev in rubocop-rspec test suite
- Ruby - Ruby Issue Tracking System
Bug #21383: Prism leaks memory with invalid yield - Ruby - Ruby Issue
Tracking System
Bug #21394: Memory leak in Prism's RubyVM::InstructionSequence.new -
Ruby - Ruby Issue Tracking System
Bug #21099: TestGc#test_gc_stress_at_startup assertion failure - Ruby -
Ruby Issue Tracking System
Bug #21395: Please backport caa6ba1a46afa1bc696adc5fe91ee992f9570c89 -
Ruby - Ruby Issue Tracking System
Bug #21439: Crash with PM_SPLAT_NODE compiler error (Prism) - Ruby - Ruby
Issue Tracking System
Bug #21354: Symbol#to_proc is not ractor safe - Ruby - Ruby Issue Tracking
System
Bug #20009: Marshal.load raises exception when load dumped class include
non-ASCII - Ruby - Ruby Issue Tracking System
Bug #21380: Use-After-Free in String#split with In-Block String
Modification - Ruby - Ruby Issue Tracking System
Bug #21447: Fix handling of PM_CONSTANT_PATH_NODE node in keyword
arguments with ARGS_SPLAT - Ruby - Ruby Issue Tracking System
Bug #21448: Random.urandom may fail to fall back to reading /dev/urandom
on Linux < 3.17 - Ruby - Ruby Issue Tracking System
Bug #21440: Cannot create instances of frozen Data subclasses - Ruby -
Ruby Issue Tracking System
Bug #21437: Date#hash may return different values for equal dates with
large years - Ruby - Ruby Issue Tracking System
Bug #21497: building issue when using gcc15, because C23 is default - Ruby
- Ruby Issue Tracking System
Bug #21500: Backport gcc 15 support - Ruby - Ruby Issue Tracking System
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:34 +0000 (18:51 +0200)]
libconfig: Update to version 1.8.1
- Update from version 1.8 to 1.8.1
- Update of rootfile
- sobump but find-dependencies did not flag anu issues up.
- Changelog
1.8.1
Various bugfixes, portability fixes, and documentation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:32 +0000 (18:51 +0200)]
iproute2: Update to version 6.16.0
- Update from version 6.15.0 to 6.16.0
- Update of rootfile not required
- Changelog is not provided. Details of changes can be found from the git commit changes
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Sep 2025 16:51:31 +0000 (18:51 +0200)]
cmake: Update to version 4.1.1
- Update from version 4.0.2 to 4.1.1
- Update of rootfile
- Changelog
4.1.1
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
4.1.0
File-Based API
The cmake-file-api(7) v1 now writes partial replies when buildsystem
generation fails with an error. See the v1 Reply Error Index.
Generators
Makefile Generators and Ninja Generators gained support for adding a
linker launcher with Fortran, CUDA, and HIP. See the
CMAKE_<LANG>_LINKER_LAUNCHER variable and <LANG>_LINKER_LAUNCHER target
property for details.
Command-Line
The cmake --build command-line tool, when used with the Xcode generator,
now detects when a third-party tool has wrapped the generated .xcodeproj
in a .xcworkspace, and drives the build through the workspace instead.
Configure Log
The cmake-configure-log(7) now reports events from find_package()
(in CONFIG mode), find_path(), find_file(), find_library(), and
find_program() commands when first invoked, when their results
transition between "not found" and "found", or when enabled explicitly
by the --debug-find command-line option. See Event Kind find and Event
Kind find_package. Logging may also be controlled by the
CMAKE_FIND_DEBUG_MODE and CMAKE_FIND_DEBUG_MODE_NO_IMPLICIT_CONFIGURE_LOG
variables.
Compilers
Diab compilers from Wind River Systems, versions 5.9.x+, are now
supported with compiler id Diab for languages ASM, C, and CXX.
Renesas Compilers are now supported with compiler id Renesas for
languages ASM and C.
Commands
The add_dependencies() command may be called with no dependencies.
The cmake_pkg_config() command now supports the IMPORT and POPULATE
subcommands for interfacing CMake targets with pkg-config based
dependencies.
The project() command now has experimental support for the COMPAT_VERSION
keyword, gated by CMAKE_EXPERIMENTAL_EXPORT_PACKAGE_INFO.
Variables
The CMAKE_FIND_REQUIRED variable was added to tell find_package(),
find_path(), find_file(), find_library(), and find_program() to be
REQUIRED by default. The commands also gained an OPTIONAL keyword to
ignore the variable for a specific call.
The CMAKE_<LANG>_COMPILER_ARCHITECTURE_ID variable is now populated for
most compilers, and documented for public use.
The CMAKE_<LANG>_ICSTAT variable and corresponding <LANG>_ICSTAT target
property were added to tell the Makefile Generators and the Ninja
Generators to run the IAR icstat tool along with the compiler for C and
CXX languages.
Environment Variables
The CMAKE_<LANG>_IMPLICIT_LINK_LIBRARIES_EXCLUDE environment variable was
added to optionally exclude specific libraries from the detected set of
CMAKE_<LANG>_IMPLICIT_LINK_LIBRARIES.
Properties
The AUTOMOC_INCLUDE_DIRECTORIES target property and associated
CMAKE_AUTOMOC_INCLUDE_DIRECTORIES variable were added to override the
automatic discovery of moc includes from a target's transitive include
directories.
The MACOSX_PACKAGE_LOCATION source file property now works when set on a
source directory, and copies its entire tree into the bundle.
The PDB_NAME and COMPILE_PDB_NAME target properties now support generator
expressions.
Modules
The FindASPELL module now provides a version variable, imported targets,
and components to optionally select the Aspell library and executable
separately.
The FindBLAS and FindLAPACK modules now support the NVIDIA Performance
Libraries (NVPL).
The FindProtobuf module's protobuf_generate(DEPENDENCIES) command
argument now accepts multiple values.
The FindProtobuf module's protobuf_generate_cpp() and
protobuf_generate_python() commands, together with their
Protobuf_IMPORT_DIRS and PROTOBUF_GENERATE_CPP_APPEND_PATH hint
variables, are now deprecated in favor of the protobuf_generate() command.
Regular Expressions
The string(REGEX MATCHALL), string(REGEX REPLACE), and
list(TRANSFORM REPLACE) commands now match the regular expression ^
anchor at most once in repeated searches, at the start of the input.
See policy CMP0186.
The string(REGEX REPLACE) command now allows references to unmatched
groups. They are replaced with empty strings.
The string(REGEX MATCH), string(REGEX MATCHALL), and string(REGEX REPLACE)
commands now allow zero-length matches.
CTest
ctest(1) gained a --schedule-random-seed option to specify a numeric
random seed to make ctest --schedule-random deterministic for reproduction.
CPack
The CPack NuGet Generator gained option CPACK_NUGET_SYMBOL_PACKAGE to
generate NuGet symbol packages containing PDB files.
The CPack RPM Generator gained CPACK_RPM_PACKAGE_ENHANCES,
CPACK_RPM_PACKAGE_RECOMMENDS, and CPACK_RPM_PACKAGE_SUPPLEMENTS
variables to specify the corresponding RPM spec fields.
Deprecated and Removed Features
The FindGTest module's result variables GTEST_INCLUDE_DIRS,
GTEST_LIBRARIES, GTEST_MAIN_LIBRARIES, and GTEST_BOTH_LIBRARIES are now
deprecated in favor of using GTest::gtest and GTest::gtest_main imported
targets.
The FindGCCXML module has been deprecated via policy CMP0188. Port
projects to CastXML instead.
The FindCABLE module has been deprecated via policy CMP0191.
The CMakeDetermineVSServicePack module has been deprecated via policy
CMP0196. Port projects to the CMAKE_<LANG>_COMPILER_VERSION variable
instead.
Other Changes
The ExternalProject module no longer checks the URL archive file
extension. Any archive type that cmake -E tar can extract is now allowed.
Modules FindPython3, FindPython2 and FindPython now enforce consistency
of artifacts in cross-compiling mode. This prevents mixing host and
target artifacts. See policy CMP0190.
The GNUInstallDirs module now prefers to default SYSCONFDIR,
LOCALSTATEDIR, and RUNSTATEDIR to absolute paths when installing to
special prefixes. See policy CMP0192.
The GNUInstallDirs module now caches CMAKE_INSTALL_* variables with their
leading usr/ for install prefix /. See policy CMP0193.
The install(TARGETS) command no longer ignores file sets which haven't
been defined at the point it is called. The ordering of
target_sources(FILE_SET) and install(TARGETS) is no longer semantically
relevant.
Enabling ASM no longer accidentally succeeds using MSVC's cl C compiler
as an assembler. See policy CMP0194.
The MSVC link -machine: flag is no longer added to the
CMAKE_*_LINKER_FLAGS variables. See policy CMP0197.
The TARGET_PROPERTY generator expression now evaluates the LINK_LIBRARIES
and INTERFACE_LINK_LIBRARIES target properties transitively. See policy
CMP0189.
4.0.4
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
4.0.3
This version made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix
regressions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 11 Aug 2025 17:39:01 +0000 (19:39 +0200)]
ids.cgi: Auto fill form inputs with their temporary stored values in
error case
If an user provides any invalid input in the form an error message will be
displayed. In this case, all the form elements (inputs) will be filled
with their temporary stored values from the cgiparams hash.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Aug 2025 10:47:49 +0000 (11:47 +0100)]
ids.cgi: Fix table flows
This slightly changes how we list interfaces, but since that got a
little bit tight if lots of interfaces were available (and which
language has been used), this is probably a good idea to change it to
rows.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 7 Aug 2025 09:35:58 +0000 (09:35 +0000)]
python3-setuptools: Update to 80.9.0
This patch also removes this as a package. There is no point to ship
this package as the dependencies are not available and there should not
be enough tools around to actually build anything.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:42 +0000 (09:30 +0200)]
harfbuzz: Update to version 11.4.5
- Update from version 11.4.3 to 11.4.5
- Update of rootfile
- Changelog
11.4.5
- Bug fixes for “AAT” shaping, and other shaping micro optimizations.
11.4.4
- Fix a shaping regression affecting mark glyphs in certain fonts.
- Fix pruning of mark filtering sets when subsetting fonts, which caused
changes in shaping behaviour.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:43 +0000 (09:30 +0200)]
libtirpc: Update to version 1.3.7
- Update from version 1.3.6 to 1.3.7
- Update of rootfile not required
- Changelog
1.3.7
Add conditional version script support
This patch adds conditional symbol versioning to libtirpc, allowing
GSS-API, DES crypto, and RPC database symbols to be conditionally
included in the version script based on build configuration.
LLD is strict about undefined symbols referenced in a version script.
Some libtirpc symbols (rpcsec_gss, old DES helpers, rpc database
helpers) are optional and may not be built depending on configure
options or missing deps. GNU ld tolerated this; LLD errors out.
This change keeps the canonical symbol map in src/libtirpc.map, but
adds a make-time rule to generate a filtered copy
where names from disabled features are deleted. The lib is then linked
against the generated linker map file.
Fixes linking errors when these features are not available.
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
Convert old-style function definitions into modern-style definitions
With newer compilers (gcc 15.1.1) -Wold-style-definition
flag is set by default which causes warnings for
most of the functions in these files.
warning: old-style function definition [-Wold-style-definition]
The warnings are remove by converting the old-style
function definitions into modern-style definitions
update signal and key_call declarations to allow compile with gcc-15
Follow up patch addressing the following declarations:
sed -n 75,77p libtirpc-1.3.6/src/key_call.c
cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
des_block *(*__key_gendes_LOCAL)() = 0;
Update declarations to allow compile with gcc-15
This patch fixes some of the compile errors with gcc 15-20241117.
In addition the follow declarations need to be fixed:
sed -n 75,77p libtirpc-1.3.6/src/key_call.c
cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
des_block *(*__key_gendes_LOCAL)() = 0;
Revert "getnetconfig.c: free linep to avoid memory leakage"
This reverts commit f138e68e7ffefa3f4d71857ddb137fff877fd1d0.
There was no memory leak and freeing allocated memory is not a good thing
getnetconfig.c: free linep to avoid memory leakage
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Sep 2025 07:30:44 +0000 (09:30 +0200)]
pcre2: Update to version 10.46
- Update from version 10.45 to 10.46
- Update of rootfile
- Changelog
10.46
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to prevent a
read-past-the-end memory error, of arbitrary length. An attacker-controlled
regex pattern is required, and it cannot be triggered by providing crafted
subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used
together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information disclosure,
and could potentially be used to escalate other vulnerabilities in a system
(such as information disclosure being used to escalate the severity of an
unrelated bug in another system).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Aug 2025 13:27:15 +0000 (15:27 +0200)]
fireinfo: housekeeping to merge patches into version v2.2.1
- As the last update was 5 years ago, I thought it good housekeeping to merge the four
patches into the fireinfo tarball
- Update of rootfile not required
- Changelog
v2.2.1
Inclusion of previous four patches into tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
