Michael Tremer [Sat, 23 Mar 2024 13:57:19 +0000 (14:57 +0100)]
initscripts: No longer restart OpenVPN when RED comes up/goes down
This is probably a relic from when dial-up connections where on trend
and systems were offline for long times of the day. Now, we should
always be on and there is no need to restart all those services on a
reconnect.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 20 Mar 2024 19:38:52 +0000 (20:38 +0100)]
ovpnmain.cgi: Migrate to subnet topology
For dynamic pools, this change is easy and does not require any extra
steps. For CCD clients however, we need to update the configuration to
replace the server IP address with the subnet mask.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 20 Mar 2024 13:56:20 +0000 (14:56 +0100)]
ovpnmain.cgi: Drop validdotmask()
This is a totally braindead function that prevented some basic usability
by using the more modern prefix notation. It simply checks if there is a
freaking dot. Great!
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 19:44:18 +0000 (20:44 +0100)]
ovpnmain.cgi: Force NCP on clients
This change requires that all clients support NCP if they are set up
with a new connection. Existing clients remain supported using the
fallback cipher option.
This will result that connections with OpenVPN <= 2.3 cannot be set up
any more which is totally fine since that version is EOL.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 19:11:31 +0000 (20:11 +0100)]
ovpnmain.cgi: Completely remove compression for RW clients
We will use the "compress migrate" option which disables compression by
default. If a client has been found that wants to use compression, the
server will push "stub-v2" to disable it. If that does not work, the
server might fall back to compression.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 15:32:33 +0000 (16:32 +0100)]
ovpnmain.cgi: Drop newcleanssldatabase()
I have no idea why this was added when there is a function that does the
same already. The remove function also had typos in the path which
probably resulted in it not working very well.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 13 Jul 2025 09:39:34 +0000 (11:39 +0200)]
lm_sensors: Update to version 3.6.2
- Update from version 3.6.0 to 3.6.2
- Update of rootfiles for all architectures
- The original repo for lm_sensors had the last update in 2019 (3.6.0) and the last
commit in 2021. That repo was forked and has released two updates since then. This
repo is being used by Arch Linux and Ubuntu have changed to it in the latest Questing
Quokka version.
- The owner of this new repo has also taken some of the pull requests from the old repo
and merged them into the new one. Also some fixes from the Debian releases have also
been merged into the new repo.
- The only downside with this new repo is that version 3.6.2 was released in Jan 2024
and that release was the last commit in this new repo. So not sure if any further
updates will be forthcoming.
- If it is not considered suitable to update to this repo because it looks to no longer
be getting updated then this patch can be rejected.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:16 +0000 (12:14 +0200)]
btrfs-progs: Update to version 6.15
- Update from version 6.14 to 6.15
- Update of rootfile not required
- Changelog
6.15
* mkfs: new option --inode-flags to specify flags/attributes for
inodes/directories/subvolumes
* check:
* fix false alert on missing checksum for hole
* in lowmem mode, fix false alerts when checking refs
* convert: check feature compatibility when enabling block-group-tree
* tune convert-bgt: fix resume of conversion
* rescue: add new command fix-data-checksum, selectively fix or find
mismatching checksums
* other:
* new and updated tests
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 10 Jul 2025 07:44:28 +0000 (09:44 +0200)]
cifs-utils: Update to version 7.4
- Update fropm version 7.3 to 7.4
- Update of rootfile
- According to Linux From Scratch cifs-utils-7.4 requires the autoreconf to work with
gcc-15. Certainly without it the build failed.
- Changelog
7.4
mount.cifs: retry mount on -EINPROGRESS
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
cifs.upcall: fix memory leaks in check_service_ticket_exits()
getcifsacl, setcifsacl: use <libgen.h> for basename
cifscreds: use <libgen.h> for basename
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 10 Jul 2025 07:44:29 +0000 (09:44 +0200)]
libtalloc: Update to version 2.4.3
- Update from version 2.4.2 to 2.4.3
- Update of rootfile
- The last changelog is recorded in the sourcde tarball is from 2007. The only place I
have found anything is by filtering the samba gitlab mirror to show the commits
related to talloc.
https://gitlab.com/samba-team/samba/-/commits/talloc-2.4.3?ref_type=tags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 12:09:49 +0000 (14:09 +0200)]
json-glib: Move to be built after glib has been built
- Shifted to build after glib is built and removed the dist entry that is used for
addons.
- Checked the glib library and the libgio entries are uncommented so that should be okay
- Checked build and this package then built with no problems but in the addon package
build section libtpms failed to build as it was missing the dist entry. Also the same
with swtpm so this is a patch set with the changes to those two packages as well.
- Full build tested out and confirmed working on x86_64 with this patch set applied.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 08:11:46 +0000 (10:11 +0200)]
libhtp: Update to version 0.5.51
- Update from version 0.5.50 to 0.5.51
- Update of rootfile not required
- suricata-7.0.11 requires libhtp-0.5.51
- Changelog
0.5.51
- decompressors: fix leak in lzma error case
- request: do not fully error on data after HTTP/0.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 08:11:45 +0000 (10:11 +0200)]
suricata: Update to version 7.0.11
- Update from version 7.0.10 to 7.0.11
- Update of rootfile not required
- Changelog
7.0.11
Security #7766: libhtp-c: memory leak with lzma(HIGH - CVE 2025-53537)
Security #7659: http2: global tx (stream id 0) may open file and never close it
(7.0.x backport)(HIGH - CVE 2025-53538)
Bug #7779: mpm/ac: error "Just ran out of space in the queue" (7.0.x backport)
Bug #7748: byte_extract: issue with saved 'name' in distance keyword
(7.0.x backport)
Bug #7736: brotli: old crate version has integer underflow (7.0.x backport)
Bug #7731: dcerpc: uint16 overflow (rust debug assertion) (7.0.x backport)
Bug #7716: snmp: probing parser returns ALPROTO_FAILED instead of
ALPROTO_UNKNOWN if slice.len() < 4 (7.0.x backport)
Bug #7690: datasets: set type IP can't set IPv4 (7.0.x backport)
Bug #7688: flow: non-TCP protocol timeout handling leads to missing flows
(7.0.x backport)
Bug #7682: flow: race condition at shutdown leads to duplicate flows
(7.0.x backport)
Bug #7670: http: lack of setting updated_ts leads to detection delay
(7.0.x backport)
Bug #7663: ips: deconflict pass flow and drop packet rules (7.0.x backport)
Bug #7661: pcap: continuous file reading fails on an empty directory
(7.0.x backport)
Bug #7652: rust: warnings with rustc 1.86
Bug #7610: http: reachable assertion when memcap reached during rule reload
Bug #7375: dpdk: iface-copy should not be mandatory (7.0.x backport)
Bug #7293: CI: clang-format does not work for main-7.0.x branch (7.0.x backport)
Optimization #7781: mpm/ac-ks: reduce stack usage (7.0.x backport)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 16:33:00 +0000 (18:33 +0200)]
libtasn1: Update to version 4.20.0 & move before gnutls
- Update from version 4.19.0 to 4.20.0
- Update of rootfile
- Move earlier in make.sh so that the library can be used by gnutls in place of the
gnutls bundled version.
- Fix for a CVE
- Changelog
4.20.0
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or
SET OF elements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 16:32:59 +0000 (18:32 +0200)]
gnutls: Update to version 3.8.9
- Update from version 3.8.8 to 3.8.9
- Update of rootfile
- I found that gnutls was using its own bundled versions of libtasn1 and libunistring
and that there had been some CVE's with libtasn1 which were then fixed later in the
gnutls bundled version together with some fixes in the gnutls code. So this patch,
as well updating the version has also removed the options to use the included
versions of the libtasn1 and libunistring libraries. libtasn1 was already in IPFire
and just needed to be moved to before gnutls. libunistring had to be added in.
- The disable-guile option was removed as the guile bindings were removed in
gnutls-3.8.0 and the option is no longer recognised.
- Changelog
3.8.9
** libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
** libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
** libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]
** API and ABI modifications:
GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t
GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:46 +0000 (12:14 +0200)]
util-linux: Update to version 2.41.1
- Update from version 2.41 to 2.41.1
- Update of rootfile not required
- Changelog
2.41.1
autotools:
- don't use wide-character ncurses if --disable-widechar (by Karel Zak)
cfdisk:
- fix memory leak and possible NULL dereference [gcc-analyzer] (by Karel Zak)
column:
- fix compiler warning for non-widechar compilation (by Karel Zak)
fdformat:
- use size_t and ssize_t (by Karel Zak)
fdisk:
- fix possible memory leak (by Karel Zak)
fdisk,partx:
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
findmnt:
- fix -k option parsing regression (by Karel Zak)
hardlink:
- define more function as inline (by Karel Zak)
- fix performance regression (inefficient signal evaluation) (by Karel Zak)
- Use macro for verbose output (by Karel Zak)
include/cctype:
- fix string comparison (by Karel Zak)
include/mount-api-utils:
- include linux/unistd.h (by Thomas Weißschuh)
libblkid:
- Fix crash while parsing config with libeconf (by Stanislav Brabec)
- befs fix underflow (by Milan Broz)
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
libblkid/src/topology/dm:
- fix fscanf return value check to match expected number of parsed items
(by Mingjie Shen)
libfdisk:
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
libmount:
- (subdir) restrict for real mounts only (by Karel Zak)
- (subdir) remove unused code (by Karel Zak)
- avoid calling memset() unnecessarily (by Karel Zak)
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
- fix --no-canonicalize regression (by Karel Zak)
libuuid:
- fix uuid_time on macOS without attribute((alias)) (by Eugene Gershnik)
lsblk:
- use ID_PART_ENTRY_SCHEME as fallback for PTTYPE (by Karel Zak)
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
lscpu:
- fix possible buffer overflow in cpuinfo parser (by Karel Zak)
- Fix loongarch op-mode output with recent kernel (by Xi Ruoyao)
lsfd:
- (bug fix) scan the protocol field of /proc/net/packet as a hex number
(by Masatake YAMATO)
- fix the description for PACKET.PROTOCOL column (by Masatake YAMATO)
lsns:
- enhance compilation without USE_NS_GET_API (by Karel Zak)
- fix undefined reference to add_namespace_for_nsfd #3483 (by Thomas
Devoogdt)
meson:
- add feature for translated documentation (by Thomas Weißschuh)
- remove tinfo dependency from 'more' (by Thomas Weißschuh)
- fix manadocs for libsmartcols and libblkid (by Karel Zak)
- fix po-man installation (by Karel Zak)
misc:
- never include wchar.h (by Karel Zak)
more:
- fix broken ':!command' command key (by cgoesche)
- fix implicit previous shell_line execution #3508 (by cgoesche)
mount:
- (man) add missing word (by Jakub Wilk)
namespace.h:
- fix compilation on Linux < 4.10 (by Thomas Devoogdt)
po:
- update uk.po (from translationproject.org) (by Yuri Chornoivan)
- update sr.po (from translationproject.org) (by Мирослав Николић)
- update ro.po (from translationproject.org) (by Remus-Gabriel Chelu)
- update pt.po (from translationproject.org) (by Pedro Albuquerque)
- update pl.po (from translationproject.org) (by Jakub Bogusz)
- update nl.po (from translationproject.org) (by Benno Schulenberg)
- update ja.po (from translationproject.org) (by YOSHIDA Hideki)
- update hr.po (from translationproject.org) (by Božidar Putanec)
- update fr.po (from translationproject.org) (by Frédéric Marchal)
- update es.po (from translationproject.org) (by Antonio Ceballos Roa)
- update de.po (from translationproject.org) (by Mario Blättermann)
- update cs.po (from translationproject.org) (by Petr Písař)
po-man:
- merge changes (by Karel Zak)
- update sr.po (from translationproject.org) (by Мирослав Николић)
- update de.po (from translationproject.org) (by Mario Blättermann)
tests:
- (test_mkfds::mapped-packet-socket) add a new parameter, protocol (by
Masatake YAMATO)
treewide:
- add ul_ to parse_timestamp() function name (by Karel Zak)
- add ul_ to parse_switch() function name (by Stanislav Brabec)
- add ul_ to parse_size() function name (by Karel Zak)
- add ul_ to parse_range() function name (by Karel Zak)
- fix optional arguments usage (by Karel Zak)
- avoid strcasecmp() for ASCII-only strings (by Karel Zak)
Wipefs:
- improve --all descriptions for whole-disks (by Karel Zak)
Misc:
- Do not call exit() on code ending in shared libraries (by Cristian
Rodríguez)
- remove two leftover license lines from colors.{c,h} (by Benno Schulenberg)
- remove "Copyright (C) ...." notes from files that claim no copyright
(by Benno Schulenberg)
- correct the full name of the GPL in various files (by Benno Schulenberg)
- Make scols_column_set_data_func docs visible (by FeRD (Frank Dana))
- Do not use strerror on shared libraries (by Cristian Rodríguez)
- Fix typo in blkdiscard docs (by pls-no-hack)
- lib/fileeq.c Fix a typo in message. (by Masanari Iida)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:45 +0000 (12:14 +0200)]
taglib: Update to version 2.1.1
- Update from version 2.0.2 to 2.1.1
- Update of rootfile
- Changelog
2.1.1
* Map ID3v2.3 IPLS frames to both ID3v2.4 TIPL and TMCL to have a consistent
behavior when using MusicBrainz tags with the property map interface.
* Fix missing include for `wchar_t` when using C bindings with MinGW.
2.1
* Support for Shorten (SHN) files.
* Compile time configuration of supported formats: WITH_APE, WITH_ASF, ...
* Compile time configuration of data and temporary directories for unit tests:
TESTS_DIR and TESTS_TMPDIR.
* C bindings: Added taglib_file_new_wchar() and taglib_file_new_type_wchar().
* Preserve unicode encoding when downgrading to ID3v2.3.
* Do not store FLAC metadata blocks which are too large.
* Fix segfaults with String and ByteVector nullptr arguments.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3500100 to 3500200
- Update of rootfile
- Changelog 3500200
Fix the concat_ws() SQL function so that it includes empty strings in the
concatenation. Forum post 52503ac21d.
Fix the file-io extension (used by the CLI) so that it can be built using the
MinGW compiler chain.
Avoid writing frames with no checksums into the wal file if a savepoint is
rolled back after dirty pages have already been spilled into the wal file.
Forum post b490f726db.
Fix the Bitvec object to avoid stack overflow when the database is within 60
pages of its maximum size.
Fix a problem with UPDATEs on fts5 tables that contain BLOB values.
Fix an issue with transitive IS constraints on a RIGHT JOIN.
Raise an error early if the number of aggregate terms in a query exceeds the
maximum number of columns, to avoid downstream assertion faults.
Ensure that sqlite3_setlk_timeout() holds the database mutex.
Fix typos in API documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:43 +0000 (12:14 +0200)]
shadow: Update to version 4.18.0
- Update from version 4.17.4 to 4.18.0
- Update of rootfile not required
- Changelog
4.18.0
CI: purge man-db by @ikerexxe in #1241
passwd: document exit code when PAM has errored by @hallyn in #1244
Man patches by @zeha in #1175
Quick fix: define E_PAM_ERR in lib/pam_pass.c by @hallyn in #1245
Accept /usr/sbin/nologin as an alternate to /sbin/nologin by @zeha in #1246
Add LOGIN_ENV_SAFELIST to FOREIGNDEFS by @stanislav-brabec in #1248
ci: add gawk as a fedora dependency by @ikerexxe in #1252
man/useradd.8.xml: fix the CREATE_HOME description by @hallyn in #1251
lib/getdate.y: Restrict the date formats that we support by
@alejandro-colomar in #1238
newuidmap: better error logging on failure by @matthewhughes934 in #1254
Extend basic test cases to check shadow and gshadow entries by
@ikerexxe in #1237
lib/sizeof.h: Make sure STRLEN() only accepts string literals by
@alejandro-colomar in #1260
Add strprefix(), and use it instead of its pattern by @alejandro-colomar
in #1152
src/: Simplify, using strpbrk(3) by @alejandro-colomar in #1167
lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) by
@alejandro-colomar in #1189
Remove dead beef by @alejandro-colomar in #1230
lib/atoi/a2i/: Simplify these macros by calling a2i() by
@alejandro-colomar in #1137
strtolower(): Add API, and use it instead of its pattern by
@alejandro-colomar in #1211
lib/: sget*ent(): Simplify by calling strdup(3) by
@alejandro-colomar in #1146
fields by @alejandro-colomar in #1150
yacc(1) is a dead language; bury it deep in the ground by
@alejandro-colomar in #1217
Test expiration date by @ikerexxe in #1233
[scp] Add strcaseprefix(), and use it instead of its pattern by
@alejandro-colomar in #1262
valid_field(): Improve readability by @alejandro-colomar in #1208
lib/, src/, tests/: Use the standard countof() instead of our NITEMS() by
@alejandro-colomar in #1259
lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under
lib/fs/mkstemp/, and split into mkomstemp() by @alejandro-colomar in #1139
[x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) by
@alejandro-colomar in #1168
lib/get_pid.c: pid_t is a signed integer by @alejandro-colomar in #1264
src/newusers.c: Fix off-by-one benign bug in array declaration by
@alejandro-colomar in #1266
Add some wrappers for usual loops around strsep(3) by @alejandro-colomar
in #1155
lib/fs/readlink/areadlink.h: areadlink(): Avoid inconditionally using
PATH_MAX by @sthibaul in #1222
configure: Fix typo by @sthibaul in #1268
Pre-release 4.18.0-rc1 by @hallyn in #1270
Update man pages for chage, shadow, passwd by @domiborges in #1243
contrib/: Burn it all by @alejandro-colomar in #1274
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:42 +0000 (12:14 +0200)]
pciutils: Update to version 3.14.0
- Update from version 3.13.0 to 3.14.0
- Update of rootfile
- Changelog
3.14.0
* New capabilities are decoded: VirtIO SharedMemory, Physical Layer
16 to 64 GT/s, Flit Mode, Device 3, Intel vendor-specific.
* ECAM now works on Windows and DJGPP.
* The GNU/Hurd back-end works on 64-bit systems.
* Added a new back-end for RT-Thread Smart OS.
* <lib/header.h> got definitions of new classes and capabilities
from PCI Code and ID Assignment rev 1.18.
* <lib/pci.h> can be included from C++ programs.
* Updated pci.ids.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:41 +0000 (12:14 +0200)]
pango: Update to version 1.56.4
- Update from version 1.56.3 to 1.56.4
- Update of rootfile
- Changelog
1.56.4
- fontconfig: Improve the add_font_file implementation
- fontconfig: Combine font features and style variants
- fontconfig: Make sure font faces stay alive
- win32: Drop some caching
- win32: Make sure font faces stay alive
- win32: Modernize and simplify the code
- win32: Stop synthesizing fonts
- win32: Implement list models
- coretext: Support synthetic small caps
- layout: Avoid assertions in line breaking
- build: Require GLib 2.82
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:40 +0000 (12:14 +0200)]
openssl: Update to version 3.5.1
- Update from version 3.5.0 to 3.5.1
- Update of rootfile not required
- Changelog
3.5.1
OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:39 +0000 (12:14 +0200)]
nettle: Update to version 3.10.2
- Update from version 3.10.1 to 3.10.2
- Update of rootfile
- Changelog
3.10.2
* Fix missing prototypes in getopt.h and getopt.c, affecting
non-glibc systems, and causing compile errors with C23
compilers that require prototypes, e.g., gcc-15.
* For powerpc64, avoid using v9 (ISA v3.0) instructions
lxvb16x, lxv and stxv in powerpc64/p8/ files.
* For powerpc64, add configure check for __VSX__, and disable
use of assembly if not defined. Nettle's powerpc64 assembly
requires at least v7 (ISA v2.06).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:38 +0000 (12:14 +0200)]
ncdu: Update to version 1.22
- Update from version 1.20 to 1.22
- Update of rootfile not required
- Changelog
1.22
- Add support for @-prefixed lines to ignore errors in config file (from 2.8)
- List all supported options in `--help` (from 2.8)
- Use `kB` instead of `KB` in `--si` mode (from 2.8)
- Add `--graph-style` option (from 2.1)
- Fix supported range of uid/gid numbers
1.21
- Perform tilde expansion on paths in the config file (from 2.7)
- Fix JSON import of escaped UTF-16 surrogate pairs (from 2.7)
- Fix displaying and exporting zero values when extended info is not
available (from 2.6)
- Fix JSON export and import of the “other filesystem” flag (from 2.5)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:37 +0000 (12:14 +0200)]
lvm2: Update to version 2.03.33
- Update from version 2.03.32 to 2.03.33
- Update of rootfile not required
- Changelog
2.03.33
Various spelling, grammar, formatting, test, and build script improvements.
Override LC_NUMERIC locale if unsuitable for json_std report format.
Repair raid arrays with transiently lost devices.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
