Michael Tremer [Sat, 26 Apr 2025 14:36:18 +0000 (14:36 +0000)]
cdrom: Disable modesetting in text mode
This is just a precaution for users which have broken graphics. This
way, the kernel should keep the simple VGA text console without actually
switching on high resolutions.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 5 Jun 2025 10:29:29 +0000 (12:29 +0200)]
tshark: Update to version 4.4.7
- Update from version 4.4.6 to 4.4.7
- Update of rootfile
- CVE fix in this release
- Changelog
4.4.7
The following vulnerabilities have been fixed:
wnpa-sec-2025-02 Dissection engine crash. Issue 20509. CVE-2025-5601.
The following bugs have been fixed:
Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP.
Issue 20463.
Dissector bug, Protocol CIGI. Issue 20496.
Green power packets are not dissected when
proto_version == ZBEE_VERSION_GREEN_POWER. Issue 20497.
Packet diagrams misalign or drop bitfields. Issue 20507.
Corruption when setting heuristic dissector table UI name from Lua.
Issue 20523.
LDAP dissector incorrectly displays filters with singleton "&" Issue 20527.
WebSocket per-message compression extentions: fail to decompress server
messages (from the 2nd) due to parameter handling. Issue 20531.
The LL_PERIODIC_SYNC_WR_IND packet is not properly dissected
(packet-btle.c) Issue 20554.
Updated Protocol Support
AT, BT LE LL, CIGI, genl, LDAP, LIN, Logcat Text, net_dm, netfilter,
nvme, SSH, TCPCL, TLS, WebSocket, ZigBee, and ZigBee ZCL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.2.4
"compat: use timingsafe_bcmp if available
IPv6: Sort routers by reachability correctly.
definitions: define ND Route Information option
IPv6: Clear previous address RA flags on receipt of a RA."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 3 Jun 2025 12:18:35 +0000 (14:18 +0200)]
sqlite: Update to version 3.50.0
- Update from version 3.49.2 to 3.50.0
- Update of rootfile
- Changelog
3.50.0
Add the sqlite3_setlk_timeout() interface which sets a separate timeout,
distinct from the sqlite3_busy_timeout(), for blocking locks on builds that
support blocking locks.
The SQLITE_DBCONFIG_ENABLE_COMMENTS constraint (added in the previous release)
is relaxed slightly so that comments are always allowed when reading the
schema out of a pre-existing sqlite_schema table. Comments are only blocked
in new SQL.
New SQL functions:
unistr()
unistr_quote()
For the %Q and %q conversions in the built-in printf() (which covers the
sqlite3_mprintf() API and the format() SQL function and similar) the
alternate-form-1 flag ("#") causes control characters to be converted into
backslash-escapes suitable for unistr().
CLI enhancements:
Avoids direct output of most control characters.
The output of the .dump command makes use of the new unistr() SQL funtion
to encode special characters, unless the --escape mode is set to off.
Better formatting of complex partial indexes in the output from the
".schema --indent" command.
Enhancements to sqlite3_rsync:
The requirement that the database be in WAL mode has been removed.
The sync protocol is enhanced to use less network bandwidth when both
sides start out being very similar to one another.
The sqlite3_rsync program now works on Macs without having to specify the
full pathname of the sqlite3_rsync executable on the remote side as long
as you install the sqlite3_rsync executable in one of these directories:
$HOME/bin:/usr/local/bin:/opt/homebrew/bin
Changes to JSON functions:
Bug fix: Enforce the JSON5 restriction that the "\0" escape must not be
followed by a digit.
Bug fix: When the LABEL argument to json_group_object(LABEL,VALUE) is NULL,
that element of the resulting object is omitted.
Optimization: If the jsonb_set() or jsonb_replace() functions make a change
in the interior of a large JSONB object, they strive to keep the size of
the JSONB object unchanged and to modify as few bytes as possible on the
interior of the object. This helps reduce I/O as it allows SQLite to write
only the page that contains the changed bytes and not all the surrounding
pages.
Improved support for building on Cygwin and MinGW and similar, as well as Termux.
Typo fixes in the documentation and in the source code comments.
Miscellaneous performance improvements.
JavaScript/WASM:
Fix a long-standing filename digest calculation bug in the OPFS SAHPool VFS.
Databases created in that VFS by 3.50.0+ cannot be read by older
versions of the VFS, but 3.50.0 can backwards-compatibly work with
existing databases created by older versions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 3 Jun 2025 12:18:34 +0000 (14:18 +0200)]
smartmontools: Update to version 7.5
- Update from version 7.4 to 7.5
- Update of rootfile not required
- Changelog
7.5
- CI and release builds are now reproducible if same SOURCE_DATE_EPOCH,
build recipes and toolchains are used.
- smartctl '-j -A': New JSON value 'endurance_used' (ATA/SCSI/NVMe).
- smartctl '-j -A': New JSON value 'spare_available' (ATA/NVMe).
- smartctl '-j -i': Re-added the JSON value 'model_name' also for SCSI
devices (regression).
- smartctl '-j -c': NVMe support.
- smartctl '-j -n ...': New JSON values 'power_mode.*' (ATA only).
- smartctl '-H -A': Support for NVMe SMART/Health Information per
namespace.
- smartctl '-i': ATA ACS-6 updates.
- smartctl '-x': No longer includes '-g wcreorder'.
- smartctl '-x', '-l scterc': No longer returns exit status 4 if SCT ERC
is not supported by the device.
- smartctl '-l error': No longer prints bogus ATA error log entries if
the error index is nonzero but the error count is zero.
- smartctl '-l ssd': Fixed corruption of the output of the SCSI Format
Status log page.
- smartctl '-l ssd': Now detects 'no format since manufacture' from the
SCSI Format Status log page.
- smartctl '-l farm': Fixed the unit of 'Write Power On' time.
- smartctl '-l farm': Fixed the byte order of ATA 'Assembly Date'.
- smartctl '-l farm': Fixed a possible segfault.
- smartctl '-l farm -q noserial': Suppresses serial and WWN also from FARM.
- smartctl '-l farm -T permissive': Overrides false negative FARM support
check for rebranded drives.
- smartctl '-t TEST': Fixed self-tests of single namespace NVMe devices.
- smartd '-A': NVMe attribute log support.
- smartd: Ignores NSID in duplicate check of single namespace devices.
- smartd: No longer issues LOG_CRIT warnings for 'Set Feature' related
NVMe error information log entries.
- smartd: No longer hangs on systems with large file descriptor limits.
- smartd: No longer logs invalid "old test ... not run" messages if
staggered self-tests are used.
- smartd.conf '-l selftest[sts] -s ...': NVMe self-test support.
- smartd.conf '-H MASK': Ability to ignore specific bits of NVMe
SMART/Health value 'Critical Warning'.
- smartd.conf '-p': Checks NVMe SMART/Health value 'Available Spare'.
- smartd.conf '-u [-f]': Checks NVMe SMART/Health values 'Percentage Used'
and 'Media and Data Integrity Errors'.
- smartd.conf '-W ...': No longer includes individual sensors in NVMe
temperature check as some devices report other values there.
- ATA: Device type '-d jmb39x-q2,N' for another JMB39x protocol variant
used by QNAP-TR002 NAS devices.
- SCSI: Fixed range checks of mode page offset and VPD inquiry.
- SCSI: Fixed buffer overflow parsing of VPD page.
- SCSI: Fixed handling of multiple designators in VPD page.
- USB/NVMe: '-d sntjmicron' no longer triggers USB resets on queries of
the self-test log.
- USB/NVMe: '-d sntasmedia' now supports log pages > 512 bytes.
- USB/NVMe/SAT: New experimental NVMe/SAT autodetection options
'-d snt*/sat'.
- Fixed segfault on missing option argument on systems using musl libc.
- HDD, SSD and USB additions to drive database.
- automake < 1.13 are no longer supported.
- Custom make rules are now silenced if 'make V=0' is used.
- Enhanced makefile targets 'dist-*' to create reproducible source
tarballs if SOURCE_DATE_EPOCH is set.
- The makefile no longer uses GNU make specific syntax elements
(exception: reproducible builds for macOS).
- Dropped support for platforms without 'sigaction()'.
- configure: Now also detects MidnightBSD.
- configure: Dropped option '--with-signal-func'.
- configure: Default for '--with-nvme-devicescan' is now 'yes' also on
NetBSD.
- Version information is now also set if build from GH R/O mirror.
- Linux: 'smartd.service' now avoids a warning about an unset environment
variable.
- Linux: Dropped autodetection of deprecated device type '-d marvell'.
- macOS: Support for reproducible builds of the DMG image.
- OpenBSD: NVMe support.
- Windows: Increased WMI timeout.
- Windows: Support for reproducible builds of the installer.
- Windows: Uninstaller is no longer damaged if the installer is signed.
- Windows 'update-smartd-drivedb.ps1': Fixed call of 'gpg.exe' if it
appears more than once in the PATH.
- Windows 'update-smartd-drivedb.ps1 -Verbose': Now also prints the
download command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 3 Jun 2025 12:18:33 +0000 (14:18 +0200)]
kbd: Update to version 2.8.0
- Update from version 2.7.1 to 2.8.0
- Update of rootfile
- Changelog
2.8.0
keymaps:
Add Georgian font (LatCyrHebKa-16_GIA.psfu) and keymap (i386/qwerty/ge).
Add new i386 azerty afnor keymap (i386/azerty/fr-afnor).
Disable characters >=U+F000 in qwertz/de_alt_UTF-8.
libkeymap:
Support KT_DEAD2 diacritics.
Fix memory leaks.
utils:
kbd_mode: support Disabled mode (K_OFF).
build-sys:
configure: Restore the old behavior when using gzip.
configure: Disable lex implementations other than flex.
other:
tests: Fix tests on powerpc.
tests: Add build and check on other architectures (x86_64, s390x, ppc64el).
tests: Add valgrind check in unit tests.
tests: Add sparse check and fix detected warnings.
tests: Add tests to increase code coverage.
tests: Check all distributed keymaps for loadability.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 3 Jun 2025 12:18:32 +0000 (14:18 +0200)]
iproute2: Update to version 6.15.0
- Update from version 6.14.0 to 6.15.0
- Update of rootfile not required
- Changelog is not provided. Details of changes can be found from the git commit changes
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 3 Jun 2025 12:18:31 +0000 (14:18 +0200)]
curl: Update to version 8.14.0
- Update from version 8.13.0 to 8.14.0
- Update of rootfile
- Changelog
8.14.0
Changes:
mqtt: send ping at upkeep interval
schannel: handle pkcs12 client certificates containing CA certificates
TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs
vquic: ngtcp2 + openssl support
wcurl: import v2025.04.20 script + docs
websocket: add option to disable auto-pong reply
Bugfixes:
_SEEALSO.md: remove spaces around command and man page section
asny-thrdd: fix detach from running thread
asnyc-thrdd: explain how this is okay with a comment
asyn resolver code improvements
async-threaded resolver: use ref counter
async: DoH improvements
autotools: detect `wolfSSL_set_quic_use_legacy_code` like cmake does
autotools: install shell completion files on cross build
aws-sigv4: allow a blank string
build: check required rustls-ffi version
build: enable gcc-12/13+, clang-10+ picky warnings
build: enable gcc-15 picky warnings
certs: drop unused `default_bits` from `.prm` files
cf-https-connect: use the passed in dns struct pointer
cf-socket: fix FTP accept connect
cfilters: remove assert
cmake/FindNGTCP2: simplify multi-pkg-config detection
cmake: append picky warnings to `CMAKE_REQUIRED_FLAGS` as string
cmake: avoid 'target is imported but not globally visible' when consuming
libcurl with old cmake
cmake: do not install `mk-ca-bundle` script and manpage
cmake: enable `-Wall` for MSVC when `PICKY_COMPILER=ON`
cmake: extend integration tests
cmake: fix `fish` install directory detection via `pkg-config`
cmake: fix nghttp3 static linking with `USE_OPENSSL_QUIC=ON`
cmake: fix option() and mark_as_advanced() mixed order
cmake: fix shell completion install when just one flavor is enabled
cmake: honor individual picky option overrides found in `CMAKE_C_FLAGS`
cmake: install shell completions for cross-builds
cmake: link `crypt32` for OpenSSL feature detection
cmake: merge `CURL_WERROR` logic into `PickyWarnings.cmake`
cmake: prefer `COMPILE_OPTIONS` over `CMAKE_C_FLAGS` for custom C options
cmake: quotes, whitespace, use `VERSION_GREATER_EQUAL`
cmake: revert `CURL_LTO` behavior for multi-config generators
cmake: set `BUILDING_LIBCURL` directly for unit test targets
cmake: stop deleting `-W<n>` from `CMAKE_C_FLAGS` (MSVC)
cmake: tidy up and document feature detections in dependencies
cmake: use `CMAKE_COMPILE_WARNING_AS_ERROR` if available
cmake: use `INCLUDE_DIRECTORIES` prop to specify local header dirs
cmake: use `LIB_NAME` in `curl-config.cmake.in`
cmake: use absolute paths for completion targets
cmake: use the `LINK_OPTIONS` property with CMake 3.13+
configure: catch asking for double resolver without https-rr
configure: fix --disable-rt
configure: restore link checks
configure: suppress command not found for brew
conncache: make Curl_cpool_init return void
connect: shutdown timer fix
content_encoding: Transfer-Encoding parser improvements
CONTRIBUTE: add project guidelines for AI use
contrithanks.sh: drop set -e
cpool/cshutdown: force close connections under pressure
curl: fix memory leak when -h is used in config file
curl: only warn once for --manual in manual-disabled build
curl_get_line: handle lines ending on the buffer boundary
curl_krb5: only use functions if FTP is still enabled
curl_multibyte: fixup low-level calls, include in unity builds
curl_osslq: remove a leftover debug fprintf() call
curl_version_info.md: clarify ssl_version for MultiSSL
CURLMOPT_TIMERFUNCTION.md: correct the example
CURLOPT_ERRORBUFFER.md: buffer is read only after curl takes ownership
CURLOPT_FOLLOWLOCATION.md: switch to GET => no body
CURLOPT_READFUNCTION.md: mention the seek callback
CURLOPT_XFERINFOFUNCTION.md: fix the callback return type in example
curlx: move the docs to docs/internals/
DEPRECATE.md: drop support for VS2008
DEPRECATE.md: drop Windows CE support
dist: drop duplicate entry from `CMAKE_DIST`
dns_entry: move from conn to data->state
Dockerfile: update debian:bookworm-slim Docker digest to 90522ee
docs/INSTALL.md: drop reference to removed configure option
docs/libcurl: fix type and prototype problems in examples
docs/libcurl: make examples build with picky compiler options
docs/libcurl: mention sensitive data/headers
docs: add missing return statement in examples
docs: fix incorrect shell substitution in docker run example command
docs: fix typo in retry.md
docs: update distros links
doh: httpsrr fix
doh: make sure CURLOPT_PROTOCOLS is set a with a "long" arg
doh: reduce the DNS request buffer size
easy_reset: fix dohfor_mid member
ECH: reference the OpenSSL ECH feature branch
etag-save.md: mention how using both options is a good idea
eventfd: fix feature guards
formdata: cleanups
ftp: fix bug in failed init
ftp: fix race in upload handling
ftplistparser: add two overflow preventions
ftplistparser: split up into more functions
generate.bat: exclude curlinfo.c from legacy VS projects
genserv.pl: fail with a message if `openssl` is missing or failing
headers: enforce a max number of response header to accept
headers: set an error message on illegal response headers
hostip: fix build without threaded-resolver and without DoH
hostip: show the correct name on proxy resolve error
http2: fix stream window size after unpausing
HTTP3.md: fix incorrect variable placeholders
http: fix a build error when all auths are disabled
http: fix HTTP/2 handling of TE request header using "trailers"
http: in alt-svc negotiation only allow supported HTTP versions
http_aws_sigv4: add additional verbose log statements
http_aws_sigv4: improve sigv4 url encoding and canonicalization
http_chunks: narrow variable scope for 'trlen'
http_negotiate: fix non-SSL build with GSSAPI
https-connect: fix httpsrr target check
HTTPSRR.md: clarify somewhat
if2ip: build the function also if FTP is present
imap: remove redundant condition
INSTALL-CMAKE.md: fix typo
INSTALL.md: update the minimal libcurl size example
KNOWN_BUGS: fix link in sivg4 issue 16.3
lib/src/docs/test: improve curl_easy_setopt() calls
lib1560: use hex notation, drop non-ASCII exception
lib3026: drop DLL pre-load perf mitigation for old mingw
lib: add const to clientwriter tables
lib: drop curlx_getpid, use fake pid in SMB
lib: include files using known path
lib: make Curl_easyopts const
lib: unify conversions to/from hex
libcurl-tutorial.md: fix read callback explanation
libssh: add NULL check for Curl_meta_get()
libssh: fix memory leak
libssh: remove a condition that always equals false
libtest/first: stop defining MEMDEBUG_NODEFINES
libtests: define CURL_DISABLE_DEPRECATION first
make: clean tests better
mbedtls: TLS 1.3 is max when mbedtls has 1.3 support
metahash: add asserts to help analyzers
mk-ca-bundle.pl: follow redirects
mk-ca-bundle: switch URLs to GitHub versions
mkhelp: fix to not generate a line-ending space in some cases
mqtt: use conn/easy meta hash
multi: do transfer book keeping using mid
multi: init_do(): check result
netrc: avoid NULL deref on weird input
netrc: avoid strdup NULL
netrc: deal with null token better
ngtcp2: clarify ignoring of result
openssl-quic: avoid potential `-Wnull-dereference`, add assert
openssl-quic: fix printf mask
openssl-quic: fix shutdown when stream not open
openssl: enable builds for *both* engines and providers
openssl: set the cipher string before doing private cert
parsedate: provide Curl_wkday also for GnuTLS builds
processhelp.pm: always call `taskkill` with `-f` (force)
processhelp.pm: avoid potential endless loop, log more (Windows)
progress: avoid integer overflow when gathering total transfer size
pytest tls: extend coverage
pytest-xdist: pytest in parallel
pytest: add pinnedpubkey test cases
pytest: give parameterised tests better ids for read- and parsability
pytest: make test_07_22 more lenient to exit codes
quic: no local idle connection timeout, ngtcp2 keep-alive
rand: update comment on Curl_rand_bytes weak random
RELEASE-PROCEDURE.md: release candidate git tagging explained
rtsp: remove redundant condition
runtests: add retry option to reduce flakiness
runtests: fix indentation
runtests: recognize lowercase `windows` in `curl -V`
runtests: remove server verification after start
runtests: split `SSH_PWD` into `SCP_PWD` and `SFTP_PWD`, and more
rustls: make max size of cert and key reasonable
sasl: give help when unable to select AUTH
scripts: completion.pl: sort the completion file for all shells
scripts: drop unused import, formatting
scripts: fix --opts-dir help in completion.pl
scripts: fix perl indentation, whitespace, semicolons
sectransp: fix building for macOS Sierra and older
setopt: provide info for CURLE_BAD_FUNCTION_ARGUMENT
smb: avoid integer overflow on weird input date
socket: use accept4 when available
socketpair: support pipe2 where available
spacecheck.pl: check for non-ASCII chars, fix fallouts
spacecheck.pl: verify `tests/data/test*` for non-ASCII chars
src: drop strcase.[ch] from tool builds
src: include memdebug.h consistently with angle brackets <>
src: rename curlx_safefree to tool_safefree
test1173.pl: whitelist some option-looking names that aren't options
test1658: add unit test for the HTTPS RR decoder
test: make unittest 1308 into a libtest
tests/ech_tests.sh: sync shebang with rest of bash scripts
tests/FILEFORMAT.md: clarify %hex[] formatting
tests/FILEFORMAT.md: document the aws feature
tests/README.md: document --test-duphandle
tests/README.md: list the openssl tool among the prerequisites
tests/server/dnsd: basic DNS server for test suite
tests/server: check for `stream != NULL` in mqttd
tests/server: fix typo in comment
tests/server: stop using libcurl string comparisons
tests/server: stop using libcurl's printf functions
tests/serverhelp: remove last remnants of http-pipe server
tests/tunit: make a separate directory for tool-based unit tests
tests: add aws feature to the related tests
tests: Add https-mtls server to force client auth
tests: fix some test tag mismatches
tests: mark ipfs tests to require ipfs
tests: move a boolean variable out of the path section
tests: prefer `--insecure` over `-k`
tests: provide all non-ascii data hex encoded
tests: remove some unused test case sections
tests: require IPv6 for 1265, 1324, 2086
tests: separate tunit tests from unit tests more
tests: stop using libcurl's strdup
tests: unify test case keywords
tests: use a more portable null device path
TODO: remove "nicer lacking perl message"
tool_cb_write.c: handle EINTR on flush
tool_getparam: clear argument only when needed
tool_operate: make retrycheck() a separate function
tool_operate: when retrying, only truncate regular files
tool_paramhlp: avoid integer overflow in secs2ms()
tool_parsecfg: make get_line handle lines ending on the buffer boundary
typecheck-gcc.h: fix the typechecks
urlapi: redirecting to "" is considered fine
urlapi: remove unneeded guards around PUNY2IDN
urldata: remove the unused struct field 'hide_progress'
VERSIONS: list all past releases
vquic: consistent name for the stream struct across backends
vquic: init for every call to recvmsg
vtls: avoid NULL deref on bad PEM input
vtls: fix build with ssl but without http
VULN-DISCLOSURE-POLICY: use of weak algos
winbuild: add the deprecation warning to the README
winbuild: curl_get_line is not used for tool builds
windows: fix builds targeting WinXP, test it in CI
wolfssl: fix to enable ALPN when available
ws: fix the header replace check
ws: store protocol context as connection meta data
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 2 Jun 2025 18:41:58 +0000 (18:41 +0000)]
core196: Ship OpenSSL
This is being shipped because it has been rebuilt with GCC 15. There has
been reports on some systems that OpenSSL triggers some compiler bug and
therefore the openssl command tends to segfault a lot.
This is now being resolved with GCC 15.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 1 Jun 2025 14:58:28 +0000 (14:58 +0000)]
linux: Backport support for BIG TCP GSO on WireGuard
Advertise GSO_MAX_SIZE as TSO max size in order support BIG TCP for wireguard.
This helps to improve wireguard performance a bit when enabled as it allows
wireguard to aggregate larger skbs in wg_packet_consume_data_done() via
napi_gro_receive(), but also allows the stack to build larger skbs on xmit
where the driver then segments them before encryption inside wg_xmit().
We've seen a 15% improvement in TCP stream performance.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 May 2025 12:38:17 +0000 (14:38 +0200)]
ruby: Update to version 3.4.4
- This v2 version keeps the CFLAGS line in place
- Update from version 3.4.1 to 3.4.4
- Update of rootfile
- Changelog
3.4.4
YJIT: Split the block on optimized getlocal/setlocal by k0kubun · Pull
Request #13331
Bug #21257: YJIT can generate infinite loop when OOM - Ruby - Ruby Issue
Tracking System
Bug #21286: Windows - MSYS2 just updated to GCC 15.1.0, builds failing -
Ruby - Ruby Issue Tracking System
Bug #21327: Windows builds seem broken after clock_gettime changes? -
Ruby - Ruby Issue Tracking System
Bug #21331: heap-use-after-free caused by rehash during
transform_values! - Ruby - Ruby Issue Tracking System
Bug #21289: Fix C level backtraces for USE_ELF - Ruby - Ruby Issue
Tracking System
3.4.3
Bug #21145: Prism accepts newlines in-between curly unicode escape -
Ruby - Ruby Issue Tracking System
Bug #21153: ::Foo ||= p 1 should parse - Ruby - Ruby Issue Tracking System
Bug #21030: Bug: #step with Range<ActiveSupport::Duration> behavior
broken on Ruby 3.4.1 - Ruby - Ruby Issue Tracking System
Bug #21131: IO.copy_stream: yielded string changes value when duped -
Ruby - Ruby Issue Tracking System
Feature #19521: Support for Module#name= and Class#name=. - Ruby - Ruby
Issue Tracking System
Bug #21159: Module#set_temporary_name should freeze given name - Ruby -
Ruby Issue Tracking System
Bug #21161: Crash when locale is set to Turkish tr_TR.UTF-8 - Ruby - Ruby
Issue Tracking System
Bug #21144: Win32: Use Windows time zone ID as the time zone name if TZ
is not set - Ruby - Ruby Issue Tracking System
Bug #21170: Corrupted Hash (bad VALUE and missing entry) when -1 returned
from .hash - Ruby - Ruby Issue Tracking System
Bug #21172: Race condition in register_fstring - Ruby - Ruby Issue
Tracking System
Bug #21163: Inconsistencies in Kernel.Float compared to other number
parsing methods - Ruby - Ruby Issue Tracking System
Bug #21173: RUBY_FREE_AT_EXIT does not work when error in -r - Ruby -
Ruby Issue Tracking System
Bug #21179: Introduction Happy Eyeballs Version 2 broke Socket.tcp from
secondary Ractors - Ruby - Ruby Issue Tracking System
Bug #19841: Marshal.dump stack overflow with recursive Time - Ruby - Ruby
Issue Tracking System
Bug #21180: SEGV while marking imemo_env->iseq - Ruby - Ruby Issue
Tracking System
Bug #21186: Inconsistent parsing of ?あand 0 - Ruby - Ruby Issue Tracking
System
Bug #21094: Module#set_temporary_name does not affect a name of a nested
module - Ruby - Ruby Issue Tracking System
Bug #21195: Crash when using IO#timeout - Ruby - Ruby Issue Tracking System
Bug #21196: Ruby 3.4 ignores visibility when passing arguments using ... -
Ruby - Ruby Issue Tracking System
Bug #21141: Time#utc? does not work with a timezone object - Ruby - Ruby
Issue Tracking System
Bug #21211: Incomplete Backtrace for Socket Errors in Ruby 3.4+ - Ruby -
Ruby Issue Tracking System
Bug #21197: Prism does not accept newline after defined? keyword - Ruby -
Ruby Issue Tracking System
Bug #21183: Ractor error with Prism::VERSION - Ruby - Ruby Issue Tracking
System
Bug #21217: Integer.sqrt produces wrong results even on input <= 1e18 -
Ruby - Ruby Issue Tracking System
Bug #21220: Memory corruption in update_line_coverage()
[write at index -1] - Ruby - Ruby Issue Tracking System
3.4.2
Bug #21024: Ruby including generates compilation warning with GCC 15,
header is deprecated in C++17,
Bug #21021: "try to mark T_NONE object" with 3.4.1
Bug #20997: YJIT panic assertion left == right failed: leave instruction
expects stack size 1, but was: 2
Bug #20981: rb_undefine_finalizer is missing
Bug #20989: Segmentation fault in Ripper when lexing /#{"\xcd"}/
Bug #21003: unexpected warning about ignored block
Bug #21002: Please include license information of turbo_tests
Bug #21001: unexpected nil result from proc with ensure and next
Bug #21010: Endless method definition of []= is SyntaxError in parse.y but
allowed in Prism
Bug #20992: eval(ascii_encoded_code) raises EncodingError when multibyte
local variable exists
Bug #21017: --with-parser=parse.y configure option does not work
Bug #21014: Prism doesn't set node_id on iseqs correctly
Bug #21027: not() receiver should be nil
Bug #20995: exception escapes block given to IO.popen("-") in child process
Bug #21008: Array#sum, Enumerator#sum, Numeric subclass
Bug #21044: Prism maximum recursion depth is 1_000, parse.y is 10_000
Bug #21031: Incompatibility with prism and parse.y when eval'ing unnamed
forwarding variables
Bug #21085: [BUG] Stack consistency error with -ne
Bug #21048: [Prism] rescue in modifier form with condition behaves
differently
Bug #21046: Backport: TLS fix for ARM64
Bug #21012: Compiling a['a','b'],=1 with parse.y fails
Bug #21038: Preserve errno in rb_fiber_scheduler_unblock
Bug #21032: Module#autoload? is slow when $LOAD_PATH contains a relative path
Bug #21092: error building ruby 3.4.1 on cygwin/msys2
Bug #21095: Prefer uname -n over hostname in tests.
Bug #21103: Binding problem with delegate methods
Bug #21088: TCPSocket.new raises Socket::ResolutionError instead of
Errno::ECONNREFUSED for hosts defined in /etc/hosts
Bug #21112: Typo in error message when an incorrect key is used with
WeakKeyMap
Bug #21117: Inconsistent behaviour between "_1" and "it" variables
Bug #21114: Prism hangs up while parsing deeply nested def
Bug #20984: ENV.inspect is not encoding aware
Bug #20982: Inconsistency between Hash#inspect and ENV.inspect in Ruby 3.4
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephen Cuka [Thu, 29 May 2025 01:31:38 +0000 (19:31 -0600)]
manualpages: Fixbug13858 - Add doc link for Network/Aliases
- Add missing documentation link for 'Network/Aliases'.
Signed-off-by: Stephen Cuka <stephen@firemypi.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:54 +0000 (16:36 +0200)]
vim: Update to version 9.1.1406
- Update from version 9.1.1153 to 9.1.1406
- Update of rootfile
- Changelog is not available. Generally each patch version number update is related to
a commit entry in the git repository. The details for all the commit changes can be
found at https://github.com/vim/vim/commits/master/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 26 May 2025 18:28:00 +0000 (18:28 +0000)]
Core Update 196: Adjust existing IPsec connections using ML-KEM
This causes existing IPsec connections using ML-KEM to always use it in
conjunction with Curve 25519, in line with the changes dfa7cd2bbac3c746569368d70fefaf1ff4e1fed2
implements for newly configured IPsec connections.
Again, we can reasonably assume an IPsec peer supporting ML-KEM also
supports Curve 25519. In case such a peer does not support RFC 9370, and
the IPsec connection was created using our default ciphers, it will fall
back to Curve 448, Curve 25519, or any other traditional algorithm.
This patch will break existing IPsec connections only if they are
exclusively using ML-KEM (which means the IPFire user reconfigured them
manually using the "advanced connection settings" section in the WebUI),
and the IPsec peer is configured in the same manner, and/or is an IPFire
machine not yet updated to Core Update 196. Any other IPFire-to-IPFire
IPsec connection will continue working, potentially falling back to
Curve 448 or 25519 until both peers are updated to Core Update 196,
after which ML-KEM in conjunction with Curve 25519 will be used again.
The second version of this patch modifies IPFire's own configuration
file for IPsec connections, rather than applying these changes directly
to /etc/ipsec.conf, where they would have been overwritten by the next
WebUI change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 26 May 2025 18:27:00 +0000 (18:27 +0000)]
vpnmain.cgi: Use ML-KEM only as a hybrid with Curve 25519
In commit 887778e0888d51eb9942ae310a43f6d2813efad3, the post-quantum
key exchange algorithm ML-KEM was introduced, due to its support being
added in strongSwan 6.0. However, using PQC key exchanges is commonly
recommended only in conjunction with a traditional one, to avoid
encrypted traffic becoming subject to trivial decryption in case a PQC
algorithm proves weak, broken, or backdoored. OpenSSH, for instance,
combines ML-KEM 768 with Curve 25519 (mlkem768x25519-sha256), rather
than using ML-KEM alone.
This patch changes the cipher suites offered for IPsec connections to
always use ML-KEM as a hybrid with Curve 25519. This is possible due to
strongSwan 6.0 having added support for IKE intermediary key exchanges
(RFC 9370); see https://docs.strongswan.org/docs/latest/config/proposals.html#_key_exchange_methods
for additional information.
We can reasonably assume an IPsec peer supporting ML-KEM will also
support Curve 25519, as this has been around for much longer, and is
used quite commonly. Even if this is not the case, or if the IPsec peer
does not implement RFC 9370, any IPsec connection using our default
cipher selection will fall back to Curve 448, Curve 25519, or other,
hence continue working.
IPsec connections already created will need their ciphers to be changed
once during the Core Update routine where this patch will be
incorporated.
Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 23 May 2025 15:23:25 +0000 (15:23 +0000)]
dnsdist: Update to 1.9.10
We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible.
While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests.
Adolf Belka [Tue, 27 May 2025 14:25:10 +0000 (16:25 +0200)]
boost: Update to version 1.88.0
- Update from version 1.83.0 to 1.88.0
- Update of rootfiles for all architectures
- Changelogs are very large so urls provided for each release changelog
1.88.0
https://www.boost.org/releases/1.88.0/
1.87.0
https://www.boost.org/releases/1.87.0/
1.86.0
https://www.boost.org/releases/1.86.0/
1.85.0
https://www.boost.org/releases/1.85.0/
1.84.0
https://www.boost.org/releases/1.84.0/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 May 2025 11:35:01 +0000 (13:35 +0200)]
index.cgi: Add wireguard status to home screen
- This fix adds a wireguard line to show when it is enabled.
- This fix does not show a table for any net2net connections that are enabled. I have
started working on that but as I only have an OpenVPN n2n connection in place, I can't
test out the copy of the ipsec n2n code section that I have made. I need to get ipsec
and wireguard n2n connections working first.
- If someone else wants to provide a patch for the wireguard n2n connections tables I have
no problems with that. If not then I will submit one when I have been able to test it.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 17 May 2025 12:12:17 +0000 (14:12 +0200)]
manualpages: Fixes bug13849 - adds manual link to wireguard page
Fixes: bug13849 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:53 +0000 (16:36 +0200)]
texinfo: Update to version 7.2
- Update from version 7.1.1 to 7.2
- Update of rootfile
- Changelog
7.2
* Build
. "make install" installs files for texi2any under $datadir/texi2any, not
$datadir/texinfo.
* texinfo.tex
. use @ as the escape character in all index files. this requires
new enough texi2dvi (Texinfo 6.7, 2019) for index files to be
properly processed.
. a bug has been fixed where a mangled PDF outline could be produced for
a document using @unnumberedsec
. you can call @unmacro with an undefined macro name, matching the
behavior of texi2any
* texi2any
. set CHECK_NORMAL_MENU_STRUCTURE by default. this means texi2any
again checks menu structure by default (changed in 6.8 release, 2021).
. only allow @definfoenclose to be used to redefine highlighting commands
. sorting of indices is now independent of the input or output encodings
. new customization variable COLLATION_LANGUAGE to allow linguistic
tailoring of index sorting
. new variable DOCUMENTLANGUAGE_COLLATION to use @documentlanguage for
linguistic tailoring of index sorting
. new variable USE_UNICODE_COLLATION to allow turning off the slower
use of Unicode collation when sorting indices
. rename BODYTEXT customization variable to BODY_ELEMENT_ATTRIBUTES
. rename COMPLEX_FORMAT_IN_TABLE customization variable to
INDENTED_BLOCK_COMMANDS_IN_TABLE
. remove the following variables: AVOID_MENU_REDUNDANCY, FRAMES,
FRAMESET_DOCTYPE, NO_USE_SETFILENAME, SILENT, USE_UP_NODE_FOR_ELEMENT_UP
. remove SIMPLE_MENU variable and tree transformation
. the use of the directories ~/.texinfo and ~/.texi2any for configuration
files is deprecated, and should be replaced by texinfo or texi2any
directories under XDG_CONFIG_HOME (usually ~/.config/). the new
locations are compatible with the XDG Base Directory Specification.
in future versions, the ~/.texinfo and ~/.texi2any directories will
not be in search paths.
. do not try the us-ascii encoding anymore as a locale for translated
document strings.
. some unused translation files have been removed for the
`texinfo_document' domain
. Info output:
. output Info-documentlanguage in Local Variables section of output
file if @documentlanguage is given
. HTML, Texinfo and raw text output:
. an implementation of the conversion in C has been included, which
is much faster than the code in Perl. set the `TEXINFO_XS_CONVERT'
environment variable to 1 to use.
. HTML output:
. CHECK_HTMLXREF set by default for warnings about links to unknown
external manuals
. you can use the MATHJAX_CONFIGURATION customization variable to add
data to the MathJax configuration object
. warn if there is a .inf or .info suffix for cross-reference manual
. use <pre> instead of <div><em> for output of @displaymath
. remove border, cellpadding, cellspacing and align attributes. add
classes and use CSS when needed.
. EPUB output:
. stricter conformance for conformance checkers
* info
. check for init file under XDG_CONFIG_HOME/texinfo/infokey after
checking ~/.infokey, in accordance with the XDG Base Directory
Specification
* Distribution
. automake 1.17, autoconf 2.72, gettext 0.22.5, libtool 2.5.3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:48 +0000 (16:36 +0200)]
gperf: Update to version 3.3
- Update from version 3.1 to 3.3
- Update of rootfile not required
- Changelog
3.3
* Speedup: gperf is now between 2x and 2.5x faster.
3.2.1
* The generated code avoids -Wundef warnings in C++ mode.
3.2
* The input file may now use Windows line terminators (CR/LF) instead of
Unix line terminators (LF).
Note: This is an incompatible change. If you want to use a keyword that
ends in a CR byte, such as xyz<CR>, write it as "xyz\r".
* The generated code avoids several types of warnings:
- "implicit fallthrough" warnings in 'switch' statements.
- "unused parameter" warnings regarding 'str' or 'len'.
- "missing initializer for field ..." warnings.
- "zero as null pointer constant" warnings.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:47 +0000 (16:36 +0200)]
elfutils: Update to version 0.193
- Update from version 0.192 to 0.193
- Update of rootfile
- Changelog
0.193
debuginfod: Add CORS (webapp access) support to webapi and --cors option.
Add --listen-address option for binding the HTTP listen socket
to a specific IPv4 or IPv6 address.
debuginfod client now caches x-debuginfod-* HTTP headers
alongside downloaded files.
libdw: Add dwarf_language and dwarf_language_lower_bound functions.
Improved support for DWARF6 language metadata as well as DWARF
language constants for Nim, Dylan, Algol68, V and Mojo.
dwarf_srclang is now forward-compatible with DWARF6 language
constants.
libdwfl_stacktrace: Experimental new library interface for unwinding
stack samples into call chains, and tracking and
caching Elf data for multiple processes, building
on libdwfl. Initially supports perf_events stack
sample data.
libelf: elf_scnshndx has been rewritten to be more robust, particularily
for ELF files with more than 64K sections.
readelf: Improved handling of corrupt ELF data.
--section-headers output now includes a "Key to Flags" explaining
section flag meanings.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package FTBFS on riscv64. A header file with special SIMD functions
has not been shipped with the release tarball. This has been fixed
upstream, but a new tarball has not been released. yet:
Adolf Belka [Fri, 23 May 2025 16:03:44 +0000 (18:03 +0200)]
screen: Update to version 5.0.1
- This v2 version is with the correct tarball, without the binary object files.
- Update from version 5.0.0 to 5.0.1
- Update of rootfile
- 5 CVE fixes included in this version
- Changelog
5.0.1
Security fix
CVE-2025-46805: do NOT send signals with root privileges
CVE-2025-46804: avoid file existence test information leaks
CVE-2025-46803: apply safe PTY default mode of 0620
CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
CVE-2025-23395: reintroduce lf_secreopen() for logfile
buffer overflow due bad strncpy()
uninitialized variables warnings
typos
combining char handling that could lead to a segfault
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:55 +0000 (16:36 +0200)]
whois: Update to version 5.6.1
- Update from version 5.5.23 to 5.6.1
- Update of rootfile not required
- Changelog
5.6.1
* Added the .pg TLD server.
* Updated the .gov, .mu, .中国 (.xn--fiqs8s) and .中國 (.xn--fiqz9s)
TLD servers.
* Removed the .jobs TLD server.
* Added the encodings for whois.afrinic.net and whois.apnic.net.
* Enabled the UTF-8 encoding for whois.ripe.net.
* Use the last ReferralServer returned by the ARIN server instead of
the first, because we want to follow the referral for the most
specific record returned.
* Make sure to avoid trivial referral loops.
5.6.0
* Fixed the mangling of RADB queries with commands.
* Implemented the parsing of more variants of ARIN's ReferralServer
field.
* Implemented following the APNIC pseudo-referrals.
* Added the .ad and .za TLD servers.
* Updated the .ao, .bz, .gi, .gq, .gr, .gw, .lc, .md, .pn, .pr, .uy, .vc,
.info, .mobi, .ελ (.xn--qxam, Greece) and .გე (.xn--node, Georgia) TLD
servers.
* Added 2410::/12.
* Removed 7 new gTLDs which are no longer active.
* Cleaned up the markup of the man pages, courtesy of Bjarni Ingi
Gislason. (Closes: #1036826, #1094208)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:52 +0000 (16:36 +0200)]
meson: Update to version 1.8.0
- Update from version 1.6.0 to 1.8.0
- Update of rootfile
- Changelog
1.8.0
https://mesonbuild.com/Release-notes-for-1-8-0.html
1.7.0
https://mesonbuild.com/Release-notes-for-1-7-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:51 +0000 (16:36 +0200)]
man: Update to version 2.13.1
- Update from version 2.13.0 to 2.13.1
- Update of rootfile
- Changelog
2.13.1
Fixes:
* Fix various minor formatting issues in manual pages.
* Tolerate additional spaces in preprocessor strings.
* Fix check for generated source files in out-of-tree builds.
* Fix building with the `musl` C library.
Improvements:
* Recognize another Ukrainian translation of the `NAME` section.
* Increase the maximum size of the `NAME` section from 8192 to 16384 bytes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:50 +0000 (16:36 +0200)]
libconfig: Update to version 1.8
- Update from version 1.7.3 to 1.8
- Update of rootfile
- Changelog
1.8
- Added support for binary integer values
- Miscellaneous code cleanup
1.7.4
- Handle malloc failures by calling a fatal error handler
- New API to provide alternative fatal error handler
- Bugfixes to lookup (by name or path) routines
- Bugfixes to APIs with inconsistent const-ness
- Bugfixes to APIs with inconsistent use of short/unsigned short
- Bugfixes to int/int64 auto-conversion
- Various cleanup/fixes to build files
- Added some unit tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:49 +0000 (16:36 +0200)]
less: Update to version 678
- Update from version 668 to 678
- Update of rootfile not required
- Changelog
678
* Treat -r in LESS environment variable as -R.
* Add ESC-j and ESC-k commands (github #560).
* Add --no-paste option (github #523).
* Add --no-edit-warn option (github #513).
* Add --form-feed option (github #496).
* Add ESC-b command (github #615).
* Make TAB complete option name in -- command (github #531).
* Update the file size on an attempt to go past end of file.
* Make -R able to pass through any OSC escape sequences,
not just OSC 8 (github #504).
* Setting LESS_IS_MORE=0 now disables "more" compatibility even
if invoked via a file link named "more" (github #500).
* Pass through escape sequences in prompts even if -R is not set.
* Add LESS_SHELL_LINES to support shell prompts which use more than
one line (github #514).
* Add LESSANSIOSCALLOW to define OSC types which may be passed through.
* Add LESSANSIOSCCHARS to define non-standard OSC intro chars.
* Add LESS_SIGUSR1 to define user signal handler (github #582).
* Add mouse and mouse6 commands to lesskey (github #569).
* Improve behavior of ^O^N and ^O^P commands.
* Leave stty tabs setting unchanged (github #620).
* Fix unexpected behavior when entering a partial command followed by
a valid command (github #543).
* Fix bug when coloring prompt string with SGR sequences (github #516).
* Fix bug when searching for text near an invalid UTF-8 sequence (github #542).
* Fix display bug when file contains ESC followed by NUL (github #550).
* Fix bug when using +:n +:p +:x or +:d on the command line (github #552).
* Fix bug with --no-number-headers when header is not at start of file
(github #566).
* Fix bug where lesstest fails if window is resized (github #570).
* Fix bug using "configure --with-secure=no" (github #584).
* Fix bug using multibyte command chars (github #595).
* Fix auto_wrap setting on Windows (github #497).
* Fix two bugs using ^S search modifier (github #605).
* Fix bug searching for UTF-8 strings with the PCRE2 library (github #610).
* Fix bug highlighting OSC 8 links when opening a new file.
* Fix bug when & filtering is active (github #618).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 May 2025 14:36:46 +0000 (16:36 +0200)]
bc: Update to version 1.08.1
- Update from version 1.07.1 to 1.08.1
- Update of rootfile not required
- Changelog
1.08.1
Fix a formatting botch in doc/bc.1 (which was rendered as blank lines at
the top of the page).
1.08.0
Streamlined the build process; should now be better behaved for those
doing cross-compilation builds.
Made some minor improvements to the documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some blocklist providers does serve blocklists for current events or
with very limited updates. Therefore there is a chance such a blocklist
could be empty for a certain time.
This patch allows to replace an existing filled blocklist by an empty
one and vice versa.
Fixes #13804.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 23 May 2025 15:23:25 +0000 (15:23 +0000)]
dnsdist: Update to 1.9.10
We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible.
While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests.
Adolf Belka [Tue, 20 May 2025 10:57:39 +0000 (12:57 +0200)]
http-client-functions.pl: Fixes bug13852
Suggested-by: Adam G <ag@ipfire.org> Fixes: bug13852 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Adam G <ag@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:31 +0000 (15:08 +0200)]
libarchive: Update to version 3.8.0
- Update from version 3.7.9 to 3.8.0
- Update of rootfile
- Changelog
3.8.0
New features:
bsdtar: support --mtime and --clamp-mtime (#2601)
lib: mbedtls 3.x compatibility (#2602)
7-zip reader: improve self-extracting archive detection (#2088)
xar: xmllite support for the XAR reader and writer (#2388)
zip writer: added XZ, LZMA, ZSTD and BZIP2 support (#2137, #2284, #2391)
zip writer: added LZMA + RISCV BCJ filter (#2403)
Notable security fixes:
rar: do not skip past EOF while reading (#2584)
rar: fix double free with over 4 billion nodes (#2598)
rar: fix heap-buffer-overflow (#2599)
warc: prevent signed integer overflow (#2568)
tar: fix overflow in build_ustar_entry (#2588)
Notable bugfixes:
bsdtar: don't hardlink negative inode files together (#2587)
gz: allow setting the original filename for gzip compressed files (#2544)
lib: improve lseek handling (#2564)
lib: support @-prefixed Unix epoch timestamps as date strings (#2606)
rar: support large headers on 32 bit systems (#2596)
tar reader: Improve LFS support on 32 bit systems (#2582)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:30 +0000 (15:08 +0200)]
bind: Update to version 9.20.9
- Update from version 9.20.8 to 9.20.9
- Update of rootfile
- Changelog
9.20.9
Security Fixes
- [CVE-2025-40775] Prevent assertion when processing TSIG algorithm.
``b8c198ac5ca``
DNS messages that included a Transaction Signature (TSIG) containing
an invalid value in the algorithm field caused :iscman:`named` to
crash with an assertion failure. This has been fixed.
:cve:`2025-40775` :gl:`#5300`
Feature Changes
- Use jinja2 templates in system tests. ``8f545784ff0``
`python-jinja2` is now required to run system tests. :gl:`#4938`
:gl:`!10396`
Bug Fixes
- Fix EDNS yaml output. ``8c3b226d89b``
`dig` was producing invalid YAML when displaying some EDNS options.
This has been corrected.
Several other improvements have been made to the display of EDNS
option data: - We now use the correct name for the UPDATE-LEASE
option, which was previously displayed as "UL", and split it into
separate LEASE and LEASE-KEY components in YAML mode. - Human-readable
durations are now displayed as comments in YAML mode so as not to
interfere with machine parsing. - KEY-TAG options are now displayed as
an array of integers in YAML mode. - EDNS COOKIE options are displayed
as separate CLIENT and SERVER components, and cookie STATUS is a
retrievable variable in YAML mode. :gl:`#5014` :gl:`!10414`
- Return DNS COOKIE and NSID with BADVERS. ``34b7323bad6``
This change allows the client to identify the server that returns the
BADVERS and to provide a DNS SERVER COOKIE to be included in the
resend of the request. :gl:`#5235` :gl:`!10392`
- Disable own memory context for libxml2 on macOS. ``51e51d5ea8f``
Apple broke custom memory allocation functions in the system-wide
libxml2 starting with macOS Sequoia 15.4. Usage of the custom memory
allocation functions has been disabled on macOS. :gl:`#5268`
:gl:`!10411`
- `check_private` failed to account for the length byte before the OID.
``2b827380e75``
In PRIVATEOID keys, the key data begins with a length byte followed
by an ASN.1 object identifier that indicates the cryptographic
algorithm to use. Previously, the length byte was not accounted for
when checking the contents of keys and signatures, which could have
led to interoperability problems with any zones signed using
PRIVATEOID. This has been fixed. :gl:`#5270` :gl:`!10376`
- Fix a serve-stale issue with a delegated zone. ``d839d11bf62``
When ``stale-answer-client-timeout 0`` option was enabled, it could be
ignored when resolving a zone which is a delegation of an
authoritative zone belonging to the resolver. This has been fixed.
:gl:`#5275` :gl:`!10420`
- Fix the ksr two-tone test. ``3e2b255b5b7``
The two-tone ksr subtest (test_ksr_twotone) depended on the
dnssec-policy keys algorithm values in named.conf being entered in
numerical order. As the algorithms used in the test can be selected
randomly this does not always happen. Sort the dnssec-policy keys by
algorithm when adding them to the key list from named.conf.
:gl:`#5286` :gl:`!10435`
- Revert NSEC3 closest encloser lookup improvements. ``ac41f158fad``
The performance improvements for NSEC3 closest encloser lookups that
were restored in BIND 9.20.8 turned out to cause incorrect NSEC3
records to be returned in nonexistence proofs and were therefore
reverted again. :gl:`#5292` :gl:`!10443`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 May 2025 13:08:29 +0000 (15:08 +0200)]
apr: Update to version 1.7.6
- Update from version 1.7.5 to 1.7.6
- Update of rootfile
- Changelog
1.7.6
*) test/testsock.c (test_get_addr): Fix test to portably switch
the socket to non-blocking mode using apr_socket_timeout_set().
Also make the test SKIP for the case where the connect() completes
synchronously. [Ivan Zhakov]
*) network_io/win32/sockets.c: (apr_socket_connect): Copy the remote
address by value rather than by reference. This ensures that the
sockaddr object returned by apr_socket_addr_get is allocated from
the same pool as the socket object itself, as apr_socket_accept
does; avoiding any potential lifetime mismatches. [Ivan Zhakov]
*) CMake: Install include/apr_encode.h. [Ivan Zhakov]
*) CMake: Fix installation PDB files with multi-config generators.
[Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:27 +0000 (11:09 +0200)]
man-pages: Update to version 6.14
- Update from version 6.9.1 to 6.14
- Update of rootfile
- -R had to be added in to make command. See changelog Global changes for version 6.11
The -R will be able to be removed after make version 4.5 has been released.
- Changelog
6.14
New and rewritten pages
man2const/
UFFDIO_MOVE.2const
man7/
mctp.7
Newly documented interfaces in existing pages
man2/
fanotify_init.2
FAN_REPORT_FD_ERROR
FAN_REPORT_MNT
fanotify_mark.2
FAN_PRE_ACCESS
FAN_MARK_MNTNS
FAN_MNT_ATTACH, FAN_MNT_DETACH
open_by_handle_at.2
AT_HANDLE_CONNECTABLE
AT_HANDLE_MNT_ID_UNIQUE
man2const/
TIOCLINUX.2const
TIOCL_SELCHAR
TIOCL_SELWORD
TIOCL_SELLINE
TIOCL_SELPOINTER
TIOCL_SELCLEAR
TIOCL_SELMOUSEREPORT
man3/
abs.3
uabs(3)
ulabs(3)
ullabs(3)
uimaxabs(3)
man7/
fanotify.7
FAN_DENY_ERRNO()
FAN_REPORT_FD_ERROR
FAN_PRE_ACCESS
FAN_RESPONSE_INFO_AUDIT_RULE
FAN_REPORT_MNT
FAN_MNT_ATTACH, FAN_MNT_DETACH
FAN_EVENT_INFO_TYPE_MNT
New and changed links
man3/
uabs.3 (abs(3))
ulabs.3 (abs(3))
ullabs.3 (abs(3))
uimaxabs.3 (abs(3))
Global changes
- CREDITS, *
- Move in-source contribution records to a new CREDITS file, and
update copyright notices to be uniform across the project.
- man/
- Use GNU forward declarations of parameters for sizes of array
parameters.
- \fX => \f[X]
- Use 'path' instead of 'pathname' for parameters.
6.13
Newly documented interfaces in existing pages
man7/
landlock.7
Landlock ABI v6
LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
LANDLOCK_SCOPE_SIGNAL
Global changes
- Build system:
- PDF book:
- Add support for UNIX V10 sources.
- Makefiles:
- Don't pass an escaped # to grep(1). Use a trick to work with
both new and old systems. This fixes a regressions in the
build system from man-pages-6.11, which was itself introduced
while fixing a regression introduced in man-pages-6.10.
6.12
Newly documented interfaces in existing pages
man2/
mbind.2
MPOL_PREFERRED_MANY
set_mempolicy.2
MPOL_PREFERRED_MANY
Global changes
- Build system:
- Use ifndef and := instead of ?= (fixes regression introduced in
6.11, which affected at least the version string).
6.11
New and rewritten pages
man7/
pathname.7
Global changes
- Build system:
- [Breaking change!]
Require the user to pass '-R' to make(1). This is necessary to be
able to do the following change. When GNU make(1) releases a new
version, it will not be necessary to pass -R, but in current
versions of make(1) it is necessary.
- [Breaking change!]
Use '?=' assignments instead of ':=', to support setting make(1)
variables in the environment. Now one can do this:
$ export prefix=/usr
$ make -R
$ sudo make install -R
(The -R is only necessary in GNU make(1) versions prior to the
yet-unreleased 4.5.)
- Escape '#' in regexes, to support old versions of GNU make(1).
This fixes a regression in man-pages-6.10, which caused issues in
users with an old-enough version of GNU make(1), such as the one
present in Debian old-old-stable.
- Fix duplicate overview-panel entries in the PDF book.
- CONTRIBUTING.d/:
- Add C coding style guide.
- RELEASE:
- Document the production of the book.
- man/:
- Refresh bpf-helpers(7) from Linux v6.13.
6.10
New and rewritten pages
man1/
diffman-git.1
mansect.1
pdfman.1
sortman.1
man2/
keyctl.2 (split into many pages)
listmount.2
statmount.2
uretprobe.2
man2const/
KEYCTL_ASSUME_AUTHORITY.2const (previously, keyctl.2)
KEYCTL_CHOWN.2const (previously, keyctl.2)
KEYCTL_CLEAR.2const (previously, keyctl.2)
KEYCTL_DESCRIBE.2const (previously, keyctl.2)
KEYCTL_DH_COMPUTE.2const (previously, keyctl.2)
KEYCTL_GET_KEYRING_ID.2const (previously, keyctl.2)
KEYCTL_GET_PERSISTENT.2const (previously, keyctl.2)
KEYCTL_GET_SECURITY.2const (previously, keyctl.2)
KEYCTL_INSTANTIATE.2const (previously, keyctl.2)
KEYCTL_INVALIDATE.2const (previously, keyctl.2)
KEYCTL_JOIN_SESSION_KEYRING.2const (previously, keyctl.2)
KEYCTL_LINK.2const (previously, keyctl.2)
KEYCTL_READ.2const (previously, keyctl.2)
KEYCTL_RESTRICT_KEYRING.2const (previously, keyctl.2)
KEYCTL_REVOKE.2const (previously, keyctl.2)
KEYCTL_SEARCH.2const (previously, keyctl.2)
KEYCTL_SESSION_TO_PARENT.2const (previously, keyctl.2)
KEYCTL_SETPERM.2const (previously, keyctl.2)
KEYCTL_SET_REQKEY_KEYRING.2const (previously, keyctl.2)
KEYCTL_SET_TIMEOUT.2const (previously, keyctl.2)
KEYCTL_UNLINK.2const (previously, keyctl.2)
KEYCTL_UPDATE.2const (previously, keyctl.2)
PR_RISCV_SET_ICACHE_FLUSH_CTX.2const
man3/
__riscv_flush_icache.3
timespec_get.3
wcscasecmp.3 (merged wcsncasecmp.3 with it)
wcsncasecmp.3 (merged into wcsncasecmp.3)
Newly documented interfaces in existing pages
man2/
io_submit.2
RWF_ATOMIC
RWF_NOAPPEND
landlock_add_rule.2
Landlock ABI v4
landlock_create_ruleset.2
Landlock ABI v4
madvise.2
MADV_GUARD_INSTALL
MADV_GUARD_REMOVE
perf_event_open.2
struct perf_event_attr::inherit && cpus=-1
posix_fadvise.2
POSIX_FADV_NOREUSE
prctl.2
PR_RISCV_SET_ICACHE_FLUSH_CTX
process_madvise.2
All flags permitted for calling process
readv.2
RWF_ATOMIC
RWF_NOAPPEND
stat.2
AT_EMPTY_PATH && NULL
statx.2
AT_EMPTY_PATH && NULL
STATX_DIO_READ_ALIGN
STATX_MNT_ID_UNIQUE
STATX_SUBVOL
STATX_WRITE_ATOMIC
man3/
dlinfo.3
RTLD_DI_PHDR
fnmatch.3
FNM_IGNORECASE
man7/
landlock.7
Landlock ABI v4
Landlock ABI v5
rtnetlink.7
struct ifa_cacheinfo
New and changed links
man2/
riscv_flush_icache.2 (__riscv_flush_icache(3))
man2const/
KEYCTL_INSTANTIATE_IOV.2const (KEYCTL_INSTANTIATE(2const))
KEYCTL_NEGATE.2const (KEYCTL_INSTANTIATE(2const))
KEYCTL_REJECT.2const (KEYCTL_INSTANTIATE(2const))
man3/
timespec_getres.3 (timespec_get(3))
wcsncasecmp.3 (wcscasecmp(3))
Global changes
- src/bin/
- Add a few programs that are useful for maintaining manual pages:
diffman-git(1), mansect(1), pdfman(1), sortman(1)
- SPONSORS
- Add file listing the sponsors of this project.
- CONTRIBUTING*
- Expand documentation for contributing to the project. Especially,
regarding help using git(1).
- man/
- Split keyctl.2
- man2/, man3/: SYNOPSIS: Rename function parameters for consistency
and correctness.
- man2/, man3/: SYNOPSIS: Use typeof() to improve readability of
function pointers.
- man1/: SYNOPSIS: Use .SY/.YS for formatting commands.
- share/mk/
- Refactor *FLAGS and LDLIBS variables, as requested by some
distros.
- LICENSES/
- Add GPL-3.0-or-later.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:26 +0000 (11:09 +0200)]
libgcrypt: Update to version 1.11.1
- Update from version 1.11.0 to 1.11.1
- Update of rootfile
- Changelog
1.11.1
* Bug fixes:
- Fix build regression on 32 bit Windows using Clang. [T7175]
- Fix build regression on macOS due to symbol naming. [T7170]
- Fix Kyber secret-dependent branch introduced by recent versions
of Clang. [rCf765778e82]
- Fix build regression due to the use of AVX512 in Blake. [T7184]
- Do not build i386 asm on amd64 and vice versa. [T7220]
- Fix build regression on armhf with gcc-14. [T7226]
- Return the proper error code on malloc failure in hex2buffer.
[rCc51151f5b0]
- Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15]
* Performance:
- Add AES Vector Permute intrinsics implementation for AArch64.
[rC94a63aedbb]
- Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18]
- Add RISC-V vector permute AES. [rCb24ebd6163]
- Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0]
- Add ChaCha20 RISC-V vector intrinsics implementation.
[rC8dbee93ac2]
- Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba]
* Other:
- Add CET support for i386 and amd64 assembly. [T7220]
- Add PAC/BTI support for AArch64 asm. [T7220]
- Apply changes to Kyber from upstream for final FIPS 203.
[rCcc95c36e7f]
- Introduce an internal API for a revampled FIPS service indicator.
[T7340]
- Several improvements for constant time operation by the
introduction of Least Leak Intended (LLI) variants of internal
functions. [T7519,T7490]
- Remove WindowsCE support. [T7486]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 20 May 2025 09:09:25 +0000 (11:09 +0200)]
iperf3: Update to version 3.19
- Update from version 3.16 to 3.19
- Update of rootfile not required
- CVE fix in version 3.18 and another in 3.17. The CVE fix in 3.17 results in a breaking
change. The vulnerable option can be enabled in the build but that doesn't seem to be
a good approach for IPFire. I am not sure that the non backwards compatible changed
padding on encrypted strings would create a problem for us. I suspect this is more
if iperf3 is being used in a continuous measuring mode and in IPFire it is an addon
that is used to measure throughput rates when required.
- Changelog
3.19
Notable user-visible changes
iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux
with the use of the -m or --mptcp flag. (PR #1661)
iperf3 now supports a --cntl-ka option to enable TCP keepalives
on the control connection. (#812, #835, PR #1423)
iperf3 now supports the MSG_TRUNC receive option, specified by
the --skip-rx-copy. This theoretically improves the rated
throughput of tests at high bitrates by not delivering network
payload data to userspace. (#1678, PR #1717)
A bug that caused the bitrate setting to be ignored when bursts
are set, has been fixed. (#1773, #1820, PR #1821, PR #1848)
The congestion control protocol setting, if used, is now
properly reset between tests. (PR #1812)
iperf3 now exits with a non-error 0 exit code if exiting via a
SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829)
The current behavior of iperf3 with respect to the -n and -k
options is now documented as correct. (#1768, #1775, #596, PR #1800)
Notable developer-visible changes
iperf3 now supports a callback function to get the JSON output
strings. (#1711, PR #1798)
iperf3 now builds correctly with gcc-15 (#1838, PR #1805)
Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822)
A potential segfault crash was fixed (#1807)
Improved warning messages when reading malformed JSON messages
(PR #1817)
The Github CI configuration was changed to use a more up-to-date
set of runners (PR #1864)
3.18
Notable user-visible changes
SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a
JSON type security vulnerability that caused a
segmentation fault in the
server. (CVE-2024-53580) This has now been
fixed. (PR#1810)
UDP packets per second now reports the correct number of
packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR
errno if no data was sent (#1367/PR#1379).
Several segmentation faults related to threading were fixed. One
where pthread_cancel was called on an improperly initialized
thread (#1801), another where threads were being recycled
(#1760/PR#1761), and another where threads were improperly
handling signals (#1750/PR#1752).
A segmentation fault from calling freeaddrinfo with NULL was
fixed (PR#1755).
Some JSON options were fixed, including checking the size for
json_read (PR#1709), but the size limit was removed for
received server output (PR#1779).
A rcv-timeout error has been fixed. The Nread timeout was
hardcoded and timed out before the --rcv-timeout option
(PR#1744).
There is no longer a limit on the omit time period
(#1770/PR#1774).
Fixed an output crash under 32-bit big-endian systems (PR#1713).
An issue was fixed where CPU utilization was unexpectedly high
during limited baud rate tests. The --pacing-timer option was
removed, but it is still available in the library
(#1741/PR#1743).
Add SCTP information to --json output and fixed compile error
when SCTP is not supported (#1731).
--fq-rate was changed from a uint to a uint64 to allow pacing above
32G. Not yet tested on big-endian systems (PR#1728).
Notable developer-visible changes
Clang compilation failure on Android were fixed (PR#1687).
iperf_time_add() was optimizated to improve performance
(PR#1742).
Debug messages were added when the state changes (PR#1734).
To increase performance, the old UDP prot_listener is cleared
and removed after each test (PR#1708).
A file descriptor leak was closed (PR#1619).
3.17.1
Notable user-visible changes
Version number has been corrected. (#1699)
Notable developer-visible changes
No longer signing tags
3.17
Notable user-visible changes
BREAKING CHANGE: iperf3's authentication features, when used with
OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel
timing attack. To address this flaw, a change has been made to the
padding applied to encrypted strings. This change is not backwards
compatible with older versions of iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
UDP tests now work correctly between different endian hosts
(#1415).
The --fq-rate parameter now works for --reverse tests (#1632, PR#1667).
The statistics reporting interval is now available in the --json
start test object (#1663).
A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
Notable developer-visible changes
Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 May 2025 15:46:11 +0000 (17:46 +0200)]
dhcpcd: Update to version 10.2.3
- Update from version 10.2.2 to 10.2.3
- Update of rootfile not required
- Changelog
10.2.3
Restore logic on when to open an address specific socket by @dougnazar in #502
[Fix] DHCP Failure on WAN Interface Rename (Fixes #504) by @ngxquanganh in #505
BSD: routes via P2P interfaces now find their out-going interface
-b --background fixed
resolv: Fix processing more DNSSL options than RDNSS]
dhcpcd: Remove option rapid_commit from dhcpcd.conf
privsep: Fix valgrind and hardened-malloc on Linux with SECCOMP
route: Don't spam route changes for lifetime
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 May 2025 10:37:32 +0000 (12:37 +0200)]
fr.pl: Fixes bug 12060 - remove extraneous spaces at end of lines
- All lines where there was a space at the end of the french translation, and the
other language files did not have a space for that line, had the space removed.
- ./make.sh lang was run but nothing else was created by that.
Fixes: bug12060 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
