Adolf Belka [Fri, 12 Dec 2025 16:38:11 +0000 (17:38 +0100)]
exclude: Add the suricata sgh cache directory to the list
- Depending on the number of suricata rulesets that users have got enabled the suricata
cache in /var/cache/suricata/sgh/ gets currently backed up in the ipfire .ipf file
and some users are ending up with backup files that used to be 190MB and are now
greater than 700MB, some even over 800MB.
- This change excludes the cache from the backup as it seems that a restore with a cache
from an earlier time does not make sense.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 12 Dec 2025 14:07:07 +0000 (15:07 +0100)]
dracut-ng: Update the rootfile to include initqueue
- In dracut-180 initqueue was removed from the base system and made its own set. This
was missed when the original release was done and the initqueue entries were
commented out.
- Tested out with the new 6.18.0 kernel evaluation and initqueue was successfully
installed and therefore also subsequently btrfs, lvm & mdraid that depended on
initqueue
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 25 Nov 2025 11:31:56 +0000 (12:31 +0100)]
hostapd: Read the correct capabilities for the right band
Some modules don't support the same capabilities in the 2.4/5 GHz bands.
Therefore we need to abort parsing once we have found the correct
capabilities.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 11 Nov 2025 12:02:59 +0000 (13:02 +0100)]
curl: Update to version 8.17.0
- Update from version 8.16.0 to 8.17.0
- Update of rootfile
- Changelog
8.17.0
Changes:
build: drop Heimdal support
build: drop the winbuild build system
krb5: drop support for Kerberos FTP
libssh2: up the minimum requirement to 1.9.0
multi: add notifications API
progress: expand to use 6 characters per size
ssl: support Apple SecTrust configurations
tool_getparam: add --knownhosts
vssh: drop support for wolfSSH
wcurl: import v2025.11.04
write-out: make %header{} able to output *all* occurrences of a header
Bugfixes:
ares: fix leak in tracing
asyn-ares: remove wrong comment about the callback argument
asyn-ares: use the duped hostname pointer for all calls
asyn-thrdd resolver: clear timeout when done
asyn-thrdd: drop pthread_cancel
autotools: add support for libgsasl auto-detection via pkg-config
autotools: capitalize Rustls in the log output
autotools: drop detection of ancient OpenSSL libs RSAglue and rsaref
autotools: fix duplicate UNIX and BSD flags in buildinfo.txt
autotools: fix silly mistake in clang detection for buildinfo.txt
autotools: make --enable-code-coverage support llvm/clang
autotools: merge `if`s in GnuTLS/OpenSSL feature detection
aws-lc: re-enable large read-ahead with v1.61.0 again
base64: accept zero length argument to base64_encode
build: address some -Weverything warnings, update picky warnings
build: avoid overriding system open and stat symbols
build: avoid overriding system symbols for fopen functions
build: avoid overriding system symbols for socket functions
build: show llvm/clang in platform flags and buildinfo.txt
c-ares: when resolving failed, persist error
cf-h2-proxy: break loop on edge case
cf-ip-happy: mention unix domain path, not port number
cf-socket: always check Curl_cf_socket_peek() return code
cf-socket: check params and remove accept procondition
cf-socket: make set_local_ip void, and remove failf()
cf-socket: set FD_CLOEXEC on all sockets opened
cf-socket: tweak a memcpy() to read better
cf-socket: use the right byte order for ports in bindlocal
cfilter: unlink and discard
cfilters: check return code from Curl_pollset_set_out_only()
checksrc: allow disabling warnings on FIXME/TODO comments
checksrc: catch banned functions when preceded by (
checksrc: fix possible endless loop when detecting BANNEDFUNC
checksrc: fix possible endless loops in the banned function logic
checksrc: fix to handle ) predecing a banned function
checksrc: reduce directory-specific exceptions
CI.md: refresh
cmake/FindGSS: dedupe pkg-config module strings
cmake/FindGSS: drop wrong header check for GNU GSS
cmake/FindGSS: fix pkg-config fallback logic for CMake <3.16
cmake/FindGSS: simplify/de-dupe lib setup
cmake/FindGSS: whitespace/formatting
cmake: add and use local FindGnuTLS module
cmake: add CURL_CODE_COVERAGE option
cmake: build the "all" examples source list dynamically
cmake: clang detection tidy-ups
cmake: drop exclamation in comment looking like a name
cmake: fix `HAVE_GNUTLS_SRP` detection after adding local FindGnuTLS module
cmake: fix building docs when the base directory contains .3
cmake: fix Linux pre-fill `HAVE_POSIX_STRERROR_R` (when `_CURL_PREFILL=ON`)
cmake: fix Linux pre-fills for non-glibc (when `_CURL_PREFILL=ON`)
cmake: minor Heimdal flavour detection fix
cmake: pre-fill three more type sizes on Windows
cmake: say 'absolute path' in option descriptions and docs
cmake: support building some complicated examples, build them in CI
cmake: use modern alternatives for get_filename_component()
cmake: use more COMPILER_OPTIONS, LINK_OPTIONS / LINK_FLAGS
cmdline-docs: extended, clarified, refreshed
cmdline-opts/_PROGRESS.md: explain the suffixes
configure: add "-mt" for pthread support on HP-UX
conn: fix hostname move on connection reuse
conncache: prevent integer overflow in maxconnects calculation
connect: for CONNECT_ONLY, CURLOPT_TIMEOUT does not apply
connect: remove redundant condition in shutdown start
cookie: avoid saving a cookie file if no transfer was done
cookie: only count accepted cookies in Curl_cookie_add
cookie: remove the temporary file on (all) errors
cpool: make bundle->dest an array; fix UB
curl.h: remove incorrect comment about CURLOPT_PINNEDPUBLICKEY
curl_easy_getinfo: error code on NULL arg
curl_easy_setopt.md: add missing CURLOPT_POSTFIELDS
curl_mem_undef.h: limit to CURLDEBUG for non-memalloc overrides
curl_ngtcp2: fix `-Wunreachable-code` with H3 !verbose !unity clang
curl_osslq: error out properly if BIO_ADDR_rawmake() fails
curl_path: make sure just whitespace is illegal
Curl_resolv: fix comment. 'entry' argument is not optional
curl_slist_append.md: clarify that a NULL pointer is not acceptable
curl_threads: delete WinCE fallback branch
CURLINFO_FTP_ENTRY_PATH.md: this is for SFTP as well
CURLOPT_COOKIEFILE.md: clarify when the cookies are loaded
CURLOPT_COPYPOSTFIELDS.md: used with MQTT and RTSP as well
CURLOPT_HEADER/WRITEFUNCTION.md: drop '* size' since size is always 1
CURLOPT_MAXLIFETIME_CONN: make default 24 hours
CURLOPT_POSTFIELDSIZE*: these also work for MQTT and RTSP
CURLOPT_SERVER_RESPONSE_TIMEOUT*: add default and see-also
CURLOPT_SSL_VERIFYHOST.md: add see-also to two other VERIFYHOST options
CURLOPT_TIMECONDITION.md: works for FILE and FTP as well
cw-out: fix EAGAIN handling on pause
cw-out: unify the error handling pattern in cw_out_do_write
digest_sspi: fix two memory leaks in error branches
dist: do not distribute CI.md
docs/cmdline-opts: drop double quotes from GLOBBING and URL examples
docs/libcurl: clarify some timeout option behavior
docs/libcurl: remove ancient version references
docs/libcurl: use lowercase must
docs: expand on quoting rules for file names in SFTP quote
docs: fix/tidy code fences
doh: cleanup resources on error paths
doswin: CloseHandle the thread on shutdown
easy_getinfo: check magic, Curl_close safety
ECH.md: make OpenSSL branch clone instructions work
examples/chkspeed: portable printing when outputting curl_off_t values
examples/http2-serverpush: fix file handle leaks
examples/sessioninfo: cast printf string mask length to int
examples/sessioninfo: do not disable security
examples/synctime: fix null termination assumptions
examples/synctime: make the sscanf not overflow the local buffer
examples/usercertinmem: avoid stripping const
examples/websocket: fix use of uninitialized rlen
examples: call curl_global_cleanup() where missing
examples: check more errors, fix cleanups, scope variables
examples: drop unused curl/mprintf.h includes
examples: fix build issues in 'complicated' examples
examples: fix more potential resource leaks, and more
examples: fix two build issues surfaced with WinCE
examples: fix two issues found by CodeQL
examples: fix two more cases of stat() TOCTOU
examples: improve global init, error checks and returning errors
examples: replace casts with `curl_off_t` printf masks
examples: return curl_easy_perform() results
firefox-db2pem.sh: add macOS support, tidy-ups
form.md: drop reference to MANUAL
ftp: add extra buffer length check
ftp: check errors on remote ip for data connection
ftp: fix ftp_do_more returning with *completep unset
ftp: fix port number range loop for PORT commands
ftp: fix the 213 scanner memchr buffer limit argument
ftp: improve fragile check for first digit > 3
ftp: reduce size of some struct fields
ftp: remove 'newhost' and 'newport' from the ftp_conn struct
ftp: remove misleading comments
ftp: remove the retr_size_saved struct field
ftp: remove the state_saved struct field
ftp: replace strstr() in ;type= handling
ftp: simplify the 150/126 size scanner
gnutls: check conversion of peer cert chain
gnutls: fix re-handshake comments
gssapi: make channel binding conditional on GSS_C_CHANNEL_BOUND_FLAG
gtls: avoid potential use of uninitialized variable in trace output
gtls: check the return value of gnutls_pubkey_init()
header.md: see-also --proxy-header and vice versa
hmac: free memory properly on errors
hostip: don't store negative resolves due unrelated errors
hostip: fix infof() output for non-ipv6 builds using IPv6 address
hostip: remove leftover INT_MAX check in Curl_dnscache_prune
http2: check push header names by length first
http2: cleanup pushed newhandle on fail
http2: ingress handling edge cases
HTTP3: clarify the status for "old" OpenSSL, not current
http: check the return value of strdup
http: fix `-Wunreachable-code` in !websockets !unity builds
http: fix `-Wunused-variable` in !alt-svc !proxy !ws builds
http: handle user-defined connection headers
http: look for trailing 'type=' in ftp:// without strstr
http: make Content-Length parser more WHATWG
http: only accept ';' as a separator for custom headers
http: return error for a second Location: header
http_aws_sigv4: check the return value of curl_maprintf()
http_proxy: fix adding custom proxy headers
httpsrr: free old pointers when storing new
httpsrr: send HTTPS query to the right target
imap: fix custom FETCH commands to handle literal responses
imap: parse and use UIDVALIDITY as a number
imap: treat capabilities case insensitively
INSTALL-CMAKE.md: add manual configuration examples
INSTALL-CMAKE.md: document useful build targets
INSTALL-CMAKE.md: fix descriptions for LDAP dependency options
INSTALL: update the list of known operating systems
INTERNALS: drop Winsock 2.2 from the dependency list
ip-happy: do not set unnecessary timeout
ip-happy: prevent event-based stall on retry
kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic
kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions
kerberos: stop including gssapi/gssapi_generic.h
krb5: fix output_token allocators in the GSS debug stub (Windows)
krb5: return appropriate error on send failures
krb5_gssapi: fix memory leak on error path
krb5_sspi: the chlg argument is NOT optional
ldap: avoid null ptr deref on failure
ldap: do not base64 encode zero length string
ldap: do not pass a \n to failf()
ldap: tidy-up types, fix error code confusion
lib1514: fix return code mixup
lib: delete unused crypto header includes
lib: drop unused include and duplicate guards
lib: fix build error with verbose strings disabled
lib: remove newlines from failf() calls
lib: remove personal names from comments
lib: SSL connection reuse
lib: stop NULL-checking conn->passwd and ->user
lib: upgrade/multiplex handling
libcurl-multi.md: added curl_multi_get_offt mention
libcurl-security.md: mention long-running connections
libssh/libssh2: reject quote command lines with too much data
libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume
libssh2/sftp: fix resume corruption by avoiding O_APPEND with rresume
libssh2/sftp_realpath: change state consistently
libssh2: avoid risking using an uninitialized local struct field
libssh2: bail out on chgrp and chown number parsing errors
libssh2: clarify that sshp->path is always at least one byte
libssh2: drop two redundant null-terminations
libssh2: error check and null-terminate in ssh_state_sftp_readdir_link()
libssh2: fix EAGAIN return in ssh_state_auth_agent
libssh2: fix return code for EAGAIN
libssh2: use sockindex consistently
libssh: acknowledge SSH_AGAIN in the SFTP state machine
libssh: catch a resume point larger than the size
libssh: clarify myssh_block2waitfor
libssh: drop two unused assignments
libssh: error on bad chgrp number
libssh: error on bad chown number and store the value
libssh: fix range parsing error handling mistake
libssh: make atime and mtime cap the timestamp instead of wrap
libssh: react on errors from ssh_scp_read
libssh: return out of memory correctly if aprintf fails
libssh: return the proper error for readdir problems
Makefile.example: bump default example from FTP to HTTPS
Makefile.example: fix option order
Makefile.example: make default options more likely to work
Makefile.example: simplify and make it configurable
managen: ignore version mentions < 7.66.0
managen: render better manpage references/links
managen: strict protocol check
managen: verify the options used in example lines
mbedtls: add support for 4.0.0
mbedtls: check result of setting ALPN
mbedtls: fix building with <3.6.1
mbedtls: fix building with sha-256 missing from PSA
mbedtls: handle WANT_WRITE from mbedtls_ssl_read()
md4: drop mbedtls implementation (not available in mbedtls v3+)
mdlinkcheck: reject URLs containing quotes
memdup0: handle edge case
mime: fix unpausing of readers
mime: fix use of fseek()
multi.h: add CURLMINFO_LASTENTRY
multi: check the return value of strdup()
multi_ev: remove unnecessary data check that confuses analysers
netrc: when the cached file is discarded, unmark it as loaded
nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header
ngtcp2: add a comment explaining write result handling
ngtcp2: adopt ngtcp2_conn_get_stream_user_data if available
ngtcp2: check error code on connect failure
ngtcp2: close just-opened QUIC stream when submit_request fails
ngtcp2: compare idle timeout in ms to avoid overflow
ngtcp2: fix early return
ngtcp2: fix handling of blocked stream data
ngtcp2: fix returns when TLS verify failed
ngtcp2: overwrite rate-limits defaults
noproxy: fix the IPV6 network mask pattern match
NTLM: disable if DES support missing from OpenSSL or mbedTLS
ntlm: improved error path on bad incoming NTLM TYPE3 message
openldap/ldap; check for binary attribute case insensitively
openldap: avoid indexing the result at -1 for blank responses
openldap: check ber_sockbuf_add_io() return code
openldap: check ldap_get_option() return codes
openldap: do not pass newline to infof()
openldap: fix memory-leak in error path
openldap: fix memory-leak on oldap_do's exit path
openldap: limit max incoming size
openssl-quic: check results better
openssl-quic: handle error in SSL_get_stream_read_error_code
openssl-quic: ignore unexpected streams opened by server
openssl: better return code checks when logging cert data
openssl: call SSL_get_error() with proper error
openssl: check CURL_SSLVERSION_MAX_DEFAULT properly
openssl: clear retry flag on x509 error
openssl: combine all the x509-store flags
openssl: fail if more than MAX_ALLOWED_CERT_AMOUNT certs
openssl: fail the transfer if ossl_certchain() fails
openssl: fix build for v1.0.2
openssl: fix peer certificate leak in channel binding
openssl: fix resource leak in provider error path
openssl: fix unable do typo in failf() calls
openssl: free UI_METHOD on exit path
openssl: make the asn1_object_dump name null terminated
openssl: only try engine/provider if a cert file/name is provided
openssl: set io_need always
openssl: skip session resumption when verifystatus is set
os400: document threads handling in code.
OS400: fix a use-after-free/double-free case
osslq: set idle timeout to 0
pingpong: remove two old leftover debug infof() calls
pop3: check for CAPA responses case insensitively
pop3: fix CAPA response termination detection
pop3: function could get the ->transfer field wrong
pytest: skip specific tests for no-verbose builds
quic: fix min TLS version handling
quic: ignore EMSGSIZE on receive
quic: improve UDP GRO receives
quic: remove data_idle handling
quiche: fix possible leaks on teardown
quiche: fix verbose message when ip quadruple cannot be obtained.
quiche: handle tls fail correctly
quiche: when ingress processing fails, return that error code
rtsp: use explicit postfieldsize if specified
runtests: tag tests that require curl verbose strings
rustls: exit on error
rustls: fix clang-tidy warning
rustls: fix comment describing cr_recv()
rustls: limit snprintf proper in cr_keylog_log_cb()
rustls: make read_file_into not reject good files
rustls: pass the correct result to rustls_failf
rustls: typecast variable for safer trace output
rustls: use %zu for size_t in failf() format string
sasl: clear canceled mechanism instead of toggling it
schannel: assign result before using it
schannel: fix memory leak
schannel: handle Curl_conn_cf_send() errors better
schannel: lower the maximum allowed time to block to 7 seconds
schannel: properly close the certfile on error
schannel_verify: do not call infof with an appended \n
schannel_verify: fix mem-leak in Curl_verify_host
schannel_verify: use more human friendly error messages
scp/sftp: fix disconnect
scripts: pass -- before passing xargs
setopt: accept *_SSL_VERIFYHOST set to 2L
setopt: allow CURLOPT_DNS_CACHE_TIMEOUT set to -1
setopt: fix unused variable warning in minimal build
setopt: make CURLOPT_MAXREDIRS accept -1 (again)
singleuse.pl: fix string warning
smb: adjust buffer size checks
smb: transfer debugassert to real check
smtp: check EHLO responses case insensitively
smtp: fix EOB handling
smtp: return value ignored
socks: advance iobuf instead of reset
socks: avoid UAF risk in error path
socks: deny server basic-auth if not configured
socks: handle error in verbose trace gracefully
socks: handle premature close
socks: make Curl_blockread_all return CURLcode
socks: properly maintain the status of 'done'
socks: rewwork, cleaning up socks state handling
socks_gssapi: also reset buffer length after free
socks_gssapi: make the gss_context a local variable
socks_gssapi: reject too long tokens
socks_gssapi: remove superfluous releases of the gss_recv_token
socks_gssapi: remove the forced "no protection"
socks_gssapi: replace `gss_release_buffer()` with curl free
socks_sspi: bail out on too long fields
socks_sspi: fix memory cleanup calls
socks_sspi: remove the enforced mode clearing
socks_sspi: restore non-blocking socket on error paths
socks_sspi: use the correct free function
socksd: remove --bindonly mention, there is no such option
spelling: fix new finds by typos-cli 1.39.0
src/var: remove dead code
ssl-session-cache: check use on config and availability
ssl-sessions.md: mark option experimental
strerror: drop workaround for SalfordC win32 header bug
sws: fix checking sscanf() return value
sws: pass in socket reference to allow function to close it
tcp-nodelay.md: expand the documentation
telnet: ignore empty suboptions
telnet: make bad_option() consider NULL a bad option too
telnet: make printsub require another byte input
telnet: print DISPlay LOCation in printsub without mutating buffer
telnet: refuse IAC codes in content
telnet: return error if WSAEventSelect fails
telnet: return error on crazy TTYPE or XDISPLOC lengths
telnet: send failure logged but not returned
telnet: use pointer[0] for "unknown" option instead of pointer[i]
test1100: fix missing `<protocol>` section
tests/libtest/cli*: fix init/deinit, leaks, and more
tests/server: drop pointless memory allocation overrides
tests/server: drop unsafe open() override in signal handler (Windows)
tftp: check and act on tftp_set_timeouts() returning error
tftp: check for trailing ";mode=" in URL without strstr
tftp: default timeout per block is now 15 seconds
tftp: error requests for blank filenames
tftp: handle tftp_multi_statemach() return code
tftp: pin the first used address
tftp: propagate expired timer from tftp_state_timeout()
tftp: return error if it hits an illegal state
tftp: return error when sendto() fails
thread: errno on thread creation
tidy-up: assortment of small fixes
tidy-up: avoid using the reserved macro namespace
tidy-up: fcntl.h includes
tidy-up: update MS links, allow long URLs via checksrc
tidy-up: URLs
time-cond.md: refer to the singular curl_getdate man page
TLS: IP address verification, extend test
TODO: fix a typo
TODO: remove already implemented or bad items
tool: fix exponential retry delay
tool_cb_hdr: fix fwrite check in header callback
tool_cb_hdr: size is always 1
tool_cb_rea: use poll instead of select if available
tool_cfgable: remove superfluous free calls
tool_doswin: fix to use curl socket functions
tool_filetime: cap crazy file times instead of erroring
tool_filetime: replace cast with the fitting printf mask (Windows)
tool_formparse: rewrite the headers file parser
tool_getparam/set_rate: skip the multiplication on overflow
tool_getparam: always disable "lib-ids" for tracing
tool_getparam: make --fail and --fail-with-body override each other
tool_getparam: warn if provided header looks malformed
tool_ipfs: check the return value of curl_url_get for gwpath
tool_ipfs: simplify the ipfs gateway logic
tool_msgs: make errorf() show if --show-error
tool_operate: improve wording in retry message
tool_operate: keep failed partial download for retry auto-resume
tool_operate: keep the progress meter for --out-null
tool_operate: move the checks that skip ca cert detection
tool_operate: retry on HTTP response codes 522 and 524
tool_operate: return error on strdup() failure
tool_paramhlp: remove outdated comment in str2tls_max()
tool_parsecfg: detect and error on recursive --config use
tool_progress: handle possible integer overflows
tool_progress: make max5data() use an algorithm
transfer: avoid busy loop with tiny speed limit
transfer: fix retry for empty downloads on reuse
transfer: reset retry count on each request
unit1323: sync time types and printf masks, drop casts
unit1664: drop casts, expand masks to full values
url: make Curl_init_userdefined return void
urldata: FILE is not a list-only protocol
urldata: make 'retrycount' a single byte
urldata: make redirect counter 16 bit
vauth/digest: improve the digest parser
version: add GSS backend name and version
vquic: fix idle-timeout checks (ms<-->ns), 64-bit log & honor 0=no-timeout
vquic: fix recvmsg loop for max_pkts
vquic: handling of io improvements
vquic: sending non-gso packets fix for EAGAIN
vtls: alpn setting, check proto parameter
vtls: check final cfilter node in find_ssl_filter
vtls: drop duplicate `CURL_SHA256_DIGEST_LENGTH` definition
vtls: properly handle SSL shutdown timeout
vtls: remove call to PKCS12_PBE_add()
vtls: unify the error handling in ssl_cf_connect().
vtls_int.h: clarify data_pending
vtls_scache: fix race condition
wcurl: sync to +dev snapshot
windows: replace _beginthreadex() with CreateThread()
windows: stop passing unused, optional argument for Win9x compatibility
windows: use consistent format when showing error codes
windows: use native error code types more
wolfssl: check BIO read parameters
wolfssl: clear variable to avoid uninitialized use
wolfssl: fix error check in shutdown
wolfssl: fix resource leak in verify_pinned error paths
wolfssl: no double get_error() detail
ws: clarify an error message
ws: fix some edge cases
ws: fix type conversion check
ws: reject curl_ws_recv called with NULL buffer with a buflen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Skip unsupported algorithms when looking for a signing key.
A mix of supported and unsupported DNSSEC algorithms in the same zone
could cause validation failures. Unsupported algorithms are now ignored
when looking for signing keys. [GL #5622]
Fix dnssec-keygen key collision checking for KEY RRtype keys.
The dnssec-keygen utility program failed to detect possible KEY ID
collisions with existing keys generated using the non-default -T KEY
option (e.g., for SIG(0)). This has been fixed. [GL #5506]
dnssec-verify now uses exit code 1 when failing due to illegal options.
Previously, dnssec-verify exited with code 0 if the options could not
be parsed. This has been fixed. [GL #5574]
Prevent assertion failures of dig when a server is specified before the -b option.
Previously, dig could exit with an assertion failure when a server was
specified before the dig -b option. This has been fixed. [GL #5609]
Skip buffer allocations if not logging.
Previously, we allocated a 2KB buffer for IXFR change logging,
regardless of the log level.
This results in a 28% speedup in some scenarios."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 Nov 2025 17:30:47 +0000 (18:30 +0100)]
fwhosts.cgi: Don't check Country Code when locationgrp initially created
- When a location group is initially created the Country Code variable is blank. This
causes an error message that the Country Code is invalid before any country code
has been selected. This was flagged up by a new forum member.
- This change only checks the Country Code variable for being valid if it is not blank
- If this is not the best way to fix this problem, feel free to modify or replace it.
- Tested as working on my vm testbed.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 20 Nov 2025 14:22:29 +0000 (15:22 +0100)]
tshark: Update to version 4.6.1
- Update from version 4.6.0 to 4.6.1
- Update of rootfile
- Changelog
4.6.1
Bug Fixes
wnpa-sec-2025-05 BPv7 dissector crash. Issue 20770.
wnpa-sec-2025-06 Kafka dissector crash. Issue 20823.
The following bugs have been fixed:
L2CAP dissector doesn’t understand retransmission mode. Issue 2241.
DNS HIP dissector labels PK algorithm as HIT length. Issue 20768.
clang-cl error in "packet-zbee-direct.c" Issue 20776.
Writing to an LZ4-compressed output file might fail. Issue 20779.
endian.h conflics with libc for building plugins. Issue 20786.
TShark crash caused by Lua plugin. Issue 20794.
Wireshark stalls for a few seconds when selecting specific messages.
Issue 20797.
TLS Abbreviated Handshake Using New Session Ticket. Issue 20802.
Custom websocket dissector does not run. Issue 20803.
WINREG QueryValue triggers dissector bug in packet-dcerpc.c. Issue 20813.
Lua: FileHandler causing crash when reading packets. Issue 20817.
Apply As Filter for field with FT_NONE and BASE_NONE for a single byte
does not use the hex value. Issue 20818.
Layout preference Pane 3 problem with selecting Packet Diagram or None.
Issue 20819.
TCP dissector creates invalid packet diagram. Issue 20820.
Too many nested VLAN tags when opening as File Format. Issue 20831.
Omnipeek files not working in 4.6.0. Issue 20842.
Support UTF-16 strings in the IsoBus dissector for the string operations.
Issue 20845.
SNMP getBulkRequest request-id does not get filtered for correctly.
Issue 20849.
Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue 20852.
UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856.
Updated Protocol Support
802.11 Radiotap, AC DR, ASN.1 BER, ASN.1 PER, BPv7, BT L2CAP, CFM,
Darwin, DNS, DTLS, EAPOL-MKA, HTTP, HTTP3, ISObus VT, KRB5, LTP,
NAS-EPS, NETDFS, NMEA 0183, P1, RPC_NETLOGON, RTSE, SGP.22, SGP.32,
SMB, SNMP, TCP, TECMP, TFTP, VLAN, WINREG, X509AF, X509SAT, and ZBD
New and Updated Capture File Support
Peektagged
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 20 Nov 2025 14:22:28 +0000 (15:22 +0100)]
c-ares: Update to version 1.34.5
- Update from version 1.34.3 to 1.34.5
- Update of rootfile
- Changelog
1.34.5
Security:
CVE-2025-31498. A use-after-free bug has been uncovered in read_answers()
that was introduced in v1.32.3. Please see CVE-2025-31498
Changes:
Restore Windows XP support. PR #958
Bugfixes:
A missing mutex initialization would make busy polling for configuration
changes (platforms other than Windows, Linux, MacOS) eat too much CPU
PR #974
Pkgconfig may be generated wrong for static builds in relation to -pthread
PR #965
Localhost resolution can fail if only one address family is in /etc/hosts
PR #947
1.34.4
Changes:
QNX Port: Port to QNX 8, add primary config reading support, add CI build.
PR #934, PR #937, PR #938
Bugfixes:
Empty TXT records were not being preserved. PR #922
docs: update deprecation notices for ares_create_query() and
ares_mkquery(). PR #910
license: some files weren’t properly updated. PR #920
Fix bind local device regression from 1.34.0. PR #929, PR #931, PR #935
CMake: set policy version to prevent deprecation warnings. PR #932
CMake: shared and static library names should be the same on unix
platforms like autotools uses. PR #933
Update to latest autoconf archive macros for enhanced system compatibility.
PR #936
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 22 Nov 2025 19:52:27 +0000 (20:52 +0100)]
btrfs-progs: Update to version 6.17.1
- Update from version 6.17 to 6.17.1
- No change in rootfile
- Changelog
6.17.1
* inspect list-chunks: more sorting keys, descending order
* fi resize: add support for offline (unmounted) growing of single device
* device stats: add support for offline (unmounted) reads
* quota status: new command, overview what mode is enabled, tunables
* fi commit-stats: new command, print various commit stats from sysfs (since
kernel 6.1)
* balance start: print warning and delay start if there's a missing device
in the filesystem
* mkfs:
* print zoned mode (native, emulated)
* check:
* verify device bytes in super block item and in chunk tree
* other
* updated CI, new and updated tests
* cleanups, refactoring
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 22 Nov 2025 19:45:04 +0000 (20:45 +0100)]
openvpn: Update to version 2.6.16
- Update from version 2.6.15 to 2.6.16
- No change to rootfile
- Changelog
2.6.16
Security fixes:
CVE-2025-13086: Fix memcmp check for the hmac verification in the 3way
handshake. This bug renders the HMAC based protection against state
exhaustion on receiving spoofed TLS handshake packets in the OpenVPN
server inefficient.
Bug fixes:
fix invalid pointer creation in tls_pre_decrypt() - technically this is a
memory over-read issue, in practice, the compilers optimize it away so
no negative effects could be observed.
Windows: in the interactive service, fix the "undo DNS config" handling.
Windows: in the interactive service, disallow using of "stdin" for the
config file, unless the caller is authorized OpenVPN Administrator
Windows: in the interactive service, change all netsh calls to use
interface index and not interface name - sidesteps all possible attack
avenues with special characters in interface names.
Windows: in the interactive service, improve error handling in some
"unlikely to happen" paths.
auth plugin/script handling: properly check for errors in creation on
$auth_failed_reason_file (arf).
for incoming TCP connections, close-on-exec option was applied to the wrong
socket fd, leaking socket FDs to child processes.
sitnl: set close-on-exec flag on netlink socket
ssl_mbedtls: fix missing perf_pop() call (optional performance profiling)
Windows MSI changes since 2.6.15-I001:
Built against OpenSSL 3.6.0
Included openvpn-gui updated to 11.58.0.0
Check the return value of GetProp()
Make config path check similar to that in interactive service
Escape the type id of password message received from openvpn
Add a message source for event logging
Check correct management daemon path when OpenVPN3 is enabled
Fix OpenVPN3 radio button label size when OVPN3 is enabled
Use GetTempPath() for debug file in plap as well
Migrate all saved plain usernames to encrypted format
Included win-dco driver updated to 2.8.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 17 Nov 2025 11:49:55 +0000 (12:49 +0100)]
ffmpeg: Re-enable lame and SSL support
The ffmpeg developers decided at some point in the past to change some
defaults during configure and therefore we need to explit enable support
for lame and openssl.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 16 Nov 2025 13:32:36 +0000 (14:32 +0100)]
nano: Update to 8.7
For details see:
https://www.nano-editor.org/news.php
"2025 November 12 - GNU nano 8.7 "Blue Highways"
At the Execute prompt, preceding the command with two pipe symbols
allows implementing a copy-to-clipboard feature in your nanorc (on
terminals that support OSC 52). See the doc/sample.nanorc file."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Tue, 11 Nov 2025 21:11:59 +0000 (22:11 +0100)]
zabbix_agentd: Update to 7.0.21 (LTS)
- Update of rootfile not required
Improvements:
- ZBXNEXT-9902 Changed timeout range for Zabbix JS and Zabbix get utilities
Bugs fixed:
- ZBX-25148 Added adjustments for sequential data entries with the same timestamp
- ZBX-25263 Fixed Zabbix agent to attempt next refresh of active checks in 60 seconds in case of connection errors
Full changelogs:
- https://www.zabbix.com/rn/rn7.0.19
- https://www.zabbix.com/rn/rn7.0.20
- https://www.zabbix.com/rn/rn7.0.21
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Nov 2025 14:39:27 +0000 (14:39 +0000)]
initscripts: dhcp: Tolerate running other dhcp servers
Some users have been trying to run multiple instances of the DHCP server
and restarting the main server won't work because the initscript refuses
to launch the process if there is another one with the same command.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Nov 2025 16:46:51 +0000 (16:46 +0000)]
lldpd: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 Nov 2025 09:59:43 +0000 (10:59 +0100)]
strongswan: Update to version 6.0.3
- Update from version 6.0.2 to 6.0.3
- Update of rootfile
- Changelog
6.0.3
- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
Request packets on the client that can lead to a heap-based buffer overflow
and potentially remote code execution.
This vulnerability has been registered as CVE-2025-62291.
- The new `alert` event for vici is raised for certain error conditions.
- Only plugins with matching version number are loaded by programs.
- IKE SAs redirected during IKE_AUTH are now properly tracked by controller and
trap-manager.
- Fallback to the IKE identity for clients that don't provide an EAP-Identity to
fix a regression in 6.0.2.
- Detecting unwrapped CKA_EC_POINTs has been improved in the pkcs11 plugin.
- The whitelist plugin uses non-blocking I/O to avoid issues with clients that
stay connected for a long time. The buffer size for IDs was increased to 256.
- The certexpire plugins also uses 256 bytes for its identity buffer.
- Convenient decorators for event handling are provided by the Python bindings
for vici.
- The openssl plugin also supports Ed25519 via AWS-LC. It also loads EdDSA keys
from PKCS#12 containers.
- The testing environment is now based on Debian 13 (trixie), by default.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Nov 2025 10:20:33 +0000 (11:20 +0100)]
squid: Don't forcibly kill any redirectory processes
This is a race which might cause that when squidGuard pre-compiles any
data, it will be killed too. If that happens, squid will keep forking
squidGuard processes which will be unresponsive (because they are trying
to compile they own databases) and the whole system will become
unresponsive at some point.
There should be no need to perform this action.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3500400 to 3510000
- Update of rootfile
- Changelog 3510000
New macros in sqlite3.h:
SQLITE_SCM_BRANCH → the name of the branch from which the source code is
taken.
SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in.
SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in.
Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the
existing json_each() and json_tree() functions except that they return JSONB
for the "value" column when the "type" is 'array' or 'object'.
The carray and percentile extensions are now built into the amalgamation,
though they are disabled by default and must be activated at
compile-time using the -DSQLITE_ENABLE_CARRAY and/or
-DSQLITE_ENABLE_PERCENTILE options, respectively.
Enhancements to TCL Interface:
Add the -asdict flag to the eval command to have it set the row data as a
dict instead of an array.
User-defined functions may now break to return an SQL NULL.
CLI enhancements:
Increase the precision of ".timer" to microseconds.
Enhance the "box" and "column" formatting modes to deal with double-wide
characters.
The ".imposter" command provides read-only imposter tables that work with
VACUUM and do not require the --unsafe-testing option.
Add the --ifexists option to the CLI command-line option and to the .open
command.
Limit columns widths set by the ".width" command to 30,000 or less, as
there is not good reason to have wider columns, but supporting wider
columns provides opportunity to malefactors.
Performance enhancements:
Use fewer CPU cycles to commit a read transaction.
Early detection of joins that return no rows due to one or more of the
tables containing no rows.
Avoid evaluation of scalar subqueries if the result of the subquery does
not change the result of the overall expression.
Faster window function queries when using
"BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y.
Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP
argument for sqlite3_wal_checkpoint_v2().
Add the sqlite3_set_errmsg() API for use by extensions.
Add the sqlite3_db_status64() API, which works just like the existing
sqlite3_db_status() API except that it returns 64-bit results.
Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and
sqlite3_db_status64() interfaces.
In the session extension add the sqlite3changeset_apply_v3() interface.
For the built-in printf() and the format() SQL function, omit the leading '-'
from negative floating point numbers if the '+' flag is omitted and the "#"
flag is present and all displayed digits are '0'. Use '%#f' or similar to
avoid outputs like '-0.00' and instead show just '0.00'.
Improved error messages generated by FTS5.
Enforce STRICT typing on computed columns.
Improved support for VxWorks
JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be
32-bit but creating one's own 64-bit build is now as simple as running "make".
Improved resistance to database corruption caused by an application breaking
Posix advisory locks using close().
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:29 +0000 (19:03 +0100)]
protobuf: Update to version 33.0
- Update from version 32.1 to 33.0
- Update of rootfile
- Changelog
33.0
Bazel
Feat: update bazel central registry publish workflow (#23465) (#23913)
(d5217fd)
Add target_compatible_with parameter to proto_toolchain in Bazel rules
(#22429) (30d2332)
Bazel: add missing rules_cc loads (#23584) (d98e2ef)
Compiler
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Ship all option dependencies to plugins along with regular ones. (abeb130)
C++
Avoid calling deprecated arena-enabled constructors in arena.h. (813a7ef)
Add a macro to make RepeatedField(Arena*) constructor private in a future
release. (768db14)
Add a macro to make Map(Arena*) constructor private in a future release.
(543a17f)
Optimize ReadPackedVarint (3d94d83)
Add a macro to make RepeatedPtrField(Arena*) constructor private in a
future release (6422b9d)
Add IsEmpty() function to reflection. (b64e490)
Refactor RuntimeAssertInBounds to remove repeated logic and make
Get/Mutable easier to read. (2f270c4)
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Fix a bug in the main C++ JSON parser/serializer camelcasing of certain
non-style-compliant names incorrectly, in a way that would prevent it
from interoperating with any other implementation on those fields.
(e25e267)
Fail early for messages with more than 65k fields. (90824aa)
Add option to C++ JSON Parser/Serializer to allow customers to
affirmatively disable legacy bug-compatibilty behaviors. (6ea1640)
Fix mishandling on JSON serialization of Timestamp with invalid negative
and too-large nanos value. (a959f27)
Preserve features in type resolver (c7030f4)
Add a DCHECK that ArenaStringPtr::Set(char*, Arena*) is not called with
(95b1763)
Java
Restored compatibility of runtime with gencode created with protoc <3.21
With this release, compatibility of the runtime with older gencode down to
3.0.0 is restored, compared to the previous support minimum of gencode
created with 3.22+. Note that it is still strongly recommended to
regenerate your gencode with a newer protoc and to avoid using gencode
which was created with an old protoc.
Generated code from this range is covered by CVE-2022-3171 and is
potentially vulnerable to a Denial of Service risk.
JavaProto 4.x previously dropped compatibility with the potentially
vulnerable generated code, having the behavior of:
The vulnerable generated code was source-incompatible with new runtime
(would not compile when built from source)
The vulnerable generated code was ABI-incompatible with new runtime
(when using a .class file compiled against old runtime, a
NoSuchMethodException would be thrown at parse time).
Starting with this release:
The vulnerable generated code is now source-compatible (will compile).
The first time each potentially vulnerable type is parsed, an error
message will be logged noting that potentially vulnerable generated
code is in use and the name of the corresponding type.
Environment variables may be set to either throw an exception instead
(-Dcom.google.protobuf.error_on_unsafe_pre22_gencode) or to entirely
silence the logged messages
(-Dcom.google.protobuf.use_unsafe_pre22_gencode)
This change was made based on community feedback regarding the difficulty
in identifying and quickly remediating stale gencode in their
transitive dependencies weighed against a careful evaluation of the
realistic risk exposure of DoS (with no risk of other concerns
including information leak or RCE).
We strongly recommend that any users who observe the log messages to
regenerate the corresponding code with a newer protoc. We recommend
that any security-conscious services opt into the
error_on_unsafe_pre22_gencode behavior to preclude any risk of a
Denial of Service surface area being exposed.
A future 4.x release may flip the default behavior to error by default as
a measure to further help the ecosystem avoid the Denial of Service
risks, while still maintaining the ability to opt into continuing to
use insecure gencode for users who are parsing trusted inputs and
where the difficulty of regenerating is high.
Changes
Switch the pre22 warning to use CopyOnWriteArraySet. (#23969) (e55224c)
Expose helpers for checking if messages and enums are nested. (8de4002)
Fix a bug calculating the file name in the absense of directories. (c4ff7a6)
Clarify the public APIs of GeneratorNames helpers. (537ac35)
Expose helpers to predict generated class names in java. (eba6df2)
Deprecate ClassName methods in favor of new QualifiedClassName ones.
(ca4fb2f)
Restore the 3-argument internalBuildGeneratedFileFrom. (4376591)
Fix large java enums not being honored on lite runtime. (a995803)
Slightly relax Java Poison Pill on prerelease versions (-rc1, -dev, etc).
(7b0bee3)
Avoid boxing/unboxing varint, fixed32, and fixed64 fields in
UnknownFieldSet.Field (810272f)
Readd new*List() methods on GeneratedMessageV3. (badaf41)
Add Values.of(Map<String, Value> values). (c518f25)
Fix handling of optional dependencies in java generator. (8d51e34)
Restore ABI compatibility for extension methods which was previously
(knowingly) broken with 4.x: 94a2a44 (ea33ae8)
Restore Protobuf Java extension modifiers in gencode that were previously
removed in 7bff169 (f2257f5)
Ship all option dependencies to plugins along with regular ones. (abeb130)
Optimize redaction state calculation (e05db5c)
Add isPlaceholder() accessors to file, message, and enum descriptors
(f978ec2)
Improve Java gencode static initialization to avoid unnecessary
temporaries again (745e15b)
Improve Java gencode static initialization to avoid unnecessary
temporaries (b68b673)
Remove protobuf-util usages of guava except annotations. (5768acd)
Restore compatibility of runtime with pre-3.22.x gencode impacted by
CVE-2022-3171 (7c51e5b)
Expose an iterator for GeneratedMessage.ExtendableMessage.extensions
(b25d39e)
Rust
Change Rust prelude to bring in traits as _ (c3f7e8d)
Make message Muts Send (8bff944)
See also UPB changes below, which may affect Rust.
Python
Publish s390x wheels for Python/upb. (56b2b89)
Fix a crash that happens during shutdown due to looking up modules in the
cache (d57d270)
Add construction support for repeated Timestamp/Duration/Struct/ListValue.
(5f6c013)
Fix handling of repeated extension fields in PyProto JSON (07ef676)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Fixed mypy errors by setting __slots__ to empty in .pyi files. (38ca2d3)
Raise warnings for float_precision from python json_format. (4659cd7)
Raise warnings when assign bool to int/enum field in Python Proto. This
will turn into error in 34.0 release. (4ee55d7)
PHP
Fix(php): php errors on repeated field (#23372) (6fee29b)
UPB (Python/PHP/Ruby C-Extension)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Other
Update token for BCR release to reuse existing BOT_ACCESS_TOKEN used for
staleness_refresh.yml and update_php_repo.yml (#23925) (dcace2f)
Use the 'better' JSON parser on the conformance suite harness. (4b4e405)
Add JSON conformance test that a single value provided for a repeated
field should parse fail. (9806994)
Add conformance test cases for malformed nanos fields on Durations and
Timestamps. (a6bdd0a)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:28 +0000 (19:03 +0100)]
lvm2: Update to version 2.03.36
- Update from version 2.03.35 to 2.03.36
- No change to rootfile
- Changelog
2.03.36
Fix uninitialized chunk_size_calc_policy in pool parameter functions.
Fix approximate allocation for Raid with insufficient extents.
Fix race in dmeventd remonitoring optimization (2.03.35).
Use -real suffix for pvmove UUID.
Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb.
Allow creating _imeta with multiple segments.
Fix driver_version() accepts NULL version buffer pointer.
Fix invalid free() call in error path of _add_metadata_area_to_pv().
Avoid destroying aio context in forked process.
Add lvs -o cache_promotions,cache_promotions fields.
Update pvmove logic when moving i.e. raid legs.
Display integrity info in lvdisplay.
Increase storage size for internal filter chain.
Add helper function display_mb_size().
Enhance code for adding and removing integrity to RAID volumes.
Add code for basic validation of integrity segment.
Use -real private suffix for integrity origin and meta volumes.
Use -real private suffix for mirror and raid legs.
Detect and use existing XFS quota mount options for lvresize --fs resize.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:27 +0000 (19:03 +0100)]
libcap: Update to version 2.77
- Update from version 2.76 to 2.77
- Update of rootfile
- Changelog
2.77
Fix mistakes in setcap for reporting errors: report them with the
appropriate filename. Thanks to Nikolas for reporting these in
Bug 220245.
Fix bug in cap.GetIAB() reported and fix provided by Garret Kelly via
Bug 220420.
Improve libcap managed memory allocation and support CHERI RISC-V. Reported
with fix by Chris Hofer via Bug 220415.
Add (unverified) support for the PSX mechanism on microblaze, arc, openrisc
and xtensa architectures. Thanks to Tom Petazzoni for including these in
Bug 219915
Please let me know if these work or fail on these architectures.
Add C++ support to the run a .so file as an executable mechanism employed by
libcap.so, libpsx.so and pam_cap.so. Not really necessary for the libcap
build tree, but wanted to capture the details of my recent update to a
Stackoverflow answer on the topic.
Use BUILD_LDFLAGS when compiling _makenames fix contributed by Khem Raj.
Fix broke some builds, so will revert and apply a more comprehensive fix.
Fixed sendmail issue discussion link. Thanks to Ariel Otilibili for noticing
the breakage and contributing a fix.
Some debugging fixes for use of the kdebug/ testing setup,
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:25 +0000 (19:03 +0100)]
elfutils: Update to version 0.194
- Update from version 0.193 to 0.194
- Update of rootfile
- Changelog
0.194
debuginfod-find: Fixed caching bug preventing user-cancelled downloads
from being re-downloaded at a later time.
elfclassify: New options --has-debug-sections and --any-ar-member.
elflint: Presence of vendor- and application-specific ELF note types no
longer triggers compliance errors.
libdwfl_stacktrace: New function dwflst_sample_getframes. The
libdwfl_stacktrace library interface is experimental
and may be subject to API/ABI changes.
libelf: Manual pages have been added for many libelf library functions.
Additional manual pages are planned for future releases.
readelf: Up to 13% faster when using the -N option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:02:55 +0000 (19:02 +0100)]
fmt: Update to version 12.1.0
- Update from version 11.2.0 to 12.1.0
- Update of rootfile
- so-bump so mpd requires shipping
- Changelog
12.1.0
- Optimized `buffer::append`, resulting in up to ~16% improvement on spdlog
benchmarks (https://github.com/fmtlib/fmt/pull/4541). Thanks @fyrsta7.
- Worked around an ABI incompatibility in `std::locale_ref` between clang and
gcc (https://github.com/fmtlib/fmt/issues/4573).
- Made `std::variant` and `std::expected` formatters work with `format_as`
(https://github.com/fmtlib/fmt/issues/4574,
https://github.com/fmtlib/fmt/pull/4575). Thanks @phprus.
- Made `fmt::join<string_view>` work with C++ modules
(https://github.com/fmtlib/fmt/issues/4379,
https://github.com/fmtlib/fmt/pull/4577). Thanks @Arghnews.
- Exported `fmt::is_compiled_string` and `operator""_cf` from the module
(https://github.com/fmtlib/fmt/pull/4544). Thanks @CrackedMatter.
- Fixed a compatibility issue with C++ modules in clang
(https://github.com/fmtlib/fmt/pull/4548). Thanks @tsarn.
- Added support for cv-qualified types to the `std::optional` formatter
(https://github.com/fmtlib/fmt/issues/4561,
https://github.com/fmtlib/fmt/pull/4562). Thanks @OleksandrKvl.
- Added demangling support (used in exception and `std::type_info` formatters)
for libc++ and clang-cl
(https://github.com/fmtlib/fmt/issues/4542,
https://github.com/fmtlib/fmt/pull/4560,
https://github.com/fmtlib/fmt/issues/4568,
https://github.com/fmtlib/fmt/pull/4571).
Thanks @FatihBAKIR and @rohitsutreja.
- Switched to global `malloc`/`free` to enable allocator customization
(https://github.com/fmtlib/fmt/issues/4569,
https://github.com/fmtlib/fmt/pull/4570). Thanks @rohitsutreja.
- Made the `FMT_USE_CONSTEVAL` macro configurable by users
(https://github.com/fmtlib/fmt/pull/4546). Thanks @SnapperTT.
- Fixed compilation with locales disabled in the header-only mode
(https://github.com/fmtlib/fmt/issues/4550).
- Fixed compilation with clang 21 and `-std=c++20`
(https://github.com/fmtlib/fmt/issues/4552).
- Fixed a dynamic linking issue with clang-cl
(https://github.com/fmtlib/fmt/issues/4576,
https://github.com/fmtlib/fmt/pull/4584). Thanks @FatihBAKIR.
- Fixed a warning suppression leakage on gcc
(https://github.com/fmtlib/fmt/pull/4588). Thanks @ZedThree.
- Made more internal color APIs `constexpr`
(https://github.com/fmtlib/fmt/pull/4581). Thanks @ishani.
- Fixed compatibility with clang as a host compiler for NVCC
(https://github.com/fmtlib/fmt/pull/4564). Thanks @valgur.
- Fixed various warnings and lint issues
(https://github.com/fmtlib/fmt/issues/4565,
https://github.com/fmtlib/fmt/pull/4572,
https://github.com/fmtlib/fmt/pull/4557).
Thanks @LiangHuDream and @teruyamato0731.
- Improved documentation
(https://github.com/fmtlib/fmt/issues/4549,
https://github.com/fmtlib/fmt/pull/4551,
https://github.com/fmtlib/fmt/issues/4566,
https://github.com/fmtlib/fmt/pull/4567,
https://github.com/fmtlib/fmt/pull/4578,).
Thanks @teruyamato0731, @petersteneteg and @zimmerman-dev.
12.0.0
- Optimized the default floating point formatting
(https://github.com/fmtlib/fmt/issues/3675,
https://github.com/fmtlib/fmt/issues/4516). In particular, formatting a
`double` with format string compilation into a stack allocated buffer is
more than 60% faster in version 12.0 compared to 11.2 according to
[dtoa-benchmark](https://github.com/fmtlib/dtoa-benchmark):
```
Function Time (ns) Speedup
fmt11 34.471 1.00x
fmt12 21.000 1.64x
```
<img width="766" height="609" src="https://github.com/user-attachments/assets/d7d768ad-7543-468c-b0bb-449abf73b31b" />
- Added `constexpr` support to `fmt::format`. For example:
```c++
#include <fmt/compile.h>
using namespace fmt::literals;
std::string s = fmt::format(""_cf, 42);
```
now works at compile time provided that `std::string` supports `constexpr`
(https://github.com/fmtlib/fmt/issues/3403,
https://github.com/fmtlib/fmt/pull/4456). Thanks @msvetkin.
- Added `FMT_STATIC_FORMAT` that allows formatting into a string of the exact
required size at compile time.
For example:
```c++
#include <fmt/compile.h>
constexpr auto s = FMT_STATIC_FORMAT("{}", 42);
```
compiles to just
```s
__ZL1s:
.asciiz "42"
```
It can be accessed as a C string with `s.c_str()` or as a string view with
`s.str()`.
- Improved C++20 module support
(https://github.com/fmtlib/fmt/pull/4451,
https://github.com/fmtlib/fmt/pull/4459,
https://github.com/fmtlib/fmt/pull/4476,
https://github.com/fmtlib/fmt/pull/4488,
https://github.com/fmtlib/fmt/issues/4491,
https://github.com/fmtlib/fmt/pull/4495).
Thanks @arBmind, @tkhyn, @Mishura4, @anonymouspc and @autoantwort.
- Switched to using estimated display width in precision. For example:
```c++
fmt::print("|{:.4}|\n|1234|\n", "🐱🐱🐱");
```
prints
because `🐱` has an estimated width of 2
(https://github.com/fmtlib/fmt/issues/4272,
https://github.com/fmtlib/fmt/pull/4443,
https://github.com/fmtlib/fmt/pull/4475).
Thanks @nikhilreddydev and @localspook.
- Fix interaction between debug presentation, precision, and width for strings
(https://github.com/fmtlib/fmt/pull/4478). Thanks @localspook.
- Implemented allocator propagation on `basic_memory_buffer` move
(https://github.com/fmtlib/fmt/issues/4487,
https://github.com/fmtlib/fmt/pull/4490). Thanks @toprakmurat.
- Fixed an ambiguity between `std::reference_wrapper<T>` and `format_as`
formatters (https://github.com/fmtlib/fmt/issues/4424,
https://github.com/fmtlib/fmt/pull/4434). Thanks @jeremy-rifkin.
- Removed the following deprecated APIs:
- `has_formatter`: use `is_formattable` instead,
- `basic_format_args::parse_context_type`,
`basic_format_args::formatter_type` and similar aliases in context types,
- wide stream overload of `fmt::printf`,
- wide stream overloads of `fmt::print` that take text styles,
- `is_*char` traits,
- `fmt::localtime`.
- Deprecated wide overloads of `fmt::fprintf` and `fmt::sprintf`.
- Improved diagnostics for the incorrect usage of `fmt::ptr`
(https://github.com/fmtlib/fmt/pull/4453). Thanks @TobiSchluter.
- Made handling of ANSI escape sequences more efficient
(https://github.com/fmtlib/fmt/pull/4511,
https://github.com/fmtlib/fmt/pull/4528).
Thanks @localspook and @Anas-Hamdane.
- Fixed a buffer overflow on all emphasis flags set
(https://github.com/fmtlib/fmt/pull/4498). Thanks @dominicpoeschko.
- Fixed an integer overflow for precision close to the max `int` value.
- Fixed compatibility with WASI (https://github.com/fmtlib/fmt/issues/4496,
https://github.com/fmtlib/fmt/pull/4497). Thanks @whitequark.
- Fixed `back_insert_iterator` detection, preventing a fallback on slower path
that handles arbitrary iterators (https://github.com/fmtlib/fmt/issues/4454).
- Fixed handling of invalid glibc `FILE` buffers
(https://github.com/fmtlib/fmt/issues/4469).
- Added `wchar_t` support to the `std::byte` formatter
(https://github.com/fmtlib/fmt/issues/4479,
https://github.com/fmtlib/fmt/pull/4480). Thanks @phprus.
- Changed component prefix from `fmt-` to `fmt_` for compatibility with
NSIS/CPack on Windows, e.g. `fmt-doc` changed to `fmt_doc`
(https://github.com/fmtlib/fmt/issues/4441,
https://github.com/fmtlib/fmt/pull/4442). Thanks @n-stein.
- Added the `FMT_CUSTOM_ASSERT_FAIL` macro to simplify providing a custom
`fmt::assert_fail` implementation (https://github.com/fmtlib/fmt/pull/4505).
Thanks @HazardyKnusperkeks.
- Switched to `FMT_THROW` on reporting format errors so that it can be
overriden by users when exceptions are disabled
(https://github.com/fmtlib/fmt/pull/4521). Thanks @HazardyKnusperkeks.
- Improved master project detection and disabled install targets when using
{fmt} as a subproject by default (https://github.com/fmtlib/fmt/pull/4536).
Thanks @crueter.
- Made various code improvements
(https://github.com/fmtlib/fmt/pull/4445,
https://github.com/fmtlib/fmt/pull/4448,
https://github.com/fmtlib/fmt/pull/4473,
https://github.com/fmtlib/fmt/pull/4522).
Thanks @localspook, @tchaikov and @way4sahil.
- Added Conan instructions to the docs
(https://github.com/fmtlib/fmt/pull/4537). Thanks @uilianries.
- Removed Bazel files to avoid issues with downstream packaging
(https://github.com/fmtlib/fmt/pull/4530). Thanks @mering.
- Added more entries for generated files to `.gitignore`
(https://github.com/fmtlib/fmt/pull/4355,
https://github.com/fmtlib/fmt/pull/4512).
Thanks @dinomight and @localspook.
- Fixed various warnings and compilation issues
(https://github.com/fmtlib/fmt/pull/4447,
https://github.com/fmtlib/fmt/issues/4470,
https://github.com/fmtlib/fmt/pull/4474,
https://github.com/fmtlib/fmt/pull/4477,
https://github.com/fmtlib/fmt/pull/4471,
https://github.com/fmtlib/fmt/pull/4483,
https://github.com/fmtlib/fmt/pull/4515,
https://github.com/fmtlib/fmt/issues/4533,
https://github.com/fmtlib/fmt/pull/4534).
Thanks @dodomorandi, @localspook, @remyjette, @Tomek-Stolarczyk, @Mishura4,
@mattiasljungstrom and @FatihBAKIR.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
