Michael Tremer [Thu, 16 Jul 2026 12:17:04 +0000 (12:17 +0000)]
rust: Skip the build step on all packages
Running "cargo build" on the crates does not make a lot of sense for us
as none of the built files are neither needed nor installed. We only
build them to confirm that the crate itself builds.
In order to speed up the entire build process, this patch removes the
build stage from all crates so that they will only be extracted and
installed.
Packages that actually create any binaries will still need to call the
build stage and are not touched.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This used to work around an issue with locking inside QEMU which should
be resolved by now and should also not be a problem when building on
real hardware.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 15 Jul 2026 13:31:28 +0000 (13:31 +0000)]
avahi: Prevent the service from blocking the shutdown
When the service is not running, the kill command will return an error
which will not be caught and forwarded to the caller of the initscript.
That way, the boot process might be paused which is fixed by this patch.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 Jul 2026 14:23:33 +0000 (14:23 +0000)]
protobuf: Update to 35.1
This also enables release mode when compiling so that we won't add any
superfluous debugging code which makes the build of protobuf-c crash on
riscv64.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 Jul 2026 15:56:14 +0000 (17:56 +0200)]
wireguard: Remove any excess whitespace around subnets
Fixes: #13951 - WireGuard CU200,201,203 - Import a Connection with multiple addresses results in an error Invalid Network Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 9 Jul 2026 15:08:49 +0000 (17:08 +0200)]
openssh: Update to version 10.4p1
- Update from version 10.3p1 to 10.4pi
- Update of rootfile
- Changelog
10.4p1
Potentially-incompatible changes
* sshd(8): configuration dump mode ("sshd -G") now writes directives
in mixed case (e.g. "PubkeyAuthentication") whereas previously it
emitted only lower-case names.
* sshd(8): on Linux systems with the seccomp sandbox enabled,
failures to enable SECCOMP or NO_NEW_PRIVS are now fatal.
Previously sshd(8) would log the error but continue operation,
to support systems that lacked these features. Now systems that
lack these should instead disable the sandbox at configure time.
* ssh(1), sshd(8): make the transport protocol stricter by
disconnecting if the peer sends non-KEX messages during a post-
authentication key re-exchange. Previously a malicious peer could
continue sending non-key exchange messages without penalty. These
would be buffered, causing memory to be wasted up until the
connection terminated or the server/client hit a memory limit.
Implementations that do not restrict messages sent during key
exchange as per RFC4253 section 7.1 may be disconnected.
Reported by Marko Jevtic.
Security
* sftp(1): when downloading files on the command-line using
"sftp host:/path .", a malicious server could cause the file to
be downloaded to an unexpected location. This issue was identified
by the Swival Security Scanner.
* scp(1): when copying files between two remote destinations, do
not allow a malicious server to write files to the parent
directory of the intended target directory. This issue was
identified by the Swival Security Scanner.
* sshd(8): when using the "internal-sftp" SFTP server implementation
(this is not the default), long command lines were previously
truncated silently after the 9th argument. If a security-relevant
option was in the 10th or later position, it would be discarded.
Reported by Steve Caffrey.
* sshd(8): add a documentation note to mention that the
GSSAPIStrictAcceptorCheck option is ineffective when the server
is joined to a Windows Active Directory. Reported by Yarin Aharoni
of Safebreach.
* sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes
as it was documented to do. Note that PermitTunnel is not enabled
by default. Reported independently by Huzaifa Sidhpurwala of
Redhat and Marko Jevtic.
* sshd(8): avoid a potential pre-authentication denial of service
when GSSAPIAuthentication was enabled (this feature is off by
default). This was not mitigated by MaxAuthTries, but would be
penalised by PerSourcePenalties. This was reported by Manfred
Kaiser of the milCERT AT (Austrian Ministry of Defence).
* sshd(8): fix a number of cases where the minimum authentication
delay was not being enforced. Reported by the Orange Cyberdefense
Vulnerability Team.
* ssh(1): fix a possible client-side use-after-free if the server
changes its host key during a key reexchange. This was reported by
Zhenpeng (Leo) Lin of Depthfirst.
New features
* All: add experimental support for a composite post-quantum
signature scheme that combines ML-DSA 44 and Ed25519 as specified
in draft-miller-sshm-mldsa44-ed25519-composite-sigs.
This scheme is not enabled by default. To use it, you'll need
to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc.
Keys may be generated using "ssh-keygen -t mldsa44-ed25519".
* ssh(1), sshd(8): replace the wildcard pattern matcher with an
implementation based on an NFA. This avoids exponential worst-case
behaviour for the old implementation.
Bugfixes
* ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION
requests. bz3967
* sshd(8): avoid sending observably different messages for valid vs
invalid users in GSSAPIAuthentication (disabled by default).
* ssh(1), sshd(8): fix several bugs that incorrectly
classified bulk traffic as interactive. bz3972, bz3958
* ssh-keygen(1), ssh-add(1): skip unsupported key types when
downloading resident keys from a FIDO token. Previously, downloads
would abort when one was encountered. GHPR657
* ssh(1): fix a potential use-after-free on an error path if
cipher_init() fails.
* sshd(8): perform stricter encoding and validation of transport
state passed between sshd privilege separation subprocesses. This
somewhat further hardens the server against attacks on sshd-auth
or sshd-session subprocesses.
* ssh-agent(1): avoid possible runtime denial of service by
enforcing some limits on the length of usernames in key use
constraints.
* sftp(1): fix two separate one-byte out-of-bounds reads, in
SSH2_FXP_REALPATH and batch command processing.
* sftp-server(8): disallow use of the copy-data extension to read
and write to the same inode simultaneously.
* ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was
created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent.
GHPR679
* sftp(1), scp(1): avoid a situation where sftp_download() could get
stuck in a loop if a broken server repeatedly returned zero length
while reading a file.
* ssh(1): avoid leaking DNS0x20 case-randomised names into names
canonicalised using CanonicalizePermittedCNAMEs. bz3966
* sftp-server(8): avoid truncation of pathnames passed to lstat()
during SSH_FXP_REALPATH handling on systems where PATH_MAX is not
the actual max. GHPR688
* ssh(1), sshd(8): correct arming of poll(2) event masks for some
socket-type channels. GHPR660
* sshd(8): major refactor of sshd_config parsing and management
code, to allow for more exact serialisation/deserialisation across
privilege separation boundaries.
* ssh-add(1): open connection to the agent only after getopt()
processing has completed, to give options like "-v" a chance to
display debug information about this operation.
* crypto code: fix bounds checking when signing messages of length
greater than will fit in a size_t. In OpenSSH, message sizes are
bounded by SSHBUF_SIZE_MAX so this was unreachable.
* crypto code: add signature malleability and pubkey validity checks
to ed25519 verification. SSH doesn't depend on these properties
* crypto code: fix ECDSA order check for curves with cofactor != 1.
All supported EC curves have cofactor 1, so this was
unreachable.
* sshd(8): differentiate between execution failures and a subsystem
that was not found when logging why a subsystem failed to start.
GHPR637
* All: use safer idioms for timegm(3) and mktime(3) error detection.
* ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in
config files or command-line arguments. This could cause runtime
failures later.
* ssh(1): fix NULL deref crash during pubkey auth when using a PEM
style private key with no corresponding .pub key adjacent to it.
* sshd(8): don't print an error message when trying to load a host
private key when PKCS#11 keys are in use, as these don't need the
private half on the filesystem. GHPR664
* All: don't use deprecated ERR_load_crypto_strings(). GHPR650
* ssh(1): properly report errors during configuration default
setting. GHPR649
* ssh(1): use correct directive name (Match instead of Host) in
error message. bz3968
* sftp(1): fix "ls -ln" which was not correctly showing numeric
UID/GIDs but rather user and group names. bz3953
* sshd(8): avoid possible NULL dereference if an allocation fails
during config parsing. bz3948
* All: fix ineffective guards against loading overly large public
keys in several places. bz3969 and bz3970
* sftp(1): ensure file descriptors used by sftp to communicate to
its ssh(1) subprocess don't leak into executed subprocesses (e.g.
via "!"). GHPR693
Portability
* Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness
fix for large exponents (GHPR671)
* sshd(8): remove duplicate sandbox entry for clock_gettime64.
* ssh(1), sshd(8): use correct IPTOS_DSCP_VA value if not provided
by the system headers.
* Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness
fixes.
* Disable replacements in openbsd-compat for strvisx(3) and
stravis(3), as these are unused in OpenSSH
* Avoid fortify warnings on Android bz3954
* Fix a number of memory leaks on error paths in the portability
code. GHPR681
* Revise the README.privsep documentation to reflect sshd's recent
switch to a multi-binary model.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 9 Jul 2026 15:08:50 +0000 (17:08 +0200)]
tshark: Update to version 4.6.7
- Update from version 4.6.6 to 4.6.7
- Update of rootfile
- 12 wnpa-sec security vulnerability fixes implemented
- Changelog
4.6.7
The following vulnerabilities have been fixed:
wnpa-sec-2026-52 Catapult DCT2000 protocol dissector crash. Issue 21270.
wnpa-sec-2026-53 pcapng file parser crash. Issue 21285.
wnpa-sec-2026-54 FMP/NOTIFY protocol dissector large loop. Issue 21347.
wnpa-sec-2026-55 SSH protocol dissector crash. Issue 21378.
wnpa-sec-2026-56 TLS ECH decryption crash. Issue 21390.
wnpa-sec-2026-57 IEEE 802.11 protocol dissector crash. Issue 21391.
wnpa-sec-2026-58 Z39.50 protocol dissector crash. Issue 21397.
wnpa-sec-2026-59 UMTS FP protocol dissector crash. Issue 21398.
wnpa-sec-2026-60 BLF file parser information disclosure. Issue 21361.
wnpa-sec-2026-61 Multiple protocol dissector infinite loops. Issue 21275,
Issue 21277, Issue 21330, Issue 21383.
wnpa-sec-2026-62 DBS Etherwatch file parser crash. Issue 21352.
wnpa-sec-2026-63 Ciscodump extcap crash. Issue 21375.
The following bugs have been fixed:
Wireshark appears in German when the system language is Dutch. Issue 20347.
Qt: Capture filter combo box does not enforce minimum size or expanding size
policy. Issue 21080.
BACapp: Error parsing you-are request. Issue 21260.
Use-After-Free in Ethernet POWERLINK (EPL) Dissector during profile loading error
path. Issue 21267.
Sponsor slides are not properly shown. Issue 21268.
Buffer overlow/segfault in Catapult DCT2000 dissector via not check no_ddi_entries
in header. Issue 21270.
Fuzz job issue: fuzz-2026-05-24-14517548985.pcap. Issue 21272.
Fuzz job UTF-8 encoding issue: fuzz-2026-06-07-14732586286.pcap. Issue 21331.
Memory leak in alp-sample1.pcap. Issue 21343.
Memory leak in nspi.pcap. Issue 21344.
Heap-Buffer-Overflow in Wireshark Logcat Parser. Issue 21346.
IPv6 Ping from Debian (among others) is dissected as "HiPerConTracer" Issue 21349.
HEVC (H.265) dissector: bit_offset not advanced after sub_layer_hrd_parameters()
causes false Malformed Packet. Issue 21362.
dfilter_compile_full: heap-buffer-overflow READ in ws_strptime on a time literal.
Issue 21376.
Wireshark crashes with a HEAP_CORRUPTION error when using the last saved
recent_common file. Issue 21379.
Fuzz job issue: fuzz-2026-06-30-15106674620.pcap. Issue 21381.
New and Updated Features
The Windows installers are now built with Visual Studio 2026.
Updated Protocol Support
ALC, BACapp, C2P, Catapult DCT2000, COTP, CSN.1, DCERPC, DCERPC MAPI, DCERPC NSPI,
DNS, DVB-S2-TABLE, eDonkey, EPL, FC ELS, FMP/NOTIFY, H.265, HiPerConTracer,
IEEE 802.11, LLS, MEGACO, MIH, MPEG DSM-CC, MS-WSP, RELOAD, SGP.32, SSH,
STANAG 4607, UMTS FP, WOWW, and Z39.50
New and Updated Capture File Support
Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng
Plugin Development Changes
On UN*X systems (excluding macOS when running from an app bundle, as with the
official installer) extcap binaries are now searched for under the libexec
directory by default, e.g., /usr/libexec/wireshark/extcap instead of
/usr/lib64/wireshark/extcap or similar. This is the customary place for helper
binaries, which as opposed to libraries do not need multiarch support. The
location can be overridden via the environment variable WIRESHARK_EXTCAP_DIR.
The extcap binaries shipped with Wireshark are installed in the new location,
but third party extcaps may need packaging changes. This change was effective
in version 4.6.0, but was not explicitly noted in the release notes previously.
Note that some distributions do not use a libexec directory, such as Alpine
Linux, which does not have multilib support. On such systems extcap binaries
should be in the same location as before.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 9 Jul 2026 15:08:51 +0000 (17:08 +0200)]
tzdata: Update to version 2026c
- Update from version 2026b to 2026c
- No change to rootfile
- Changelog
2026c
Briefly:
Alberta moved to permanent -06 on 2026-06-18.
Morocco moves to permanent +00 on 2026-09-20.
More integer overflow bugs have been fixed in zic.
Changes to future timestamps
Alberta’s 2026-03-08 spring forward was its last foreseeable clock
change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh
Pournader and others.) Model this with its traditional abbreviation
CST. Although the change to permanent -06 legally took place on
2026-06-18, temporarily model the change to occur on 2026-11-01 at
02:00 instead, for the same reason we introduced a similarly
temporary hack for British Columbia in 2026b.
Although another TZDB release will likely be needed soon because
Northwest Territories will likely follow Alberta, the legal
formalities have not yet taken place.
Morocco plans to move back to permanent UTC, without daylight
saving time transitions, on 2026-09-20 at 02:00. This also
affects Western Sahara.
Changes to code
zic no longer overflows integers when processing outlandish input
like ‘Zone Ouch 0 - LMT 9223372036854775807’, ‘Zone Ouch 0 2562047788015215 LMT’, ‘Zone Ouch -2562047788015215:30:08 - LMT’,
and ‘Zone Ouch -2562047788015215:30:08 - %%z’. This avoids
undefined behavior in C. (Problems reported by Naveed Khan.)
On platforms that have EFTYPE, tzalloc now fails with errno set to
EFTYPE, not EINVAL, if it detects that the TZif file has an
invalid format or is not a regular file. Formerly it did this
only on NetBSD, and only when the file was not a regular file.
Unprivileged programs no longer require TZif files to be regular
files or reject relative names containing ".." components. This
reverts to the more-permissive 2025b behavior, as the stricter
behavior did not catch on in FreeBSD.
zic now reports any failure to remove a temporary file when
cleaning up after a previous failure. (Problem reported by Tom
Lane.)
Changes to commentary
Northwest Territories is expected to move to permanent -06 prior to
2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to
Tim Parenti and James Bellaire.) Model this with its traditional
abbreviation CST. Unfortunately the change is not yet official, so
it is currently present only as comments that can be uncommented as
needed.
Changes to build procedure
The undocumented ‘typecheck’ Makefile check rule has been removed.
It stopped working in 2025a and evidently nobody noticed.
The rule was superseded by ‘check_time_t_alternatives’ in 2013d.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 9 Jul 2026 15:08:43 +0000 (17:08 +0200)]
c-ares: Update to version 1.34.8
- Update from version 1.34.5 to 1.34.8
- Update of rootfile
- 1 CVE fix in 1.34.7 and 1 in 1.34.6
- Changelog
1.34.8
Bugfixes:
* Revert "Mark parameters in callbacks as const" which shipped in 1.34.7.
Changing the parameter types of the `ares_callback`, `ares_host_callback`,
and `ares_nameinfo_callback` function pointer typedefs was an unintended
API break: existing applications with the historical non-const callback
signatures no longer compiled, particularly in C++ where function pointer
types must match exactly. The read-only nature of the callback parameters
is now documented instead.
[PR #1244](https://github.com/c-ares/c-ares/pull/1244)
1.34.7
Security:
* CVE-2026-33630. Use-after-free / double-free in c-ares' query-completion
handling, remotely triggerable via ares_getaddrinfo() over TCP. Please see
https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
* CPU-exhaustion denial of service via unbounded DNS name compression pointer
chains. Please see
https://github.com/c-ares/c-ares/security/advisories/GHSA-pjmc-gx33-gc76
* Memory-amplification denial of service via unvalidated DNS header record
counts. Please see
https://github.com/c-ares/c-ares/security/advisories/GHSA-jv8r-gqr9-68wj
Changes:
* `ares_getaddrinfo()`: handle a NULL node per POSIX and implement
`ARES_AI_PASSIVE`. [PR #1186](https://github.com/c-ares/c-ares/pull/1186)
* Mark parameters in callbacks as const.
[PR #1060](https://github.com/c-ares/c-ares/pull/1060)
* Correct `ARES_CLASS_HESOID` misspelling to `ARES_CLASS_HESIOD`.
[PR #1092](https://github.com/c-ares/c-ares/pull/1092)
Bugfixes:
* Fix sticky server recovery when all servers have failures. [PR #1192]
(https://github.com/c-ares/c-ares/pull/1192)
* Fix UDP socket exhaustion regression: retire connections per-connection,
not via server failure count. [PR #1197]
(https://github.com/c-ares/c-ares/pull/1197)
* Guard DNS record binary length overflow. [PR #1168]
(https://github.com/c-ares/c-ares/pull/1168)
* Prevent integer overflow in allocation size calculations. [PR #1147]
(https://github.com/c-ares/c-ares/pull/1147)
* Prevent overflow in ares_array allocation size calculations. [PR #1117]
(https://github.com/c-ares/c-ares/pull/1117)
* Prevent integer overflow in buffer size calculation. [PR #1116]
(https://github.com/c-ares/c-ares/pull/1116)
* Add overflow checks to ares_buf_ensure_space(). [PR #1094]
(https://github.com/c-ares/c-ares/pull/1094)
* Skip name compression offsets beyond the 14-bit pointer limit. [PR #1159]
(https://github.com/c-ares/c-ares/pull/1159)
* ares_dns_parse: reject name compression in RDATA where not permitted
(RFC 3597). [PR #1190](https://github.com/c-ares/c-ares/pull/1190)
* ares_dns_parse: reject responses with more than one OPT record (RFC 6891).
[PR #1189](https://github.com/c-ares/c-ares/pull/1189)
* Discard oversized UDP datagrams instead of truncating the length frame.
[PR #1161](https://github.com/c-ares/c-ares/pull/1161)
* Route numeric config parsing through range-checked ares_str_parse_uint.
[PR #1158](https://github.com/c-ares/c-ares/pull/1158)
* Replace atoi-based port parsing with validated helper. [PR #1097]
(https://github.com/c-ares/c-ares/pull/1097)
* Defer TCP connection error handling until DNS responses are parsed.
[PR #1138](https://github.com/c-ares/c-ares/pull/1138)
* Prevent undefined-behavior left shift in ares_calc_query_timeout().
[PR #1151](https://github.com/c-ares/c-ares/pull/1151)
* Use unsigned type for ares_round_up_pow2_u64 to avoid undefined behavior.
[PR #1107](https://github.com/c-ares/c-ares/pull/1107)
* Fix undefined behavior in ares_buf_replace() pointer arithmetic. [PR #1099]
(https://github.com/c-ares/c-ares/pull/1099)
* ares_array: reset offset when array becomes empty. [PR #1165]
(https://github.com/c-ares/c-ares/pull/1165)
* ares_iface_ips: add ARES_IFACE_IP_NONE zero enum value. [PR #1187]
(https://github.com/c-ares/c-ares/pull/1187)
* ares_sysconfig_files: recognize AIX netsvc.conf bind4/local4 tokens.
[PR #1188](https://github.com/c-ares/c-ares/pull/1188)
* Use safe string construction in Windows sysconfig join path. [PR #1143]
(https://github.com/c-ares/c-ares/pull/1143)
* Fix zero-length RAW_RR losing type metadata during parsing. [PR #1129]
(https://github.com/c-ares/c-ares/pull/1129)
* Fix RAW_RR type tostr/fromstr roundtrip mismatch. [PR #1123]
(https://github.com/c-ares/c-ares/pull/1123)
* Fix NULL dereference for ifa netmask. [PR #1120]
(https://github.com/c-ares/c-ares/pull/1120)
* adig: fix negated option prefix parsing. [PR #1135]
(https://github.com/c-ares/c-ares/pull/1135)
* Use UnregisterWaitEx to prevent use-after-free on Win32. [PR #1111]
(https://github.com/c-ares/c-ares/pull/1111)
* Add NULL check after ares_malloc_zero in Windows UTF8 conversion. [PR #1121]
(https://github.com/c-ares/c-ares/pull/1121)
* Fix NULL dereference after ares_malloc_zero in Win32 IOCP event add.
[PR #1132](https://github.com/c-ares/c-ares/pull/1132)
* Fix microsecond overflow in ares_queue_wait_empty timeout. [PR #1122]
(https://github.com/c-ares/c-ares/pull/1122)
* Fix NULL dereference in ares_buf_replace() on NULL buf. [PR #1124]
(https://github.com/c-ares/c-ares/pull/1124)
* Initialize *read_bytes in ares_socket_recvfrom(). [PR #1125]
(https://github.com/c-ares/c-ares/pull/1125)
* Fix memory leak of binbuf in ares_buf_parse_dns_binstr_int. [PR #1126]
(https://github.com/c-ares/c-ares/pull/1126)
* Fix memory leak of qcache entry on key allocation failure. [PR #1127]
(https://github.com/c-ares/c-ares/pull/1127)
* Fix memory leak of buf in ares_dns_multistring_combined() on OOM. [PR #1110]
(https://github.com/c-ares/c-ares/pull/1110)
* Fix memory leaks on error paths in two functions. [PR #1109]
(https://github.com/c-ares/c-ares/pull/1109)
* Fix memory leak of buckets in ares_htable_dict_keys() error path. [PR #1108]
(https://github.com/c-ares/c-ares/pull/1108)
* Fix memory leak of bucket->key in ares_htable_dict_insert error path.
[PR #1105](https://github.com/c-ares/c-ares/pull/1105)
* Fix additional memory leaks.
[PR #1091](https://github.com/c-ares/c-ares/pull/1091)
[PR #1078](https://github.com/c-ares/c-ares/pull/1078)
* Prevent corrupt addrinfo nodes on sockaddr allocation failure. [PR #1112]
(https://github.com/c-ares/c-ares/pull/1112)
* Fix two logic bugs in DNS cookie handling. [PR #1103]
(https://github.com/c-ares/c-ares/pull/1103)
* Fix linked list INSERT_BEFORE corruption and array insertdata_first ordering.
[PR #1101](https://github.com/c-ares/c-ares/pull/1101)
* Fix HASH_IDX macro missing parentheses. [PR #1128]
(https://github.com/c-ares/c-ares/pull/1128)
* Fix malloc(0) in ares_htable_all_buckets on empty table. [PR #1131]
(https://github.com/c-ares/c-ares/pull/1131)
* Fix wrong sizeof in QNX confstr() call truncating domain names. [PR #1130]
(https://github.com/c-ares/c-ares/pull/1130)
* Clear probe pending flag after timeout. [PR #1059]
(https://github.com/c-ares/c-ares/pull/1059)
* Fix incorrect check for empty wide string. [PR #1064]
(https://github.com/c-ares/c-ares/pull/1064)
* Handle strdup failure. [PR #1077]
(https://github.com/c-ares/c-ares/pull/1077)
* doc: reference ares_free_string(), not ares_free(). [PR #1084]
(https://github.com/c-ares/c-ares/pull/1084)
1.34.6
Security:
* CVE-2025-62408. A use-after-free bug has been uncovered in read_answers() that
was introduced in v1.32.3. Please see
https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
Changes:
* Ignore Windows IDN Search Domains until proper IDN support is added.
[PR #1034](https://github.com/c-ares/c-ares/pull/1034)
Bugfixes:
* Event Thread could stall when not notified of new queries on existing
connections that are in a bad state
[PR #1032](https://github.com/c-ares/c-ares/pull/1032)
* fix conversion of invalid service to port number in ares_getaddrinfo()
[PR #1029](https://github.com/c-ares/c-ares/pull/1029)
* fix memory leak in ares_uri
[PR #1012](https://github.com/c-ares/c-ares/pull/1012)
* Ignore ares_event_configchg_init failures
[PR #1009](https://github.com/c-ares/c-ares/pull/1009)
* Use XOR for random seed generation on fallback logic.
[PR #994](https://github.com/c-ares/c-ares/pull/994)
* Fix clang build on windows.
[PR #996](https://github.com/c-ares/c-ares/pull/996)
* Fix IPv6 link-local nameservers in /etc/resolv.conf
[PR #996](https://github.com/c-ares/c-ares/pull/997)
* Fix a few build issues on MidnightBSD.
[PR #983](https://github.com/c-ares/c-ares/pull/983)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 8 Jul 2026 16:09:12 +0000 (18:09 +0200)]
sysklogd: Fix sending packets to remove syslog servers
When sysklogd binds to localhost, it will try to use that socket to
reach any remove syslog servers which fails because of obvious reasons.
Therefore we will have to let sysklogd bind to 0.0.0.0 and we create a
separate firewall so that we won't accept any packets from the network
but localhost which is accepted in the LOOPBACK chain.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 8 Jul 2026 16:09:12 +0000 (18:09 +0200)]
sysklogd: Fix sending packets to remove syslog servers
When sysklogd binds to localhost, it will try to use that socket to
reach any remove syslog servers which fails because of obvious reasons.
Therefore we will have to let sysklogd bind to 0.0.0.0 and we create a
separate firewall so that we won't accept any packets from the network
but localhost which is accepted in the LOOPBACK chain.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Julio Lira [Wed, 8 Jul 2026 10:12:44 +0000 (10:12 +0000)]
suricata: add julioliraup/Antiphishing ruleset
This patch adds the 'julioliraup/antiphishing' ruleset to the
Suricata configuration. This feed is hosted on GitHub and focuses
on blocking phishing threats at the network layer. It is already
officially indexed by suricata-update and frequently updated.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 4 Jul 2026 15:38:48 +0000 (17:38 +0200)]
tar: Avoid acl_ prefixes for functions
- The latest updates for acl and attr created some functions that ended up duplicating
ones that tar had created. This patch has been implemented to make these functions
start with tar_ so that they are specific to the tar project.
- No change to the rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 4 Jul 2026 15:38:46 +0000 (17:38 +0200)]
attr: Update to version 2.6.0
- Update from version 2.5.2 to 2.6.0
- Update rootfile
- 1 CVE fix
- Changelog
2.6.0
- Security fixes for CVE-2026-54371:
- Fix symlink traversal privilege escalation vulnerability in getfattr and
setfattr
- Harden getfattr to properly handle symlinks with -h/--no-dereference option
- Harden setfattr --restore with new -P/--physical option for safe restoring
- Add warnings for potentially unsafe restore operations (can be disabled
with the --disable-unsafe-restore-warnings configure option)
- New extended attribute system call support:
- Add wrappers for new xattrat() system calls (getxattrat, setxattrat,
listxattrat, removexattrat) introduced in kernel 6.13
- Add backwards compatibility layer for older systems without xattrat()
support
- Add openat2() syscall wrapper support for enhanced security (kernel 5.6+)
- Code improvements and fixes:
- Add new walk_tree helper, remove old implementation
- Fix multiple memory management issues in attr_copy_* functions
- Fix race conditions in listxattr and lgetxattr operations
- Fix buffer overflow and use-after-free bugs in setfattr --restore
- Remove dead code and improve compiler warning handling
- Add visibility attribute support for better library symbol management
- Build system and compatibility:
- Improve test suite for SELinux environments
- Add License variable to pkg-config file
- Fix various compiler warnings with -Wall, -Wextra, -Wmissing-prototypes
- Add missing header includes and mark local functions static
- Translation updates:
- Update the German translation
- Configuration updates:
- Remove obsolete system.nfs4acl entry from xattr.conf
- Add configure option --disable-unsafe-restore-warnings
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 4 Jul 2026 15:38:44 +0000 (17:38 +0200)]
acl: Update to version 2.4.0
- Update from version 2.3.2 to 2.4.0
- Update of rootfile
- 2 CVE fixes
- Changelog
2.4.0
* Major security and robustness improvements:
- Fix multiple security vulnerabilities: CVE-2026-54369 and CVE-2026-54370
- Harden setfacl, getfacl, and chacl against malicious input
- Prevent NULL pointer dereferences and memory corruption
- Fix setfacl --restore for pathnames beginning with whitespace
- Prevent setfacl --restore --test from changing file permissions
* New library functions:
- Add acl_get_file_at(), acl_set_file_at(), acl_delete_def_file_at() for
safer file operations using file descriptors and to control symlink
following
- acl_delete_def_file_at() allows removing default ACLs via file descriptor
* API improvements and bug fixes:
- Remove libacl dependency on libattr
- Reject invalid numeric UIDs and GIDs in libacl
- Fix memory wasting loop when user does not exist
- Retry harder in acl_get_file/acl_get_fd operations
- Improve errno handling in acl permission functions
- Fix compiler warnings and sequence point issues
* Build system and code organization:
- Rename internal symbols with __acl_ prefix to avoid conflicts
- Internalize walk_tree API and replace with hardened version
- Mark local variables and functions static where appropriate
- Remove unnecessary dependencies and dead code
* Test suite improvements:
- Fix test compatibility issues with getpwnam/getgrnam functions
- Add comprehensive restore.run test for --restore functionality
- Fix shell quoting errors in test scripts
- Improve test lookup library accessibility
* Documentation updates:
- Clarify symlink following behavior in manual pages
- Document new _at function variants
- Clarify that on Linux, acl_perm_t is a bitset
* Translation updates:
- German translation update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:33 +0000 (21:41 +0200)]
vim: Update to version 9.2.0769
- Update from version 9.2.0526 to 9.2.0769
- Update of rootfile
- Changelog is not available. Generally each patch version number update is related to
a commit entry in the git repository. The details for all the commit changes can be
found at https://github.com/vim/vim/commits/master/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:32 +0000 (21:41 +0200)]
systemd: Update to version 261.1
- Update from version 260.1 to 261.1
- Update of rootfile
- Changelog
261.1
This only lists the commits and not easy to identify what might be related to
udev. This is the link to the commits.
https://github.com/systemd/systemd/compare/v261...v261.1
261
Changes in systemd-udevd, hwdb and udev rules:
* The DMI ID device (/sys/class/dmi/id) is now tagged so that
early-boot consumers can reliably order against it.
* udev's "blkid" builtin will now set a new udev property
ID_PART_GPT_AUTO_ROOT_DISK_NEEDS_LOOP=1 on boot block devices where a
GPT partition table is detected for a sector size different from the
native sector size of the device. (This typically happens if a Hybrid
ISO9660/GPT disk image is booted as CDROM, where the native sector
size is 2048 but the GPT header uses a 512-byte sector size). If this
happens then a systemd-loop@.service instance is automatically pulled
in via a udev rule that generates a loopback block device from the
discovered block device, exposing the device with the corrected
sector size. Or in other words: booting a fully valid GPT disk image
on a block device with a non-matching sector size will now just work,
and automatically result in a matching loopback device popping
up. The new property is also set if the boot block device carries a
GPT header (i.e. is partitioned) but the block device has partition
table processing turned off.
* Persistent network interface naming has been extended to auxiliary
sub-function (SF) network devices (such as mlx5_core SFs), using an
"S<sfnum>" suffix appended to the parent PCI function's name (e.g.
"enp193s0f0S88").
260.3
This only lists the commits and not easy to identify what might be related to
udev. This is the link to the commits.
https://github.com/systemd/systemd/compare/v260.2...v260.3
260.2
This only lists the commits and not easy to identify what might be related to
udev. This is the link to the commits.
https://github.com/systemd/systemd/compare/v260.1...v260.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3530200 to 3530300
- Update of rootfile
- Changelog 3530300
Fixes for problems in 3.53.0 (and 3.53.1 and 3.53.2) mostly coming from AIs.
See the check-in timeline for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:30 +0000 (21:41 +0200)]
pango: Update to version 1.58.0
- Update from version 1.57.1 to 1.58.0
- Update of rootfile
- Changelog
1.58.0
* PangoFontDescription has a new width attribute, which
is like stretch, but allows intermediate values
* PangoRenderer has gained the ability to render only certain
components of a layout (such overlines, underlines, text,...)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:29 +0000 (21:41 +0200)]
libjpeg: Update to version 3.2.0
- Update from version 3.1.4.1 to 3.2.0
- Update of rootfile
- Changelog
3.2.0
Significant changes relative to 3.2 beta1:
1. Fixed a regression introduced by 3.2 beta1[9] that broke Arm64EC Windows
builds.
2. Hardened the PNG writer (which is used by djpeg and `tj3SaveImage*()`)
against applications that may erroneously attempt to write sample values that
are out of range for the specified output data precision. This could have
caused a buffer overrun in the PNG writer's rescale array if the output data
precision was not 8 or 16 bits. The buffer overrun did not likely pose a
security risk, since `tj3SaveImage*()` is not exposed to arbitrary external
input data and since a caller that abused the API in the aforementioned manner
could never work properly.
3. Hardened the libjpeg API against hypothetical applications that may
erroneously call `jpeg_crop_scanline()` with buffered-image mode and raw data
output enabled. `jpeg_crop_scanline()` does not work with raw data output, but
due to an oversight, it did not throw an error if both buffered-image mode and
raw data output were enabled. If a hypothetical application aborted a normal
decompression operation without reading any scanlines, started a new
decompression operation using the same libjpeg instance with buffered-image
mode and raw data output enabled, then called `jpeg_crop_scanline()` with
arguments that would have caused any of the component planes to be cropped to a
width of 1 sample, `jpeg_crop_scanline()` would have used freed memory.
However, this did not likely pose a security risk, since an application that
abused the API in the aforementioned manner could never work properly.
4. Fixed a buffer overrun and subsequent segfault in jpegtran that occurred
when attempting to use the `-crop` and `-trim` options to expand the width of
an image narrower than one iMCU, discard partial iMCUs, and fill each block in
the expanded region with the DC coefficient of the nearest block in the input
image ("flatten.") Similarly, fixed an infinite loop that occurred when
attempting to use the `-crop` and `-trim` options to expand the width of an
image narrower than one iMCU, discard partial iMCUs, and fill the expanded
region with repeated reflections of the input image ("reflect.") When the only
iMCU column in the input image is partial and partial iMCUs are trimmed, the
flatten and reflect extensions cannot work properly, so jpegtran now throws an
error if that is the case. These issues were confined to the jpegtran
application and thus did not pose a security risk.
3.1.90 (3.2 beta1)
Significant changes relative to 3.1.4.1:
1. The legacy GNU Assembler (GAS) implementation of the Arm Neon SIMD
extensions has been removed. Arm builds of libjpeg-turbo must now use GCC 12
or later or Clang in order to achieve full performance.
2. The SIMD dispatchers have been overhauled so that the list of supported SIMD
instruction sets is initialized on a per-instance basis rather than a
per-thread basis, thus eliminating the need for thread-local storage in the
libjpeg API library. The overhaul also streamlines and modernizes the
dispatcher architecture, eliminates redundant and unnecessary code, and
generally simplifies the process of adding new SIMD extensions. A new test
program (simdcoverage) can be used to validate the correctness of a particular
dispatcher.
3. If the `WITH_PROFILE` CMake variable is enabled, libjpeg-turbo now measures
the cumulative average throughput of each lossy JPEG compression and
decompression algorithm and reports it to the command line when
`jpeg_destroy_compress()`, `jpeg_destroy_decompress()`, or `tj3Destroy()` is
called.
4. jpegtran now honors the `-trim` and `-perfect` options when expanding the
image size using the `-crop` option. If `-trim` is specified, then partial
iMCUs from the source image are discarded in the expanded image (equivalent to
the previous behavior.) If `-trim` is not specified, then partial iMCUs are
left in place. If `-perfect` is specified, then expanding the image size using
the `-crop` option will fail if there are any partial iMCUs in the source
image. The new default behavior is useful, in combination with the `-drop`
option, for reversibly combining multiple JPEG source images into a single
composite JPEG image.
5. The MIPS DSPr2 SIMD extensions have been removed. Justifications:
- MIPS Technologies deprecated the MIPS architecture in favor of RISC-V in
2021.
- The DSPr2 instruction set was already obsolete at that point, having
been superseded by the MSA instruction set (which is now also deprecated.)
- The overall speedup from the DSPr2 SIMD extensions was never compelling,
in part because some of the modules were implemented using scalar (non-SIMD)
instructions and were thus no faster than the equivalent C modules.
- Some of the DSPr2 SIMD modules had long-standing bugs, and it was
necessary to disable those modules in order to prevent accuracy issues with
libjpeg-turbo on MIPS CPUs.
- The DSPr2 SIMD extensions only worked with 32-bit MIPS applications.
- The libjpeg-turbo Project has never had access to a MIPS test platform,
which limited our ability to maintain the DSPr2 SIMD extensions.
Even before the MIPS architecture was deprecated, the aforementioned
limitations had already reduced the number of platforms and applications that
could benefit from the DSPr2 SIMD extensions to near zero. The DSPr2 SIMD
extensions will continue to be maintained in the 3.1.x branch on a break/fix
basis.
6. Added RISC-V Vector (RVV) SIMD implementations of the colorspace conversion,
chroma downsampling and upsampling, integer quantization and sample conversion,
and integer DCT/IDCT algorithms. When using the accurate integer DCT/IDCT
algorithms, RGB-to-baseline JPEG compression is approximately 149-246% (avg.
201%) faster relative to libjpeg-turbo 3.1.x, and baseline-to-RGB JPEG
decompression is approximately 48-180% (avg. 115%) faster. (Tested on a 1.6
GHz Ky X1 CPU. Actual mileage may vary.)
7. The TurboJPEG Java API has been moved to a
[dedicated repository](https://github.com/libjpeg-turbo/turbojpeg-java) where
it can evolve independently of the TurboJPEG C API based on demand.
Justifications:
- The TurboJPEG Java API was designed around the needs of Java Web Start,
an obsolete "zero-install" method of Java application deployment. The idea was
that JWS applications could be deployed along with JAR files containing the
TurboJPEG Java API and TurboJPEG API library, which contained Java Native
Interface (JNI) bindings to support the former. It made sense for our project
to package those resources so downstream developers could easily sign and
deploy them via JWS. These days, however, Java applications are more
frequently deployed as standalone applications.
- The TurboJPEG Java API was designed at a time when libjpeg-turbo was not
ubiquitous and JNA was nascent. These days, libjpeg-turbo is used by most
operating systems, so there is less of a need for us to package an end-to-end
solution for high-speed JPEG support in Java.
- The Java-friendly design of the TurboJPEG Java API (specifically, the
requirement that it work directly with Java arrays rather than NIO buffers)
necessitated allocating all buffers on the Java heap in order to avoid buffer
copies. That necessitated using fixed-size JPEG buffers (the equivalent of
`TJPARAM_NOREALLOC`), which meant that all JPEG buffers had to be big enough to
account for the size of the ICC profile and the possibility of zero
compression. Some of the proposed new TurboJPEG API features would have been
impossible to implement in the TurboJPEG Java API without completely
redesigning it.
- The Java-friendly design of the TurboJPEG Java API made it
more difficult to maintain, document, and extend than the C API, which reduced
our ability to add needed features in a timely manner.
Example code (TurboJPEG/JNA) demonstrating how to use the TurboJPEG C API
through Java Native Access (JNA) has been added to the source tree and can be
built, tested, and installed by setting the `WITH_JNA` CMake variable.
TurboJPEG/JNA generally performs as well as the TurboJPEG C API, whereas
compressing JPEG images with the TurboJPEG Java API was slower on some
platforms.
8. To facilitate shadow recovery in underexposed images, the libjpeg and
TurboJPEG APIs and associated programs now allow an 8-bit-per-sample lossy JPEG
image to be decompressed to a 12-bit-per-sample output image. This is enabled
in the libjpeg API by setting `cinfo->data_precision = 12` after calling
`jpeg_read_header()`, and in the TurboJPEG API by calling `tj3Decompress12()`
after calling `tj3DecompressHeader()`.
9. cjpeg, djpeg, `tj3LoadImage*()`, and `tj3SaveImage*()` now support
8-bit-per-channel and 16-bit-per-channel PNG images.
- By default, cjpeg transfers the embedded ICC profile from a PNG input
image to the JPEG image, and djpeg transfers the embedded ICC profile from the
JPEG image to a PNG output image. A new option (`-noicc`) can be used to
disable that behavior.
- If called with a TurboJPEG compression instance, `tj3LoadImage*()`
extracts the embedded ICC profile from a PNG image and associates it with the
TurboJPEG instance if `TJPARAM_SAVEMARKERS` is set to 2 or 4.
- If called with a TurboJPEG decompression instance, `tj3SaveImage*()`
transfers the ICC profile that was previously extracted from the JPEG image to
a PNG image if `TJPARAM_SAVEMARKERS` is set to 2 or 4.
- The PNG writer upscales images with 2-7 and 9-15 bits of data
precision to, respectively, 8-bit-per-channel and 16-bit-per-channel PNG
images. The upscaling algorithm is reversible, so a lossless JPEG image with a
non-standard data precision can be losslessly converted to a PNG image and back
to a lossless JPEG image with the same data precision.
10. The TurboJPEG API has been improved in the following ways:
- `tj3GetICCProfile()` can now be called multiple times to retrieve the
ICC profile that was previously extracted from a JPEG image.
- `tj3GetICCProfile()` can now be used to retrieve the ICC profile
associated with a TurboJPEG compression instance (including an ICC profile
extracted from a PNG image by `tj3LoadImage*()`.)
- The JPEG colorspace can now be reset to the default, using a new
`TJPARAM_COLORSPACE` value (`TJCS_DEFAULT`.)
- 4:1:0 and 2:4 subsampling are now supported.
11. Added a new cjpeg, djpeg, and jpegtran option (`-nooverwrite`) that causes
the programs to fail if the specified output file exists.
12. jpegtran now includes a `-roll` option that performs a lossless roll
transform (shift with wraparound), which is similar in concept to the `-roll`
option in ImageMagick and the Offset filter/tool in Photoshop and GIMP.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:28 +0000 (21:41 +0200)]
libarchive: Update to version 3.8.8
- Update from version 3.8.7 to 3.8.8
- Update of rootfile
- Changelog
3.8.8
New features:
add support for reading encrypted zipx formats (bzip2, lzma, ppmd, xz, zstd) (#2685)
Fix overview:
build
build: Fix build with glibc 2.43 (#2969)
libarchive core
core: Fix NULL pointer increment in archive_acl_from_text_nl (#2905)
core: fix archive_entry_set_mode & archive_entry_set_perm (#2942)
core: Fix a double-free in the link resolver (#2957)
core: On Darwin, get digests from libsystem (#2973)
core: Fix buffer overrun and wrong output for NULL-name ACL entries (#2988)
core: archive_read: FATAL should be sticky for all API calls (#2998, #3009)
core: Date parsing: reject dates with numbers of more than 4 digits (#3010)
core: acl: parser out-of-bounds read (#3011)
core: pathmatch: heap buffer over-read (#3012)
core: pathmatch: Treat anchors not special without flags (#2928)
core: archive_match: Prevent call stack overflow (#2927)
core: sparse: UAF in sparse_reset (#3019)
core: Fix a number of unchecked memory allocations (#3040)
core: strmode: Remove strcpy usage (#3037)
core: cmdline: Use free+strdup instead of realloc+strcpy (#3036)
core: Fix libattr version returned in archive_version_details, as well as
a leak (#3064)
core: Fix integer overflow in __archive_read_filter_ahead (#3083)
core: read: Fix memory corruption on filtered multi-volume archives (68b6924)
core: Fix OOB in archive_read_open_filenames_w on some systems (#3114)
core: read_disk: Check if off_t can overflow size_t (#3146)
multiple: Fix mem leaks found with ASAN-enabled test suites (#2971)
windows: remove support for WinCrypt (#2739)
windows: util: Fix GetTempPathW TOCTOU race condition (#3044)
filters support
bzip2: Support large in-memory archives (#3050)
filter: compress: Fix SIGSEGV when appended before open (#2526)
filter: Remove unneeded strcpy calls (#3033)
filter: Fix mismatched filter function dispatch table entry in
archive_write_add_filter.c (#3054)
gzip: Support more large in-memory archives (#3085)
gzip: Fix OOB in writer with huge filename (#3115)
lz4: Check XXH32_init result (#3100)
lz4: Improve truncated input stream detection (#3093)
lz4: Fix double-free on reallocation failure (#3132)
uu: Extend range checks to avoid 32 bit OOB (#3103)
zstd: Fix 32 bit platform endless loop and OOB access during bidding (#3073)
zstd: Fix 32 bit platform endless loop and OOB access during bidding (#3073)
7-ZIP reader and writer
7-zip: Sanity-check the number of files (#2980)
7-zip: Harden SFX parser (#2985)
7-zip: Clean up the failure path in setup_decode_folder (#3002)
7-zip: Fix 32 bit heap overflow (#3006)
7-zip: Verify that Codec ID fits into 63 bit (#2929)
7-zip: writer: free file->utf16name on symlink UTF-8 conversion failure
(#3062)
7-zip: Support streamable reading again (#3074)
7-zip: Set error message in case of error (#3067)
7-zip: Extend support for filtered input (#3099)
7-zip: fix a number of issues in zstd detection (#3102)
7-zip: Fix range check in get_pe_sfx_offset (#3119)
7-zip: sanity-check FilesInfo NumFiles before allocating entries (#2923)
CAB reader
cab: reader: Fix use of uninitialized values from Huffman table (#2979)
cab: Harden the handling of invalid headers (#3000)
cab: Fix multi volume parser (#3153)
cab: Properly limit maximum name length (#3145)
cab: Improve truncation detection (#3144)
CPIO reader and writer
cpio: reader: Validate pathname in record_hardlink (#2984)
cpio: reject oversized pathnames before read-ahead (#3043)
cpio: Fix UAF in error path (#3055)
cpio: Improve afio header detection (#3095)
cpio: Fix writer OOB read with very long filenames (#3158)
cpio: fix OOB read from int pathlength truncation in newc/binary writers
(#3168)
iso9660 reader and writer
iso9660: Fix .. (dot dot) path normalization (#2968)
iso9660: Fix joliet pathname overflow (#2983)
iso9660: Fix NULL deref and Joliet ID overflow (#3017)
iso9660: Fix OOB during Joliet ID generation (#2974)
iso9660: Fix infinite loop in Joliet ID generation (#2978)
iso9660: Fix memory leaks on error paths (#3029)
iso9660: bound duplicate identifier extension placement (#3045)
iso9660: Fix null dereference in set_directory_record_rr (#3117)
iso9660: fix infinite loop on self-referencing CE entry (#3021)
mtree reader and writer
mtree: Escape standard pathname matching characters (#3007)
mtree: Do not append '/' when basename is '.' (#3008)
mtree: NULL pointer deref during archive close (#3018)
mtree: Fix hex parser (#2982)
mtree: Fix time value parser truncation (#2930)
mtree: Port iso9660 fix for .. (dot dot) path normalization (#3032)
mtree: Fix null dereference for some corner cases (#3057)
RAR reader
rar: avoid reading NEWSUB extended data during header parsing (#3015)
rar: Simplify FILE_ATTRIBUTE_DIRECTORY check (#3087)
rar: skip NEWSUB payloads without size cap (#3047)
rar: reset low-distance state for new LZ tables (#3048)
rar: Add missing bound check for staticdata (#3105)
RARv5 reader
rar5: FAIL if the decode table is > 2^16 (#3004)
rar5: Avoid dangling pointers in init_unpack (#3081)
rar5: skip unconsumed block bytes before ARCHIVE_RETRY (#3091)
rar5: fix signed integer underflow in bytes_remaining (#3121)
TAR reader and writer
tar: Harden timestamp parsing (#2991)
tar: Improve string safety in list_item_verbose (#3038)
tar: Fix OOB with empty wide character directory names (#3052)
WARC reader and writer
warc writer: free hdr on _popul_ehdr overflow in _warc_header (#3061)
XAR reader and writer
xar: Fix two UB (#3013)
xar: Avoid integer overflows in number parsers (#3030)
xar: Free XAR xattr fstype metadata during cleanup (#3028)
xar: Port iso9660 fix for .. (dot dot) path normalization (#3032)
xar: fix fflags_text leak in file_free (#3060)
xar: Fix writer OOB accesses with fflags (#3041)
ZIP reader and writer
zip: Limit the LZMA initialization to 64MiB memory (#2981)
zip: Don't try to write overlong pathnames (#2993)
zip: Reject empty pathnames in ZIP writer (#2996)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:27 +0000 (21:41 +0200)]
json-c: Update to version 0.19
- Update from version 0.18 to 0.19
- Update of rootfile
- Removal of cmake patch as now included in the tarball.
- Changelog
0.19
New features
* Add support for Commodore Amiga and MorphOS
* Allow builds with CMake 4 - sync minimum version across all CMakeLists.txt
files
* Update openssl command to work for newer versions of openssl.
* Add support for building json-c with meson
* Support MSVC in packages that use GNU Autoconf.
* Add VERSIONINFO to libjson-c.dll
* Make json_tokener_free(NULL) a no-op, to simplify cleanup paths.
* Explicitly handle NaN values when converting to int
* Set errno=RANGE in json_object_get_int/int64/uint64() when the source value
can't be represented in the target type.
* Make json_parse a bit more useful by adding -u (validate UTF8) and -P
(specify arbitrary tokener parse flags), and read from stdin if no filename
is provided.
* Fix the apps/json_parse "-s" (strict) option so it actually does something,
and default to non-strict.
Significant changes and bug fixes
* Issue #867 - also disallow control characters in keys in JSON_TOKENER_STRICT
mode
* Issue #875: cast to unsigned char so bytes above 0x7f aren't interpreted as
negative, which was causing the strict-mode control characters check to
incorrectly trigger.
* Issue #881: don't allow json_tokener_new_ex() with a depth < 1
* Fix linkhash breaking -std=c89
* Fixing Cmake build when using clang-cl, avoids errors about redefining
existing symbols
* Fix AIX build failure - Add CMake detection for getopt.h
* Fix bug involving supplemental code points that look like high surrogates
* Fix runtime issue with test_util_file.c in Windows (add O_BINARY)
* Fix macro WIN32_LEAN_AND_MEAN redefined
* Issue #914: Fix Memory usage regression due to newlocale() on macOS
* Issue #916: Fix OOM via large array index in json_pointer_set
* Issue #923: Avoid stack recursion in json_object_put()
* Issue #927: CVE-2026-9146 - update json_object_iterator documentation
* Issue #929: CVE-2026-11322 - fix information disclosure bug in
apps/json_parse (not installed by default)
* Issue #930: fix locale-dependent strtod in json_object_get_double
* Issue #931: deep copy values in json_patch copy op to avoid aliasing and cycles
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:25 +0000 (21:41 +0200)]
git: Update to version 2.55.0
- Update from version 2.54.0 to 2.55.0
- Update of rootfile
- Changelog
2.55.0
UI, Workflows & Features
Hook scripts defined via the configuration system can now be
configured to run in parallel.
The userdiff driver for the Scheme language has been extended to
cover other Lisp dialects.
Terminal control sequences coming over the sideband while talking
to a remote repository are mostly disabled by default, except for
ANSI color escape sequences.
"ort" merge backend improvements.
"git checkout -m another-branch" was invented to deal with local
changes to paths that are different between the current and the new
branch, but it gave only one chance to resolve conflicts. The command
was taught to create a stash to save the local changes.
A new builtin "git format-rev" is introduced for pretty formatting
one revision expression per line or commit object names found in
running text.
"git history" learned "fixup" command.
The internal URL parsing logic has been made accessible via a new
subcommand "git url-parse".
Misspelt proxy URL (e.g., httt://…) did not trigger any warning
or failure, which has been corrected. We had a regression in this
update that broke https:// proxies, but that has been caught and
corrected.
Document the fact that .git/info/exclude is shared across worktrees
linked to the same repository.
The command line parser for "git diff" learned a few options take
only non-negative integers.
The graph output from commands like "git log --graph" can now be
limited to a specified number of lanes, preventing overly wide output
in repositories with many branches.
The fsmonitor daemon has been implemented for Linux.
"git cat-file --batch" learns an in-line command "mailmap"
that lets the user toggle use of mailmap.
The "git pack-objects --path-walk" traversal has been integrated
with several object filters, including blobless and sparse filters.
"git push" learned to take a "remote group" name to push to, which
causes pushes to multiple places, just like "git fetch" would do.
The git-jump command (in contrib/) has been taught to automatically
pick a mode (merge, diff, or ws) when invoked without arguments.
The documentation for push.default = simple has been clarified to
better explain its behavior, making it clear that it pushes the
current branch to a same-named branch on the remote, and detailing
the upstream requirements for centralized workflows.
The documentation for "--word-diff" has been extended with a bit of
implementation detail of where these different words come from.
"git config foo.bar=baz" is not likely to be a request to read the
value of such a variable with = in its name; rather it is plausible
that the user meant "git config set foo.bar baz". Give advice when
giving an error message.
"git rev-list" (and "git log" family of commands) learned a new
"--max-count-oldest"
that picks oldest N commits in the range instead of the usual newest.
Various AsciiDoc markup fixes in git config documentation and
related files to ensure lists and formatting are rendered correctly.
Performance, Internal Implementation, Development Support etc.
Promisor remote handling has been refactored and fixed in
preparation for auto-configuration of advertised remotes.
Rust support is enabled by default (but still allows opting out) in
some future version of Git.
Preparation of the xdiff/ codebase to work with Rust.
Use a larger buffer size in the code paths to ingest pack stream.
Refactor service routines in the ref subsystem backends.
Shrink wasted memory in Myers diff that does not account for common
prefix and suffix removal.
Enable expensive tests to catch topics that may cause breakages on
integration branches closer to their origin in the contributor PR
builds.
"git merge-base" optimization.
The limit_list() function that is one of the core part of the
revision traversal infrastructure has been optimized by replacing
its use of linear list with priority queue.
In a lazy clone, "git cherry" and "git grep" often fetch necessary
blob objects one by one from promisor remotes. It has been corrected
to collect necessary object names and fetch them in bulk to gain
reasonable performance.
The logic to determine that branches in an octopus merge are
independent has been optimized.
The consistency checks for the files reference backend have been updated
to skip lock files earlier, avoiding unnecessary parsing of
intermediate files.
The negotiation tip options in "git fetch" have been reworked to
allow requiring certain refs to be sent as "have" lines, and to
restrict negotiation to a specific set of refs.
The repacking code has been refactored and compaction of MIDX layers
have been implemented, and incremental strategy that does not require
all-into-one repacking has been introduced.
ODB transaction interface is being reworked to explicitly handle
object writes.
Add a new odb "in-memory" source that is meant to only hold
tentative objects (like the virtual blob object that represents the
working tree file used by "git blame").
Many uses of the_repository has been updated to use a more
appropriate struct repository instance in setup.c codepath.
Revision traversal optimization.
Build update.
The logic to lazy-load trees from the commit-graph has been made
more robust by falling back to reading the commit object when
the commit-graph is no longer available.
The "name" argument in git_connect() and related functions has been
converted to a "service" enum to improve type safety and clarify its
purpose.
git restore --staged has been optimized to avoid unnecessarily expanding
the sparse index when operating on paths within the sparse checkout
definition, by handling sparse directory entries at the tree level.
"git stash -p" has been optimized by reusing cached index
entries in its temporary index, avoiding unnecessary lstat()
calls on unchanged files.
The check for non-stale commits in the priority queue used by
paint_down_to_common and ahead_behind has been optimized by
replacing an O(N) scan with an O(1) counter, yielding performance
improvements in repositories with wide histories.
Reachability bitmap generation has been significantly optimized. By
reordering tree traversal, caching object positions, and refining how
pseudo-merge bitmaps are constructed, the performance of "git repack
--write-midx-bitmaps" is improved, especially for large repositories
and when using pseudo-merges.
Adding a decimal integer with strbuf_addf("%u") appears commonly;
they have been optimized by using a custom formatter.
Formatting object name in full hexadecimal form has been optimized
by using a new strbuf_add_oid_hex() helper function.
Encourage original authors to monitor the CI status.
The git log -L implementation has been refactored to use the
standard diff output pipeline, enabling pickaxe and diff-filter to
work as expected. Additionally, metadata-only diff formats like
--raw and --name-only are now supported with -L.
The loose object source has been refactored into a proper struct
odb_source.
Guidelines on how to write a cover letter for a multi-patch series
have been added to SubmittingPatches, which also got a new marker
to separate the section for typofixes.
The setup logic to discover and configure repositories has been
refactored, and the initialization of the object database has been
centralized.
Many core configuration variables have been migrated from global
variables into repo_config_values to tie them to a specific
repository instance, avoiding cross-repository state leakage.
Streaming revision walks have been optimized by using a priority queue
for date-sorting commits, speeding up walks repositories with many
merges.
A recent regression in t7527 that broke TAP output has been fixed,
some other test noise that also broke TAP output has been silenced,
and prove is now configured to fail on invalid TAP output to
prevent future regressions.
A handful of inappropriate uses of the_repository have been
rewritten to use the right repository structure instance in the
unpack-trees.c codepath.
"git index-pack" has been optimized by retaining child bases in the
delta cache instead of immediately freeing them, letting the existing
cache limit policy decide eviction.
git ls-files --modified and git ls-files --deleted have been
optimized to filter with pathspec before calling lstat() when there is
only a single pathspec item, avoiding unnecessary filesystem access
for entries that will not be shown.
The UNUSED macro in compat/posix.h has been updated to use a
newly introduced GIT_CLANG_PREREQ macro for compiler version
checks, and the existing GIT_GNUC_PREREQ macro has been modernized
to use explicit major/minor comparisons rather than bit-shifting.
Wean the Windows builds in GitLab CI procedure away from
(unfortunately unreliable) Chocolatey to install dependencies.
(merge 0e7b51fed2 ps/gitlab-ci-windows later to maint).
Build-fix for 32-bit Windows.
Xcode 15 and later has a linker set to complain when the same library
archive is listed twice on the command line. Squelch the annoyance.
Fixes
Code clean-up to use the right instance of a repository instance in
calls inside refs subsystem.
(merge 57c590feb9 sp/refs-reduce-the-repository later to maint).
The check that implements the logic to see if an in-core cache-tree
is fully ready to write out a tree object was broken, which has
been corrected.
(merge 521731213c dl/cache-tree-fully-valid-fix later to maint).
The test suite harness and many individual test scripts have been
updated to work correctly when set -e is in effect, which helps
detect misspelled test commands.
(merge ffe8005b9d ps/test-set-e-clean later to maint).
Revert a recent change that introduced a regression to help mksh users.
Update various GitHub Actions versions.
Avoid hitting the pathname limit for socks proxy socket during the
test..
To help Windows 10 installations, avoid removing files whose
contents are still mmap()'ed.
The git backfill command now rejects revision-limiting options that
are incompatible with its operation, uses standard documentation for
revision ranges, and includes blobs from boundary commits by default
to improve performance of subsequent operations.
(merge a1ad4a0fca en/backfill-fixes-and-edges later to maint).
"git grep" update.
(merge 9ff4b5ab1b rs/grep-column-only-match-fix later to maint).
Headers from glibc 2.43 when used with clang does not allow
disabling C11 language features, causing build failures..
The http.emptyAuth=auto configuration now correctly attempts
Negotiate authentication before falling back to manual credentials.
This allows seamless Kerberos ticket-based authentication without
requiring users to explicitly set http.emptyAuth=true.
(merge 4919938d28 mc/http-emptyauth-negotiate-fix later to maint).
Ramifications of turning off commit-graph has been documented a bit
more clearly.
(merge 48c855bb8f kh/doc-commit-graph later to maint).
"git rebase --update-refs", when used with an rebase.instructionFormat
with "%d" (describe) in it, tried to update local branch HEAD by
mistake, which has been corrected.
(merge 106b6885c7 ag/rebase-update-refs-limit-to-branches later to maint).
Tweak the way how sideband messages from remote are printed while
we talk with a remote repository to avoid tickling terminal
emulator glitches.
(merge 31e8fcabd8 rs/sideband-clear-line-before-print later to maint).
The configuration variable submodule.fetchJobs was not read correctly,
which has been corrected.
(merge aa45a5902f sj/submodule-update-clone-config-fix later to maint).
Update code paths that assumed "unsigned long" was long enough for
"size_t".
(merge 7a094d68a2 js/objects-larger-than-4gb-on-windows later to maint).
Stop using unmaintained custom allocator in Windows build which was
the last user of the code.
The computation to shorten the filenames shown in diffstat measured
width of individual UTF-8 characters to add up, but forgot to take
into account error cases (e.g., an invalid UTF-8 sequence, or a
control character).
(merge 09d86a3b98 en/diffstat-utf8-truncation-fix later to maint).
Some tests assume that bare repository accesses are by default
allowed; rewrite some of them to avoid the assumption, rewrite
others to explicitly set safe.bareRepository to allow them.
(merge 985b38ca6c js/adjust-tests-to-explicitly-access-bare-repo later to
maint).
Signing commit with custom encoding was passing the data to be
signed at a wrong stage in the pipeline, which has been corrected.
(merge 7735d7eee3 bc/sign-commit-with-custom-encoding later to maint).
Further update to the i18n alias support to avoid regressions.
"git fetch --deepen=<n>" in a full clone truncated the history to <n>
commits deep, which has been corrected to be a no-op instead.
(merge 2431f5e0e5 sp/shallow-deepen-on-non-shallow-repo-fix later to maint).
"git maintenance" that goes background did not use the lockfile to
prevent multiple maintenance processes from running at the same
time, which has been corrected.
(merge 29364f1624 ps/maintenance-daemonize-lockfix later to maint).
Remove ineffective strbuf presizing that would have computed an
allocation that would not have fit in the available memory anyway,
or too small due to integer wraparound to cause immediate automatic
growing.
(merge a9ce8526dc jk/pretty-no-strbuf-presizing later to maint).
The HTTP walker misinterpreted the alternates file that gives an
absolute path when the server URL does not have the final slash
(i.e., "https://example.com" not "https://example.com/").
(merge b92387cd55 jk/dumb-http-alternate-fix later to maint).
"git bisect" now uses the selected terms (e.g., old/new) more
consistently in its output.
(merge cb55991825 jr/bisect-custom-terms-in-output later to maint).
Update GitLab CI jobs that exercise macOS.
(merge 62319b49bb ps/gitlab-ci-macOS-improvements later to maint).
"Friday noon" asked in the morning on Sunday was parsed to be one
day before the specified time, which has been corrected.
(merge b809304101 ta/approxidate-noon-fix later to maint).
The GIT_WORK_TREE variable prepared to invoke the push-to-checkout
hook was leaking into the environment even when there was no hook
used and broke the default push-to-deploy (i.e., let "git checkout"
update the working tree only when the working tree is clean).
(merge 44d04e4426 ar/receive-pack-worktree-env later to maint).
A batch of documentation pages has been updated to use the modern
synopsis style.
(merge 2ef248ae45 ja/doc-synopsis-style-again later to maint).
The "promisor.quiet" configuration variable was not used from
relevant submodules when commands like "grep --recurse-submodules"
triggered a lazy fetch, which has been corrected.
(merge fa1468a1f7 th/promisor-quiet-per-repo later to maint).
Correct use of sockaddr API in "git daemon".
(merge 422a5bf575 st/daemon-sockaddr-fixes later to maint).
A memory leak in fetch_and_setup_pack_index() when verification of
the downloaded pack index fails has been plugged. Also an obsolete
unlink() call on parse failure has been cleaned up.
In t3070-wildmatch, "via ls-files" test variants with patterns
containing backslash escapes are now skipped on Windows, avoiding 36
test failures caused by pathspec separator conversion.
(merge 8c84e6802c kk/wildmatch-windows-ls-files-prereq later to maint).
A linker warning on macOS when building with Xcode 16.3 or newer has
been avoided by passing -fno-common to the compiler when a
sufficiently new linker is detected.
(merge 5cd4d0d850 hn/macos-linker-warning later to maint).
Documentation and tests have been added to clarify that Git’s internal
raw timestamp format requires a @ prefix for values less than
100,000,000 to prevent ambiguity with other formats like YYYYMMDD.
(merge 4018dc29ee ls/doc-raw-timestamp-prefix later to maint).
Wording used in "format-patch --subject-prefix" documentation
has been improved.
(merge 4a1eb9304a lo/doc-format-patch-subject-prefix later to maint).
Advanced emulation of kill() used on Windows in GfW has been
upstreamed to improve the symptoms like left-behind .lock files and
that fails to let the child clean-up itself when it gets killed.
(merge 363f1d8b3a js/win-kill-child-more-gently later to maint).
The git describe --contains --all command has been fixed to
properly honor the --match and --exclude options by passing
them down to git name-rev with the appropriate reference
prefixes.
(merge 1891707d1b jk/describe-contains-all-match-fix later to maint).
Various typos, grammatical errors, and duplicated words in both
documentation and code comments have been corrected.
(merge dc6068df67 wy/docs-typofixes later to maint).
The subprocess handshake during startup has been made gentler by using
packet_read_line_gently() instead of packet_read_line() to prevent the
parent Git process from dying abruptly when a configured subprocess
(e.g., a clean/smudge filter) fails to start.
(merge 061a68e443 mm/subprocess-handshake-fix later to maint).
The TSAN race in transfer_debug() within transport-helper.c has been
resolved by initializing the debug flag early in
bidirectional_transfer_loop() before spawning worker threads, allowing
the removal of a TSAN suppression.
(merge 85704eda18 ps/transport-helper-tsan-fix later to maint).
git describe has been taught to pass the refs/tags/ prefix down to
the ref iterator when --all is not requested, avoiding unnecessary
iteration over non-tag refs.
(merge 55088ac8a4 td/describe-tag-iteration later to maint).
compute_reachable_generation_numbers() in commit-graph used a 32-bit
integer to accumulate parent generations, which is OK for generation
number v1 (topological levels), but with generation number v2
(adjusted committer timestamps), it truncated timestamps beyond
Fixed by widening the accumulator to timestamp_t.
(merge fbcc5408fc en/commit-graph-timestamp-fix later to maint).
Other code cleanup, docfix, build fix, etc.
(merge 80f4b802e9 ja/doc-difftool-synopsis-style later to maint).
(merge b96490241e jc/doc-timestamps-in-stat later to maint).
(merge ef85286e51 ss/t7004-unhide-git-failures later to maint).
(merge 7584d10bc2 mf/format-patch-cover-letter-format-docfix later to maint).
(merge 8547908eb3 pw/rename-to-get-current-worktree later to maint).
(merge 890229b3f3 sg/t6112-unwanted-tilde-expansion-fix later to maint).
(merge ab9753e7bc kh/doc-restore-double-underscores-fix later to maint).
(merge 4a9e097228 za/t2000-modernise-more later to maint).
(merge b635fd0725 kh/doc-log-decorate-list later to maint).
(merge 65ea197dca jk/commit-sign-overflow-fix later to maint).
(merge 3ccb16052a jk/apply-leakfix later to maint).
(merge 5e6e8dc786 tb/pseudo-merge-bugfixes later to maint).
(merge 6d09e798bc pb/doc-diff-format-updates later to maint).
(merge 34a891a2d3 rs/trailer-fold-optim later to maint).
(merge 499f9048e0 ps/t3903-cover-stash-include-untracked later to maint).
(merge b56ab270aa jk/sq-dequote-cleanup later to maint).
(merge 29d9fdcf10 rs/use-builtin-add-overflow-explicitly-on-clang later to
maint).
(merge d9982e8290 ed/check-connected-close-err-fd-2.53 later to maint).
(merge 1740cc35d0 ed/check-connected-close-err-fd later to maint).
(merge f4d7eb3d1c sp/doc-range-diff-takes-notes later to maint).
(merge 83e7f3bd2b kh/free-commit-list later to maint).
(merge d1b72b29e9 am/doc-tech-hash-typofix later to maint).
(merge 014c454799 ak/typofixes later to maint).
(merge 522ea8ef7d js/osxkeychain-build-wo-rust later to maint).
(merge e8f12e0e95 jc/t1400-fifo-cleanup later to maint).
(merge 0bf506efd4 kw/gitattributes-typofix later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:24 +0000 (21:41 +0200)]
fetchmail: Update to version 6.6.6
- Update from version 6.6.5 to 6.6.6
- No change to rootfile
- Changelog
6.6.6
CRITICAL BUGFIX FOR IMAP:
* The IMAP client, which has always used message indexes for the selected
mailbox, did not abort when receiving an EXPUNGE response - which changes
message numbers inside the mailbox. Unlike UIDs, the message numbers are
not stable and fetchmail does not have internal interfaces to track which
messages are deleted, and adding those to a 6.6.X release would be too
risky, and switching to UID is also too big a change, so we have no
choice but to abort the session when seeing an EXPUNGE response without
our own EXPUNGE request, to avoid marking the wrong message as seen/deleted
or skip the wrong one, or assume the wrong message size.
Earl Chew reported this versus Yahoo Mail via Gitlab Work Item #91, which
automatically expunges messages that are marked with the \Deleted flag.
This has one new message for which we do not have translations yet,
it is urgent to get the fix in the field.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 3 Jul 2026 19:41:23 +0000 (21:41 +0200)]
curl: Update to version 8.21.0
- Update from version 8.20.0 to 8.21.0
- No change to rootfile
- Changelog
8.21.0
Changes:
curl: named globs in output filename for upload glob references
HTTP/3: add proxy CONNECT and MASQUE CONNECT-UDP support (ngtcp2 QUIC)
http2: remove stream dependency tracking
lib: drop support for CURLAUTH_DIGEST_IE
libssh: add support for SHA256 host public keys
tool_urlglob: add named globs
Bugfixes:
_ENVIRONMENT.md. Windows does case insensitive env variables
_URL.md: remove the zone-id mention
AmigaOS: curl_setup.h avoid explicit_bzero with clib2
AmigaOS: fix build fallouts, re-add to CI
asyn-thrdd: add IPv6 guards
asyn-thrdd: fix result processing without wakeup socketpair
autotools: mbedtls detection fixes
BINDINGS: Update Hollywood link
BUFQ.md: re-sync with source code
build: enable `-Wlogical-op` picky warning for GCC 4.4+
build: omit zlib pkg-config reference for Android
cf-h2-prox: fix peer leak
cf-h2-proxy: drop interim responses
cf-https-connect: do not engage on proxy origin
cf-ip-happy.c: minor comment typo
cf-ip-happy: update documentation
cf-socket: make Curl_addr2string static
cf-socket: set scope_id for IPv6 link-local addresses
cf-socket: store errno from do_connect in ctx->error
cfilters: fix busy loop on blocked transfers
chunked: reject invalid bytes in trailer
CIPHERS.md: fix the example that uses only TLS 1.3
cmake/FindGSS: drop "MIT Unknown" version value, related tidy ups
cmake/FindGSS: drop CMake <3.16 compatibility logic
cmake/FindGSS: fix comment, adjust custom flavor property name
cmake/FindGSS: prioritize MIT over GNU in pkg-config detection
cmake: auto-select static nghttp2/nghttp3/ngtcp2 Config
cmake: export/forward `NGTCP2_CRYPTO_BACKEND`
cmake: fix three issues generating lib options in config files
cmake: fix zstd CMake config name
cmake: opt in `MSVC_VERSION` 1951 to picky warnings
cmake: quote `COMPONENTS` string in `curl-config.in.cmake`
cmake: simplify `LINK_ONLY` imported target extraction
config2setopts: use default protocol properly
connect: remove deref of freed pointer in trace call
content_encoding: fix limit failure message
content_encoding: fix non-last chunked rejection
content_encoding: timeout during slow decoding
cookie: check __Secure- and __Host- case sensitively when read from file
cookie: compare path case sensitively
cookie: reject control octets in file-loaded cookies
cookie: simplify strstore(), remove outdated comment
cookie: tailmatch the domains for secure override
cookie: trim trailing dots when checking PSL
creds: add sasl service name
creds: create with empty user+pass
creds: mask OAuth bearer token in trace logs
creds: remove two unused functions
curl_easy_pause.md: rephrase the stream cache when pause clause
curl_easy_setopt.md: change options when no transfer runs
curl_formdata: fix to pass long where missing, document `CURLFORM_NAMELENGTH`
curl_multi_assign.md: clarify lifetime
curl_ntlm_core: fix nettle 4+ builds in certain MultiSSL combos
curl_ntlm_core: propagate DES `CryptEncrypt()` error
curl_sha512_256: fix result code on error
CURLINFO_CONTENT_LENGTH_UPLOAD_T.md: expand
CURLMOPT_SOCKETFUNCTION.md: this sends *all* file descriptors
CURLOPT_CHUNK_BGN_FUNCTION: target is there for symlinks only
CURLOPT_DISALLOW_USERNAME_IN_URL: is for CURLOPT_URL only
CURLOPT_DOH_URL.md: does not inherit proxy options
CURLOPT_ECH.md: simplify the description language
CURLOPT_HAPROXYPROTOCOL.md: only sent for newly setup connections
CURLOPT_MAXFILESIZE: clarify this also works for on-going transfers
CURLOPT_PINNEDPUBLICKEY.md: does not apply for other origins
CURLOPT_PORT.md: use stronger language
CURLOPT_SHARE: warn about early remove
CURLOPT_SSH_HOSTKEYFUNCTION.md: for new connections only
CURLOPT_WRITEFUNCTION.md: mention redirects
CURLOPT_WRITEFUNCTION.md: remove stray reference to HSTS
delta: harden external command invocations
digest: escape control codes too
digest: flush proxy state on proxy or credential change
digest: flush state on origin or credential change
dns-httpsrr-lookup: use origin, not peer
dnscache: remove Curl_dns_entry_link
docs/libcurl: fix the version for curl_multi_socket_action
docs: end "...can be used several times..." sentences with period
docs: fix --follow doc typo
docs: fix a couple of typos
docs: fix grammar and wording in FAQ
docs: fix odd wording in CONTRIBUTE.md
docs: note CURLOPT_PINNEDPUBLICKEY has no effect on legacy LDAP backend
docs: returned header size reflects HTTP/1-style format
doh: cap the maximum TTL to 24 hours
doh: stricter HTTPS RNAME parsing
ECH: cleanups
event: fix wakeup consumption
ftp: avoid accessing EPSV response one byte past the NULL
ftp: remove 2 Curl_resolv_blocking() calls
ftp: remove bits.ftp_use_control_ssl
ftplistparser: clear strings.target if not symlink
gnutls: allow building with nettle 4.0
gnutls: fix more nettle 4+ compatibility issues
gnutls: require 3.7.2 for earlydata
gsasl: fix potential double free
gtls: fix ignored return and uninitialized status in OCSP check
gtls: fix some typos
gtls: minor fixes and improvements
gtls: use the correct return code in trace output
gtls: verify OCSP response signature in gtls_verify_ocsp_status
h3-proxy: fix callback return values, and a typo in tests
hostip: remove unused MAX_HOSTCACHE_LEN and MAX_DNS_CACHE_SIZE
hsts.md: mention multiple curl invokes effect
hsts: duplicate live HSTS data in curl_easy_duphandle
http-proxy: verify CONNECT response headers
HTTP3.md: update quiche build
http: don't pass on set cookies to new origins
http: prefer chunked encoding over Content-Length: 0
http: reject spurious CR bytes in headers
http_digest: return better error
idn: replace header guards with forward declaration
INSTALL-CMAKE.md: document CMake environment variables
INTERNALS.md: document minimum nghttp3 and ngtcp2 versions
KNOWN_BUGS.md: remove fixed GnuTLS <-> OpenSSL incompat bug
KNOWN_BUGS: remove stale Threads::Threads entry
krb5_sspi: fix error message on `DecryptMessage()` fail
ldap: base64 encode binary LDIF values with WinLDAP
ldap: fix minor leak on write callback error
ldap: fix to not leak `attribute` on OOM (WinLDAP)
ldap: switch off chasing referrals
lib678: fix to not be perma-skipped
lib: make `__STDC_VERSION__` literals `L` (where missing)
lib: transfer origin and proxy handling
lib: two minor typos
libcurl-easy.md: minor clarifications
libssh2: do not use deprecated macros when unavailable
libssh2: drop stray double-negative from `strncmp()` result
libssh2: fix to return error code on missing parameter
libssh2: replace macro names with non-misspelled alternatives
libssh2: save non-standard port to `known_hosts`
libssh2: sync version check with INTERNALS.md
libssh2: use non-deprecated `libssh2_knownhost_addc()`
libssh: map SSH_KNOWN_HOSTS_OTHER to CURLKHMATCH_MISMATCH
m4: drop redundant conditions in TLS library detections
Makefile.am: drop test1190 listed twice
managen: apply minor fixes and improvements
mbedtls: null-terminate the private key blob
mk-unity.pl: `#include`, and not concatenate input headers
mqtt: return error on truncated Remaining Length
mqtt: validate PINGRESP and DISCONNECT have remaining_length == 0
multi: handle pause in multi socket callback
multi: remove a stale comment
multi: silence gcc 16 `-Wnull-dereference`, bump CI job to test
multi: xfers_really_alive
netrc: remember and check filename loaded
netrc: scanner refactor
ngtcp2: fail handshake directly
openssl: do not mix OpenSSL int result with `CURLcode` variable
os400sys: fix theoretical length overflows
peer.h: fix typo in comment
pingpong: reject nul byte in server response line
progress: fix CURLINFO time reporting
psl: require libpsl 0.16.0 (2016-12-10) or greater
pytest: pass `--disable` to curl
pytest: re-enable test test_05_01 and test_05_02 for quiche 0.29.0+
pythonlint.sh: make it fail on error, fix ruff warnings in pytest
quic: count zero length packets against max
ratelimits: use minimal burst rate
RELEASE-PROCEDURE.md: update coming release dates
resolve: mention in error that IP address is expected
rtsp: bump buf after rtsp_filter_rtp()
runner.pm: apply minor correctness fix
runner.pm: set `CURL_TESTNUM` for `precheck` commands
runtests: fix tests for curl builds with embedded CA bundle
rustls: error on CURLOPT_CRLFILE with native CA store
schannel: check `schannel_sha256sum()` success, and more
schannel: enforce Extended Key Usage for custom CA roots
schannel: error on TLS 1.3-only with cipher list
schannel: fix https proxy for client cert and certinfo
schannel: fix revoke_best_effort setting for proxy
schannel: use fopen instead CreateFile
schannel_verify: avoid out of blob access
schannel_verify: simplify CryptQueryObject use
scripts: catch Credits-to contributors
SECURITY-ADVISORY.md: expand
setopt: changing the proxy port is also a proxy change
setopt: clear proxy auth properly on NULL
setopt: clear the "custom" CA booleans when set to NULL
setopt: CURLOPT_MAXCONNECTS set to 0 restores default value
setopt: defref the old referer when setting a new
setopt: fix to honor `CURLOPT_PROXY_CAINFO_BLOB` over Native CA
setopt: gate a few proxy TLS options by checking backend support
setopt: more careful cleanup of the HSTS cache
setopt: return error if received `curl_blob->data` is NULL
show-headers.md: mention bold headers and --no-styled-output
sigv4: URL encode the username in the header
smb: constify `strchr()` result variable
smb: integer overflow proof a size check
smbserver: update internal id generation for Python 3
socket: introduce `SOCK_EAGAIN()` and use it
socket: use name `sockerr` for socket error variables
socks_sspi: invalid response length is a fatal error
socks_sspi: store socks5_gssapi_enctype
spnego_sspi: honor CURLOPT_GSSAPI_DELEGATION for Windows SSPI
spnego_sspi: preserve distinction btw policy-only and uncond delegation
src: fix comment typos
src: sync nghttp2 versions checks with current requirements
ssl native_ca_store: always reinit
SSLCERTS: document 8.19.0 default Native CA builds (Windows)
sspi: clear SSPI credentials on AcquireCredentialsHandle failure
sspi: free libcurl allocated memory with curlx_free
telnet: drop an `int` cast no longer necessary
telnet: drop redundant interim variables
telnet: fix error message typos
telnet: fix old copy-paste typo in variable name
telnet: honor CURLOPT_TIMEOUT in send_telnet_data()
test1588: use %TESTNUMBER, not hard-coded number
test1981: explicitly set the locale
tests: add `cookies` feature to some tests
tests: add an assert to avoid IPC blocking
tests: add the "--resolve" keyword to tests that lack it
tests: fix unit1636 with --disable-progress-meter
tftp: avoid the timeout calc if the timeout is crazy
tftp: stricter option name checks
tidy-up: add space around operators, where missing
tidy-up: apply clang-format fixes
tidy-up: drop stray casts for allocated pointers
tidy-up: miscellaneous
tls: fix incomplete mTLS config in conn reuse and session cache
tls: wolfssl: fixes for PQC key shares
tool: warn when --ssl and --ftp-ssl-control override each other
tool_formparse.c: fix two minor comment typos
tool_formparse: polish error message + make two functions static
tool_formparse: tool2curlparts is no longer recursive
tool_help: rectify a bad assert
tool_operhlp: avoid NULL to %s
tool_urlglob: avoid overflow at end of range
tool_urlglob: better 'Duplicate glob name' position
tool_urlglob: make globbing error reported for correct position
tool_writeout: fix %time{} output for %s
transfer: clear referer when set to NULL
unit1675: fix potential memory leak on dynbuf fail path
unix-sockets: ignore proxy settings
URL-SYNTAX: document more URL parsing details
url: compare full origin when setting credentials
url: connection credentials origin
url: connection reuse fixes for starttls
url: detect proxy changes read from environment
url: don't log bits.close state
url: fix connection reuse for starttls protocols
url: keep the question mark for empty queries
url: remove superfluous check
url: url_match_destination fix
urlapi: accept 0X prefix in IPv4 address as well
urlapi: change more lowercase percent-encoded to uppercase
urlapi: compare zone-id in Curl_url_same_origin()
urlapi: consume trailing dots after IPv4 numerical addresses
urlapi: deny hostnames with more than one trailing dot
urlapi: drop base fragment on empty redirect
urlapi: fix an issue parsing file URLs
urlapi: fix memleaks on error in `parse_hostname_login()`
urlapi: fix redirect handling if CURLU_NO_GUESS_SCHEME is set
urlapi: forbid '|' in host
urlapi: handle redirect without set scheme with default-scheme
urlapi: URL decode hostname before IP address normalization
user-agent.md: mention double quotes too
var: use a dedicated pointer for the alloc
verify-release: verify more thoroughly with git
vquic: drop stray casts for `iovec.iov_len`
vtls: more large buffer support and error checks for SHA-256
vtls: use Curl_safecmp for CRLfile and pinned_key comparison
vtls_scache: include signature_algorithms in the SSL peer cache key
vtls_spack: drop redundant macro fallbacks
VULN-DISCLOSURE-POLICY.md: emphasize comm as a human
VULN-DISCLOSURE-POLICY.md: emphasize the no email thank you part
VULN-DISCLOSURE-POLICY.md: test code is not secure
VULN-DISCLOSURE-POLICY: non-released code
websockets: auto-tunnel through http proxy
websockets: buffer upgrade data at connection level
windows: update MS SDK versions in comments
winldap: avoid NULL pointer deref on `ldap_get_dn()` fail
ws: make pong sending lazy
x509asn1: fix DH public key parameter extraction
x509asn1: fix operator order in do_pubkey
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jul 2026 13:03:15 +0000 (15:03 +0200)]
clamav: Update to version 1.5.3
- Update from version 1.5.2 to 1.5.3
- Update of rootfile
- 8 CVE fixes, one of which is related to a rust module plus 2 rust security fixes that
do not have an assigned CVE
- Changelog
1.5.3
CVE-2026-20217<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20217>:
Fixed a bug in the PESpin unpacker cleanup path that could free pointers into
the scanned file buffer and crash the scanner.
This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as
2005. The fix is included in 1.5.3 and 1.4.5.
CVE-2026-20213<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20213>:
Fixed an integer overflow in PE rebuild size calculations that could be
reached through a malformed Aspack-packed PE file and lead to a heap buffer
overflow write.
This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as
2007. The fix is included in 1.5.3 and 1.4.5.
CVE-2026-20216<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20216>:
Fixed an InstallShield archive extraction limit bypass that could write far
more temporary data than intended and exhaust temporary storage.
This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as
2009. The fix is included in 1.5.3 and 1.4.5.
CVE-2026-20214<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20214>:
Fixed an FSG unpacker loop underflow that could write past the section array
while scanning a malformed PE file.
This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions as far back as
2004. The fix is included in 1.5.3 and 1.4.5.
CVE-2026-20243<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20243>:
Fixed ALZ parser size handling bugs that could cause malformed ALZ archives
to panic, abort the scanner, or skip expected scan-limit handling.
This issue affects ClamAV 1.5.0 through 1.5.2 and 1.4.0 through 1.4.4. The
fix is included in 1.5.3 and 1.4.5.
CVE-2026-20215<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20215>:
Fixed a 7z parser substream count overflow that could under-allocate parser
metadata arrays and write past them while reading a malformed archive.
This issue affects ClamAV 1.5.2, 1.4.4, and all prior versions back to 2009.
The fix is included in 1.5.3 and 1.4.5.
CVE-2026-20244<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20244>:
Fixed 32-bit DMG parser size checks that could let a short mish stripe table
pass validation and crash 32-bit scanner builds.
This issue affects 32-bit ClamAV builds from 0.98.1 through 1.5.2, including
1.4.0 through 1.4.4 and 1.5.0 through 1.5.2. It does not affect 64-bit builds.
The fix is included in 1.5.3 and 1.4.5.
Hardened clamscan, clamdscan, and clamonacc quarantine actions against
time-of-check/time-of-use races that could redirect copied, moved, or removed
files under unsafe quarantine directory configurations.
Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and
RUSTSEC-2026-0068 advisories, and upgraded the Rust openssl dependency to
resolve CVE-2026-41676.
Raised the minimum required CMake version to 3.17 to fix Linux builds with
libcurl v8.21.0 when linking static library dependencies.
Metadata preclass scans now run before the final scan verdict.
ClamOnAcc: Fixed errors when recursively excluded paths are children of an
included path.
ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide in
the same bucket.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 1 Jul 2026 11:34:44 +0000 (13:34 +0200)]
transmission: Update to version 4.1.3
- Update from version 4.1.1 to 4.1.3
- Update of rootfile
- Changelog
4.1.3
All Platforms
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938)
Fixed a use-after-free bug in peer code. (#8921)
Fixed build error when compiling with fmt 12.2.0. (#8942)
Everything Else
Fixed a 4.1.2 build error in tests. (#8881)
4.1.2
Highlights
Fixed 4.1.0 bug that could cause duplicate HTTP announces to be sent to trackers.
(#8639)
All Platforms
Reject benc data that has invalid characters. (#8577)
Fixed a bug during the startup sequence where if one torrent failed to parse,
subsequent torrents would also fail. (#8605)
Fixed a bug that stalled some downloads at 99%. (#8654)
Fixed a 4.1.0 upgrade bug that could overwrite utp_enabled and
tcp_enabled settings. (#8658)
Fixed a 4.1.0 crash that could happen when a peer supplied reqq value smaller
than 32 in LTEP handshake. (#8713)
Fixed a 4.1.0 regression that periodically wrote upload & download stats to disk
even when Transmission had been idle since the last write, preventing the
stats file's disk from hibernating while idle. (#8722)
Fixed a 4.1.0 bug that prevented TCP peer connections on some systems. (#8748)
Added safeguards to HTTP responses to prevent clickjacking. (#8749)
Fixed edge case that didn't preserve the order of a batch of torrents when moving
their queue position up or down. (#8782)
Added sanitization for UTF-8 client names provided by peers during handshake. (#8809)
Stopped appending redundant zeros to blocklist files when downloaded from a
remote URL. (#8819)
Fixed a build failure that occurred when building with link-time optimization.
(#8540)
macOS Client
Fixed a 4.1.0 memory leak. (#8613)
Fixed navigation focus issues in the Inspector. (#8792, #8810)
Improved UI code to use less CPU. (#8832, #8833, #8835, #8836, #8842, #8846, #8851)
Qt Client
Fixed a 4.1.0 crash when parsing some RPC responses from older Transmission
servers. (#8618)
Fixed a 4.1.0 bug that saved both deprecated and current settings names to
settings.json. (#8623)
GTK Client
Fixed a 4.1.0 bug that did not show translated logging level strings. (#8611)
Fixed a 4.1.0 crash when toggling alternative speed limits. (#8709)
Web Client
Fixed a 4.1.0 bug that displayed timestamps in some dropdowns as 6.75:45 instead
of 6:45. (#8624)
Fixed a bug that could show incorrect torrent status when reconnecting to the
server after a lost connection. (#8780, #8783)
transmission-remote
Improved transmission-remote console output for JSON-RPC 2. (#8799, #8805)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 1 Jul 2026 11:34:43 +0000 (13:34 +0200)]
netsnmpd: Update to version 5.9.5.2
- Update from version 5.9.3 to 5.9.5.2
- Update of rootfile
- Move the symlink generation and removal from the lfs to the instal/uninstall pak
file to be aligned with the majority of packages.
- Version 5.9.4 has the note
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
- This issue has been in place since Aug 2023 and does not look to have been fixed as
far as I have been able to tell. The developers also say that this tool should only
be used on trusted local networks anyway. Additionally version 5.9.5 has a CVE fix.
Based on this I am submitting the update patch for review and decision. I think it is
better to do the update because it does not look like the OpenSSL issue will be
fixed anytime soon. It doesn't appear that anyone is working on it.
https://github.com/net-snmp/net-snmp/issues/828
- Changelog
5.9.5.2
building:
- Fix an issue with needing limits.h included.
- update to autoconf 2.72
5.9.5.1
Only a version numbering fix.
5.9.5
snmptrapd:
- fixed a critical vulnerability (CVE-2025-68615) which can be triggered
by a specially crafted trap
snmplib:
- Add support for IPV6_RECVPKTINFO
- Port the SSH domain transport to FreeBSD
- Improve error handling in parse_enumlist and other parsing functions
- Filter out non-ASCII characters from output
- Fix multiple memory leaks in MIB parsing, OID handling, and transport filters
- Fix multiple buffer overflows triggered when creating ASN packets
- Fix handling of large/negative values (integer underflows/overflows)
- Fix segmentation faults when `varbind` cannot be constructed or buf is null
- Fix crash in netsnmp_parse_args when passing invalid argument lists
- Fix SNMPv3 multithreading support for snmp_sess_open()
snmpd:
- Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added
a verification that drops all filesystems not present in other_fs[]
table. So add 'ubifs' in other_fs[] to fix it.
- Fix SIGHUP handling for engineID changes and agent port changes
- Fix a use-after-free in unregister_mib_context()
- Fix regression of memory leak when using RPMDB macros
- Improve cache management: clear timer_id on stop, keep cache flags unchanged
- Always open libkvm in "safe mode" on FreeBSD
- Fix crash when snmptrapd subagent terminates the TCP connection
apps:
- snmpusm: Improve error handling and fix memory leaks
- sshtosnmp: Avoid EINVAL when passing credentials over SSH unix domain socket
- snmptest: Plug a possible memory leak
- snmpget: Avoid leak if parsing OID fails
MIBs:
- EtherLike-MIB: Optimize Linux implementation to use netlink statistics
- IP-MIB: Add Linux 6.7 compatibility for parsing /proc/net/snmp
- LM-SENSORS-MIB: Support negative temperatures
- SNMP-TLS-TM-MIB: Update to RFC 9456 and allow TLS protocols higher than TLS1.0
- HOST-RESOURCES-MIB: Add support for RPM SQLite DB background
building:
- Add support for Windows on ARM
- Support OpenBSD 8, FreeBSD 15/16, and DragonflyBSD
- Fix build for OS/X versions prior to 10.6.0
- Windows: Bump OpenSSL version and fix library paths
- MinGW64: Switch from pkg-config to pkgconf
- Add --with-wolfssl Add support for building and linking with the
wolfSSL library instead of OpenSSL. Other changes that have been
included in this patch are: - Only enable AES support if
EVP_aes_128_cfb() is available. - Add support for detecting SSL
functions if these have been defined as macros.
5.9.4
IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
in this release with various versions of OpenSSL and will be fixed
in a future release.
libsnmp:
- Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.
- DISPLAY-HINT fixes
- Miscellanious improvements to the transports
- Handle multiple oldEngineID configuration lines
- fixes for DNS names longer than 63 characters
agent:
- Added a ignoremount configuration option for the HOST-MIB
- disallow SETs with a NULL varbind
- fix the --enable-minimalist build
apps:
- snmpset: allow SET with NULL varbind for testing
- snmptrapd: improved MySQL logging code
general:
- configure: Remove -Wno-deprecated as it is no longer needed
- miscellanious ther bug fixes, build fixes and cleanups
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 1 Jul 2026 11:34:42 +0000 (13:34 +0200)]
ltrace: Update to version 0.8.1
- Update from version 0.7.3 to 0.8.1
- Update of rootfile
- ltrace now supports aarch64 (full support) and riscv64 (initial support) since
version 0.8.0
- Changelog
0.8.1
Bugfixes
- include config.h in more cases to fix LTO builds
0.8.0
Prototype libraries
- Each DSO can now ship an ltrace config file (called prototype
library) that ltrace will open when that DSO is loaded to process
image. See ltrace(1) for details.
- ltrace.conf is no longer part of installation tarball. Instead,
we now ship libc.so.conf, libm.so.conf, libacl.so.conf, and
syscalls.conf. Those are now istalled to /usr/share/ltrace by
default. /etc/ltrace.conf and $HOME/.ltrace.conf are still
loaded if present, and can contain arbitrary user configuration.
- The option -F was retrofitted to be a colon-separated list of
prototype libraries, and directories to look for prototype
libraries in. On Linux, ltrace looks into XDG_CONFIG_HOME,
XDG_CONFIG_DIRS, and /usr/share/ltrace as well.
- Wide character strings are supported in prototypes. Use "string"
lens as usual, but use array of integers as underlying type.
libc.so.conf now contains prototypes of wide character functions.
- Sole void function parameter such as in the following example, is
now considered obsolete:
| int fork(void); |
This use is still accepted, taken to mean "hide(int)", but
produces a warning, and will be removed in future.
- Prototypes are now read from DWARF debug info, if available. This
complements the data available in config files
Architectural support
- RISC-V initial support included.
- MIPS and MIPSel are now handled by the same backend.
- ARMv6, ARMv7 and ARMv8 (AArch64) are supported, including full
fetch backend. ARMv8 backend doesn't support tracing of 32-bit
binaries, as currently there's no 32-bit userspace available for
ARM64 processors.
- Imagination Technologies Meta is now supported.
- PowerPC64 ELFv2 little-endian ABI is now supported including full
fetch backend.
- Cadence Tensilica Xtensa is now supported.
- LoongArch is now supported.
- On Linux, tracing of IFUNC symbols is supported. On i386,
x86_64, ppc32 with secure PLT and ppc64, IRELATIVE PLT slots are
traced as well.
-w output now shows full library path
The output format is similar to glibc's backtrace_symbols, e.g.:
> /bin/ls(_init+0x19be) [0x40398e]
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7f50cbc3676d]
> /bin/ls(_init+0x25fd) [0x4045cd]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>