Michael Tremer [Thu, 6 Nov 2025 16:46:51 +0000 (16:46 +0000)]
lldpd: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 Nov 2025 09:59:43 +0000 (10:59 +0100)]
strongswan: Update to version 6.0.3
- Update from version 6.0.2 to 6.0.3
- Update of rootfile
- Changelog
6.0.3
- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
Request packets on the client that can lead to a heap-based buffer overflow
and potentially remote code execution.
This vulnerability has been registered as CVE-2025-62291.
- The new `alert` event for vici is raised for certain error conditions.
- Only plugins with matching version number are loaded by programs.
- IKE SAs redirected during IKE_AUTH are now properly tracked by controller and
trap-manager.
- Fallback to the IKE identity for clients that don't provide an EAP-Identity to
fix a regression in 6.0.2.
- Detecting unwrapped CKA_EC_POINTs has been improved in the pkcs11 plugin.
- The whitelist plugin uses non-blocking I/O to avoid issues with clients that
stay connected for a long time. The buffer size for IDs was increased to 256.
- The certexpire plugins also uses 256 bytes for its identity buffer.
- Convenient decorators for event handling are provided by the Python bindings
for vici.
- The openssl plugin also supports Ed25519 via AWS-LC. It also loads EdDSA keys
from PKCS#12 containers.
- The testing environment is now based on Debian 13 (trixie), by default.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Nov 2025 10:20:33 +0000 (11:20 +0100)]
squid: Don't forcibly kill any redirectory processes
This is a race which might cause that when squidGuard pre-compiles any
data, it will be killed too. If that happens, squid will keep forking
squidGuard processes which will be unresponsive (because they are trying
to compile they own databases) and the whole system will become
unresponsive at some point.
There should be no need to perform this action.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3500400 to 3510000
- Update of rootfile
- Changelog 3510000
New macros in sqlite3.h:
SQLITE_SCM_BRANCH → the name of the branch from which the source code is
taken.
SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in.
SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in.
Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the
existing json_each() and json_tree() functions except that they return JSONB
for the "value" column when the "type" is 'array' or 'object'.
The carray and percentile extensions are now built into the amalgamation,
though they are disabled by default and must be activated at
compile-time using the -DSQLITE_ENABLE_CARRAY and/or
-DSQLITE_ENABLE_PERCENTILE options, respectively.
Enhancements to TCL Interface:
Add the -asdict flag to the eval command to have it set the row data as a
dict instead of an array.
User-defined functions may now break to return an SQL NULL.
CLI enhancements:
Increase the precision of ".timer" to microseconds.
Enhance the "box" and "column" formatting modes to deal with double-wide
characters.
The ".imposter" command provides read-only imposter tables that work with
VACUUM and do not require the --unsafe-testing option.
Add the --ifexists option to the CLI command-line option and to the .open
command.
Limit columns widths set by the ".width" command to 30,000 or less, as
there is not good reason to have wider columns, but supporting wider
columns provides opportunity to malefactors.
Performance enhancements:
Use fewer CPU cycles to commit a read transaction.
Early detection of joins that return no rows due to one or more of the
tables containing no rows.
Avoid evaluation of scalar subqueries if the result of the subquery does
not change the result of the overall expression.
Faster window function queries when using
"BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y.
Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP
argument for sqlite3_wal_checkpoint_v2().
Add the sqlite3_set_errmsg() API for use by extensions.
Add the sqlite3_db_status64() API, which works just like the existing
sqlite3_db_status() API except that it returns 64-bit results.
Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and
sqlite3_db_status64() interfaces.
In the session extension add the sqlite3changeset_apply_v3() interface.
For the built-in printf() and the format() SQL function, omit the leading '-'
from negative floating point numbers if the '+' flag is omitted and the "#"
flag is present and all displayed digits are '0'. Use '%#f' or similar to
avoid outputs like '-0.00' and instead show just '0.00'.
Improved error messages generated by FTS5.
Enforce STRICT typing on computed columns.
Improved support for VxWorks
JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be
32-bit but creating one's own 64-bit build is now as simple as running "make".
Improved resistance to database corruption caused by an application breaking
Posix advisory locks using close().
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:29 +0000 (19:03 +0100)]
protobuf: Update to version 33.0
- Update from version 32.1 to 33.0
- Update of rootfile
- Changelog
33.0
Bazel
Feat: update bazel central registry publish workflow (#23465) (#23913)
(d5217fd)
Add target_compatible_with parameter to proto_toolchain in Bazel rules
(#22429) (30d2332)
Bazel: add missing rules_cc loads (#23584) (d98e2ef)
Compiler
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Ship all option dependencies to plugins along with regular ones. (abeb130)
C++
Avoid calling deprecated arena-enabled constructors in arena.h. (813a7ef)
Add a macro to make RepeatedField(Arena*) constructor private in a future
release. (768db14)
Add a macro to make Map(Arena*) constructor private in a future release.
(543a17f)
Optimize ReadPackedVarint (3d94d83)
Add a macro to make RepeatedPtrField(Arena*) constructor private in a
future release (6422b9d)
Add IsEmpty() function to reflection. (b64e490)
Refactor RuntimeAssertInBounds to remove repeated logic and make
Get/Mutable easier to read. (2f270c4)
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Fix a bug in the main C++ JSON parser/serializer camelcasing of certain
non-style-compliant names incorrectly, in a way that would prevent it
from interoperating with any other implementation on those fields.
(e25e267)
Fail early for messages with more than 65k fields. (90824aa)
Add option to C++ JSON Parser/Serializer to allow customers to
affirmatively disable legacy bug-compatibilty behaviors. (6ea1640)
Fix mishandling on JSON serialization of Timestamp with invalid negative
and too-large nanos value. (a959f27)
Preserve features in type resolver (c7030f4)
Add a DCHECK that ArenaStringPtr::Set(char*, Arena*) is not called with
(95b1763)
Java
Restored compatibility of runtime with gencode created with protoc <3.21
With this release, compatibility of the runtime with older gencode down to
3.0.0 is restored, compared to the previous support minimum of gencode
created with 3.22+. Note that it is still strongly recommended to
regenerate your gencode with a newer protoc and to avoid using gencode
which was created with an old protoc.
Generated code from this range is covered by CVE-2022-3171 and is
potentially vulnerable to a Denial of Service risk.
JavaProto 4.x previously dropped compatibility with the potentially
vulnerable generated code, having the behavior of:
The vulnerable generated code was source-incompatible with new runtime
(would not compile when built from source)
The vulnerable generated code was ABI-incompatible with new runtime
(when using a .class file compiled against old runtime, a
NoSuchMethodException would be thrown at parse time).
Starting with this release:
The vulnerable generated code is now source-compatible (will compile).
The first time each potentially vulnerable type is parsed, an error
message will be logged noting that potentially vulnerable generated
code is in use and the name of the corresponding type.
Environment variables may be set to either throw an exception instead
(-Dcom.google.protobuf.error_on_unsafe_pre22_gencode) or to entirely
silence the logged messages
(-Dcom.google.protobuf.use_unsafe_pre22_gencode)
This change was made based on community feedback regarding the difficulty
in identifying and quickly remediating stale gencode in their
transitive dependencies weighed against a careful evaluation of the
realistic risk exposure of DoS (with no risk of other concerns
including information leak or RCE).
We strongly recommend that any users who observe the log messages to
regenerate the corresponding code with a newer protoc. We recommend
that any security-conscious services opt into the
error_on_unsafe_pre22_gencode behavior to preclude any risk of a
Denial of Service surface area being exposed.
A future 4.x release may flip the default behavior to error by default as
a measure to further help the ecosystem avoid the Denial of Service
risks, while still maintaining the ability to opt into continuing to
use insecure gencode for users who are parsing trusted inputs and
where the difficulty of regenerating is high.
Changes
Switch the pre22 warning to use CopyOnWriteArraySet. (#23969) (e55224c)
Expose helpers for checking if messages and enums are nested. (8de4002)
Fix a bug calculating the file name in the absense of directories. (c4ff7a6)
Clarify the public APIs of GeneratorNames helpers. (537ac35)
Expose helpers to predict generated class names in java. (eba6df2)
Deprecate ClassName methods in favor of new QualifiedClassName ones.
(ca4fb2f)
Restore the 3-argument internalBuildGeneratedFileFrom. (4376591)
Fix large java enums not being honored on lite runtime. (a995803)
Slightly relax Java Poison Pill on prerelease versions (-rc1, -dev, etc).
(7b0bee3)
Avoid boxing/unboxing varint, fixed32, and fixed64 fields in
UnknownFieldSet.Field (810272f)
Readd new*List() methods on GeneratedMessageV3. (badaf41)
Add Values.of(Map<String, Value> values). (c518f25)
Fix handling of optional dependencies in java generator. (8d51e34)
Restore ABI compatibility for extension methods which was previously
(knowingly) broken with 4.x: 94a2a44 (ea33ae8)
Restore Protobuf Java extension modifiers in gencode that were previously
removed in 7bff169 (f2257f5)
Ship all option dependencies to plugins along with regular ones. (abeb130)
Optimize redaction state calculation (e05db5c)
Add isPlaceholder() accessors to file, message, and enum descriptors
(f978ec2)
Improve Java gencode static initialization to avoid unnecessary
temporaries again (745e15b)
Improve Java gencode static initialization to avoid unnecessary
temporaries (b68b673)
Remove protobuf-util usages of guava except annotations. (5768acd)
Restore compatibility of runtime with pre-3.22.x gencode impacted by
CVE-2022-3171 (7c51e5b)
Expose an iterator for GeneratedMessage.ExtendableMessage.extensions
(b25d39e)
Rust
Change Rust prelude to bring in traits as _ (c3f7e8d)
Make message Muts Send (8bff944)
See also UPB changes below, which may affect Rust.
Python
Publish s390x wheels for Python/upb. (56b2b89)
Fix a crash that happens during shutdown due to looking up modules in the
cache (d57d270)
Add construction support for repeated Timestamp/Duration/Struct/ListValue.
(5f6c013)
Fix handling of repeated extension fields in PyProto JSON (07ef676)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Fixed mypy errors by setting __slots__ to empty in .pyi files. (38ca2d3)
Raise warnings for float_precision from python json_format. (4659cd7)
Raise warnings when assign bool to int/enum field in Python Proto. This
will turn into error in 34.0 release. (4ee55d7)
PHP
Fix(php): php errors on repeated field (#23372) (6fee29b)
UPB (Python/PHP/Ruby C-Extension)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Other
Update token for BCR release to reuse existing BOT_ACCESS_TOKEN used for
staleness_refresh.yml and update_php_repo.yml (#23925) (dcace2f)
Use the 'better' JSON parser on the conformance suite harness. (4b4e405)
Add JSON conformance test that a single value provided for a repeated
field should parse fail. (9806994)
Add conformance test cases for malformed nanos fields on Durations and
Timestamps. (a6bdd0a)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:28 +0000 (19:03 +0100)]
lvm2: Update to version 2.03.36
- Update from version 2.03.35 to 2.03.36
- No change to rootfile
- Changelog
2.03.36
Fix uninitialized chunk_size_calc_policy in pool parameter functions.
Fix approximate allocation for Raid with insufficient extents.
Fix race in dmeventd remonitoring optimization (2.03.35).
Use -real suffix for pvmove UUID.
Add support pvmove segmentation allocation/pvmove_max_segmentation_size_mb.
Allow creating _imeta with multiple segments.
Fix driver_version() accepts NULL version buffer pointer.
Fix invalid free() call in error path of _add_metadata_area_to_pv().
Avoid destroying aio context in forked process.
Add lvs -o cache_promotions,cache_promotions fields.
Update pvmove logic when moving i.e. raid legs.
Display integrity info in lvdisplay.
Increase storage size for internal filter chain.
Add helper function display_mb_size().
Enhance code for adding and removing integrity to RAID volumes.
Add code for basic validation of integrity segment.
Use -real private suffix for integrity origin and meta volumes.
Use -real private suffix for mirror and raid legs.
Detect and use existing XFS quota mount options for lvresize --fs resize.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:27 +0000 (19:03 +0100)]
libcap: Update to version 2.77
- Update from version 2.76 to 2.77
- Update of rootfile
- Changelog
2.77
Fix mistakes in setcap for reporting errors: report them with the
appropriate filename. Thanks to Nikolas for reporting these in
Bug 220245.
Fix bug in cap.GetIAB() reported and fix provided by Garret Kelly via
Bug 220420.
Improve libcap managed memory allocation and support CHERI RISC-V. Reported
with fix by Chris Hofer via Bug 220415.
Add (unverified) support for the PSX mechanism on microblaze, arc, openrisc
and xtensa architectures. Thanks to Tom Petazzoni for including these in
Bug 219915
Please let me know if these work or fail on these architectures.
Add C++ support to the run a .so file as an executable mechanism employed by
libcap.so, libpsx.so and pam_cap.so. Not really necessary for the libcap
build tree, but wanted to capture the details of my recent update to a
Stackoverflow answer on the topic.
Use BUILD_LDFLAGS when compiling _makenames fix contributed by Khem Raj.
Fix broke some builds, so will revert and apply a more comprehensive fix.
Fixed sendmail issue discussion link. Thanks to Ariel Otilibili for noticing
the breakage and contributing a fix.
Some debugging fixes for use of the kdebug/ testing setup,
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:03:25 +0000 (19:03 +0100)]
elfutils: Update to version 0.194
- Update from version 0.193 to 0.194
- Update of rootfile
- Changelog
0.194
debuginfod-find: Fixed caching bug preventing user-cancelled downloads
from being re-downloaded at a later time.
elfclassify: New options --has-debug-sections and --any-ar-member.
elflint: Presence of vendor- and application-specific ELF note types no
longer triggers compliance errors.
libdwfl_stacktrace: New function dwflst_sample_getframes. The
libdwfl_stacktrace library interface is experimental
and may be subject to API/ABI changes.
libelf: Manual pages have been added for many libelf library functions.
Additional manual pages are planned for future releases.
readelf: Up to 13% faster when using the -N option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Nov 2025 18:02:55 +0000 (19:02 +0100)]
fmt: Update to version 12.1.0
- Update from version 11.2.0 to 12.1.0
- Update of rootfile
- so-bump so mpd requires shipping
- Changelog
12.1.0
- Optimized `buffer::append`, resulting in up to ~16% improvement on spdlog
benchmarks (https://github.com/fmtlib/fmt/pull/4541). Thanks @fyrsta7.
- Worked around an ABI incompatibility in `std::locale_ref` between clang and
gcc (https://github.com/fmtlib/fmt/issues/4573).
- Made `std::variant` and `std::expected` formatters work with `format_as`
(https://github.com/fmtlib/fmt/issues/4574,
https://github.com/fmtlib/fmt/pull/4575). Thanks @phprus.
- Made `fmt::join<string_view>` work with C++ modules
(https://github.com/fmtlib/fmt/issues/4379,
https://github.com/fmtlib/fmt/pull/4577). Thanks @Arghnews.
- Exported `fmt::is_compiled_string` and `operator""_cf` from the module
(https://github.com/fmtlib/fmt/pull/4544). Thanks @CrackedMatter.
- Fixed a compatibility issue with C++ modules in clang
(https://github.com/fmtlib/fmt/pull/4548). Thanks @tsarn.
- Added support for cv-qualified types to the `std::optional` formatter
(https://github.com/fmtlib/fmt/issues/4561,
https://github.com/fmtlib/fmt/pull/4562). Thanks @OleksandrKvl.
- Added demangling support (used in exception and `std::type_info` formatters)
for libc++ and clang-cl
(https://github.com/fmtlib/fmt/issues/4542,
https://github.com/fmtlib/fmt/pull/4560,
https://github.com/fmtlib/fmt/issues/4568,
https://github.com/fmtlib/fmt/pull/4571).
Thanks @FatihBAKIR and @rohitsutreja.
- Switched to global `malloc`/`free` to enable allocator customization
(https://github.com/fmtlib/fmt/issues/4569,
https://github.com/fmtlib/fmt/pull/4570). Thanks @rohitsutreja.
- Made the `FMT_USE_CONSTEVAL` macro configurable by users
(https://github.com/fmtlib/fmt/pull/4546). Thanks @SnapperTT.
- Fixed compilation with locales disabled in the header-only mode
(https://github.com/fmtlib/fmt/issues/4550).
- Fixed compilation with clang 21 and `-std=c++20`
(https://github.com/fmtlib/fmt/issues/4552).
- Fixed a dynamic linking issue with clang-cl
(https://github.com/fmtlib/fmt/issues/4576,
https://github.com/fmtlib/fmt/pull/4584). Thanks @FatihBAKIR.
- Fixed a warning suppression leakage on gcc
(https://github.com/fmtlib/fmt/pull/4588). Thanks @ZedThree.
- Made more internal color APIs `constexpr`
(https://github.com/fmtlib/fmt/pull/4581). Thanks @ishani.
- Fixed compatibility with clang as a host compiler for NVCC
(https://github.com/fmtlib/fmt/pull/4564). Thanks @valgur.
- Fixed various warnings and lint issues
(https://github.com/fmtlib/fmt/issues/4565,
https://github.com/fmtlib/fmt/pull/4572,
https://github.com/fmtlib/fmt/pull/4557).
Thanks @LiangHuDream and @teruyamato0731.
- Improved documentation
(https://github.com/fmtlib/fmt/issues/4549,
https://github.com/fmtlib/fmt/pull/4551,
https://github.com/fmtlib/fmt/issues/4566,
https://github.com/fmtlib/fmt/pull/4567,
https://github.com/fmtlib/fmt/pull/4578,).
Thanks @teruyamato0731, @petersteneteg and @zimmerman-dev.
12.0.0
- Optimized the default floating point formatting
(https://github.com/fmtlib/fmt/issues/3675,
https://github.com/fmtlib/fmt/issues/4516). In particular, formatting a
`double` with format string compilation into a stack allocated buffer is
more than 60% faster in version 12.0 compared to 11.2 according to
[dtoa-benchmark](https://github.com/fmtlib/dtoa-benchmark):
```
Function Time (ns) Speedup
fmt11 34.471 1.00x
fmt12 21.000 1.64x
```
<img width="766" height="609" src="https://github.com/user-attachments/assets/d7d768ad-7543-468c-b0bb-449abf73b31b" />
- Added `constexpr` support to `fmt::format`. For example:
```c++
#include <fmt/compile.h>
using namespace fmt::literals;
std::string s = fmt::format(""_cf, 42);
```
now works at compile time provided that `std::string` supports `constexpr`
(https://github.com/fmtlib/fmt/issues/3403,
https://github.com/fmtlib/fmt/pull/4456). Thanks @msvetkin.
- Added `FMT_STATIC_FORMAT` that allows formatting into a string of the exact
required size at compile time.
For example:
```c++
#include <fmt/compile.h>
constexpr auto s = FMT_STATIC_FORMAT("{}", 42);
```
compiles to just
```s
__ZL1s:
.asciiz "42"
```
It can be accessed as a C string with `s.c_str()` or as a string view with
`s.str()`.
- Improved C++20 module support
(https://github.com/fmtlib/fmt/pull/4451,
https://github.com/fmtlib/fmt/pull/4459,
https://github.com/fmtlib/fmt/pull/4476,
https://github.com/fmtlib/fmt/pull/4488,
https://github.com/fmtlib/fmt/issues/4491,
https://github.com/fmtlib/fmt/pull/4495).
Thanks @arBmind, @tkhyn, @Mishura4, @anonymouspc and @autoantwort.
- Switched to using estimated display width in precision. For example:
```c++
fmt::print("|{:.4}|\n|1234|\n", "🐱🐱🐱");
```
prints
because `🐱` has an estimated width of 2
(https://github.com/fmtlib/fmt/issues/4272,
https://github.com/fmtlib/fmt/pull/4443,
https://github.com/fmtlib/fmt/pull/4475).
Thanks @nikhilreddydev and @localspook.
- Fix interaction between debug presentation, precision, and width for strings
(https://github.com/fmtlib/fmt/pull/4478). Thanks @localspook.
- Implemented allocator propagation on `basic_memory_buffer` move
(https://github.com/fmtlib/fmt/issues/4487,
https://github.com/fmtlib/fmt/pull/4490). Thanks @toprakmurat.
- Fixed an ambiguity between `std::reference_wrapper<T>` and `format_as`
formatters (https://github.com/fmtlib/fmt/issues/4424,
https://github.com/fmtlib/fmt/pull/4434). Thanks @jeremy-rifkin.
- Removed the following deprecated APIs:
- `has_formatter`: use `is_formattable` instead,
- `basic_format_args::parse_context_type`,
`basic_format_args::formatter_type` and similar aliases in context types,
- wide stream overload of `fmt::printf`,
- wide stream overloads of `fmt::print` that take text styles,
- `is_*char` traits,
- `fmt::localtime`.
- Deprecated wide overloads of `fmt::fprintf` and `fmt::sprintf`.
- Improved diagnostics for the incorrect usage of `fmt::ptr`
(https://github.com/fmtlib/fmt/pull/4453). Thanks @TobiSchluter.
- Made handling of ANSI escape sequences more efficient
(https://github.com/fmtlib/fmt/pull/4511,
https://github.com/fmtlib/fmt/pull/4528).
Thanks @localspook and @Anas-Hamdane.
- Fixed a buffer overflow on all emphasis flags set
(https://github.com/fmtlib/fmt/pull/4498). Thanks @dominicpoeschko.
- Fixed an integer overflow for precision close to the max `int` value.
- Fixed compatibility with WASI (https://github.com/fmtlib/fmt/issues/4496,
https://github.com/fmtlib/fmt/pull/4497). Thanks @whitequark.
- Fixed `back_insert_iterator` detection, preventing a fallback on slower path
that handles arbitrary iterators (https://github.com/fmtlib/fmt/issues/4454).
- Fixed handling of invalid glibc `FILE` buffers
(https://github.com/fmtlib/fmt/issues/4469).
- Added `wchar_t` support to the `std::byte` formatter
(https://github.com/fmtlib/fmt/issues/4479,
https://github.com/fmtlib/fmt/pull/4480). Thanks @phprus.
- Changed component prefix from `fmt-` to `fmt_` for compatibility with
NSIS/CPack on Windows, e.g. `fmt-doc` changed to `fmt_doc`
(https://github.com/fmtlib/fmt/issues/4441,
https://github.com/fmtlib/fmt/pull/4442). Thanks @n-stein.
- Added the `FMT_CUSTOM_ASSERT_FAIL` macro to simplify providing a custom
`fmt::assert_fail` implementation (https://github.com/fmtlib/fmt/pull/4505).
Thanks @HazardyKnusperkeks.
- Switched to `FMT_THROW` on reporting format errors so that it can be
overriden by users when exceptions are disabled
(https://github.com/fmtlib/fmt/pull/4521). Thanks @HazardyKnusperkeks.
- Improved master project detection and disabled install targets when using
{fmt} as a subproject by default (https://github.com/fmtlib/fmt/pull/4536).
Thanks @crueter.
- Made various code improvements
(https://github.com/fmtlib/fmt/pull/4445,
https://github.com/fmtlib/fmt/pull/4448,
https://github.com/fmtlib/fmt/pull/4473,
https://github.com/fmtlib/fmt/pull/4522).
Thanks @localspook, @tchaikov and @way4sahil.
- Added Conan instructions to the docs
(https://github.com/fmtlib/fmt/pull/4537). Thanks @uilianries.
- Removed Bazel files to avoid issues with downstream packaging
(https://github.com/fmtlib/fmt/pull/4530). Thanks @mering.
- Added more entries for generated files to `.gitignore`
(https://github.com/fmtlib/fmt/pull/4355,
https://github.com/fmtlib/fmt/pull/4512).
Thanks @dinomight and @localspook.
- Fixed various warnings and compilation issues
(https://github.com/fmtlib/fmt/pull/4447,
https://github.com/fmtlib/fmt/issues/4470,
https://github.com/fmtlib/fmt/pull/4474,
https://github.com/fmtlib/fmt/pull/4477,
https://github.com/fmtlib/fmt/pull/4471,
https://github.com/fmtlib/fmt/pull/4483,
https://github.com/fmtlib/fmt/pull/4515,
https://github.com/fmtlib/fmt/issues/4533,
https://github.com/fmtlib/fmt/pull/4534).
Thanks @dodomorandi, @localspook, @remyjette, @Tomek-Stolarczyk, @Mishura4,
@mattiasljungstrom and @FatihBAKIR.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Oct 2025 16:23:55 +0000 (17:23 +0100)]
libvirt: Uncomment two lines in the rootfile
- These lines were new in with the previous update from 11.4.0 to 11.7.0 but I
incorrectly commented them out.
- This has been flagged up in the forum as it is stopping the user doing a virsh backup.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Oct 2025 10:18:27 +0000 (11:18 +0100)]
expect: Allow build of expect for swtpm
- expect was previously only built in the toolchain. This allows expect to be built for
swtpm in the normal build.
- It is only used for the building of swtpm so the rootfile has all entries commented
out.
- LFS changed to allow build in the toolchain or in the normal build
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Oct 2025 15:41:43 +0000 (15:41 +0000)]
make.sh: Disable the toolchain during normal builds
This is a precaution because I have seen some files from the toolchain
being baked into the initrd. That should not happen and by keeping PATH
clean, there is no chance for any confusion.
In order to have the tools available that we need to build the initial
system, we will now have to pass a flag.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Oct 2025 17:13:44 +0000 (17:13 +0000)]
make.sh: Create a better PID 1 inside the environment
This is required so that we won't have any make processes locking up any
more. When the build process is getting aborted, this script will now
cleanly terminate anything inside the container and not block make as
PID 1.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 28 Oct 2025 09:41:56 +0000 (10:41 +0100)]
boost: Update to version 1.89.0
- Update from version 1.88.0 to 1.89.0
- Update of rootfiles for all three architectures.
- Changelog
1.89.0
New Libraries
Bloom:
filters, from Joaquín M López Muñoz.
Updated Libraries
Any:
Initial support for C++20 Modules. See the docs for more info.
Asio:
Added allocator constructors to execution_context, io_context and
thread_pool, with the supplied allocator being used for allocating
objects associated with the execution context.
Added a new configuration parameter "timer" / "heap_reserve" that may
be used to reserve space in the vector used for a timer queue's heap.
Added a new configuration parameter "resolver" / "threads" that
specifies the number of internal threads used by async_resolve to
emulate asynchronous address resolution.
Removed deadline_timer, basic_deadline_timer and time_traits from the
convenience header boost/asio.hpp.
Ensured that the Windows named pipes created by connect_pipe use
unique names that do not conflict if Asio is used in multiple,
independent plug-in DLLs.
Changed BOOST_ASIO_CONCURRENCY_HINT_SAFE to be consistent with the
io_context default constructor.
Fixed the documentation for BOOST_ASIO_CONCURRENCY_HINT_UNSAFE_IO to
reflect that registration locking is still enabled.
Added separate b2 and cmake build targets for optional dependencies.
Added the [[noreturn]] attribute to
boost::asio::detail::throw_exception.
Fixed co_spawn to adhere to the asynchronous operation requirement
for non-reentrant invocation of the completion handler.
Added a documentation note on basic_signal_set async signal safety.
Fixed various minor compilation errors on different platforms.
Consult the Revision History for further details.
Atomic:
Added TSAN instrumentation in asm-based x86, AArch32, AArch64 and PPC
backends. This silences TSAN false errors for code using Boost.Atomic
for thread synchronization.
Following the announcement in Boost 1.84, removed support for Windows
versions older than Windows 10.
A note to MinGW-w64 users. Since Windows SDK headers on MinGW-w64
define _WIN32_WINNT to an older Windows version by default,
you may need to define _WIN32_WINNT=0x0A00 or
BOOST_USE_WINAPI_VERSION=0x0A00 when compiling Boost.Atomic
and the code that uses Boost.Atomic.
Support for Windows CE is deprecated and will be removed in a future
release.
Added support for timed waiting operations.
Exposed thread_pause operation, which can be used as a backoff
measure in spin loops. Added support for PowerPC and improved support for AArch64 in thread_pause.
Removed BOOST_ATOMIC_NO_ATOMIC_FLAG_INIT macro definition. Since the
library now requires C++11, BOOST_ATOMIC_FLAG_INIT is always supported.
Enabled bitwise operations for atomic enumerations. This can be
useful when enumerations are used to implement bit masks.
Beast:
Fixes
Conditionally defined immediate_executor_type in async_base.
Added missing cstdint header to detail/cpu_info.hpp.
Fixed std::is_trivial deprecation warnings.
handshake_timeout now applies to closing handshakes during reads.
Improvements
Replaced detail/work_guard.hpp with net::executor_work_guard.
Fixed portability issues for building tests in MinGW.
Documentation
Removed moved sections from documentation.
Removed superfluous log messages from tests.
Acknowledgements
yliu1021
Charconv:
Fixed a performance degradation with from_chars for integer types
Fixed rounding and trailing decimal place bugs with to_chars for
specified precisions with floating point types
Cobalt:
Move assign fixed for generator & promise.
Fixed internal exceptions
Added IO library. Cobalt.io provides a large subset of asio as a
compiled library.
Compat:
Added move_only_function.hpp.
ContainerHash:
Added the hash_is_avalanching trait class.
Conversion:
Added an ability to use polymorphic_downcast and polymorphic_cast in
constexpr (requires C++20).
Core:
Fixed bit_ceil to return 1 for input 0 as per specification. (PR#199)
Added support for std::format to boost::core::string_view. (#190)
Detail:
Operators generated by BOOST_BITMASK now use underlying type of the
enum to implement bitwise operators. The operators are marked
noexcept and constexpr, when possible.
The function bitmask_set generated by BOOST_BITMASK is marked
deprecated. In a future release, BOOST_BITMASK will stop producing
this function. Users are recommended to use double negation (!!mask)
to test if the value is zero. This affects e.g. enums defined in
Boost.Filesystem.
DLL:
Fixed compiling and exporting on Cygwin. Many thanks to Luohao Wang
for the PR!
Fixed building on FreeBSD. Thanks to ash for the bug report!
Added BOOST_DLL_USE_STD_FS CMake option to match the preprocessor
option. Thanks to Yury Bura for the PR!
Filesystem:
Corrected ASAN warnings about comparing pointers to potentially
unrelated objects in path::append. (#335)
Geometry:
Major improvements
PR#1369 Rewrite of traversal
PR#1402 Add geometry polyhedral surface
Improvements
PR#1404 Performance improvements in buffer
PR#1405 Avoid static variables and functions in header files
Breaking changes
PR#1401 Remove deprecated headers
Solved issues
(#1221) Difference with rectilinear multipolygon with integer
coordinates produces invalid polygon with disconnected interior
(#1295) Wrong result in intersection (result polygon is equal to
the biggest of the input polygons)
(#1349) Difference of polygons giving wrong result
(#1382) Buffer operation creates self-intersection
Various fixes of errors and warnings
Hash2:
Added Blake2 algorithm (blake2s_256, blake2b_512).
Added XXH3 algorithm (xxh3_128).
Iterator:
Fixed filter_iterator copy/converting constructor, which could
previously produce an invalid iterator. (#92)
Removed usage of is_trivial in iterator_facade as it is deprecated in
C++26. (#93)
iterator_facade::operator[] now always returns a proxy rather than
conditionally returning a value or a proxy. This allows users to
bind a reference to the result of the operator, regardless of
whether the value type is trivially-copyable. (#61)
The proxy returned by iterator_facade::operator[] now supports
forwarding dereferencing operators to the referenced value. This
allows it[n]->foo() and (*it[n]).foo() expressions to compile.
The proxy returned by iterator_facade::operator[] now implementes
perfect forwarding in its assignment operator.
JSON:
Revamped documentation.
Optionals that are ranges are categorised as optionals.
Described class support is enabled for types with bases.
Log:
Added support for BOOST_LOG_WITHOUT_ASIO configuration macro, which
can be used to remove the dependency on Boost.Asio and disable the
related functionality.
Use locale-independent formatting of the file counter in
text_file_backend when composing log file names. This fixes failures
in the subsequent parsing of the file names in
file_collector::scan_for_files. (PR#246)
Added a new wrap_filter utility that simplifies injecting
user-defined function objects in filtering expressions. (#195)
Math:
Add explicit C++14 <type_traits> and constexpr requirement to builds
Collected fixes for GPU support on a variety of platforms
Fix lower incomplete gamma function with x = 0
Fix the external archive error in the jSO algorithm
Fix numeric underflow in ibeta
Fix inverse ibeta for large values of a and b
Fix variadic functions to make them safe with C++26
MQTT5:
Fixed incorrect parsing of URI paths in the list of brokers (#31).
Default Maximum Packet Size now explicitly set in the CONNECT packet.
(#33).
Fixed high CPU usage with large Maximum Packet Size values (#33).
Multiprecision:
Major update.
Adds a new backend type: cpp_double_fp_backend
Fixes a namespace collision with Boost.Serialization
MySQL:
The caching_sha2_password authentication plugin can now be used
without TLS. This is the default in MySQL 8 and above. Plaintext
connections that attempt to use this plugin no longer fail with
client_errc::auth_plugin_requires_ssl (#313).
Fixed a problem causing client_errc::incomplete_message to be
returned during connection establishment when the target database
does not exist and the caching_sha2_password is used. The
appropriate server-generated diagnostic is now returned. See
issues #468 and #488.
The handshake algorithm is now more resilient to protocol violations
(#469).
Fixed a build failure with gcc-15 due to a missing include (PR#475).
Thanks hhoffstaette for the PR.
Added benchmarks against the official drivers.
Optimized metadata representation to be faster to construct and take
less memory (#461).
PFR:
Rewrite C++20 module following the new recommended Boost practice.
See the docs for more info.
Fixed C++26 compilation on modern clang compilers. Thanks to Valery
Mironov for the report!
Support types that use 'Arrays of Length Zero' compiler extension.
Fixed typos. Thanks to Egor for highlighting the issues!
Return std::array<std::string_view, 0> type for
boost::pfr::names_as_array(empty_struct{}) to allow compilation of for
(std::string_view name : boost::pfr::names_as_array(empty_struct{})).
Many thanks to sabudilovskiy for the bug report!
process:
Added v1.hpp to emulate v1 process.hpp include.
Fix to windows path escaping
Fixed exit-code issue wehre terminate & async_wait lead to a loss of
the exit-code value.
Random:
Fix NAN being generated by beta_distribution
Improve the performance of beta_distribution::operator()
TypeIndex:
Initial support for C++20 Modules. See the docs for more info.
Unordered:
Deprecated boost::unordered::hash_is_avalanching is now a
using-declaration of boost::hash_is_avalanching in
<boost/container_hash/hash_is_avalanching.hpp>. Use that header
directly instead. <boost/unordered/hash_traits.hpp> will be removed
in the future.
Added pull(const_iterator) to open-addressing containers. This
operation allows for efficient removal and retrieval of an element
via move construction.
Histogram:
Update CMake minimum version and Python detection in CMake
Improve documentation
Add example on how to make an axis which accepts multiple value
types that are not implicitly convertible
Show how to use histogram::fill with a multidimensional histogram
efficiently when data per dimension is already available as
contiguous data
Don't use deprecated form of user-defined literal operator
Add support for modular build structure with b2
Fixed warnings in MSVC about narrowed types
Added collector accumulator, which stores all values in a bin
Internal changes to tests and classes in detail namespace
Updated Tools
Build:
Includes release of B2 version 5.3.2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 Oct 2025 16:05:36 +0000 (17:05 +0100)]
ovpnmain.cgi: Add newline after comment
This caused that the first line of the client's custom DHCP/DNS
configuration was ignored.
Fixes: #13895 - OpenVPN GUI does not apply DNS resolver settings for individual roadwarrrior connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 Oct 2025 15:52:43 +0000 (16:52 +0100)]
ovpnmain.cgi: Fix pushing all routes
If there were multiple client routes configured, the OpenVPN server was
only told about the first one. This patch fixes this and also cleans up
the code for pushing the server routes, too.
Fixes: #13901 - iroute line is only written for the first of the OpenVPN client routes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 11:11:11 +0000 (12:11 +0100)]
xfsprogs: Update to version 6.17.0
- Update from version 6.16.0 to 6.17.0
- No change in rootfile
- Changelog
6.17.0
xfs_scrub_fail: reduce security lockdowns to avoid postfix problems (Darrick J. Wong)
mkfs: fix copy-paste error in calculate_rtgroup_geometry (Darrick J. Wong)
xfs_scrub: fix strerror_r usage yet again (Darrick J. Wong)
mkfs: fix libxfs_iget return value sign inversion (Darrick J. Wong)
xfs_scrub: Use POSIX-conformant strerror_r (A. Wilcox)
xfs_db: use file_setattr to copy attributes on special files with rdump (Andrey Albershteyn)
xfs_io: make ls/chattr work with special files (Andrey Albershteyn)
xfs_quota: utilize file_setattr to set prjid on special files (Andrey Albershteyn)
configure: Base NEED_INTERNAL_STATX on libc headers first (Johannes Nixdorf)
xfs_io: add FALLOC_FL_WRITE_ZEROES support (Zhang Yi)
xfsprogs: fix utcnow deprecation warning in xfs_scrub_all.py (Christian Kujau)
Improve information about logbsize valid values (Carlos Maiolino)
proto: add ability to populate a filesystem from a directory (Luca Di Maio)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 11:05:14 +0000 (12:05 +0100)]
usbutils: Update to version 019
- Update from version 018 to 019
- No change to rootfile
- Changelog
019
usbreset.1: fix typo in the busnum/devicenum example
lsusb.py: add usb.ids path for Debian
usbreset: fix swapped vendor and product ID in help/manpage
usbreset.1: fix groff warnings and small fixes
ci: stop manually creating build/
ci/codeql: use filter-sarif to filter meson-private
Remove commented out code in usbreset.c and list.h and container_of.h
lsusb: turn a FIXME comment for dump_comm_descriptor() into something real
lsusb: remove FIXME about wireless usb device
lsusb: change FIXME for bmEthernetStatistics into a TODO
lsusb.c: change TODO into a fixme in do_dualspeed()
usbreset: move the serial number forward in the output
usb-devices: fix up bash warning for $altset
usb-devices: fix up some minor shellcheck warning messages
usb-spec: remove vendor specific entry
usbreset: apply clang-format
usbreset: support resetting device by serial number
ci: Fix debian/ubuntu installation
lsusb: Show wBytesPerInterval field of the SS EP companion descriptor
usb-devices: Make devcount 'local' to handle recursion
usb-devices: Make devnum 'local' to handle recursion
lsusb-t: add verblevel 3 to print_usbdevice()
lsusb: improve usb2 device capability descriptor
Fix display of HID descriptors
ci: bump the all-actions group with 4 updates
ci: bump github/codeql-action in the all-actions group
ci: bump github/codeql-action in the all-actions group
ci: bump the all-actions group with 2 updates
ci: bump github/codeql-action in the all-actions group
ci: bump the all-actions group with 2 updates
ci: bump the all-actions group with 2 updates
ci: bump github/codeql-action in the all-actions group
ci: bump the all-actions group across 1 directory with 3 updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 11:01:15 +0000 (12:01 +0100)]
sysvinit: Update to version 3.14
- Update from version 3.11 to 3.14
- Update of rootfile
- Changelog
3.14
* Re-introduced DESTDIR flag in src/Makefile to assist building on Arch.
* Fixed typo in init.8 manual page.
* Expand process length in inittab to allow a command line 253 characters
(up from 127). Expand child process structure to accomidate 253
and some buffer room for newline/NULL.
* Clear buffer when reading long lines from inittab, avoids garbage left
over from old lines with long commands or comments.
* Drop lines which are too long from inttab conf and log warning rather
than truncate.
3.13
* Adjusted manual page install location. Patch provided
by Mark Hindley.
3.12
* There were instances of the ctime() function being called in multiple
files without checking the return value (can be NULL) and without
checking the length of the returned information. While there _should_
never be a case where ctime() fails assuming success and length of
returned string isn't ideal (or future-proof). We now check the return
value of ctime() in bootlogd, dowall, last, logsave, and shutdown.
Where no valid value is returned we supply a dummy value (usually a
space in place of the expected time stamp). We also no longer assume
returned string is at least 11-16 characters.
* Re-commit flexible Makefile for GoboLinux.
* Make sure pty.h and sys/sysmacros.h are included when building bootlogd on
systems with glibc.
* Fixed typos and syntax in manual page for init.8.
Edits provided by : Bjarni Ingi Gislason.
* Allow setting of location of the /usr directory in src/Makefile.
This is handled by the usrdir variable.
* Make sure src/Makefile uses sysconfdir (/etc by default) when installing
configuration files.
* Fix typos and syntax in pidof manual page.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 10:54:50 +0000 (11:54 +0100)]
ninja: Update to version 1.13.1
- Update from version 1.12.1 to 1.13.1
- No change in rootfile
- Changelog
1.13.1
Fix LINK : fatal error LNK1104: cannot open file on Windows in some cases #2616
Compatibility with older distros for Linux ARM version #2619
Restore "multiple rules generate" error with dyndep #2621
1.13.0
Ninja now automatically joins a GNU Make jobserver as a client (version 4.4 on
non-Windows systems required for "fifo" style) #1139
Print exit code of failed subcommands #1507
New tool ninja -t compdb-targets like compdb, but takes a list of targets
instead of rules #1544
Support for ANSI (color) escape codes in NINJA_STATUS #713
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 10:49:25 +0000 (11:49 +0100)]
fuse: Update to version 3.17.4
- Update from version 3.15.0 to 3.17.4
- Update of rootfile
- Changelog
3.17.4
- Try to detect mount-utils by checking for /run/mount/utab
and don't try to update mtab if it does not exist
- Fix a build warning when HAVE_BACKTRACE is undefined
- fuse_loop_mt.c: fix close-on-exec flag on clone fd
- Remove struct size assertions from fuse_common.h
3.17.3
* more conn->want / conn->want_ext conversion fixes
* Fix feature detection for close_range
* Avoid double unmount on FUSE_DESTROY
3.17.2
* Fixed uninitized bufsize value (compilation warning and real
issue when HAVE_SPLICE was not defined)
* Fixed initialization races related to buffer realocation when
large buf sizes are used (/proc/sys/fs/fuse/max_pages_limit)
* Fix build with kernel < 5.9
* Fix static_assert build failure with C++ version < 11
* Compilation fix (remove second fuse_main_real_versioned declaration)
* Another conn.want flag conversion fix for high-level applications
* Check if pthread_setname_np() exists before use it
* fix example/memfs_ll rename deadlock error
* signal handlers: Store fuse_session unconditionally and restore
previous behavior that with multiple sessions the last session
was used for the signal exist handler
3.17.1
* fuse: Fix want conn.want flag conversion
* Prevent re-usage of stdio FDs for fusermount
* PanFS added to fusermount whitelist
3.17.1-rc1
* several BSD fixes
* x86 (32bit) build fixes
* nested declarations moved out of the inlined functions to avoid
build warnings
* signify public key added for future 3.18
3.17.1-rc0
* Fix libfuse build with FUSE_USE_VERSION 30
* Fix build of memfs_ll without manual meson reconfigure
* Fix junk readdirplus results when filesystem not filling stat info
* Fix conn.want_ext truncation to 32bit
* Fix some build warnings with -Og
* Fix fuse_main_real symbols
* Several changes related to functions/symbols that added in
the libfuse version in 3.17
* Add thread names to libfuse threads
* With auto-umounts the FUSE_COMMFD2 (parent process fd is
exported to be able to silence leak checkers
3.17
* 3.11 and 3.14.2 introduced ABI incompatibilities, the ABI is restored
to 3.10, .so version was increased since there were releases with
the incompatible ABI
* The libfuse version a program was compiled against is now encoded into
that program, using inlined functions in fuse_lowlevel.h and fuse.h
* Allows to handle fatal signals and to print a backtrace.
New API function: fuse_set_fail_signal_handlers()
* Allows fuse_log() messages to be send to syslog instead of stderr
New API functions: fuse_log_enable_syslog() and fuse_log_close_syslog()
* Handle buffer misalignment for FUSE_WRITE
* Added support for filesystem passthrough read/write of files when
FUSE_PASSTHROUGH capability is enabled
New API functions: fuse_passthrough_open() and fuse_passthrough_close(),
also see example/passthrough_hp.cc
* Added fmask and dmask options to high-level API
- dmask: umask applied to directories
- fmask: umask applied to non-directories
* Added FUSE_FILL_DIR_DEFAULTS enum to support C++ programs using
fuse_fill_dir_t function
* Added support for FUSE_CAP_HANDLE_KILLPRIV_V2
Fixes:
* Fixed compilation failure on FreeBSD (mount_bsd.c now points to correct
header)
3.16.2
* Various small fixes and improvements.
3.16.1
* Readdir kernel cache can be enabled from high-level API.
3.15.1
Future libfuse releases will be signed with `signify`_ rather than PGP
This release is the last to be signed with PGP and contains the signify public
key for current (3.15.X) and upcoming (3.16.X) minor release cycle.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 27 Oct 2025 10:35:41 +0000 (11:35 +0100)]
samba: Update to version 4.23.2
- Update from version 4.23.1 to 4.23.2
- No change to any of the rootfiles
- Changelog
4.23.2
This is a security release in order to address the following defects:
o CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr.
https://www.samba.org/samba/security/CVE-2025-9640.html
o CVE-2025-10230: Command injection via WINS server hook script.
https://www.samba.org/samba/security/CVE-2025-10230.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 25 Oct 2025 15:37:54 +0000 (17:37 +0200)]
fetchmail: Update to version 6.5.7
- Update from version 6.5.6 to 6.5.7
- No change to rootfile
- Changelog
6.5.7
BUGFIXES:
* When authenticating to an SMTP server, the AUTH LOGIN method (which didn't
become a proposed standard, and is only the third method fetchmail would try,
if CRAM-MD5 and PLAIN weren't offered) required that the server returned
a 334 code followed by a blank and by a decodable base64 challenge we ignored
anyways. This is in line with RFC 4952.
However, to improve compatibility, fetchmail now accepts anything that
starts with "334 " and disregards the remainder of the line.
At the same time, AUTH LOGIN was deprecated. AUTH PLAIN should be available
everywhere AUTH LOGIN is, and is specified in IETF RFC 4616.
* When authenticating to an SMTP server, i. e. esmtpname/esmtppassword are
defined, check for errors, and skip servers that do not understand EHLO,
because we cannot negotiate supported authentication schemes with them.
This should avoid attempting to send a lot of messages and see them rejected.
* When authenticating to an SMTP server, do not send client abort "*" when
we receive any other server reply but 334.
* Extend 6.5.6's RFC-5321 address-literal fix to MAIL FROM. This might
apply when we only have a server's IP address and need to quality
addresses without domain. Fixes Debian Bug#1080025.
* SMTP AUTH can now look up passwords from the .netrc file - for that,
fetchmail's esmtpname setting must match the login for the given host in
.netrc. Fixes Debian Bug#1056651 by Ticker Berkin.
* Improve the GSSAPI (Kerberos V) build, which was pretty hard to get working.
This was improved. Recommendation:
- For autoconf builds (./configure), be sure to have the desired krb5-config
executable early on $PATH before running ./configure.
- For meson builds, be sure to list the path to your krb5-gssapi.pc file on
PKG_CONFIG_PATH. (meson will fall back to krb5-config, so if that's on PATH,
that should also work.)
TRANSLATION UPDATES were contributed by these fine people - thank you!
* The Italian translation is back - it had been missing from earlier 6.5.X
since it had fallen too far behind with the last update in 2010.
* cs: Petr Pisar [Czech]
* eo: Keith Bowes [Esperanto]
* es: Cristian Othón Martínez Vera [Spanish]
* fr: Frédéric Marchal [French]
* it: Luca Vercelli [Italian]
* ja: Takeshi Hamasaki [Japanese]
* pl: Jakub Bogusz [Polish]
* ro: Remus-Gabriel Chelu [Romanian]
* sq: Besnik Bleta [Albanian]
* sv: Göran Uddeborg [Swedish]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 25 Oct 2025 16:28:57 +0000 (18:28 +0200)]
whois: Update to version 5.6.5
- Update from version 5.6.4 to 5.6.5
- No change to rootfile
- Changelog
5.6.5
* Updated the .co TLD server.
* Added some large KRNIC networks.
* Updated the second level .uk TLD servers.
* Removed the .pro TLD server.
* Removed 1 new gTLD which is no longer active.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
