Michael Tremer [Wed, 20 May 2026 15:15:44 +0000 (16:15 +0100)]
sambactrl: Fix local priviledge escalation
From the reporter:
LPE in /usr/local/bin/sambactrl 'join' action
File: src/misc-progs/sambactrl.c, lines 117-126.
All other actions call is_valid_argument_alnum() on argv[2]. The
'join' branch skips it entirely and feeds argv[2]/argv[3] into
snprintf + safe_system (which is /bin/sh -c). Binary is installed
-m 4750 -g nobody (src/misc-progs/Makefile:41), so any nobody-context
process can invoke it and escalate to root.
Reported-by: valent1 <gooads612@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 20 May 2026 15:04:25 +0000 (16:04 +0100)]
samba: Fix shell command execution vulnerability in join operation
From the reporter:
File: html/cgi-bin/samba.cgi, lines 96-98 and 790-798.
joindomain() builds @options = ("/usr/local/bin/sambactrl","join",
$username, $password) and runs qx(@options). In Perl, qx(@array)
joins with $" and passes the result to /bin/sh -c. POST parameters
USERNAME and PASSWORD reach this with no validation on the 'join'
code path. RCE as the web user (nobody).
Reported-by: valent1 <gooads612@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:38 +0000 (23:28 +0200)]
xfsprogs: Update to version 7.0.0
- Update from version 6.19.0 to 7.0.0
- Update of rootfile
- Changelog
7.0.0
xfs_scrub: drop the warning about mixed bidirectional codepoints in names
(Darrick J. Wong)
xfs_scrub_all: fix deadlock if lsblk produces a lot of output (Darrick J. Wong)
xfs_scrub: warn about unicode variation selectors in names (Darrick J. Wong)
xfs_quota: display default limits for users with zero usage (Ravi Singh)
debian: add version control tags to control (Darrick J. Wong)
xfs_scrub: raise media verification IO limits (Darrick J. Wong)
xfs_scrub: drop SCSI_VERIFY code from disk. (Darrick J. Wong)
xfs_scrub: clean up device-related error messages (Darrick J. Wong)
xfs_scrub: perform media scanning of the log region (Darrick J. Wong)
scrub: don't allocate disk for ioctl-based media verify (Christoph Hellwig)
xfs_scrub: use the verify media ioctl during phase 6 if possible
(Darrick J. Wong)
scrub: simplify verifier threads calculation (Christoph Hellwig)
xfs_scrub: move read verification scheduling to phase6.c (Darrick J. Wong)
xfs_scrub: fix i18n of the decode_special_owner return value (Darrick J. Wong)
xfs_scrub: report truncated devices as media errors (Darrick J. Wong)
debian: enable xfs_healer on the root filesystem by default (Darrick J. Wong)
debian/control: listify the build dependencies (Darrick J. Wong)
mkfs: enable online repair if all backrefs are enabled (Darrick J. Wong)
xfs_io: add listmount and statmount commands (Darrick J. Wong)
xfs_scrub: print systemd service names (Darrick J. Wong)
xfs_healer: add a manual page (Darrick J. Wong)
xfs_healer: validate that repair fds point to the monitored fs (Darrick J. Wong)
xfs_healer: use statmount to find moved filesystems even faster (Darrick J. Wong)
xfs_healer: use getmntent to find moved filesystems (Darrick J. Wong)
xfs_healer: run full scrub after lost corruption events or targeted repair
failure (Darrick J. Wong)
xfs_healer: use the autofsck fsproperty to select mode (Darrick J. Wong)
xfs_healer: don't start service if kernel support unavailable (Darrick J. Wong)
xfs_healer: create a service to start the per-mount healer service
(Darrick J. Wong)
xfs_healer: create a per-mount background monitoring service (Darrick J. Wong)
xfs_healer: enable repairing filesystems (Darrick J. Wong)
xfs_healer: create daemon to listen for health events (Darrick J. Wong)
xfs_io: add a media verify command (Darrick J. Wong)
xfs_io: monitor filesystem health events (Darrick J. Wong)
man2: document the media verification ioctl (Darrick J. Wong)
man2: document the healthmon ioctl (Darrick J. Wong)
fsr: always print error messages from xfrog_defragrange() (Carlos Maiolino)
fsr: package function should check for negative errors (Carlos Maiolino)
xfs_repair: don't fail on INCOMPLETE attrs in leaf blocks (Darrick J. Wong)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:37 +0000 (23:28 +0200)]
samba: Update to version 4.24.2
- Update from version 4.24.1 to 4.24.2
- No change in rootfiles
- 1 CVE Fix
- Changelog
4.24.2
* BUG 16038: Samba 4.24 with cups can't get queue and shows errors about
fetch_share_cache_time
* BUG 16043: Fix a directory file descriptor leak in vfs_glusterfs that
caused unbounded memory growth on the GlusterFS brick with
persistent SMB2 connections.
* BUG 16030: Windows Offline Files fails with permission error when directory
has the read‑only attribute set
* BUG 15991: samba not triggering mount of zfs snapshot in dataset
.zfs/snapshots/<snapname> directory
* BUG 15999: net ads join still fails with multiple DCs
* BUG 16076: samba-tool shows wrong format specifiers for timestamp
attributes
* BUG 14638: restrict anonymous = 2 breaks RODC functionality
* BUG 15973: smbpasswd can crash winbindd on an AD DC
* BUG 15995: smbd does not cleanup on disconnect of the transport connection
on lease break errors
* BUG 16059: CVE-2026-40170: thirdparty ngtcp2 needs to be updated
* BUG 16067: Require NTLMv2 session security on Windows makes trusts to Samba
unusable
* BUG 16073: Winbind can change Ownership Of / To A User Who has Homedir / In
passwd
* BUG 15987: Winbind lsa_OpenPolicy() fails on lsa connection setup with:
NT_STATUS_RPC_CANNOT_SUPPORT
* BUG 16068: CTDB read-only record handling contains use after free and
resource leak bugs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:36 +0000 (23:28 +0200)]
postfix: Update to version 3.11.3
- Update from version 3.11.1 to 3.11.3
- No change in rootfile
- Changelog
3.11.3
Bitrot: builds with musl libc broke, because they were using an obsolete
NO_SNPRINTF code path that had not been updated for Claude Code findings.
Two fixes for a signed integer overshift condition (a left shift into the sign bit).
This "works" on contemporary CPUs, but may break in the future. One reported by
Kamil Frankowicz, and one by Robert Sayre.
Viktor Dukhovni fixed an 'uninitialized value' error in the 'collate.pl' script.
Test code fixes by Viktor Dukhovni for a deprecation warning with OpenSSL 4.0, and
for a race condition that caused a test script to fail.
3.11.2
Bugfix (defect introduced: Postfix 3.11): the proxymap(8) daemon dereferenced an
uninitialized pointer after a request protocol error. This daemon is not
exposed to local or remote users. Found by Claude Opus 4.6.
Bugfix (defect introduced: 20260309) a change, to set the service_name default
value to "amnesiac", violated a test that parameter names in postconf output
must match 1:1 with parameter names in the postlink script.
Portability: support for recent FreeBSD, NetBSD, and OpenBSD versions. Brad Smith.
Bugfix (defect introduced: Postfix 2.2, date 20041207): When truncating a database
file, the cdb: database client looked at the file size from before requesting
an exclusive lock on a database file, instead of the file size after the
exclusive lock was granted. Found by Claude Opus 4.6.
Bugfix (defect introduced: Postfix alpha, date 19980309): file descriptor leak
after fork() failure. Found by Claude Opus 4.6.
Mistakes in debug logging. Found by Claude Opus 4.6. This affected two files in
Postfix 3.8 and 3.9, three files in Postfix 3.10 and 3.11.
Unchecked null pointer results after an out-of-memory condition in a library
dependency. Found by Claude Opus 4.6. The fix is to return an error status or
to log a fatal error. This affected three source files.
Missing or incomplete guards for ssize_t or int overflow, found by Claude Opus 4.6.
This affected three source files. These limits are unlikely to be exceeded
because the size of in-memory objects is limited by design (the number of
in-memory objects is also limited).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:35 +0000 (23:28 +0200)]
openvpn: Update to version 2.7.4
- Update from version 2.7.3 to 2.7.4
- No change in rootfile
- Changelog
2.7.4
configure: Remove --enable-strict
GHA: Maintenance Update April 2026
GHA: Add caching for vcpkg builds
dns-scripts: Fix dnssec values in comments and Copyright statement format
Fix pkgcs11 vcpkg port installing debug files on release builds
Mbed TLS: Error out if we have no valid tls-groups
dns: minimalist fix for dnssec setting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:34 +0000 (23:28 +0200)]
libunistring: Update to version 1.4.2
- Update from version 1.3 to 1.4.2
- Update of rootfile
- Changelog
1.4.2
* Fixed a build failure on systems with glibc 2.43.
1.4.1
* Fixed a compilation error in C++ mode.
1.4
* The data tables and algorithms have been updated to Unicode version 17.0.0.
* Fixed a bug: The functions u*_grapheme_next and u*_grapheme_prev did not
work right for strings with Indic characters, Emojis, or regional indicators.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:33 +0000 (23:28 +0200)]
libksba: Update to version 1.8.0
- Update from version 1.6.8 to 1.8.0
- Update of rootfile
- Changelog
1.8.0
* New function ksba_cms_get_attribute. [rKf40bfced7c]
* Support building of unsigned attributes with
ksba_cms_add_attribute. [rK54d7e3bea8]
1.7.0
* Add support for building AuthEnvelopedData. [T3979]
* New function ksba_cms_add_attribute. [T4537]
* Fix silent truncation of 64 bit length fields. [T8246]
* Fix incorrect overflow guard condition in _ksba_ber_read_tl. [T8247]
* Interface changes relative to the 1.6.0 release:
ksba_cms_add_attribute NEW.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:22 +0000 (23:28 +0200)]
btrfs-progs: Update to version 7.0
- Update from version 6.19.1 to 7.0
- No change in rootfile
- Changelog
* btrfstune: add ability to do offline conversion to the remap tree
(experimental feature)
* mkfs: add hole detection when precalculating size for --rootdir
* fixes: recognize fs-verity tree items in various tools (check)
* enable PCLMUL implementation on Musl (previously using SSE 4.2 at best)
* help format changed to be in line with common packages like util-linux
* reject writes to filesystem during check/btrfstune in case there's pending
state of device replace or balance
* other:
* build ARM64 static binaries (attached to GH release) backward
compatibility level is 'archv8-a'
* CI updates
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20251016-3.1 to 20260512-3.1
- Update of rootfile
- Changelog 20260512-3.1
* src/el.c: regression: Remove nonportable upstream HAVE_ISSETUGID block
Reported by Jerry James
* all: sync with upstream source
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:30 +0000 (23:28 +0200)]
elfutils: Update to version 0.195
- Update from version 0.194 to 0.195
- Update of rootfile
- Removal of FTBFS patch as now built into tarball
- Changelog
0.195
CONTRIBUTING: elfutils has adopted a policy on the use of Large Language
Models (LLMs). Contributions containing output generated
by LLMs are not currently being accepted.
debuginfod: Introduce --home-redirect and --home-html switches allowing
for redirecting to custom URL and/or serving a custom html
file, if document root is requested. Related: PR33635.
New command line option --max-depth that limits scanner depth.
Metadata queries now support lookup by build-id.
New function debuginfod_default_progressfn added to
libdebuginfod.
debuginfod-find: Fixed bug where DEBUGINFOD_PROGRESS environment variable
was ignored if debuginfod-find was invoked without -v.
elflint: Recognize .debug_*.dwo sections, .relro_padding sections as well
as SHT_AARCH64_ATTRIBUTES, SHT_LLVM_LTO and SHT_LLVM_ADDRSIG.
Accept R_X86_64_DTPOFF64 in ET_REL files.
Add lints for PT_LOAD, PT_INTERP and PT_PHDR segments.
libdw: Added language constants for Erlang, Elixir and Gleam.
Fixed bug that caused sections in DWARF package files (.dwp) to be
missed if section .debug_dwp is present.
libdwfl: Improved handling of Linux kernel object files with sh_addr
fields set to non-zero.
libdwfl_stacktrace: AArch64 and 32-bit ARM support added. The
libdwfl_stacktrace library interface is experimental
and may be subject to API/ABI changes.
libelf: New man pages for gelf.h functions.
Fixed gelf_getmove and gelf_update_move assertion failures caused
by incorrect ELFCLASS32/ELFCLASS64 handling.
elf_update now correctly handles binaries with 65280+ sections
when section zero headers aren't loaded.
readelf: Improved support for DWARF Package Files (.dwp) sections.
Improved output format for .gcc_except_table.
stacktrace: This experimental tool is scheduled to be removed in the next
release and replaced with the upcoming eu-stackprof tool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 May 2026 21:28:31 +0000 (23:28 +0200)]
gdb: Update to version 17.2
- Update from version 17.1 to 17.2
- No change in rootfile
- Changelog
17.2
* PR dap/33228 ([gdb/dap] error while listing register children)
* PR gdb/33737 (gdb --help says 'For more information, type "stream"
from within GDB', but "stream" is not a defined command)
* PR build/33747 (Incompatible with MUSL libc: no member named 'c_ospeed'
in 'termios')
* PR gdb/33748 (gdb17 regression with displaying ANSI colors)
* PR gdb/33753 (Out-of-bounds writes in string_{v}printf -- threads
and static data don't mix)
* PR cli/33761 (Setting style colors is broken on MS-Windows)
* PR gdb/33768 (Loading compressed GDB scripts from .debug_gdb_scripts fails)
* PR symtab/33775 ([gdb/symtab] data race in
dwarf2_per_cu::{set_addr_size,set_offset_size,set_ref_addr_size})
* PR symtab/33777 ([gdb/symtab] dw2_get_file_names doesn't cache result
for dummy CU)
* PR symtab/33825 ([dwz] Extremely slow symbol lookup with DWZ-compressed
debug info (thousands of partial units))
* PR testsuite/33845 (gdb: There are 4 unexpected failures in
breakpoint-in-ro-region.exp)
* PR gdb/33872 (`skip -gfile` has inverted logic)
* PR gdb/33926 (GDB 17.1 AArch64: redefinition of user_gcs struct on musl)
* PR breakpoints/34112 (rbreak `file:regex` sets breakpoints for matches
outside of `file` [reproducer attached])
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #13977 - IPS log viewer shows empty/deleted logs after midnight after Suricata logs were changed to daily rotation Reported-by: Adam Gibbons <ag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20260227 to 20260512
- Update of rootfile
- Changelog 20260512
Purpose
Security updates for INTEL-SA-01420
Update for functional issues. Refer to 4th Gen Intel® Xeon® Scalable Processors Specification Update for details.
Update for functional issues. Refer to 5th Gen Intel® Xeon® Scalable Processors Specification Update for details.
Update for functional issues. Refer to Intel® Core™ Ultra 200 V Series Processor for details.
Update for functional issues. Refer to Intel® Core™ Ultra Processors (Series 2) for details.
Update for functional issues. Refer to Intel® Core™ Ultra Processors (Series 3) for details.
Update for functional issues. Refer to Intel® Xeon® 6700 Series Processors with E-cores for details.
Update for functional issues. Refer to Intel® Xeon® 6900/6700/6500 Series Processors with P-cores for details.
Update for functional issues. Refer to Intel® Xeon® 6700P-B/6500P-B-Series SoC with P-Cores for details.
New Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
PTL 404 A1 06-cc-03/90 0000011b Intel Core Ultra Processor (Series 3)
PTL-H 484/12Xe A0/B0 06-cc-02/90 0000011b Intel Core Ultra Processor (Series 3)
Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
ARL-H A1 06-c5-02/82 0000011b00000121 Core Ultra Processor (Series 2)
ARL-S/HX (8P) B0 06-c6-02/82 0000011b00000121 Core Ultra Processor (Series 2)
EMR-SP A1 06-cf-02/87 210002d3210002e0 Xeon Scalable Gen5
GNR-AP/SP Bx/Hx/Lx 06-ad-01/95 0100040501000423 Xeon 6900/6700/6500 Series Processors with P-Cores
GNR-D B0/B1 06-ae-01/97 0100030301000307 Xeon 6700P-B/6500P-B Series SoC with P-Cores
GNR-SP R1S Bx/Hx/Lx 06-ad-01/20 0a0001330a000142 Xeon 6700/6500-Series Processors with P-Cores
LNL B0 06-bd-01/80 0000012500000126 Core Ultra 200 V Series Processor
SPR-SP E4/S2 06-8f-07/87 2b0006612b000670 Xeon Scalable Gen4
SPR-SP E5/S3 06-8f-08/87 2b0006612b000670 Xeon Scalable Gen4
SRF-AP/SP C0 06-af-03/01 03000382030003a3 Xeon 6900/6700-Series Processors with E-Cores
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 13 May 2026 19:37:07 +0000 (21:37 +0200)]
expat: Update to version 2.8.1
- Update from version 2.8.0 to 2.8.1
- Update of rootfile
- 1 CVE fix
- Changelog
2.8.1
Security fixes:
#1216 CVE-2026-45186 -- Fix quadratic runtime from attribute name
collision checks that allowed denial of service attacks
through moderately sized crafted XML input (CWE-407).
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
#1209 #1213 Drop more casts related to `void *` that C99 does not need
#1213 xmlwf: Streamline use of `mmap`
#1214 #1217 Version info bumped from 13:0:12 (libexpat*.so.1.12.0)
to 13:1:12 (libexpat*.so.1.12.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#1210 CI: Cover compilation with Visual Studio 18 2026 on Windows
#1215 CI: Cover compilation for ARM64 on Windows
#1212 CI: Bump WASI SDK from 32 to 33
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 11 May 2026 16:55:51 +0000 (18:55 +0200)]
backup.pl: Create the new unbound user and group when doing a restore
- With the introduction of the unbound user and group, when a restore is done from a
earlier backup when user and group nobody were used then the unbound user and group
are removed as passwd and group are backed up.
- Using the entry already present for the dhcpcd user and group I cre4ated this patch.
- Not 100% certain it is the correct way to do it, as I am not sure about if a restore
is done where the unbound user and group already exist but presumably the same effect
occurs with the dhcpcd user and group.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 11 May 2026 10:42:27 +0000 (12:42 +0200)]
ovpnmain.cgi: CU202 fix - Update the RW Log Status extraction
- Previously the second section of the RW Log Status file had IP:Port, so selecting the
first part of that section showed the IP.
- The new status now has Protocol:IP:Port so the selection has to be changed to the
second part of that section so the index goes from 0 to 1
- That was missed by me when I did the OpenVPON-2.7 update
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 8 May 2026 10:30:07 +0000 (12:30 +0200)]
grub-btrfs: Update to version 4.14
- Update from version 4.13 to 4.14
- Update of rootfile
- Updated remove bug report url patch
- Changelog
4.14
Update grub-btrfsd submenu creation by @bkmo in #289
Add codespell support (config, workflow to alert on new typos) + make it fix typos
by @yarikoptic in #309
Update Arch Linux package URL in README.md by @felixonmars in #305
Fix bashism by @bastien-roucaries in #311
add support for yabsnap snapshot information by @64-bitman in #318
Fix RAID by @aidan-gibson in #325
Add support for GRUB patches from SUSE by @StollD in #321
add support for booting snapshots on LUKS encrypted disk by @cip91sk in #333
Get default early initrd list from GRUB_EARLY_INITRD_LINUX_STOCK by @JustTNE in #389
Ignore Podman container images by @wgalen in #380
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 8 May 2026 10:30:08 +0000 (12:30 +0200)]
grub: Update to version 2.14
- Update from version commit 0e36779-bootstrapped to 2.14
- Update of rootfiles for all three architectures.
- When grub-2.14 install was first tested it failed at the creation of the flash images
due to a problem with the base address used. This was also a problem for
distributions. Arch Linux, NixOS, Libreboot have all reverted two commits to get
grub-2.14 working correctly. I suspect other distros have also done that.
- The revert patches used here have been created based on the ones applied in the grub
repo. The actual ones could not be directly used as they have been created based
on 2.14 plus some other commits that change the files being modified.
- All three architectures have been tested in builds to confirm that the flash-images
lfs build worked, which they all did.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 7 May 2026 18:20:00 +0000 (18:20 +0000)]
strongSwan: Update to 6.0.6
Please see https://github.com/strongswan/strongswan/releases/tag/6.0.6
for the release notes of this version.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 7 May 2026 18:16:00 +0000 (18:16 +0000)]
Tor: Update to 0.4.9.7
Changes in version 0.4.9.7 - 2026-05-06
This is a security release fixing several major bugfixes that were reported
in the past weeks. Huge thanks to everyone that reported these issues! We
strongly recommend upgrading as soon as possible.
o Major bugfixes (cell handling):
- Fix out-of-bounds read (OOB) when END, TRUNCATE and TRUNCATED cell
have no reason in their payload. TROVE-2026-011. Found by Found by
Brian Carpenter (geeknik). Fixes bug 41254; bugfix
on 0.1.1.1-alpha.
o Major bugfixes (conflux):
- Do not attempt or accept BEGIN_DIR via conflux legs. TROVE-2026-
008. Credit to Anas Cherni from Calif.io in collaboration with
Claude and Anthropic Research. Fixes bug 41243; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (conflux, relay):
- Adjust conflux out-of-order queue accounting when clearing a
queue. TROVE-2026-010. Found by aptupdate. Fixes bug 41251; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (pathbias):
- Fix a client-side crash caused by double-close of a circuit while
under circuit queue memory pressure. TROVE-2026-009. Found by
cypherpunks. Fixes bug 41237; bugfix on 0.3.3.6-rc.
o Major bugfixes (relay):
- Fix null pointer dereference when receiving a CERT cell out of
order. TROVE-2026-006. Found by Fwame. Fixes bug 41240; bugfix
on 0.2.4.4-alpha.
o Major bugfixes (relay, onion service):
- Fix off-by-one out-of-bounds read if a malformed BEGIN cell is
received. TROVE-2026-007. Found by Flanagan. Fixes bug 41245;
bugfix on 0.2.4.7-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on May 06, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/05/06.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 5 May 2026 12:12:54 +0000 (14:12 +0200)]
libvirt: Update to version 12.3.0
- Update from version 11.7.0 to 12.3.0
- Update of rootfile
- 2 CVE fixes in 11.10.0
- Changelog
12.3.0
New features
* bhyve: Add blkiotune support
The bhyve driver now supports guest I/O throttling configuration::
<blkiotune>
<device>
<path>*</path>
<read_iops_sec>20000</read_iops_sec>
<write_iops_sec>20000</write_iops_sec>
<read_bytes_sec>10000</read_bytes_sec>
<write_bytes_sec>10000</write_bytes_sec>
</device>
</blkiotune>
It uses the ``rctl(4)`` framework to apply these limits.
* bhyve: Implement ``virDomainInterfaceAddresses()`` and ``virDomainGetHostname()``
The bhyve driver now implements APIs allowing to fetch address of
VM's interfaces (accessible via ``virsh domifaddr``) and the hostname
of the VM (``virsh domhostname``).
* hyperv: Implement ``virDomainGetGuestInfo()``
The hyperv driver now implements API for fetching guest information
(``virsh guestinfo``).
Improvements
* security: Don't error out on security labels of type='none'
Previously, libvirt reported an error if a domain with seclabel of
type='none' (meaning do not take this security model into account for this
domain) was being started and the model wasn't available (for instance, in
case of SELinux it was disabled at boot).
* Allow for multiple PCI root buses, not just for a single one numbered '0'
`virPCIDeviceReset()` and `virPCIDeviceIsBehindSwitchLackingACS()` no
longer use a hardcoded check (e.g bus == 0 ) to determine if a device is
attached to a "root bus". This allows for better support on more complex
PCI topologies.
* Add mechanism to prevent accidental shrink of device with ``virsh blockresize``
A new flag ``VIR_DOMAIN_BLOCK_RESIZE_EXTEND`` was introduced which prevents
accidental shrinking of the block device of the VM. The flag is exposed
as ``virsh blockresize --extend``.
* Expose ``MemAvailable`` field from kernel's meminfo as ``VIR_NODE_MEMORY_STATS_AVAILABLE``
Bug fixes
* virnetdevmacvlan: Wait for udev to settle after creating macvtap
When starting a domain with a macvtap device (or when hotplugging one),
libvirt creates the device and opens its ``/dev`` representation in order
to set it according to the ``<interface/>`` XML (e.g. MAC address, queues,
etc.). But if the system is under heavy load, it might happen that after
the device creation the udev daemon was triggered, but did not have enough
time to set the ``/dev`` representation fully. This may result in various
misconfiguration or even failed ``open()``. Therefore, libvirt waits after
device creation for udev daemon to settle down.
* apparmor: Don't drop macvtap devices from profile on blockjobs
12.2.0
Removed features
* qemu: Stop advertising support for ``handle`` backend of 9p filesystems
QEMU removed the feature in the 4.0 release, but our capability XML
still reported it.
New features
* qemu: Add support to configure IOMMUFD backend for whole VM
In addition to setting IOMMUFD backend for each device it is possible
to use the new ``<iommufd>`` element to enable IOMMUFD backend for all
host devices. Users can still change it per device.
* qemu: Add support to pass FD for IOMMUFD when starting VM
Management applications running unprivileged libvirt can open /dev/iommu
and pass FD to libvirt in order to change locked memory accounting.
This is done via new ``<iommufd>`` element.
* qemu: Add support for declaring that storage was zeroed for storage copy APIs
The qemu driver now can skip zeroing of the storage during
``virDomainBlockCopy`` or migration with non-shared storage with the
appropriate flags. This can be used for storage technologies which lack
efficient zeroing support.
* hyperv: Add basic snapshot functionality
The hyperv driver now implements the following libvirt APIs:
``virDomainDefineXMLFlags()``, ``virDomainSnapshotLookupByName()``,
``virDomainListAllSnapshots()``, ``virDomainSnapshotNum()``,
``virDomainSnapshotGetXMLDesc()``, ``virDomainSnapshotCurrent()``,
``virDomainHasCurrentSnapshot()``, ``virDomainSnapshotGetParent()``.
Improvements
* conf: support more than 255 vCPUs with amd-iommu
With 256 or more vCPUs libvirt previously required EIM enabled for all
models of IOMMU. This is not valid for AMD model and validation was changed
so that XTSup is required there. Additionally, it is automatically enabled
if needed.
* Introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES flag
This new flag for virConnectGetDomainCapabilities can be used to request
the host-model CPU definition to include all supported features (normally
only extra features relative to the selected CPU model are listed).
* qemu: Add statistics for ``<dataStore>`` storage
The bulk statistics (``virsh domstats --block --backing``) now report also
information about the ``<dataStore>`` if given disk uses this feature.
* hyperv: Hyper-V guests now report TPM device status in their domain xml
definition.
Bug fixes
* qemu: Fix crash when attaching network inteface with hostdev network
Introduced in v12.1.0 by implementing IOMMUFD backend support for
host devices.
12.1.0
New features
* qemu: Advertise firmware features in domain capabilities XML
The contents of the ``<firmwareFeatures/>`` element can be used to determine
ahead of time whether a firmware matching certain characteristics, for
example Secure Boot support, is available for the selected architecture and
machine type.
* qemu: Add support for uefi-vars device and firmware builds using it
This is particularly noteworthy for people running aarch64 VMs with the
'virt' machine type, as it makes it finally possible to use Secure Boot
with that combination.
In most cases, no special steps are needed to take advantage of this:
assuming that you have installed a recent version of QEMU, as well as a
build of edk2 that includes the necessary binaries, you can just `enable
Secure Boot <kbase/secureboot.html>`__ as you normally would.
To explicitly request that the uefi-vars device is used even for scenarios
where that would normally not be the case, it's enough to add an empty
``<varstore/>`` element in the domain XML. More details are available in
the `guest firmware configuration <formatdomain.html#guest-firmware>`__
section of the documentation.
* hyperv: improve API coverage for the hyperv driver
The `virDomainInterfaceAddresses()` and `virDomainGetBlockInfo()` APIs are
now supported by the hyperv driver. In addition, the domain xml for hyperv
domains will indicate via firmware features whether secure boot is enabled.
It also honors these firmware features when creating new domains.
* bhyve: Add support for vCPU pinning configuration
Bhyve guests can now have vCPU pinning configured::
<cputune>
<vcpupin vcpu="0" cpuset="1,2,3"/>
</cputune>
Additionally, the ``domainGetVcpuPinInfo`` API is implemented for
querying vCPU pinning information.
* qemu: Support block operation latency histograms
Libvirt now allows configuring qemu's block latency histogram collection
as well as returns them via the bulk stats API.
Improvements
* Introduce granule attribute for virtio-iommu
In case when guest page size doesn't match the host page size (typically
aarch64) the ``virtio-iommu`` needs to know the guest page size so it can
allocate memory aligned to guest page size.
* Parse hyperv features even for host-model
Two releases ago, in v11.9.0 new ``host-model`` mode for Hyper-V
enlightenments was introduced. Starting with this release, users can
additionally override the defaults that are picked when domain is started
and features are expanded.
* bhyve: Improve loader configuration for arm64 guests
If loader is not explicitly configured, use the loader
from the ``sysutils/u-boot-bhyve-arm64`` port/package for the
arm64 guests.
Bug fixes
* Fix build with remote driver disabled
Some parts of code were wrongly annotated as depended on remote driver.
But they were used even from client side drivers. This is now fixed and
libvirt builds properly even with remote driver disabled.
* Various fixes to libvirt-guests.sh
Firstly, the exit code of various commands was ignored (which may lead the
script to wrongly determine persistent/transient domain state, for
instance). Secondly, due to logical error, the script might have
incorrectly asses state a domain is in.
* AppArmor: Ask for no deny rule for readonly disk elements
For read only disks, libvirt created an AppArmor profile which disallowed
any future write rules. But when doing a blockcommit, libvirt needs to
allow hypervisor to write to even readonly disks. The rule in the profile
was changed so that future write rules can be added, temporarily.
* esx: Allow connecting to IPv6 server
Due to a bug in our code, if an IPv6 address was provided in connection
URI, libvirt would fail to connect to VMWare server. This is now fixed.
* qemu: Use device alias if interface has no name
The ``virDomainInterfaceAddresses()`` API (or ``virsh domifaddr``) returns
an array interfaces among with their addresses. But some interface names
might be unknown, for instance if the API is told to parse host's ARP table
then PCI assigned NICs or slirp/passt lack interface name. If that's the
case, let the API return domain's ``<interface/>`` alias.
* bhyve: hyperv: Various memory leak fixes
* qemu: Fix failures when restoring save/managed-save images with upcoming qemu versions
Current git version of qemu would return an error when attempting to load
an existing (managed) save image as we relied on deprecated features that
were now removed.
12.0.0
New features
* bhyve: SLIRP networking support
Domain XMLs now can use SLIRP user-mode networking::
<interface type='user'>
<model type='virtio'/>
</interface>
* bhyve: virtio-scsi support
Domain XMLs now can use ``virtio-scsi`` devices::
<disk type='ctl'>
<source dev='/dev/cam/ctl'/>
<target dev='sda' bus='scsi'/>
</disk>
* bhyve: initial ARM64 support
The bhyve driver now supports booting ARM64 domains on ARM64 hosts.
This support is still in early stage of development and has some
limitations. For example, it requires using
``<clock offset='localtime'/>`` in domain XMLs, and
bootrom autofill is not implemented.
Improvements
* qemu: Improvements and fixes to firmware selection
Firmware selection now works more reliably and predictably in many
scenarios.
Notably, issues that were preventing the use of firmware designed for
confidential VMs on aarch64 have been addressed.
* network: Introduce port for DNS forwarder
In the ``<dns/>`` section of network configuration users can set up
forwarding of DNS requests to custom DNS servers. These are specified using
``addr`` attribute. But configuring port wasn't possible, until now. New
``port`` attribute is introduced, which allows overriding the default DNS
port for given address.
Bug fixes
* qemu: Fix startup of VMs with more than ~25 external snapshots
After switch to json-c VMs with too deeply nested image chains would fail
to start due to nesting depth limit in json-c, which is now increased to once
again support backing chains up to 200 images deep.
* qemu: TPM: Properly handle migration when storage resides on NFS
The VM now can be properly migrated in scenarios where TPM data is stored
on a shared filesystem on the destination but on the source it's either
on a different NFS or unshared completely.
* qemu: Treat memory device source nodemask as strict NUMA policy
Until now, the NUMA policy for ``<memory/>`` devices was taken either from
the guest NUMA node or ``<numatune/>``. But this may lead to discrepancies,
where the memory device is configured to bind to a set of host NUMA nodes,
but the guest NUMA node is to bind to a disjoint set of host NUMA nodes. To
resolve this, specifying ``<nodemask/>`` for a memory device implies
``strict`` policy.
* qemu: Relax validation of some hyperv features
Since 11.9.0 release, libvirt performs dependency checks for hyperv
features, for instance ``stimer`` requires ``synic``. But as it turned out,
for some ancient machine types (e.g. 'pc-i440fx-3.0' or 'pc-q35-3.0') some
dependencies are not true. Corresponding checks were removed.
* esx: URI encode inventory objects twice
Formatting domain XML for domains on an ESX server might fail if
corresponding datacenter or datastore contained special characters (e.g.
'+'). This is now fixed.
* Fix race when checking whether a path is on a shared file system
Finding an existing parent of a given path and checking whether it's on a
shared file system was not atomic and thus the path could have been
misinterpreted as non-shared if it was removed between these two
operations. This could cause migration with an emulated TPM device stored
on a shared file system to fail with the following bogus error::
Operation not supported: the running swtpm does not support migration with
shared storage
11.10.0
Security
* CVE-2025-12748: Denial of service by some ACL-limited accounts
Parsing of user provided XMLs in APIs which needed the identification
information from those XML definitions was done in full before ACL checks
were performed. Some valid, but useless, definitions could cause allocation
of too much memory, leading to denial of service. APIs which do equate to
full root access (such as ``domain:write``), and were parsing XML
definitions in full before performing ACL checks could, potentially, be
exploited in a way that would allow users (which were about to be denied the
API call) to cause aforementioned overallocation even before the ACL checks
were performed.
A change was made so that parsing before ACL checks are done only for the
identification parts of the XML definition (which is needed to perform the
checks) and full parsing is done only after checking all ACLs.
* CVE-2025-13193: Incorrect permissions on images after external snapshot of an inactive VM
The overlay ``qcow2`` images which are created as part of creation of an
external snapshot of an inactive VM had world-readable (644) permissions
which would allow unauthorized users to see contents of blocks written by
the VM after snapshot was taken. Libvirt now sets proper umask so that
the images are created with 600 mode.
New features
* Hyper-V virttype support for Qemu domains
Libvirt now supports Hyper-V virttype while lauching QEMU domains. This
feature requires Qemu version 10.2.0 or later and is available on Linux
hosts where the /dev/mshv is present.
* Add more statistics for block devices on QEMU domains
The block devices now report optimal access request sizes as well as
statistics such as the queue depth.
Improvements
* bhyve: VNC ``wait`` attribute support
Bhyve guests can now be configured to wait for a VNC connection before
booting.
* remote: multiple certificate support
The remote daemon and client can be configured to load multiple x509
certificate identities. This facilitates a transition to certificates
supporting Post-Quantum Crytographic algorithms.
* tools: improved virt-host-validate output
The virt-host-validate tool will now report extra details when certain
checks pass.
* qemu: Allow backup jobs to continue if guest OS shuts down
When starting a backup job users can now use a flag which prevents the VM
to be completely cleaned up if the guest OS shuts down while the backup is
running so that the backup can be finalized.
Bug fixes
* ch: Use correct domain definition in chDomainGetXMLDesc()
Cloud-Hypervisor driver claims to support ``VIR_DOMAIN_XML_INACTIVE`` but
in fact it never formatted the inactive XML. This is now fixed.
* esx: Allow disk images in subdirectories
If a domain has a disk image that's not in a datastore path but in a
subdirectory, the ESX driver would have failed to parse that and an error
was reported when obtaining domain XML. This is now fixed.
* qemu: Fix incoming migration to QEMU 10.0.0 and newer
Due to a change in the way QEMU 10.0.0 reports the state of "ht" CPU
feature, incoming migration of a domain with multiple CPU threads would
fail with "guest CPU doesn't match specification: extra features: ht"
error.
* qemu: fix incorrect reporting of the TDX launch security type
The TDX launch security type was incorrectly reported on all platforms
if the QEMU binary had it built-in. It is now limited to only platforms
with the TDX kernel feature available for use.
* qemu: set ``detect_zeroes`` for all backing chain layers
Some block jobs (snapshots, block commit) could modify the backing chain in
a way where ``detect_zeroes`` would no longer be honoured. We now set
it for all images in the backing chain, so that it will behave correctly
even after those operations.
11.9.0
New features
* Introduce Hyper-V ``host-model`` mode
Similarly to CPUs, ``host-model`` mode expands available Hyper-V
enlightenments at domain startup into the live XML so that's obvious which
enlightenments are enabled.
* Add support for Hyper-V ``spinlocks`` "never notify" mechanism
The ``retries`` attribute - which defines after how many failed
acquisition attempts to notify the hypervisor - can now hold the
special value of 4294967295 which means to never notify the
hypervisor.
If the ``retries`` attribute is omitted this value is used.
* ch: Network hotplug Support
Users can now attach and detach network interfaces of Cloud Hypervisor
domains at runtime.
* bhyve: NVMe device support
Domain XMLs now can use NVMe devices::
<disk type='file'>
<driver name='file' type='raw'/>
<source file='/path/to/disk.img'/>
<target dev='nvme0n1' bus='nvme'/>
</disk>
Improvements
* qemu: Improvements to USB controller model selection
Virtualization-friendly USB3 controllers are now used in more situations,
Intel-specific USB controllers are relegated to x86 guests, and model
selection overall behaves more consistently across architectures.
* qemu: Validate Hyper-V enlightenment dependencies
Some Hyper-V enlightenments may require some other enlightenments to be
turned on. Libvirt now validates these for new domains.
* qemu: Introduce virtio options for virtio memory models
Both virtio-mem and virtio-pmem memory models are virtio devices and as
such now support setting various virtio knobs (iommu, ats, packed,
page_per_vq) common to other virtio devices.
* wireshark: Adapt to wireshark-4.6.0
Libvirt's wireshark dissector plugin adapted to changes made to wireshark
dissector API in its 4.6.0 release.
* qemu: 'manual' disk snapshot mode improvements
The 'manual' snapshot mode now ensures that also metadata of the images is
written out to disk so that user can take snapshots of e.g. qcow2 image
safely.
Bug fixes
* ch: Load ``ch.conf`` from ``SYSCONFDIR``
Previously, the ``ch.conf`` file for ``ch:///system`` URI was mistakenly
loaded from a path under ``LOCALSTATEDIR`` (``/var/...``). This is now
fixed and the configuration file is loaded from the ``SYSCONFDIR``
(``/etc/...``) location where it's also installed.
11.8.0
New features
* ch: Disk hotplug Support
Users can now attach and detach disks of Cloud Hypervisor domains at
runtime.
* qemu: Add support for NUMA affinity of PCI devices
To support NVIDIA Multi-Instance GPU (MIG) configurations, libvirt now
handles QEMU's acpi-generic-initiator device internally. MIG enables
partitioning a physical GPU into multiple isolated instances, each
associated with one or more virtual NUMA nodes.
On the XML side, the existing ``<acpi>`` element has been extended with a
``nodeset`` attribute to specify the NUMA node affinity of a PCI device.
* qemu: Add support for hostname and FQDN configration of passt backend
The attributes ``hostname`` and ``fqdn`` for passt backend configure
the guest interface with hostname and FQDN.
Improvements
* ch: Events emitting
The CH driver not only emits more domain lifecycle events but also
implements ``virConnectDomainEventRegister()`` and
``virConnectDomainEventDeregister()`` APIs for management applications to
listen on those events.
Bug fixes
* qemu: Fix selection of stateless/combined firmware
A stateless firmware will now be correctly chosen when appropriate,
e.g. for domains configured to use SEV-SNP.
* ch: Make sure the cloud-hypervisor process is killed in ``virCHProcessStop()``
Due to wrong assumptions in the CH driver, calling ``virDomainDestroy()``
did not kill the corresponding cloud-hypervisor process. Domains can be now
destroyed reliably.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 4 May 2026 17:40:56 +0000 (19:40 +0200)]
curl: Update to version 8.20.0
- Update from version 8.19.0 to 8.20.0
- Update of rootfile
- Changelog
8.20.0
Changes:
async-thrdd: use thread queue for resolving
build: make NTLM disabled by default
cmake: drop support for CMake 3.17 and older
lib: add thread pool and queue
lib: drop support for < c-ares 1.16.0
lib: make SMB support opt-in
multi.h: add CURLMNWC_CLEAR_ALL
rtmp: drop support
Bugfixes:
altsvc: cap the list at 5,000 entries
altsvc: drop the prio field from the struct
altsvc: skip expired entries read from file
asyn-ares: connect async
asyn-ares: drop orphaned variable references
asyn-ares: fix HTTPS-lookup when not on port 443
asyn-thrdd: drop redundant `result` check
asyn-thrdd: fix clang-tidy unused value warning
async-ares: fix query counter handling
autotools: limit checksrc target to ignore non-repo test sources
badwords-all: exit with correct code on errors
badwords: combine the whitelisting into a single regex
badwords: detect the the and with with
badwords: only check comments and strings in source code
badwords: rework exceptions, fix many of them
boringssl: fix more coexist cases with Schannel/WinCrypt
build: adjust/add casts to fix `-Wformat-signedness`
build: assume `snprintf()` in `mprintf`, drop feature check
build: compiler warning silencing tidy-ups
build: drop `openssl` module dependency for BoringSSL from `libcurl.pc`
build: drop duplicate `pthread.h` includes
build: drop redundant `USE_QUICHE` guards
build: enable `-Wimplicit-int-enum-cast` compiler warning, fix issues
build: fix `-Wformat-signedness` by adjusting printf masks
build: link `bcrypt.lib` via vcxproj files
build: skip detecting `pipe2()` for Apple targets
cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR
cf-https-connect: silence `-Wimplicit-int-enum-cast` with HTTPS-RR
cf-ip-happy: limit concurrent attempts
cf-socket: avoid low risk integer overflow on ancient Solaris
cfilters: fix Curl_pollset_poll() return code mixup
clang-tidy: avoid assignments in `if` expressions
clang-tidy: enable more checks, fix fallouts
cmake: add CMake Config-based dependency detection
cmake: add CMake Config-based dependency detection for c-ares, wolfSSL
cmake: document functions used from Windows system DLLs
cmake: enable pthreads for BoringSSL/AWS-LC
cmake: resolve targets recursively when generating `libcurl.pc`
cmake: rework binutils ld hack to not read `LOCATION` property
cmake: silence bad library `Threads::Threads` warning
cmake: use `AIX` built-in variable (with CMake 4.0+)
config2setopts: make --capath work in proxy disabled builds
configure: fix `--with-ngtcp2=<path>` option for crypto libs
configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic
configure: prefer dependency-specific variables over `$withval`
configure: remove superfluous experimental warning for HTTP/3
configure: silence useless clang warnings in C89 builds
configure: tidy up comments
connect: fix typo on error message
cookie: fix rejection when tabs in value
curl-wolfssl.m4: fix to use the correct value for pkg-config directory
curl.h: replace macros with C++-friendly method to enforce 3 args
curl_ctype.h: fix spelling in a couple of locally used macros
curl_get_line: error out on read errors
curl_get_line: fix potential infinite loop when filename is a directory
curl_ngtcp2: extend and update callbacks for 1.22.0+
curl_ntlm_core: drop redundant PP condition
curl_ntlm_core: use wolfCrypt DES API with wolfSSL
curl_setup.h: drop stray/unused `USE_OPENSSL_QUIC` guard
curl_sha512_256: support delegating to wolfSSL API
curl_version_info.md: clarify age details
CURLOPT_HAPROXY_CLIENT_IP.md: mention assumption on data format
CURLOPT_RTSP_SESSION_ID.md: clarify reuse "dangers"
CURLOPT_RTSP_SESSION_ID.md: expand the comment
CURLOPT_RTSP_SESSION_ID.md: minor language fix
CURLOPT_SOCKS5_AUTH.md: an access property
CURLOPT_SSL_CTX_FUNCTION.md: expand on effects connection reuse
CURLOPT_UPLOAD_FLAGS.md: expand
curlx_now(), prevent zero timestamp
DEPRECATE: fix minor release number typo
digest: pass in the username quoted (as well)
dns: https-eyeballing async
dnscache: own source file, improvements
docs/cmdline-opts: tidy up retry-connrefused
docs/lib: fix typos
docs/libcurl: improve easy setopt examples
docs: clarify retry-max-time timing
docs: CURLOPT_LOGIN_OPTIONS is a login property
docs: enable more compiler warnings for C snippets, fix 3 finds
docs: list more dependencies for running Python HTTP tests
docs: mention more zip bomb precautions
docs: minor wording tweaks
docs: noproxy wants the punycoded hostname version
docs: SSH host verification is done at connect time
docs: use the correct CURLOPT_WRITEFUNCTION signature
doh: fix memory-leak when doing a second DoH resolve
doh: remove superfluous doh_req check
examples/websocket: fix to sleep more on Windows
examples: drop warning silencers no longer hit
examples: fix typo in comment
file: init fd to -1 to prevent close fd 0 on early failure
fopen: for temp files, inherit permissions only for owner
ftp: do not strdup DATA hostname
ftp: make the MDTM date parser stricter (again)
ftp: reject PWD responses containing control characters
gcc: guard `#pragma diagnostic` in core code for <4.6
generate.bat: remove extra % from VC11 and VC12 runs
genserv.pl: make external calls safe
getinfo: initialize `PureInfo` field `used_proxy`
getinfo: repair CURLINFO_TLS_SESSION
gnutls: fix clang-tidy warning with !verbose
gtls: fail for large files in `load_file()`
h3: HTTPS-RR use in HTTP/3
Happy Eyeballs: add resolution time delay
haproxy: use correct ip version on client supplied address
hostip: clear the sockaddr_in6 structure before use
hostip: init the curl_jmpenv_lock appropriately
hostip: resolve user supplied ip addresses
HSTS: cap the list
hsts: make the HSTS read callback handle name dupes
hsts: skip expired HSTS entries read from file
hsts: when a dupe host adds subdomains, use that
http2: clear the h2 session at delete
http2: prevent secure schemes pushed over insecure connections
http2: return error on OOM in push headers
HTTP3.md: drop outdated mentions of OpenSSL-QUIC
http: clear credentials better on redirect
http: clear digest nonce on cross-origin redirect
http: clear the proxy credentials as well on port or scheme change
http: fix auth_used and auth_avail
http: fix Curl_compareheader for multi value headers
http: make Curl_compareheader handle multiple commas in header
http: on 303, switch to GET
http: use header_has_value() instead of duplicate code
imap: reset the UIDVALIDITY state between transfers
include: drop badword from public headers
INSTALL.md: update Cygwin instructions
keylog.h: replace literal number with macro in declaration
keylog: drop unused/redundant includes and guards
ldap: drop duplicate `ldap_set_option()` on Windows
ldap: fix to initialize cleartext connection on Windows
lib1560: fix comment typo
lib1960: fix test failure
lib: accept larger input to md5/hmac/sha256/sha512 functions
lib: always use Curl_1st_fatal instead of Curl_1st_err
lib: fix typos in comments
lib: make resolving HTTPS DNS records reliable:
lib: minor comment typos
lib: move request specific allocations to the request struct
lib: replace `PRI*32` printf masks with C89 ones
libssh2: allocate libssh2-friendly memory in kbd_callback
libssh2: fix error handling on quote errors
libssh: fix 64-bit printf mask for mingw-w64 <=6.0.0
libssh: fix `-Wsign-compare` in 32-bit builds
libssh: path length precaution
libssh: propagate error back in SFTP function
libtest: drop duplicate include
location/follow: mention netrc
man: fix argument type for `CURLSHOPT_[UN]SHARE` options
mbedtls: cleanup more without care for 'initialized'
mbedtls: fix ECJPAKE matching
mbedtls: remove failf() call with first argument as NULL
md4, md5: switch to wolfCrypt API in wolfSSL builds
mime: only allow 40 levels of calls
misc: fix code quality findings
mk-ca-bundle.pl: make `ca-bundle.crt` timestamp match `certdata.txt`'s
multi: enhance pending handles fairness
multi: fix connection retry for non-http
multi: improve wakeup and wait code
netrc: find login-less password when user is given in URL
netrc: remove unused parsenetrc() macro for netrc-disabled
netrc: skip malformed macdef lines
openssl channel_binding: lookup digest algorithm without NID
openssl: drop obsolete SSLv2 logic
openssl: fix build with 4.0.0-beta1 no-deprecated
openssl: fix memory leaks in ECH code (OpenSSL 3)
openssl: fix unused variable warnings in !verbose builds
openssl: trace count of found / imported Windows native CA roots
OS400: add new definitions to the ILE/RPG binding.
os400sys: fix typo in comment (symmetry)
parsedate: bsearch the time zones
parsedate: fix wrong treatment of "military time zones"
parsedate: refactor
perl: harden external command invocations
progress: count amount of data "delivered" to application
protocol.h: fix the CURLPROTO_MASK
protocol: disable connection reuse for SMB(S)
protocol: use scheme names lowercase
proxy: chunked response, error code
pytest: add additional quiche check for flaky test_05_01
pytest: check 429 handling
rand: use `BCryptGenRandom()` in UWP builds
ratelimit: reset on start
request: reset resp_trailer in new requests
runtests: skip setting ed25519 SSH key format
rustls: fix memory leak on repeated SSLKEYLOGFILE fails
rustls: handle EOF during initial handshake
schannel: increase renegotiation timeout to 60 seconds
scripts: drop redundant double-quotes: `"$var"` -> `$var` (Perl)
scripts: harden / tidy up more Perl `system()` calls
sendf: fix CR detection if no LF is in the chunk
setopt: fix typos in comments
setopt: move CURLOPT_CURLU
setup connection filter: mark as setup
sha256, sha512_256: switch to wolfCrypt API
sha256: support delegating to wolfSSL API
share: concurrency handling, easy updates
share: do bitshifts after the type is checked to be valid
socks: reject zero-length GSSAPI/SSPI tokens from proxy
socks: use dns filter for resolving
spelling: fix typos
src: use ftruncate() unconditionally
sshserver.pl: harden more `system()` calls
sshserver.pl: pass command-line to `system()` safely
strerr: correct the strerror_s() return code condition
sws: fix potential OOB write
synctime: fix off-by-one read and write to a read-only buffer (Windows)
test 766: flag as timing-dependent
test1675: unit tests for URL API helper functions
test459: switch to mode="warn" for stderr check
testcurl.pl: replace shell commands with Perl `rmtree()`
tests/unit/README: describe how to unit test static functions
tests: avoid infinite recursion for `make check`
tests: use %b64[] instead of "raw" base64
tool: check for curlinfo->age when determining if ssh backend
tool: fix memory mixups
tool: fix retries in parallel mode
tool: fix two more allocator mismatches
tool_cb_hdr: only truncate etags output when regular file
tool_cb_rea: make waitfd() return void
tool_cb_wrt: fix no-clobber error handling
tool_cfgable: free the SSL signature algorithms
tool_formparse: propagate my_get_line errors when reading headers
tool_getparam: use correct free function for libcurl memory
tool_ipfs: accept IPFS gateway URL without set port number
tool_msgs: avoid null pointer deref for early errors
tool_operate: actually apply the --parallel-max-host limit
tool_operate: drop the scheme-guessing in the -G handling
tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows)
tool_operate: fix memory-leak on failed uploads
tool_operate: fix minor memory-leak on early error
tool_operate: reset the upload glob counter for next URL
tool_operhlp: fix `add_file_name_to_url()` result on OOM
tool_operhlp: iterate through all slashes to find name
tool_operhlp: propagate low-level OOM in `add_file_name_to_url()`
tool_setopt: return error on OOM correctly
tool_urlglob: fix memory-leak on glob range overflow
top-complexity: prevent filename-based shell injection risk
transfer: clear the old autoreferer
transfer: clear the URL pointer in OOM to avoid UAF
transfer: enable custom methods again on next transfer
transfer: enhance secure check
unit1675: fix `-Wformat-signedness`
url: do not reuse a non-tls starttls connection if new requires TLS
url: improve connection reuse on negotiate
url: init req.no_body in DO so that it works for h2 push
url: set default upload flags to CURLULFLAG_SEEN
url: use the socks type for socks proxy
url: use URL for lowercase URL even in comments
urlapi: fix handling of "file:///"
urlapi: make dedotdotify handle leading dots correctly
urlapi: same origin tests
urlapi: stop extracting hostname from file:// URLs on Windows
urlapi: verify the last letter of a scheme when set explicitly
urldata.h: fix typo and lingering backtick
urldata: connection bit ipv6_ip is wrong
urldata: import port types and conn destination format
urldata: make hstslist only present in HSTS builds
urldata: make speeder_c uint32
urldata: move cookiehost to struct SingleRequest
urldata: remove trailers_state
vquic: fix variable name in fallback code
vtls: fix comment typos and tidy up a type
vtls: log when key logging is enabled.
vtls_scache: check reentrancy
vtls_scache: include cert_blob independently of verifypeer
wolfssl: document v5.0.0 (2021-11-01) as minimum required
wolfssl: fix `-Wmissing-prototypes`
wolfssl: fix handling of abrupt connection close
ws: fix a blocking curl_ws_send() to report written length correctly
x509asn1: fix to return error in an error case from `encodeOID()`
x509asn1: fixed and adapted for ASN1tostr unit testing
x509asn1: improve encodeOID
8.19.0
Changes:
BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026
cmake: add `CURL_BUILD_EVERYTHING` option
mqtt: initial support for MQTTS
tool: support fractions for --limit-rate and --max-filesize
tool_cb_hdr: with -J, use the redirect name as a backup
vquic: drop support for OpenSSL-QUIC
windows: add build option to use the native CA store
windows: bump minimum to Vista (from XP)
Bugfixes:
altsvc: only accept 17 byte dates from files
asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails
async-ares: blocking resolve timeout handling, better
badwords: move into ./scripts, speed up
build: add missing `GENERATEDCERTS` files
build: adjust minimum version for some clang picky warnings
build: check `MSG_NOSIGNAL` directly, drop detection and interim macro
build: constify `memchr()`/`strchr()`/etc result variables (cont.)
build: detect and include `inttypes.h` again
build: do not include wolfSSL header in `curl_setup.h`
build: drop duplicate C includes
build: drop global suppression of `-Wformat-nonliteral`, fix fallouts
build: drop unused `snprintf()` feature check on Windows
build: fix `-Wunused-macros` warnings, and related tidy-ups
build: fix building rare combinations
build: fully omit verbose strings and code when disabled
build: globally suppress DJGPP warnings in `FD_SET()`
build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option
build: move curl stat struct type to the curlx namespace
build: opt-in MSVC to C99-style verbose logging logic
build: require POSIX `strdup()`
build: tidy up and dedupe `strdup` functions
cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks
cf-socket: use SOCK_CLOEXEC in socket_open when available
checksrc-all.pl: skip non-repository files
checksrc: do not apply `BANNEDFUNC` to struct member functions
checksrc: warn for leading spaces before the preprocessor hash
clang-tidy: add missing and delete redundant parentheses
clang-tidy: add more missing parentheses in macro values
clang-tidy: avoid/silence `bugprone-not-null-terminated-result`
clang-tidy: check `bugprone-macro-parentheses`, fix fallouts
clang-tidy: drop redundant conditions reported by `misc-redundant-expression`
clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts
clang-tidy: enable more checks
clang-tidy: enable scanning headers
clang-tidy: fix issues found with build-fuzzing
clang-tidy: silence more minor issues found by v22
cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0
cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes
cmake: add native clang-tidy support for tests, with concatenated sources
cmake: always build curlu and curltool test libs in unity mode
cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake`
cmake: convert `curl_add_clang_tidy_test_target()` macro to function
cmake: enable binutils ld workaround for all toolchains at build-time
cmake: fix `LOCATION` property access condition (debug)
cmake: fix `LOCATION` property read errors in target debug function
cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON`
cmake: fix confusing error when a dependency is undetected in `curl-config.cmake`
cmake: fix logic for openssl/zlib binutils ld workaround
cmake: fix passing system header directories to clang-tidy for tests
cmake: fix system include directory position for clang-tidy in tests
cmake: improve clang-tidy test command-line reproduction
cmake: minor fixes to test targets after prev
cmake: normalize uppercase hex winver (for display)
cmake: omit `curl.rc` from curltool lib
cmake: reference OpenSSL and ZLIB imported targets only when enabled
cmake: replace internal option with a new `tt` (test tools) target
cmake: silence potential unused var warnings in C++ test snippet
cmake: silence silly Apple clang warnings in C89 mode, test in CI
cmake: silence useless compiler warnings triggered by the FASTBuild generator
cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED`
cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values
cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies
config-plan9: set `HAVE_STDINT_H` again
config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST
config2setopts: fix for --disable-aws build configuration
configure: drop always true `if` check (Windows)
content_encoding: return 'identity' if none other exists
curl: add -I and -i to -h important
curl: limit Windows-specific code to Windows builds, other tidy-ups
curl_easy_nextheader.md: a new transfer invalidates 'prev'
curl_get_line: drop single-use macro
curl_multi_perform.md: resolve inconsistency
curl_ntlm_core: merge two `#if` blocks
curl_setup.h: drop extra header guard for internal include
curl_setup.h: merge back single-use internal header `curl_setup_once.h`
curl_setup.h: simplify curl memory macro mappings
curl_setup_once: allow CURL_DEBUGASSERT for customization
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols
curlx: drop unused `curlx_saferealloc()`
digest: escape double quotes and backslashes in realm and nonce
digest: fix memory leak in auth_create_digest_http_message()
digest: handle quotes in the path
docs/INSTALL: update configure details
docs/libcurl: unify WARNING use
docs: add LibreELEC to DISTROS.md
docs: add reproducible example for generating man page
docs: avoid starting sentences with However,
docs: avoid using the word 'magic'
docs: clarify --ipv4 and --ipv6
docs: document the need for a 64-bit type and stdint.h
docs: drop basically
docs: explicitly call out Slowloris as not a security flaw
docs: fix grammar nitpicks
docs: handle error in `curl_global_init*` examples
docs: replace instances of the vague qualifier 'quite'
docs: reword explanation of --variable option
docs: some nitpicks
docs: use dot instead of comma at end of sentences
easy: reset errorbuf on eyeballing success
easy: reset pausing when resetting request
examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA
examples: improve OpenSSL certificate examples
examples: omit forward declarations, apply misc fixes
FAQ: syntax improvements
fopen.h: simplify curl memory macro mappings
ftp: replace a `curlx_free()` with `curlx_dyn_free()`
ftp: split ftp_state_use_port into sub functions
GOVERNANCE.md: Post-Daniel BDFL
gss: exclude verbose error logic from non-verbose builds
h2+h3: align stream close handling
hostip.c: fix leak of addrinfo
hostip6: remove debug-only code
hostip: fix unreachable code in rare build configuration
http/3: add description for known server error codes
http1: fix potential NULL dereference in `Curl_h1_req_parse_read()`
http: only send bearer if auth is allowed
http_aws_sigv4: fix query normalization of %2b
imap: add a check for Curl_meta_get()
imap: check `imap_sendf()` printf masks at compile-time
imap: skip literals inside quoted strings
include: avoid recursive macros
include: mask computed auth/proto bitmasks to 32 bits
INSTALL-CMAKE.md: document Apple framework options
INSTALL.md: fix typo
INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets
KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows
ldap: silence clang-tidy v22 warning
ldap: silence potential unused variable warning (OS400)
lib: delete unused local includes
lib: disable websockets early if no http
lib: make sigpipe handling more lazy
lib: reorder protocol functions to avoid forward declarations (email)
lib: reorder protocol functions to avoid forward declarations (ftp)
lib: reorder protocol functions to avoid forward declarations (misc cont.)
lib: reorder protocol functions to avoid forward declarations (misc)
lib: reorder protocol functions to avoid forward declarations (ssh)
lib: separate scheme info from protocol implementation
lib: skip compiling code with features disabled
lib: use (u)int64_t instead of long long
libcurl docs: reduce 'since ...' in descriptions
libcurl-security.md: fix typos and add a point about URLs
libtests: drop two redundant `memset()`s
Makefile.am: delete RPM targets referencing non-existent files
Makefile.am: drop stray VC project files from dist
managen: silence Perl warnings
mbedtls: guard TLS 1.3 + session tickets usage inside ifdef
mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
mbedtls: remove newline from failf() call
mbedtls: split mbed_connect_step1 into sub functions
md4, md5: drop redundant forward declarations
md4, md5: replace custom types with `uint32_t`
memdebug: include `backtrace.h` as system header
mime: drop fallback for unused `R_OK` macro
mimepost: allocate main struct on-demand
mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos
mod_curltest: silence unused argument compiler warning
mprintf: drop old sprintf fallback
mprintf: rename internal enum to avoid collision with AmigaOS symbol
mprintf: silence clang-tidy `readability-suspicious-call-argument`
mprintf: use `_snprintf()` when compiled with VS2013 and older
mqtt: better too-big-message-check
mqtt: fix EOF handling
mqtt: verify Remaining Length for CONNACK and PUBACK
msvc: drop exception, make `BIT()` a bitfield with Visual Studio
msvc: VS2026: unlock picky warning in cmake, test in CI
multi: avoid a theoretical 32-bit wrap
multi: fix unreachable code compiler warning
multi: probe for IPv6 functionality in multi_init()
multi: split multi_runsingle into sub functions
multi: update timer unconditionally in multi_remove_handle
ngtcp2: stabilize recv
noproxy: simplify, don't mix const non-const in strchr()
openldap: avoid forward declarations in ldaps code
openssl+ech: workaround for insecure handshakes
openssl: adapt to OpenSSL master adding const to more APIs
OpenSSL: check reuse of sessions for verify status
openssl: disable local keylog feature if built-in upstream
openssl: fix compiler warning with OpenSSL master
openssl: fix potential NULL dereference when loading certs (Windows)
openssl: fix potential OOB read in debug/verbose logging
plan9: drop special build and orphaned references
proxy-auth: additional tests
pytest: remove 03_02
quiche: use PRIu64 for outputting the stream id
rand: drop impossible preprocessor branches (wincrypt)
rand: drop scan-build silencer
ratelimit: download finetune
request.h: rename parameter 'buf' to 'req' in Curl_req_send
REUSE: drop broken reference to `MAIL-ETIQUETTE`
rtsp: fix assertion failure on zero-length RTP payload
rtspd: fix to check `realloc()` result
runtests: pass config filename to stunnel in native format (Windows)
schannel: refactor: reduce variable scopes, fix comment, fix indent
send: drop `CURL_UNCONST()` from buffer argument on most platforms
setopt: fix checking range for CURLOPT_MAXCONNECTS
setopt: refuse blobs with zero length
setup-os400.h: drop no longer used custom type `u_int32_t`
sigpipe: unset SA_SIGINFO since it is using sa_handler
silent.md: also mention it shuts off warning messages
smb: free the path in the request struct properly
smb: include arpa/inet.h for NonStop
socket: check result of SO_NOSIGPIPE
socketpair: clear 'err' when retrying due to EINTR
socketpair: set SO_NOSIGPIPE where possible
socks: ensure DNS is freed in failure cases.
src: simplify declaring `curl_ca_embed`
ssh: dedupe state change function
stop using the word 'just'
sws: prevent "connection monitor" to say disconnect twice
synctime: fix use of uninitialized buffer on non-Windows
system_win32: replace manual init code with `curlx_now_init()` call
tests/server/sockfilt: avoid possible endless loop on Windows
tests/server: drop unused `curlx/version_win32.c`
tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable
tests/server: tidy-up error messages (Windows)
tests: avoid assignment in `if` conditions in `first.h`
tests: convert base64 data to %b64[]
tftp: correct the filename length check
timeout handling: auto-detect effective timeout
tls: add new SSLSUPP flags for several options
tls: remove checks for DEFAULT
tool: enable header separation for HTTPS proxies
tool: improve config error messaging
tool: improve error/warning messages when output filename sanitization fails
tool: rename curl handle and result variable in `--libcurl`-generated code
tool: return code variable consistency
tool_cb_hdr: suppress header output when --out-null
tool_cb_prg: drop duplicate preprocessor logic
tool_dirhie: drop superfluous `F_OK` fallback (Windows)
tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_*
tool_doswin: avoid Windowsisms in socket code (cont.)
tool_doswin: avoid Windowsisms in socket code
tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support
tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode
tool_operate: remove 'else' for VMS
tool_operate: reset the URL --url-query between --next
typos: silence false positives found in C code
unit3205: suppress two clang-tidy false positives
URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP
url.c: code/comment cleanup around conn creation
url.h: fix `-Wdocumentation`
url: fix reuse of connections using HTTP Negotiate
urlapi: use U_CURLU_URLDECODE when toggling it off unsigned
urldata.h: remove two forward-declared structs not used
urldata: byebye `conn->hostname_resolve`
urldata: change 'keep_post' into three distinct bitfields
urldata: convert 'long' fields to fixed variable types
urldata: switch to uint* types
usercertinmem: use the correct cert BIO
verbose.md: explain the { and } prefixes
vquic: fix unused variable warning reported by clang-tidy
vquic: handle SOCKEMSGSIZE correctly
vtls: dedupe common on-session-reuse logic
vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests
VULN-DISCLOSURE-POLICY.md: push reports to the web form
VULN-DISCLOSURE-POLICY.md: use hackerone
winapi: use FormatMessageA instead of FormatMessageW
windows: `USE_WINSOCK` to guard winsock2 code (where missing)
windows: determine `RtlVerifyVersionInfo` address on global init
windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround
wolfssl: fix build without USE_BIO_CHAIN
ws/tftp: include header file even when protocol disabled
x509asn1: make encodeOID stop on too long input
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 4 May 2026 17:40:57 +0000 (19:40 +0200)]
glib: Update to version 2.88.1
- Update from version 2.88.0 to 2.88.1
- Update of rootfile
- Changelog
2.88.1
* Fix miscompilation with GCC 16 due to GLib’s use of the wrong function
attribute (!5145, work by Sam James)
* Fix flag confusion security issue when using `GRegex` with `G_REGEX_RAW` which
can result in unbounded out-of-bounds heap reads off the start of a regex
input string (#3919, work by linhlhq)
* Fix various minor (low severity) security issues, typically one-to-five-byte
out-of-bounds reads (#3915, #3916, #3917, #3918, #3930) or ones relying on
very specific (and unlikely) API calls (#3925) or ones relying on
discouraged P2P D-Bus configurations (#3931, #3933) (work by linhlhq)
* Bugs fixed:
- #3915 (#YWH-PGM9867-190) Buffer Over-read on GLib through glib/gvariant-
serialiser.c:1253 via gvs_tuple_is_normal() (Philip Withnall)
- #3916 (#YWH-PGM9867-187) OOB Read on GLib through
glib/gmarkup.c:g_markup_escape_text() via
glib/gmarkup.c:append_escaped_text() (Philip Withnall)
- #3917 (#YWH-PGM9867-191) OOB Read on GLib through
glib/gdatetime.c:g_date_time_get_ymd via invalid `GDateTime` (Philip
Withnall)
- #3918 (#YWH-PGM9867-193) Buffer Over-read on GLib's g_regex_replace()
through glib/gregex.c:string_append() via g_utf8_next_char() (Philip
Withnall)
- #3919 (#YWH-PGM9867-194) Buffer Over-read on GLib through
glib/gregex.c:g_regex_split_full() via glib/gutf8.c:g_utf8_prev_char()
(Philip Withnall)
- #3925 (#YWH-PGM9867-199) Buffer Over-read on GLib through glib/giochannel.c
via "g_io_channel_read_line_backend" (Philip Withnall)
- #3930 (#YWH-PGM9867-200) Off-by-one Error on GLib through glib/gkeyfile.c
via "g_key_file_get_locale_string_list" (Philip Withnall)
- #3931 (#YWH-PGM9867-203) Path Traversal on GLib DBus through
glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry,
mechanism_client_data_receive (COOKIE_SHA1 Client Authentication) leads to
Arbitrary File Read (Philip Withnall)
- #3933 Integer overflow in g_dbus_message_bytes_needed() bypasses 128 MiB
size check (pre-auth DoS on P2P connections) (Philip Withnall)
- !5101 Update Serbian translation
- !5105 docs: Expand docs for GLIB_VERSION_MAX_ALLOWED
- !5110 gmarkup: fix type of length parameter of text_validate()
- !5111 Update Russian translation
- !5113 Update Polish translation
- !5114 docs: Remove myself from CODEOWNERS
- !5122 Update Slovak translation
- !5134 Backport various recent security fixes to GVariant, GMarkup, GDateTime
and GRegex to glib-2-88
- !5150 Backport !5145 “gvarianttype: use pure attribute, not inappropriate
const” to glib-2-88
- !5152 Update Slovak translation
- !5154 Update German translation
- !5165 Update Slovak translation
- !5166 Update Slovak translation
- !5169 Update Persian translation
- !5174 Backport !5170 !5171 !5172 !5173 Various security fixes to glib-2-88
* Translation updates:
- German (Christian Kirbach)
- Persian (Danial Behzadi)
- Polish (Victoria Niedzielska)
- Russian (Artur S0)
- Serbian (Марко Костић)
- Slovak (Jose Riha)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 4 May 2026 17:40:58 +0000 (19:40 +0200)]
gnutls: Update to version 3.8.13
- Update from version 3.8.11 to 3.8.13
- Update of rootfile
- 13 CVE Fixes in 3.8.13
- 2 CVE Fixes in 3.8.12
- Changelog
3.8.13
** libgnutls: Add more checks to DTLS reassembly
Previously, gnutls didn't check that DTLS fragments claimed
a consistent message_length value.
Additionally, a crucial array size check was missing,
enabling an attacker to cause a heap overwrite.
Reject fragments with mismatching length and add a missing boundary check.
Independently reported by
Haruto Kimura (Stella), Oscar Reparaz and Zou Dikai.
[GNUTLS-SA-2026-04-29-1, CVSS: high] [CVE-2026-33846]
** libgnutls: Fix qsort comparator in DTLS reassembly
The comparator function used for ordering DTLS packets
by sequence numbers did not follow qsort comparator contracts
in case of packets with duplicate sequence numbers,
which could lead to unstable ordering or undefined behaviour.
Return 0 in such cases makes the sorting stable.
Additionally, discard packets with same sequence numbers
and differing handshake type,
so that they don't end up being sorted in the first place.
Reported by Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-2, CVSS: high] [CVE-2026-42009]
** libgnutls: Fix crashing on an underflow with a DTLS datagram
A remotely triggerable underflow in the DTLS reassembly code led to
a heap overrun.
Prevent the underflow from happening.
Reported by Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-3, CVSS: high] [CVE-2026-33845]
** libgnutls: Fix RSA-PSK identity truncation
Servers configured with RSA-PSK have wrongfully matched usernames with NUL
character in them to ones truncated to NUL character,
which could lead to an authentication bypass.
Fix the check to perform comparison up to the full username length.
Reported by Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-4, CVSS: high] [CVE-2026-42010]
** libgnutls: Fix case-sensitivity of domain name comparison in name constraints
Domain name comparison during name constraints processing
was case-sensitive, violating RFC 5280 section 7.2.
For excluded name constraints, this could lead to
incorrectly accepting domain names that should've been rejected.
DNS name comparison and the domain part of email names
now perform case-insensitive comparison.
Independently reported by Oleh Konko (1seal) and
Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-5, CVSS: high] [CVE-2026-3833]
** libgnutls: Fix intersecting empty constraints
Permitted name constraints were wrongfully ignored
when prior CAs only had excluded name constraints,
resulting in a name constraint bypass.
Reported by Haruto Kimura (Stella).
[GNUTLS-SA-2026-04-29-6, CVSS: medium] [CVE-2026-42011]
** libgnutls: Suppress CN fallback in presence of URI and SRV SAN
Certificates containing URI or SRV Subject Alternative Names
no longer fall back to checking DNS hostnames against Common Name
to avoid potential misuse of such certificates
beyond their original purpose.
Reported by Oleh Konko (1seal).
[GNUTLS-SA-2026-04-27-7, CVSS: medium] [CVE-2026-42012]
** libgnutls: Suppress CN fallback for oversized SAN
Validation of certificates with oversized Subject Alternative Names
no longer falls back to checking DNS hostnames against Common Name.
Independently reported by Haruto Kimura (Stella) and
Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-27-8, CVSS: medium] [CVE-2026-42013]
** libgnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin
Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin()
with oldpin == NULL for a token lacking a protected authentication path
led to a use-after-free.
Reported by Luigino Camastra and Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-9, CVSS: medium] [CVE-2026-42014]
** libgnutls: Fix overread in RSA key exchange with PKCS#11 keys
For a server using an RSA key backed by a PKCS#11 token,
a client sending an extremely short premaster secret
during an RSA key exchange could trigger a short heap overread.
Reported by Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-10, CVSS: medium] [CVE-2026-5260]
** libgnutls: Fix off-by-one in PKCS#12 bag element bounds check
Appending to a PKCS#12 bag that already contained 32 elements
could write past the bag's internal array.
Reported by Zou Dikai.
[GNUTLS-SA-2026-04-29-11, CVSS: low] [CVE-2026-42015]
** libgnutls: Fix multi-entry OCSP response revocation bypass
When validating a certificate against a multi-entry OCSP response,
the revocation status was always checked for the first entry
instead of the entry matching the certificate,
which could lead to accepting revoked certificates.
Independently reported by Oleh Konko (1seal) and
Joshua Rogers of AISLE Research Team.
[GNUTLS-SA-2026-04-29-12, CVSS: low] [CVE-2026-3832]
** libgnutls: Fix timing side-channel in PKCS#7 padding removal
The PKCS#7 padding check performed during decryption was not constant-time,
potentially leaking information about the padding bytes
through timing differences.
Rewritten to remove padding in a branch-free manner.
Reported by Doria Tang of Stony Brook University.
[GNUTLS-SA-2026-04-29-13, CVSS: low] [CVE-2026-5419]
** libgnutls: Fix PSK username comparison during rehandshake
Rehandshaking to a username with embedded NUL character could theoretically
allow bypassing the GNUTLS_ALLOW_ID_CHANGE protection (#1808).
Reported and fixed by Joshua Rogers of AISLE Research Team.
** libgnutls: Fix OID length check for OCSP delegated signer EKU
The OCSP signing EKU OID was compared without verifying its length,
allowing a shorter OID that shares the same prefix to match.
The check now verifies the length as well (#1810).
Reported by Joshua Rogers of AISLE Research Team.
** libgnutls: Fix AES keys persisting with pkcs11-provider
When using the pkcs11-provider, AES keys used for cipher operations
were created as persistent objects and accumulating.
They are now ephemeral (#1813).
** libgnutls: Fix missing RSA key coprimality check in verify_params
gnutls_privkey_verify_params overlooked the scenario of p and q
not being co-prime.
It now returns GNUTLS_E_PK_INVALID_PRIVKEY in this case (#1818).
Reported by Kamil Frankowicz.
** libgnutls: Fix overread when parsing OpenSSL PEM private keys
Insufficient bounds checking on the PEM header length could lead
to short heap overreads on specially crafted inputs (#1854).
Independently reported by Kamil Frankowicz and
Joshua Rogers of AISLE Research Team.
** libgnutls: Fix a theoretical double-free during certificate import
If gnutls_x509_crt_list_import_pkcs11 failed partway through,
the trust list cleanup code would try to free already-deinitialized
certificate entries, leading to a double-free (#1819).
Reported by Joshua Rogers of AISLE Research Team.
** libgnutls: Fix heap overread in SCT extension parser
The list-length validation didn't account for the 2-byte length field,
allowing a specially crafted SCT extension to cause
a 2-byte overread past the buffer (#1822).
Reported by Joshua Rogers of AISLE Research Team.
** libgnutls: Zeroize shared secret derived during hybrid key exchange
The derived shared secret was not zeroized before being freed (#1841).
Reported by liyue.
** build: Support building with Nettle 4.0
Nettle 4.0 was released in Feburary 2026, with API incompatibile
changes from 3.10. The library can now compile with it, while
Nettle 3.10 is still supported (#1791).
** libgnutls: Support deriving ML-DSA public key from an expanded private key
RFC 9881 defines 3 private key formats for ML-DSA: "seed",
"expandedKey" and both. It is now possible to derive a public key
from a private key in the "expandedKey" format (#1723).
** libgnutls: Fix loading BIT STRING encoded EdDSA key from PKCS#11
For compatibility reasons, the library supports two formats for
EdDSA private keys: either ASN.1 BIT STRING (raw) or OCTET STRING
(DER). Previously, loading a private key in the former format
resulted in a failure, which is now fixed (#1749).
** libgnutls: HPKE (RFC 9180) is now supported as a technology preview
The Hybrid Public Key Encryption (HPKE) is a flexible cryptographic
protocol which enables to encrypt arbitrary data to a recipient, by
combining key encapsulation mechanism (KEM) and authenticated
encryption with additional data (AEAD). GnuTLS now includes the
implementation contributed by David Dudas. Given this is a
technology preview, the implementation and the API might suffer
modification in the following period. Use --enable-hpke to turn on
this feature (#1506).
** libgnutls: Fix TLS 1.3 client certificate selection
For servers that send a signature_algorithms extension in CertificateRequest
with new rsa_pss_rsae_* algorithms and without the legacy rsa_pkcs1_* ones,
the client now properly considers RSA when selecting a certificate to send.
This fixes TLS 1.3 interoperability with newer Java servers
when using client certificates.
Contributed by Romain Tartière (#1842).
** libgnutls: Fix kTLS ChaCha20-Poly1305 IV for TLS 1.2
When using kTLS with ChaCha20-Poly1305 under TLS 1.2,
an incorrect value was passed as the IV to the kernel,
causing connections to fail early.
** libgnutls: Allow fetching object type metadata for PKCS#11 keys
A new library function, gnutls_pkcs11_obj_get_pk_algorithm,
has been added to check the public key algorithms of PKCS#11 key objects.
Object types other than CKO_PRIVATE_KEY are currently not supported.
Contributed by Ghadi Elie Rahme (!2074).
** API and ABI modifications:
gnutls_hpke_kem_t: New enum
gnutls_hpke_kdf_t: New enum
gnutls_hpke_aead_t: New enum
gnutls_hpke_mode_t: New enum
gnutls_hpke_role_t: New enum
gnutls_hpke_context_st: New context structure
gnutls_hpke_init: New function
gnutls_hpke_deinit: New function
gnutls_hpke_encap: New function
gnutls_hpke_seal: New function
gnutls_hpke_decap: New function
gnutls_hpke_open: New function
gnutls_hpke_derive_keypair: New function
gnutls_hpke_export: New function
gnutls_pkcs11_obj_get_pk_algorithm: New function
3.8.12
** libgnutls: Fix NULL pointer dereference in PSK binder verification
A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello
could lead to a denial of service attack via crashing the server.
The updated code guards against the problematic dereference.
Reported by Jaehun Lee.
[Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue
Verifying certificates with pathological amounts of name constraints
could lead to a denial of service attack via resource exhaustion.
Reworked processing algorithms exhibit better performance characteristics.
Reported by Tim Scheckenbach.
[Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
** libgnutls: Fix multiple unexploitable overflows
Reported by Tim Rühsen (#1783, #1786).
** libgnutls: Fall back to thread-unsafe module initialization
Improve fallback handling for PKCS#11 modules that
don't support thread-safe initialization (#1774).
Also return filename from p11_kit_module_get_name() for unconfigured modules.
** libgnutls: Accept NULL as digest argument for gnutls_hash_output
The accelerated implementation of gnutls_hash_output() now
properly accepts NULL as the digest argument, matching the
behavior of the reference implementation (#1769).
** srptool: Avoid a stack buffer overflow when processing large SRP groups.
Reported and fixed by Mikhail Dmitrichenko (#1777).
** API and ABI modifications:
No changes since last version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 4 May 2026 17:40:59 +0000 (19:40 +0200)]
libmicrohttpd: Update to version 1.0.5
- Update from version 1.0.3 to 1.0.5
- No change to rootfile
- Changelog
1.0.5
It fixes a additional HTTP request smuggling issues (CWE-444)
1.0.4
It fixes a minor HTTP request smuggling issue (CWE-444).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.67
"Changes with Apache 2.4.67
*) SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp:
Heap Over-Read and memory disclosure in ajp_parse_data()
(cve.mitre.org)
Buffer Over-read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Elhanan Haenel
*) SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp:
Heap Buffer Over-Read Due to Missing Null-Termination Check
(ajp_msg_get_string) (cve.mitre.org)
Improper Null Termination, Out-of-bounds Read vulnerability in
Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Tianshuo Han (<hantianshuo233@gmail.com>)
*) SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB
reads in AJP getter functions (cve.mitre.org)
Out-of-bounds Read vulnerability in mod_proxy_ajp of
Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Elhanan Haenel
*) SECURITY: CVE-2026-33523: Apache HTTP Server: multiple modules:
HTTP response splitting forwarding malicious status line
(cve.mitre.org)
HTTP response splitting vulnerability in multiple Apache HTTP
Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Haruki Oyama (Waseda University)
*) SECURITY: CVE-2026-33007: Apache HTTP Server: mod_authn_socache
crash (cve.mitre.org)
A NULL pointer dereference in the mod_authn_socache in Apache
HTTP Server 2.4.66 and earlier allows an unauthenticated remote
user to crash a child process in a caching forward proxy
configuration.
Users are recommended to upgrade to version 2.4.67, which fixes
this issue.
Credits: Pavel Kohout, Aisle Research, Aisle.com
*) SECURITY: CVE-2026-33006: Apache HTTP Server: mod_auth_digest
timing attack (cve.mitre.org)
A timing attack against mod_auth_digest in Apache HTTP Server
2.4.66 allows a bypass of Digest authentication by a remote
attacker.
Users are recommended to upgrade to version 2.4.67, which fixes
this issue.
Credits: Nitescu Lucian
*) SECURITY: CVE-2026-29169: Apache HTTP Server: mod_dav_lock
indirect lock crash (cve.mitre.org)
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server
2.4.66 and earlier may allow an attacker to crash the server
with a malicious request.mod_dav_lock is not used internally by
mod_dav or mod_dav_fs.
The only known use-case for mod_dav_lock was mod_dav_svn from
Apache Subversion earlier than version 1.2.0.
Users are recommended to upgrade to version 2.4.66, which fixes
this issue, or remove mod_dav_lock.
Credits: Pavel Kohout, Aisle Research, Aisle.com
*) SECURITY: CVE-2026-29168: Apache HTTP Server: mod_md
unrestricted OCSP response (cve.mitre.org)
Allocation of Resources Without Limits or Throttling
vulnerability in Apache HTTP Server's mod_md via OCSP response
data.
This issue affects Apache HTTP Server: from 2.4.30 through
2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Pavel Kohout, Aisle Research, Aisle.com
*) SECURITY: CVE-2026-28780: Apache HTTP Server: buffer overflow in
mod_proxy_ajp via ajp_msg_check_header() (cve.mitre.org)
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of
Apache HTTP Server.
If mod_proxy_ajp connects to a malicious AJP server this AJP
server can send a malicious AJP message back to mod_proxy_ajp
and cause it to write 4 attacker controlled bytes after the end
of a heap based buffer.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Andrew Lacambra
*) SECURITY: CVE-2026-24072: Apache HTTP Server: mod_rewrite
elevation of privileges via ap_expr (cve.mitre.org)
An escalation of privilege bug in various modules in Apache HTTP
2.4.66 and earlier allows local .htaccess authors to read files
with the privileges of the httpd user.
Users are recommended to upgrade to version 2.4.67, which fixes
this issue.
Credits: y7syeu
*) SECURITY: CVE-2026-23918: Apache HTTP Server: http2: double free
and possible RCE on early reset (cve.mitre.org)
Double Free and possible RCE vulnerability in Apache HTTP Server
with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes
the issue.
Credits: Bartlomiej Dmitruk, striga.ai
*) mod_md: update to version 2.6.10
- Fix issue #420 <https://github.com/icing/mod_md/issues/420> by ignoring
job.json files that claim to have completely finished a certificate
renewal, but have not produced the necessary result files.
*) mod_http2: update to version 2.0.39
Remove streams own memory allocator after reports of memory problems
with third party modules.
[Stefan Eissing]
*) mod_http2: update to version 2.0.38
Source sync with mod_h2 github repository. No functional change.
[Stefan Eissing]
*) mod_md: update to version 2.6.7
- Fix a regression in `MDStapleOthers` which broke in v2.6.0 and no longer
applied, no matter the configuration.
*) mod_md: update to version 2.6.9
- Pebble 2.9+ reports another error when terms of service agreement is
not set. Treating all "userActionRequired" errors as permanent now.
*) mod_md: update to version 2.6.8
- Fix the ARI related `replaces` property in ACME order creation to only
be used when the CA supports ARI and it is enabled in the menu config.
- Fix compatibility with APR versions before 1.6.0 which do not have
`apr_cstr_casecmp` and should use `apr_strnatcasecmp` instead.
*) mod_http2: update to version 2.0.37
Prevent double purge of a stream, resulting in a double free.
Fixes PR 69899.
[Stefan Eissing]
*) mod_md: Use correct function name when compiling against APR < 1.6.0.
PR 69954 [Tần Quảng <baobaoxich@gmail.com>]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Apr 2026 18:36:48 +0000 (20:36 +0200)]
rsync: Update to version 3.4.2
- Update from version 3.4.1 to 3.4.2
- No change to rootfile
- Changelog
3.4.2
SECURITY RELATED:
Several security-relevant defects were reported and fixed since 3.4.1.
None were assigned a CVE — rsync's fork-per-connection design scopes
the impact of each of these to the attacker's own connection, which is
equivalent to the client closing the socket itself — but they are
fixed here as a matter of hygiene and to reduce the chances of a
future exploitable combination. Many thanks to the external
researchers who reported these issues.
- Fixed a signed integer overflow in the PROXY protocol v2 header
parser: a negative `len` field could bypass the size check and cause
a stack buffer overflow in `read_buf()`. Reported by John Walker of
ZeroPath.
- Fixed an invalid access to the files array. Reported by Calum
Hutton of Rapid7.
- Reject negative token values in the compressed-stream token
decoder; a negative value could cause callers to misinterpret a
missing data pointer as literal data. Reported by Will Sergeant.
- Fixed the element count passed to the xattr `qsort()` (see
https://www.openwall.com/lists/oss-security/2026/04/16/2).
- Fixed a buffer underflow in `clean_fname()`, and added a regression
test.
- Fixed an uninitialized `mul_one` in the AVX2 get_checksum1 path
(undefined behaviour), and added a SIMD-checksum self-test that
cross-checks SSE2, SSSE3 and AVX2 against the C reference on both
aligned and unaligned buffers.
- Fixed an uninitialized `buf1` on the first call to
`get_checksum2()` in the MD4 path (fixes #673).
- Zero all new memory from internal allocations: `my_alloc()` now uses
`calloc`, and `expand_item_list()` zeros the expanded portion after
`realloc`. This gives more predictable behaviour if stale or
uninitialised memory is ever accidentally read.
BUG FIXES:
- Call `tzset()` before chroot so that log timestamps continue to
reflect the configured local timezone after the daemon chroots
(glibc needs `/etc/localtime`, which is unreachable post-chroot).
- Use the correct time when writing to the log file.
- Do not clear `DISPLAY` unconditionally.
- Fixed a Y2038 bug in `syscall.c` by replacing the `Int32x32To64`
macro (which truncates its arguments to 32 bits) with a plain
64-bit multiplication.
- Fixed ACL ID mapping for non-root users (closes #618).
- Fixed handling of objects with many xattrs on FreeBSD.
- Fixed `--open-noatime` not taking effect when opening regular
files: `O_NOATIME` is now also passed to `do_open_nofollow()`, which
has been used for regular files since the CVE fix "fixed symlink
race condition in sender".
- Ignore "directory has vanished" errors.
- Fixed the removal of multiple leading slashes.
- Added the missing `--dirs` long option.
- Fixed a segfault if `poptGetContext()` returns NULL (e.g. under
OOM) by not passing NULL to `poptReadDefaultConfig()`. Reported by
Ronnie Sahlberg; found with `malloc-fail-tester`.
- Fixed a build error on ia64 NonStop (which treats missing
prototypes as an error, not a warning).
- Fixed a flaky hardlinks test (fixes #735).
ENHANCEMENTS:
- Added multi-threaded `zstd` compression, gated by a new
`--compress-threads=N` option, with validation and man-page
coverage.
- Documented the `temp dir` parameter in the rsyncd.conf man page
(fixes #820).
- Improved rendering of interior dashes in long-option names in
`md-convert` (perhaps fixes #686).
PORTABILITY / BUILD:
- Fixed glibc 2.43 const-preserving overloads of `strtok()`,
`strchr()` etc. by declaring the affected locals with the right
constness. Contributed by Holger Hoffstätte.
- Converted the bundled zlib 1.2.8 from K&R-style function
definitions to ANSI prototypes, so it builds with clang 16+.
- Avoid using `bool` as an identifier; it is a keyword in C23.
- `configure.ac`: check for xattr functions in libc first and only
fall back to `-lattr`, avoiding spurious overlinking when `-lattr`
happens to be installed. Contributed by Eli Schwartz.
- Made the build reproducible by honouring `SOURCE_DATE_EPOCH` for
the manpage date.
- Removed obsolete `popt/findme.c` and `popt/findme.h` that upstream
popt 1.14 folded into `popt.c` (fixes #710). Contributed by Alan
Coopersmith.
INTERNAL:
- Made many module-global variables `const` so they can live in
`.rodata` and enable additional compiler optimization.
DEVELOPER RELATED:
- Replaced `runtests.sh` with `runtests.py`, a Python test runner
that supports `--valgrind` (with per-process log files so valgrind
output no longer interferes with output comparisons) and
`-j/--parallel` execution for roughly a 7× speed-up on typical
hardware.
- Added a SIMD checksum self-test and a `clean-fname-underflow`
regression test.
- Various CI fixes for macOS and Cygwin (including adding
`simd-checksum` to the expected-skipped lists on platforms without
SIMD), and tests now run on `ubuntu-latest`.
- removed support for the unmaintained rsync-patches archive
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Apr 2026 18:36:47 +0000 (20:36 +0200)]
openvpn: Update to version 2.7.3
- Update from version 2.7.1 to 2.7.3
- No change to rootfile
- 2 CVE fixes in 2.7.2. These have also been applied to 2.6.20 on the 2.6 branch
- Changelog
2.7.3
bugfixes
in combination with --management-query-passwords, setups using --auth-user-pass
file or inline auth-user-pass would no longer use the configured passwords and
prompt on the management interface instead (OpenVPN GUI would then provide an
empty user/password prompt) (Github: OpenVPN/openpvn#1021).
2.7.2
Security fixes
fix race condition in TLS handshake that could lead to leaking of packet data from
a previous handshake under specific circumstances (CVE-2026-40215)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com))
fix server ASSERT() on receiving a suitably malformed packet with a valid
tls-crypt-v2 key (CVE-2026-35058)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com)
and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
Bugfixes
when using a config file with inlined username and no password, fix prompting for
the password from management interface.
Windows: fix DNSSEC flag handling - this got never applied due to a bad comparison
being always false.
Windows: fix deinstallation progress bar on adapter deletion.
New features
management interface: permit input of very long passwords in base64-encoded
multiline format. Signal support to management clients via
"management version 6".
Documentation
improve documentation and error messages related to old and new Linux DCO modules
remove some references to pre-2.3 OpenVPN
improve manpage for --learn-address config
User-visible Changes
improve error messages on --verify-x509-name failures
improve error logging when overlong username or passwords can not be written to TLS
buffer
Long-term code maintenance
fully support OpenSSL 4.0 now, without "deprecated API" warnings (multiple small
changes to adapt to 3.5 -> 4.0 API changes)
add unit tests for certificate detail printing
add unit tests for "empty password on inline credentials" handling
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Apr 2026 18:36:46 +0000 (20:36 +0200)]
lvm2: Update to version 2.03.40
- Update from version 2.03.39 to 2.03.40
- Update of rootfile
- Changelog
2.03.40
Reset warned flag in dmeventd raid plugin when device fully syncs.
Fix inverted range comparison in libdm reserved value check.
Fix percent_check threshold stuck above 100% in dmeventd thin/vdo plugins.
Fix cache_check_for_warns reading wrong cache mode for cachevol.
Fix memory leak in process_each_label duplicate handling.
Fix missing unlock_vg in vgcreate when pvcreate_each_device fails.
Lock the origin LV when locking a COW snapshot in lvmlockd.
Preserve bcache AIO context across lvm shell commands to avoid reinit cost.
Fix msg.data leaks in dmeventd restart and reinstate paths.
Fix VG lock leak on init_processing_handle failure in vgcreate.
Fix VG lock leak on lv_remove_single failure in vgmerge.
Fix VG lock leak on second lock_vol failure in vgimportclone.
Fix VG lock leak on early return in pvscan.
Fix inverted strstr check in remove_layer_from_lv layer rename.
Fix inverted strcmp for vgchange --persist lockstart check.
Fix argv overwriting last vdoformat option with device path.
Fix NULL deref of sync_action in dm_get_status_raid.
Fix recovery rate check in lvcreate when max rate is unset.
Fix dm_strncpy off-by-one in raid split image conversion name.
Fix missing failure return after reshape space allocation error in raid.
Pre-create udev cookie before critical section to avoid resume failures.
Validate area_count before subtracting parity_devs in RAID metadata import.
Validate area_count against MAX_STRIPES to prevent integer overflow.
Validate mda size and prevent uint64 to uint32 truncation in metadata reads.
Extract label_check_pv_layout to validate PV label buffer structure.
Remove redundant memset from command registration (global array is zero-init).
Kill orphaned polling lvpoll process in lvmpolld on pvmove --abort.
Fix pvmove mirror image bounds check off-by-one in poll completion.
Fix dev_manager to restore track_pvmove_deps flag on error path.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Apr 2026 18:36:45 +0000 (20:36 +0200)]
ethtool: Update to version 7.0
- Update from version 6.15 to 7.0
- No change to rootfile
- Changelog
7.0
* Feature: support MSE display (--show-mse)
* Feature: add 2 new link_ext_state names
* Fix: fix index calculation in ixgbe register dump (-d)
* Fix: cmis wavelength tolerance output (-m)
* Fix: duplicate sfpid Active Cu compliance output (-m)
6.19
* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
* Feature: display HW timestamp source (-T)
* Feature: support PLCA notifications (--get/set-plca-cfg)
* Feature: add PSE priority management support (--show/set-pse)
* Feature: support PSE notifications (--show/set-pse)
* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
* Feature: support FEC bit error histograms (--show-fec)
* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
* Fix: fix missing headers in text output
* Fix: fix print_string when the value is NULL (-Werror=format-security)
* Fix: fix JSON output of SFP diagnostics
* Fix: fix duplicated JSON keys in module info
* Misc: clarify that symmetric RSS may be on by default (-x/-X)
* Misc: add AppStream metainfo file to %files section
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.0.20250521 to 1.0.20260223
- No change in rootfile
- Changelog
1.0.20260223
* wg-quick: linux: use smallest mtu, not largest
The minimum endpoint MTU selection should now actually work.
* wg-quick: pass on # comments to {Pre,Post}{Up,Down}
This handles the case of a literal # being used in a command.
* wg-quick: linux: deal with resolvconf migration more gracefully
This fixes an issue when upgrading Ubuntu boxes.
* wg-quick: use addconf instead of setconf
This will prevent wiping out changes made in PreUp.
* wg-quick: linux: do not unnecessarily set sysctl
Improves docker compatibility.
* wg-quick at .service: add deps on wg-quick.target
* config: preserve const correctness
Squelches a warning on recent gcc.
* syncconf: account for psks removed from config file
* syncconf: account for persistent keepalive removed from config file
PersistentKeepalive and PresharedKey will be removed if they're not found in
the config file during a syncconf operation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-0
Changelog is IMHO too long for the list ( ;-) )
I'll just mention "Fix #1404: Priming the root key fails after
loading ipfire.org RPZ zones. Fixed by including the ZONEMD
RRtype in the list of types to ignore for RPZ zones. Analysis
and patch provided by ummeegge."
=> Patch for RPZ ZONEMD has been removed accordingly.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/htop-dev/htop/blob/main/ChangeLog
"What's new in version 3.5.1
* Consolidate ClockMeter code into DateTimeMeter code
* Darwin: Fix unsigned underflow in memory meter on ARM64 (Apple Silicon 16K pages showing ~64TB used)
* Linux/PCP: Replace M_SHARE (SHR) with M_PRIV (PRIV) in default Main screen columns
* PCP: Fix dynamic screen column (instance) sorting (incorrect cast and field offsets)
* PCP: Fix units used when printing M_PRIV memory column values
* PCP: Add Darwin swap metric values and a fallback on Linux for SwapMeter
* Fix null pointer dereference in actionBacktrace() (GCC LTO -O2 -flto, Ubuntu 24.04)
* Make search function activate following on find consistently
* Make a panel click abort the search function"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- configure: WARNING: unrecognized options: --enable-rust
- This option was in place when rust was still being used experimentally. From version
5.0.0 rust became standard for the build and so the option was removed. from configure
- Option removed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 29 Apr 2026 17:50:30 +0000 (19:50 +0200)]
screen: Resolve configure unrecognised option(s)
- configure: WARNING: unrecognized options: --with-socket-dir, --with-sys-screenrc
- In version 5.0.0 these were changed
- --with-socket-dir has been changed to --enable-socket-dir
- --with-sys-screenrc has been changed to --with-system_screenrc
- The default location for screenrc was what we had defined anyway so that was still
specified in the version from 5.0.0 onwards.
- The global socket definition due to the unrecognised option becane a No value, so no
socket location was defined at all. This now corrects that. This has been confirmed by
looking at the configure status and confirming the directory now specified for the
socket in the build log.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- configure: WARNING: unrecognized options: --without-xerces
- Building with xerces support was removed in version 12.4.0 in 2023
- Option has been removed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
