Adolf Belka [Wed, 8 Apr 2026 20:23:07 +0000 (22:23 +0200)]
libsodium: Add patch to enable 1.0.21 to build on aarch64
- The update to 1.0.21 resulted in libsodium not building on aarch64. A fix has b
been developed and will ultimately be available with the next release. This uses that
patch fix to be applied to 1.0.21
- Build tested on aarch64 and was successfull.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 15:18:53 +0000 (17:18 +0200)]
tor: Update to version 0.4.9.6
- Update from version 0.4.8.21 to 0.4.9.6
- Version 0.4.8.22 was likely the last update on the 0.4.8 branch. Everything is now
focussed on the 0.4.9 branch.
- There are some security fixes in some of the update steps.
- No change in rootfile
- Changelog
0.4.9.6
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (portability):
- (Hopefully) fix our polyval implementation on big-endian
platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
0.4.9.5
This first stable release in the 0.4.9 series introduces a new
circuit-level encryption design for better client security, as well
as a more scalable way for large relay operators to annotate which
relays they run so clients can avoid using too many of them in a
single circuit.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major features (path selection):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family share a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.1-alpha.
o Major bugfixes (controller events):
- Fix spikes occurring in bandwidth cache events on control connection.
Fixes bug 31524; bugfix on 0.0.9pre5.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor features (client security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor features (exit relays):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (client extensibility):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor features (sandboxing):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor features (onion services):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow configuring
the minimum accepted relay version without requiring a new tor
release. Closes ticket 40817.
o Minor features (metrics port):
- New metrics on the MetricsPort for the number of BUG() calls that
occurred at runtime. Fixes bugs 40839 and 41104; bugfix on
0.4.7.1-alpha.
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (directory authority):
- Export unsigned consensus documents once we have seen a threshold
of signatures, as a step toward the consensus transparency
experiment.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 12, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database,
as retrieved on 2026/02/12.
o Minor features (windows):
- Various compilation fixes for our Windows CI. Closes ticket 41214.
o Minor bugfixes (exit relays):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. Fixes bug
41021; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (bridges):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (testing network):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (relay):
- Refuse to overwrite an existing *.secret_family_key when running
tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Removed features (relays):
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
o Removed features (directory authorities):
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
0.4.9.4-rc
Finally, the release candidate for the 0.4.9.x series. It consists of minor
features and several bugfixes. Nothing major has been added since the alpha.
If everything goes well, the next version will be the first stable.
o Minor features (security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor feature (Exit):
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (HTTPTunnelPort):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
o Minor features (linux seccomp2 sandbox):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor bugfixes (DNS, exit):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
o Minor bugfixes (warnings):
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
0.4.9.3-alpha
This is the third alpha release and likely the last before going stable.
This release contains the new CGO circuit encryption. See proposal 359 for
more details. Several TLS minor fixes which will strengthen the link
security.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Major features (cell format):
- Tor now has (unused) internal support to encode and decode relay
messages in the new format required by our newer CGO encryption
algorithm. Closes ticket 41051. Part of proposal 359.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major bugfixes (onion service directory cache):
- Preserve the download counter of an onion service descriptor
across descriptor uploads, so that recently updated descriptors
don't get pruned if there is memory pressure soon after update.
Additionally, create a separate torrc option MaxHSDirCacheBytes
that defaults to the former 20% of MaxMemInQueues threshold, but
can be controlled by relay operators under DoS. Also enforce this
threshold during HSDir uploads. Fixes bug 41006; bugfix
on 0.4.8.14.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
o Minor features (security, TLS):
- When we are running with OpenSSL 3.5.0 or later, support using the
ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
o Minor feature (client, TLS):
- Set the TLS 1.3 cipher list instead of falling back on the
default value.
o Minor feature (padding, logging):
- Reduce the amount of messages being logged related to channel
padding timeout when log level is "notice".
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 16, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/09/16.
o Minor features (hidden services):
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor features (hsdesc POW):
- Tolerate multiple PoW schemes in onion service descriptors, for
future extensibility. Implements torspec ticket 272.
o Minor features (performance TLS):
- When running with with OpenSSL 3.0.0 or later, support using
X25519 for TLS key agreement. (This should slightly improve
performance for TLS session establishment.)
o Minor features (portability):
- Fix warnings when compiling with GCC 15. Closes ticket 41079.
o Minor bugfix (conflux):
- Remove the pending nonce if we realize that the nonce of the
unlinked circuit is not tracked anymore. Should avoid the non
fatal assert triggered with a control port circuit event. Fixes
bug 41037; bugfix on 0.4.8.15.
o Minor bugfixes (bridges, pluggable transport):
- Fix a bug causing the initial tor process to hang instead of
exiting with RunAsDaemon, when pluggable transports are used.
Fixes bug 41088; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (circuit handling):
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Second fix attempt Fixes bug 41106; bugfix
on 0.4.8.17
o Minor bugfixes (compilation):
- Fix linking on systems without a working stdatomic.h. Fixes bug
41076; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (logging, metrics port):
- Count BUG statements for the MetricsPort only if they are warnings
or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
contributed by shadowcoder.
o Minor bugfixes (protocol):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay):
- Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
bug 41043; bugfix on 0.4.9.2-alpha.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17-dev.
o Removed features:
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
0.4.9.2-alpha
This is the second alpha of the 0.4.9.x series. We have several new minor
features and a big one, the happy families that was long awaited by relay
operators. This release also fixes a number of bugs including major ones.
o Major feature (happy families):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family shares a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major features (client):
- Clients now respect "happy families" per proposal 321. This
feature will eventually allow a much more compact representation
for relay families, for a significant savings in directory
download size.
o Minor feature (onion service, control port):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (compilation):
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor features (continuous integration):
- Upgrade CI runners to use Debian Bookworm instead of Bullseye.
Closes ticket 41029.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 05, 2025.
- Regenerate fallback directories generated on March 20, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/02/05.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/20.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/24.
o Minor features (recommended protocols):
- Directory authorities now vote to recommend that clients support
certain protocols beyond those that are required. These include
improved support for connecting to relays on IPv6, NtorV3, and
congestion control. Part of ticket 40836.
o Minor features (required protocols):
- Directory authorities now vote to require clients to support the
authenticated SENDME feature, which was introduced in
0.4.1.1-alpha. Part of ticket 40836.
- Directory authorities now vote to require relays to support
certain protocols, all of which have been implemented since
0.4.7.4-alpha or earlier. These include improved support for
connecting to relays on IPv6, NtorV3, running as a rate-limited
introduction point, authenticated SENDMEs, and congestion control.
Part of ticket 40836.
o Major bugfix (control-events, bw-cache):
- Fixes spikes occurring in bandwidth cache on control connection.
Fixes bug 31524; bugfix on 0.4.8.12-dev.
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.13.
o Major bugfixes (onion service directory cache):
- When the OOM killer kicks in, cleanup the descriptor cache of an
HSDir by looking at the lowest downloaded count instead of time in
cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (conflux):
- Avoid a non fatal assert when describing a conflux circuit on the
control port after being prepped to be freed. Fixes bug 41037;
bugfix on 0.4.8.15.
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
41035; bugfix on 0.4.8.15
o Minor bugfixes (control port):
- Correctly report conflux pair information to controller fields
Fixes bug 40872; bugfix on 0.4.8.1-alpha
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. (Fixes bug
41021; bugfix on 0.2.8.1-alpha.)
o Minor bugfixes (threads, memory):
- Improvements in cleanup of resources used by threads. Fixes bug
40991; bugfix on 0.4.8.13-dev.
- Rework start and exit of worker threads.
o Removed features:
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
0.4.9.1-alpha
This is the first alpha of the 0.4.9.x series. This release mostly consists
of bugfixes including some major ones. There are several minor features in
this release but no large new subsystem.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor feature (defense in depth):
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow modification of
minimal accepted version for relays without requiring a new tor
release. Closes ticket 40817.
o Minor feature (exit policies):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
o Minor feature (exit relay, DoS resistance):
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
o Minor feature (metrics port):
- New metrics on the MetricsPort for the number of BUG() that
occurred at runtime. Closes MR 760.
o Minor feature (metrics port, relay):
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor feature (testing):
- test-network now unconditionally includes IPv6 instead of trying
to detect IPv6 support.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (SOCKS):
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor bugfix (MetricsPort, relay):
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
o Minor bugfix (process):
- Avoid closing all possible FDs when spawning a process (PT). On
some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay, sandbox):
- Disable a sandbox unit test that is failing on Debian Sid breaking
our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (bridge):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (memory):
- Fix a pointer free that wasn't set to NULL afterwards which could
be reused by calling back in the free all function. Fixes bug
40989; bugfix on 0.4.8.13.
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (testing):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (tor-resolve):
- Create socket with correct family as given by sockshost, fixes
IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
o Removed features:
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
o Removed features (directory authority):
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
o Removed features (obsolete):
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Removed some vestigial code for selecting the TAP circuit
extension protocol.
0.4.8.22
This is likely the very last release of the 0.4.8.x series. Three major
bugfixes detailed below including two affecting directory servers (basically
all relays). We strongly recommend upgrading as soon as possible.
o Major bugfixes (security):
- Avoid an out-of-bounds read error that could occur with
V1-formatted EXTEND cells. Fixes bug 41180; bugfix on 0.4.8.1-alpha.
This is tracked as TROVE-2025-016.
o Major bugfixes (directory servers):
- Allow old clients to fetch the consensus even if they use version
0 of the SENDME protocol. In mid 2025 we changed the required
minimum version of the "FlowCtrl" protocol to 1, meaning directory
caches hang up on clients that send a version 0 SENDME cell. Since
old clients were no longer able to retrieve the consensus, they
couldn't learn about this required minimum version -- meaning
we've had many many old clients loading down directory servers for
the past months. Fixes bug 41191; bugfix on 0.4.1.1-alpha.
- Don't count networkstatus serves until they finish. When we
started serving a consensus document but the client didn't receive
all of it, we were still counting that as a success in our stats.
This mistake, which can be triggered for example by obsolete
clients or by DPI-based censorship, led to wildly inflated user
counts because we estimate total users in the world based on
successful consensus fetches. Fixes bug 41192; bugfix
on 0.2.1.1-alpha.
o Minor feature (testing, CI):
- Bump the CI version of chutney to the current version as of
2026-01-21 (3338f5c).
o Minor features (debugging, compression):
- Do not check for compression bombs for buffers smaller than 5MB
(increased from 64 KB). Fixes ticket 40739; bugfix on 0.2.1.29.
o Minor features (directory servers):
- Track how many times directory servers begin serving networkstatus
documents, so we can compare it to the number of times we finish
serving them. Motivated by the fixes in ticket 41192.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on January 28, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/01/28.
o Minor bugfixes (relay):
- Downgrade "Error relaying cell across rendezvous" log warn to info
as the error condition is possible under normal circumstances. Fixes
bug 40951; bugfix on 0.3.5.1-alpha.
o Code simplification and refactoring:
- Simplify SOCKS4a parsing to avoid the (false) appearance of
integer underflows, and to make the logic more obvious. Fixes bug
41190; bugfix on 0.3.5.1-alpha.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 15:18:52 +0000 (17:18 +0200)]
systemd: Update to version 260.1
- Update from version 258 to 260.1
- Update of rootfile
- Remove FTBFS patch as this has now been included in the tarball.
- Remove the sed line for fixing udev linking as this is now part of the tarball.
- Changelog entries only related to udev
260.1
* Support for non-system users and groups in udev rules and
systemd-networkd configuration has been restored, but is deprecated
and discouraged. systemd-udevd will emits warnings if a non-system
user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
will warn about User=/Group= settings with a non-system user/group
specified in .netdev files for Tun/Tap interfaces. This support will
be removed in a future release.
Device nodes should not be owned by a non-system user/group. It is
recommended to check udev rules files with 'udevadm verify' and/or
'udevadm test' commands.
* Permissions for /dev/ptp* are now set to 0664 (previously 0660),
allowing unprivileged read-only access. This relies on the kernel fix
"ptp: Add PHC file mode checks. Allow RO adjtime() without
FMODE_WRITE." (commit b4e53b15c04e3852949003752f48f7a14ae39e86 in
v6.15, backported to LTS releases in v6.12.68, v6.6.122, v6.1.162,
v5.15.199, and v5.10.249), which adds missing PTP ioctl permission
checks and keeps clock-modifying operations write-restricted. Systems
running stable kernel branches should ensure they are updated to patch
levels that include the fix.
* Persistent network interface naming has bee extended to MCTP devices
with the "mc" prefix.
* The minimum backlight brightness value used when restoring backlight
levels at boot has been lowered from 5% to 1%. This lower value
should be sufficient to avoid blacked-out displays, but allows user
environments to use a wider range of values (without lower values
being reset during reboot). Note that environments may still set very
low brightness values at runtime independently of the systemd clamp
which only applies during boot.
* A new udev property ID_INTEGRATION= is now exposed on devices that
have ID_BUS= defined. This variable can be set to 'internal' when the
device is integral part of the system or 'external' otherwise.
Internal buses like PCI, I2C, SPI... imply 'internal' and external
buses like bluetooth imply 'external'. For USB the 'removable'
attribute of the port the device is connected to determines the
result: 'fixed' implies 'internal' and 'removable' or 'unknown'
implies 'external'.
* ID_INPUT_JOYSTICK_INTEGRATION= property has been dropped in favour of
ID_INTEGRATION= because it was never used and the new variable covers
the idea that variable was intended for better.
* A new udev builtin "tpm2_id" is now available which will extract
vendor/model identification from connected TPM2 devices as they are
probed. This is then used to import data from the udev database,
possibly containing quirk and other information about specific TPMs.
259
* systemd-udevd rules gained support for OPTIONS="dump-json" to dump
the current event status in JSON format. This generates output
similar to "udevadm test --json=short".
* The net_id builtin for systemd-udevd now can generate predictable
interface names for Wifi devices on DeviceTree systems.
* systemd-udevd and systemd-repart will now reread partition tables on
block devices in a more graceful, incremental fashion. Specifically,
they no longer use the kernel BLKRRPART ioctl() which removes all
in-memory partition objects loaded into the kernel and then recreates
them as new objects. Instead they will use the BLKPG ioctl() to make
minimal changes, and individually add, remove, or grow modified
partitions, avoiding removal/re-adding where the partitions were left
unmodified on disk. This should greatly improve behaviour on systems
that make modifications to partition tables on disk while using them.
* A new udev property ID_BLOCK_SUBSYSTEM is now exposed on block devices
reporting a short identifier for the subsystem a block device belongs
to. This only applies to block devices not connected to a regular bus,
i.e. virtual block devices such as loopback, DM, MD, or zram.
* systemd-udevd will now generate /dev/gpio/by-id/… symlinks for GPIO
devices.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 09:22:42 +0000 (11:22 +0200)]
util-linux: Update to version 2.42
- Update from version 2.41.2 to 2.42
- Update of rootfiles for all architectures
- Changelog
2.42
Two security fixes applied - one for a CVE and the other for a CWE. These were
also applied at version 2.41.4
The changelog for 2.42 is way too long to inlcude here (~1700 lines)
The details can be found in the tarball in
/Documentation/releases/v2.42-ReleaseNotes
2.41.4
Security fixes:
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.
The SUID mount follows symlinks when resolving loop backing file
paths. On systems where non-root users are permitted to mount loop
devices (via 'user' option in fstab), this allows access to
arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended().
A crafted MBR disk image can cause uint32_t wraparound in EBR
chain processing, causing reported partitions to not match the
on-disk layout. Tools like udisks may then register a partition
at logical sector 0.
Changes:
blkid:
- Drop const from blkid_partitions_get_name() (by Daan De Meyer)
build-sys:
- (gcc) ignore -Wunused-but-set-variable for bison (by Christian Goeschel Ndjomouo)
disk-utils:
- fix typo in fdisk.c (by Christian Kirbach)
libblkid:
- dos: validate EBR data and links within extended partition (by Karel Zak)
libfdisk:
- dos: validate EBR link within extended partition bounds (by Karel Zak)
loopdev:
- add LOOPDEV_FL_NOFOLLOW to prevent symlink attacks (by Karel Zak)
tools:
- update git-version-next from master (by Karel Zak)
2.41.3
bash-completion:
- (mount) add missing options (by Christian Goeschel Ndjomouo)
- add lsfd (by Karel Zak)
- add blkpr (by Karel Zak)
- add bits to dist tarball (by Karel Zak)
dmesg:
- fix const qualifier warnings in parse_callerid (by Karel Zak)
eject:
- fix const qualifier warning in read_speed (by Karel Zak)
enosys:
- fix const qualifier warning in parse_block (by Karel Zak)
libblkid:
- fix const qualifier warning in blkid_parse_tag_string (by Karel Zak)
- use snprintf() instead of sprintf() (by Karel Zak)
libfdisk:
- (dos) fix off-by-one in maximum last sector calculation (by Karel Zak)
liblastlog2:
- fix operator precedence in conditional assignments (by Karel Zak)
lib, lscpu:
- fix const qualifier discarded warnings in bsearch (by Karel Zak)
libmount:
- fix const qualifier warning in mnt_parse_mountinfo_line (by Karel Zak)
- fix const qualifier warnings for C23 (by Karel Zak)
logger:
- fix const qualifier warnings for C23 (by Karel Zak)
login-utils:
- fix setpwnam() buffer use [CVE-2025-14104] (by Karel Zak)
losetup:
- sort 'O' correctly for the mutual-exclusive check to work (by Benno Schulenberg)
lscpu:
- use maximum CPU speed from DMI, avoid duplicate version string (by Karel Zak)
- Add a few missing Arm CPU identifiers (by Jonathan Thackray)
lsfd:
- fix memory leak related to stat_error_class (by Masatake YAMATO)
- (bugfix) use PRIu32 for prining lport of netlink socket (by Masatake YAMATO)
- fix const qualifier warning in strnrstr (by Karel Zak)
- fix const qualifier warning in new_counter_spec (by Karel Zak)
- fix bsearch macro usage with glibc C23 (by Cristian Rodríguez)
lsns:
- fix const qualifier warnings for C23 (by Karel Zak)
namei:
- fix const qualifier warning in readlink_to_namei (by Karel Zak)
partx:
- fix const qualifier warning in get_max_partno (by Karel Zak)
po:
- update sr.po (from translationproject.org) (by Мирослав Николић)
po-man:
- merge changes (by Karel Zak)
- update sr.po (from translationproject.org) (by Мирослав Николић)
umount:
- consider helper return status for success message (by Christian Goeschel Ndjomouo)
wdctl:
- remove -d option leftover (by Munehisa Kamata)
whereis:
- fix const qualifier warnings for C23 (by Karel Zak)
Misc:
- Fix memory leak in setpwnam() (by yao zhang)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:08 +0000 (17:11 +0200)]
xz: Update to version 5.8.3
- Update from version 5.8.2 to 5.8.3
- Update of rootfile
- Fix for a CVE
- Changelog
5.8.3
IMPORTANT: This includes a fix for CVE-2026-34743 which affects all
XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x
releases will be made, but the fix is in the v5.2, v5.4, and v5.6
branches in the xz Git repository.
* liblzma:
- Fix a buffer overflow in lzma_index_append(): If
lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.
The lzma_index functions are rarely used by applications
directly. In the few applications that do use these functions,
the combination of function calls required to trigger this bug
are unlikely to exist, because there typically is no reason to
append Records to a decoded lzma_index. Thus, it's likely that
this bug cannot be triggered in any real-world application.
The bug was reported and discovered by Cantina using their
AppSec agent, Apex.
- Fix the build on Windows ARM64EC.
- Add "License: 0BSD" to liblzma.pc.
* xz:
- Fix invalid memory access in --files and --files0. All of
the following must be true to trigger it:
1. A string being read (which supposedly is a filename) is
at least SIZE_MAX / 2 bytes long. This size is plausible
on 32-bit platforms (2 GiB - 1 B).
2. realloc(ptr, SIZE_MAX / 2 + 1) must succeed.
On glibc >= 2.30 it shouldn't because the value
exceeds PTRDIFF_MAX.
3. An integer overflow results in a realloc(ptr, 0) call.
If it doesn't return NULL, then invalid memory access
will occur.
- On QNX, don't use fsync() on directories because it fails.
* Autotools: Enable 32-bit x86 assembler on Hurd by default.
It was already enabled in the CMake-based build.
* Translations: Add Arabic man page translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:07 +0000 (17:11 +0200)]
xfsprogs: Update to version 6.19.0
- Update from version 6.18.0 to 6.19.0
- No change to rootfile
- Changelog
6.19.0
xfs_io: print more realtime subvolume related information in statfs (Christoph Hellwig)
xfs_io: fix fsmap help (Christoph Hellwig)
mkfs: fix log sunit automatic configuration (Darrick J. Wong)
mkfs: fix protofile data corruption when in/out file block sizes don't match (Darrick J. Wong)
libxfs: fix data corruption bug in libxfs_file_write (Darrick J. Wong)
misc: fix a few memory leaks (Darrick J. Wong)
debian: Drop Uploader: Bastian Germann (Bastian Germann)
mkfs.xfs fix sunit size on 512e and 4kN disks. (Lukas Herbolt)
xfs_scrub_all: fix non-service-mode arguments to xfs_scrub (Darrick J. Wong)
mkfs: remove unnecessary return value affectation (Damien Le Moal)
xfs: use blkdev_report_zones_cached() (Damien Le Moal)
include blkzoned.h in platform_defs.h (Christoph Hellwig)
debian: don't explicitly reload systemd from postinst (Darrick J. Wong)
xfs_mdrestore: fix restoration on filesystems with 4k sectors (Darrick J. Wong)
mkfs: quiet down warning about insufficient write zones (Darrick J. Wong)
xfs_logprint: print log data to the screen in host-endian order (Darrick J. Wong)
mkfs: set rtstart from user-specified dblocks (Darrick J. Wong)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:06 +0000 (17:11 +0200)]
vim: Update to version 9.2.0305
- Update from version 9.2.0089 to 9.2.0305
- Update of rootfile
- Changelog is not available. Generally each patch version number update is related to
a commit entry in the git repository. The details for all the commit changes can be
found at https://github.com/vim/vim/commits/master/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:05 +0000 (17:11 +0200)]
tzdata: Update to version 2026a
- Update from version 2025c to 2026a
- No change to rootfile
- Changelog
2026a
Briefly:
Moldova has used EU transition times since 2022.
The "right" TZif files are no longer installed by default.
-DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
TZif files are no longer limited to 50 bytes of abbreviations.
zic is no longer limited to 50 leap seconds.
Several integer overflow bugs have been fixed.
Changes to past and future timestamps
Since 2022 Moldova has observed EU transition times, that is, it
has sprung forward at 03:00, not 02:00, and has fallen back at
04:00, not 03:00. (Thanks to Heitor David Pinto.)
Changes to data
Remove Europe/Chisinau from zonenow.tab, as it now agrees with
Europe/Athens for future timestamps.
Changes to build procedure
The Makefile no longer by default installs an alternate set
of TZif files for system clocks that count leap seconds.
Install with 'make REDO=posix_right' to get the old default,
which is rarely used in major downstream distributions.
If your system clock counts leap seconds (contrary to POSIX),
it is better to install with 'make REDO=right_only'.
This change does not affect the leapseconds file, which is still
installed as before.
The Makefile's POSIXRULES option, which was declared obsolete in
release 2019b, has been removed. The Makefile's build procedure
thus no longer optionally installs the obsolete posixrules file.
Changes to code
Compiling with the new option -DTZ_RUNTIME_LEAPS=0 disables
runtime support for leap seconds. Although this conforms to
POSIX, shrinks tzcode's attack surface, and is more efficient,
it fails to support Internet RFC 9636's leap seconds.
zic now can generate, and localtime.c can now use, TZif files that
hold up to 256 bytes of abbreviations, counting trailing NULs.
The previous limit was 50 bytes, and some tzdata TZif files were
already consuming 40 bytes. zic -v warns if it generates a file
that exceeds the old 50-byte limit.
zic -L can now generate TZif files with more than 50 leap seconds.
This helps test TZif readers not limited to 50 leap seconds, as
tzcode's localtime.c is; it has little immediate need for
practical timekeeping as there have been only 27 leap seconds and
possibly there will be no more, due to planned changes to UTC.
zic -v warns if its output exceeds the old 50-second limit.
localtime.c no longer accesses the posixrules file generated by
zic -p. Hence for obsolete and nonconforming settings like
TZ="AST4ADT" it now typically falls back on US DST rules, rather
than attempting to override this fallback with the contents of the
posixrules file. This removes library support that was declared
obsolete in release 2019b, and fixes some undefined behavior.
(Undefined behavior reported by GitHub user Naveed8951.)
The posix2time, posix2time_z, time2posix, and time2posix_z
functions now set errno=EOVERFLOW and return ((time_t) -1) if the
result is not representable. Formerly they had undefined behavior
that could in practice result in crashing, looping indefinitely,
or returning an incorrect result. As before, these functions are
defined only when localtime.c is compiled with the -DSTD_INSPIRED
option.
Some other undefined behavior, triggered by TZif files containing
outlandish but conforming UT offsets or leap second corrections,
has also been fixed. (Some of these bugs reported by Naveed8951.)
localtime.c no longer rejects TZif files that exactly fit in its
internal structures, fixing off-by-one typos introduced in 2014g.
zic no longer generates a no-op transition when
simultaneous Rule and Zone changes cancel each other out.
This occurs in tzdata only in Asia/Tbilisi on 1997-03-30.
(Thanks to Renchunhui for a test case showing the bug.)
zic no longer assumes you can fflush a read-only stream.
(Problem reported by Christos Zoulas.)
zic no longer generates UT offsets equal to -2**31 and localtime.c
no longer accepts them, as they can cause trouble in both
localtime.c and its callers. RFC 9636 prohibits such offsets.
zic -p now warns that the -p option is obsolete and likely
ineffective.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:04 +0000 (17:11 +0200)]
transmission: Update to version 4.1.1
- Update from version 4.0.5 to 4.1.1
- Update of rootfile
- Removal of patches that are no longer needed as content is included in tarball.
- Previously transmission had been updated to 4.0.6 but then reverted due to a bug that
caused transmission to spam tracker announcements. This bug was fixed in 4.1.0
- Changelog
4.1.1
All Platforms
Fixed a 4.1.0 bug that failed to report some filesystem errors to RPC clients who were querying the system's free space available. (#8258)
Fixed a 4.1.0 bug that kept a a torrent's updated queue position from being shown. (#8298)
Fixed a 4.1.0 bug that caused torrents' queuing order to sometimes be lost between sessions. (#8306)
Fixed "assertion failed: no timezone" error on OpenSolaris. (#8358)
Fixed a 4.0.0 bug that displayed the wrong mime-type icon for mp4 video files. (#8411)
Hardened .torrent parsing by exiting sooner if pieces has an invalid size. (#8412)
Reverted a 4.1.0 RPC change that broke some 3rd party code by returning floating-point numbers, rather than integers, for speed limit fields. (#8416)
Fixed crash that could happen if a user paused a torrent and edited its tracker list at the same time. (#8478)
Fixed 4.1.0 crash on arm32 by switching crc32 libraries to Mark Madler's crcany. (#8529)
Require UTF-8 filenames in .torrent files, as required by the BitTorrent spec. (#8541)
Fixed crash that could occur when parsing a .torrent file with a bad pieces key. (#8542)
Fixed potential file descriptor leak when launching scripts on POSIX systems. (#8549)
Changed the network traffic algorithm to spread bandwidth more evenly amongst peers. (#8259)
Improved laggy user interface when bandwidth usage is high. (#8454)
macOS Client
Fixed a 4.1.0 crash that occurred if deleting a torrent's files on macOS returned a system error. (#8275)
Fixed a crash in the "Rename File ..." dialog when trying to rename a torrent right when the torrent finished downloading. (#8425)
Fixed 4.1.0 crash when removing a torrent that was being show in the Inspector. (#8496)
Improved performance of internal Torrent lookup code. (#8505)
Improved responsiveness when scrolling the torrent list with keyboard navigation. (#8323)
Qt Client
Fixed a 4.1.0 bug where the RPC error response arguments were not handled. (#8414)
Fixed a long-standing bug that wouldn't let file:/// URIs be added from the command line. (#8448)
Fixed broken icons in the torrent list on Windows. (#8456)
GTK Client
Fixed a 4.1.0-beta.5 assertion failure when fetching a blocklist failed on a system compiled with GLIBCXX_ASSERTIONS enabled. (#8273)
Fixed a 4.1.0 bug that wouldn't let magnet links be added from the "Add URL" dialog. (#8277)
Fixed a 4.1.0 bug that broke keyboard shortcuts when built with GTK3. (#8293)
Fixed a crash that could happen when removing some torrents. (#8340)
Fixed a 4.1.0 bug that showed the wrong encryption mode being shown in the Preferences dialog. (#8345)
Fixed a 4.0.x bug that prevented a handful of strings from being marked for translation. (#8350)
Fixed a 4.1.0 packaging error that prevented the Qt and GTK clients from being installed side-by-side on Arch. (#8387)
Fixed a 4.1.0 bug that wouldn't let magnet links be added from the command line. (#8415)
Web Client
Reverted a 4.1.0 change that merged the "Remove torrent" and "Trash torrent" confirmation dialogs into a single dialog. (#8355)
Fixed a 4.1.0 bug that showed a "Connection failed" popup when opening the "Open torrent" dialog while the current download directory path was invalid. (#8386)
Everything Else
Updated documentation. (#8245, #8526)
4.1.0
Highlights
Improved µTP download performance. (#6508)
Added support for IPv6 and dual-stack UDP trackers. (#6687)
Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#7481)
New JSON-RPC 2.0-compliant RPC API. (#7269)
Added optional sequential downloading. (#4795)
Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client)
Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#7086)
All Platforms
Improved libtransmission code to use less CPU. (#4876, #5645, #5715, #5734, #5740, #5792, #6103, #6111, #6325, #6549, #6589, #6712, #7027, #7744, #7800)
Avoid unnecessary heap memory allocations. (#5519, #5520, #5522, #5527, #5540, #5649, #5666, #5672, #5676, #5720, #5722, #5725, #5726, #5768, #5788, #5830, #6542)
Slightly reduced latency when sending protocol messages to peers. (#5394)
Added the option preferred_transport to settings.json, so that users can choose their preference between µTP and TCP. (#5939)
Return X-Transmission-Rpc-Version header in RPC HTTP 409 response to indicate JSON-RPC support. (#7958)
Added an option to verify a torrent immediately after it finishes downloading. (#4178)
Feat: add stats for known peers, not just connected ones. (#4900)
Added support for using a proxy server for web connections. (#5038, #7486)
Added ability to cache IP addresses used in global communications, and use it to fix UDP6 warning log spam. (#5329, #5510)
Updated the torrent creator's default piece size to handle very large torrents better. (#5615)
Added support for sending an ipv4 parameter during the Extension Protocol handshake. (#5643)
Setting "cache-size-mb": 0 in settings.json now disables the disk write cache. (#5668)
Improved libtransmission code to use less CPU and RAM. (#5801)
The WebUI now does separate port checks for IPv4 and IPv6. (#5953)
Transmission now checks if local files exists after setting torrent location. (#5978)
Added forced variant of the "Verify Local Data" context menu item to WebUI. (#5981)
Improved handling of plaintext and MSE handshakes. (#6025)
If a torrent contains empty (zero byte) files, create them when starting the torrent. (#6232)
Added optional sequential downloading. (#6450, #6746, #6893, #7047)
The Qt and GTK Client now does separate port checks for IPv4 and IPv6. (#6525)
Improved DHT performance. (#6569, #6695)
Added advanced sleep-per-seconds-during-verify setting to settings.json. (#6572)
Improved µTP download performance. (#6586)
Added support for IPv6 Local Peer Discovery. (#6700)
Allow port forwarding state to automatically recover from error. (#6718)
Save upload/download queue order between sessions. (#6753, #7332)
Added BEP-21 downloader count to tr_tracker_view and RPC. (#6936)
Make client reqq configurable. (#7030)
Daemon log timestamps are now in local ISO8601 format. (#7057)
Log the reason when the RPC server rejects requests. (#7114)
Added peer traffic statistics to torrent-get rpc method. (#7172)
Added bytesCompleted field to torrent-get rpc call. (#7173)
Deprecate tcp-enabled and udp-enabled in favour of preferred_transports. (#7473)
Added raw PeerID to RPC interface. (#7514)
IPv4 patterns in the RPC whitelist can now match with IPv4-mapped IPv6 addresses. (#7523)
torrent_get.wanted is now an array of booleans in the JSON-RPC API. (#7997)
Encryption mode in settings.json and RPC are now serialized to the same set of strings. (#8032)
Fixed crash in tr_peerMgrPeerStats(). (#5279)
Fixed "no such file or directory" warning when adding a magnet link. (#5426)
Fixed bug that caused the wrong decimal separator to be used in some locales. (#5444)
Fixed bug in sending torrent metadata to peers. (#5460)
Fixed filename collision edge case when renaming files. (#5563)
Fixed locale errors that broke number rounding when displaying statistics, e.g. upload / download ratios. (#5587)
In RPC responses, change the default sort order of torrents to match Transmission 3.00. (#5604)
Improved handling of multiple connections from the same IP address. (#5619)
Always use a fixed-length key query in tracker announces. This isn't required by the spec, but some trackers rely on that fixed length because it's common practice by other BitTorrent clients. (#5652)
Fixed minor performance bug that caused disk writes to be made in smaller batches than intended. (#5671)
Fixed potential Windows crash when getstdhandle() returns NULL. (#5675)
Modified LTEP to advertise PEX support more proactively, and added an sanity check for magnet metadata exchange. (#5783)
Fixed 4.0.0 bug where the port numbers in LPD announces are sometimes malformed. (#5825)
Fixed a bug that prevented editing the query part of a tracker URL. (#5871)
Fixed a bug where Transmission may not announce LPD on its listening interface. (#5875)
Fixed a bug that prevented editing trackers on magnet links. (#5957)
Fixed HTTP tracker announces and scrapes sometimes failing after adding a torrent file by HTTPS URL. (#5969)
Fixed blocklist error seen on some Synology devices due to a bug in tr_sys_path_copy(). (#5974)
Run peerMgrPeerStats in session thread. (#5992)
In some locales, some JSON stirngs were incorrectly escaped. (#6005)
If there was some disk error with torrent removal, fail with a user readable error message. (#6055)
Fixed 1.60 bug where low priority torrents behaved as if they had a normal priority. (#6079)
Fixed 4.0.4 regression that could cause slower downloads when upload speed limits were enabled. (#6082)
Fixed 4.0.0 bug where the IP address field in UDP announces were not encoded in network byte order. [BEP-15]. (#6126)
Improved parsing HTTP tracker announce response. (#6223)
Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6355, #6405)
Fixed error when using mbedtls crypto backend: "CTR_DRBG - The requested random buffer length is too big". (#6379)
Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434)
Fixed a couple of logging issues. (#6463)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483)
Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514)
Fixed 4.0.0 bug where secondsDownloading and secondsSeeding will be reset when stopping the torrent. (#6844)
Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846)
Partial file suffixes will now be updated after torrent verification. (#6871)
Limit the number of bad pieces to accept from a webseed before banning it. (#6875)
Fixed a 4.0.0 bug where 2.20-3.00 torrent piece timestamps saved in the resume file aren't loaded correctly. (#6896)
Fixed a bug that could discard BT messages that immediately followed a handshake. (#6913)
Various bug fixes and improvements related to PEX flags. (#6917)
Fixed a bug where the turtle icon is active but not effective on starting Transmission. (#6937)
Fixed a bug where Transmission does not properly reconnect on handshake error. (#6950)
Fixed edge cases where date done and recently-active does not get updated after torrent state change. (#6992)
Fixed a 4.0.0 bug where the tracker error is not cleared when the tracker is removed from the torrent. (#7141)
Fixed a bug where torrent progress is not properly updated after verifying. (#7143)
Disconnect blocklisted peers immediately upon blocklist update. (#7167)
New files are assigned a file mode per the process umask defined in settings.json. (#7195)
Fixed 1.74 bug where resume files are not saved when shutting down Transmission. (#7216)
Fixed 4.0.0 bug where the download rate of webseeds are double-counted. (#7235)
Harden the HTTP tracker response parser. (#7326)
Fixed an issue where the speed limits are not effective below 16KiB/s. (#7339)
Added workaround for crashes related to Curl bug 10936. (#7416)
Sanitize torrent filenames depending on current OS. (#3823)
Added a workaround for users affected by Curl bug 6312. (#7447)
When downloading in sequential mode, flush pieces to disk as soon as they're completed and pass their checksum test. This helps apps that are trying to use the data in realtime, e.g. streaming media. (#7489)
Respect the min interval and interval keys from any tracker responses. (#7493)
Announce port-forwarded peer port instead of local peer port on DHT. (#7511)
Reject incoming BT data if they are not selected for download. (#7866)
Fixed intermittent crashes on macOS and GTK app. (#7948)
Fixed remote RPC bug where querying recently_active torrents missed some torrents. (#8029)
Fixed a bug where the UDP sockets are not rebound after changing the bind addresses. (#8106)
Fixed potential use-after-free bug when parsing torrent files on macOS. (#8146)
Fixed a bug where disk IO rate is much higher than transfer rate. (#7089)
Dropped jsonsl in favour of RapidJSON as our json lexer. (#6138)
Easier recovery from temporarily missing data files, no longer needing to remove and re-add torrent. (#6277)
Better utilize high Internet bandwidth. (#7029)
Renamed setting to cache_size_mib to reflect the correct size units. (#7971)
Renamed peer_socket_tos to peer_socket_diffserv. (#8004)
Use a consistent unit formatting code between clients. (#5108)
Raised minimum OpenSSL version to 1.1.0. (#6047)
Refactor: add libtransmission::Values. (#6215)
Fixed building with older versions of CMake. (#6418)
Support dual stack by manually creating and binding socket on Windows platform. (#6548)
Fixed building on macOS 10.14.6, 10.15.7 and 11.7. (#6590)
Added torrent priority to completion script environment variables. (#6629)
Dropped support for miniupnpc version below 1.7. (#6665)
Default initialize sleep callback duration in tr_verify_worker. (#6789)
Removed TR_ASSERT(now >= latest). (#7018)
Deprecated the RPC field torrent-get.manualAnnounceTime. (#7497)
Generate imported targets for MbedTLS. (#7631)
Added support for libevent 2.2.1-alpha-dev. (#7765)
Deprecated session_get.rpc_version and session_get.rpc_version_minimum in favour of session_get.rpc_version_semver in RPC. (#8022)
macOS Client
Added "Show Toolbar" toggle. (#4419)
Better dark mode support. (#6101, #6959)
Feat: support redirects to magnet. (#6012)
Render file tree in QuickLook plugin for .torrent files. (#6091)
Added an option to set Transmission as the default app for torrent files. (#6099)
Support pasting multiple magnets on the same line. (#6465)
Support multiple URL objects from pasteboard. (#6467)
Feat: clear the badge when quitting app. (#7088)
Reimplemented QuickLook previews for torrent files with Quick Look preview extension API on macOS 12+. (#7213)
Use modern macOS APIs to prevent idle system sleep and add support for Low Power Mode. (#7543)
Fix: apply i18n to percentage values. (#5568)
Fixed "Unrecognized colorspace number -1" error message. (#6049)
Fix: URL cleanup in BlocklistDownloader on macOS. (#6096)
Fixed early truncation of long group names in groups list. (#6104)
Use screen.visibleFrame instead of screen.frame. (#6321)
Fixed dock bug that prevented resizing. (#7188)
Fixed the context menu's appearance in compact mode. (#7350)
Fixed missing tooltips for Group rows in Torrent Table View. (#7828)
Fixed re-opening the filter bar is showing an incorrect selected filter. (#7844)
Fixed Hide Status Bar/Filter Bar never changing to "Show". (#8170)
Added alternating row color in QuickLook plugin. (#5216)
Updated app icon for Liquid Glass. (#7736)
Removing Liquid Glass icons on older Macs. (#7994)
Added sort-by-ETA option. (#4169)
Support localized punctuation for "Port:". (#4452)
Replace mac app default BindPort with a random port. (#5102)
Updated code that had been using deprecated API. (#5633)
Support macOS Sonoma when building from sources. (#6016)
Chore: replace deprecated NSNamePboardType with NSPasteboardTypeName. (#6107)
Fixed building on macOS Mojave. (#6180)
Improved macOS UI code to use less CPU. (#6452)
Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523)
Support finding Transmission in Spotlight with keywords "torrent" and "magnet". (#6578)
Removed warning "don't cut off end". (#6890)
Opt-in to secure coding explicitly. (#7020)
Added Afrikaans and Greek translations. (#7477)
Fixed crash when opening the messages log. (#8035)
Converted TorrentTableView to view based. (#5147)
Qt Client
Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client)
Added ETA to compact view. (#3926)
Added the web client's Labels feature. (#6428)
Added the ability to use a custom URL path when connecting to remote Transmission servers. (#7561)
Added color-coding to progressbars to differentiate torrent states. (#7756)
Fixed torrent name rendering when showing magnet links in compact view. (#5491)
Fixed bug that broke the "Move torrent file to trash" setting. (#5505)
Fixed poor resolution of the app icon. (#5570)
Fixed compatibility issue with 4.x clients talking to Transmission 3.x servers. (#6438)
Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog were not always up-to-date. (#6516)
Use semi-transparent color for inactive torrents. (#6544)
Correct "Queue for download" last activity. (#6872)
Fixed build script bug that could cause extra instances of Transmission to launch on Windows. (#7841)
Fixed a Qt API deprecation warning when building with Qt >= 6.13. (#7940)
Fixed "sequence not ordered" assertion error in debug builds. (#8000)
Fix: use URL base path. (#8078)
Fixed spinbox translation ambiguity. (#5124)
Improved Qt client's accessibility. (#6518, #6520)
Fix: QT build missing an icon. (#6683)
Changed Qt client CLI options parsing to accept Qt options as a separate group. (#7076)
Modified the "New Torrent" dialog's piece size range to [16 KiB..256 MiB]. (#6211)
Raised the minimum Qt5 version to 5.15. (#7943)
GTK Client
Use native file chooser dialogs (GTK client). (#6545)
Improved GTK client's accessibility. (#7119)
Adjust slider limits in GTK. (#7251)
Fixed file list text size adjustment based on global settings. (#7096)
Fixed missing 'Remove torrent' tooltip. (#5777)
Fixed crash when opening torrent file from "Recently used" section in GTK 4. (#6131)
Fixed 4.0.0 regression causing GTK client to hang in some cases. (#7097)
Setting default behaviour for GTK dialogs to add torrent from url and add tracker. (#7102)
Updated progressbar colours to match macOS and Web clients. (#5906)
Added developer_name entry to the Flathub build. (#6596)
Web Client
Added support for adding torrents by drag-and-drop. (#5082)
Added high contrast theme. (#5470)
Replaced background colors with system color keywords to enable using browser's colors. CSS style adjustments esp. for label and buttons. (#5897)
Added percent digits into the progress bar. (#5937)
Improved WebUI responsiveness and made quality of life improvements. (#5947)
Feat: Only show .torrent files in the web UI. (#6320)
Added separate port checks for IPv4 and IPv6. (#6607)
Added new options for web client to filter torrents by their privacy or error status. (#6977)
The inspector can now be hidden by clicking. (#6863)
Implemented a context menu for file list in web app making way to rename or copy name of individual file. (#7389)
Added a new alert message of a problem when renaming torrent or file name. (#7394)
Added accept torrent files in web. (#7683)
Don't show null as a tier name in the inspector's tier list. (#5462)
Fixed truncated play / pause icons. (#5771)
Fixed overflow when rendering peer lists and made speed indicators honor prefers-color-scheme media queries. (#5814)
Made the main menu accessible even on smaller displays. (#5827)
Fixed graying out inspector. (#5893)
Fixed updating magnet link after selecting same torrent again. (#6028)
Added seed progress percentage to compact rows. (#6034)
Fixed 4.0.0 bug where the WebUI "Set Location" dialogue does not auto fill the selected torrent's current download location. (#6334)
Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6409, #6430)
Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly. (#6491)
Fix(web): pressing the enter key now submits dialogs. (#7036)
Fixed a bug inflating per-torrent rows by long torrent names in compact view. (#7336)
Fixed incorrect text entry sensitivity when sessions changed. (#7346)
Fixed filtering torrents by tracker after a torrent's tracker list is edited. (#7761)
Removed excessive session-set RPC calls related to WebUI preference dialogue. (#5994)
Removed modifiers for keyboard shortcuts. (#5331)
Improved some UI styling and spacing. (#5466)
Updated WebUI progress bar and highlight colours. (#5762)
Improved the filterbar for narrowed viewports. (#5828)
Unified CSS shadow properties. (#5840)
Updated play/pause monochrome icons. (#5868)
Improved overflow menu for web client. (#5895)
Added display and time in torrent detail. (#5918)
Added touchscreen support in the context menu. (#5928)
Updated turtle for web app. (#6940)
Added waiting 1/4 seconds of typing in the search bar before executing and a new button to clear the search. (#6948)
Added checkbox to delete data while removing torrents. (#7000)
Fixed truncated hash in inspector page, added name section to inspector page. (#7014)
Added column mode for viewport unconstrained browsers. (#7051)
Updated gray color for grayed out objects. (#7248)
Updated displaying number in new gigabyte per second unit. (#7279)
Fixed an issue where Transmission web's custom context menu does not close when clicking on some outside element. (#7296)
Implemented a new popup management system for web client to support multiple popups in a hierarchy-like system. (#7297)
Updated viewport-sensitive layout and style to uniform across browsers of varying viewport. (#7328)
Increased base font sizes, and progress bar size in compact view. (#5340)
Use esbuild to build the web client. (#6280)
Gave labels to the mainwin buttons for web client. (#6985)
Daemon
Added optional sequential downloading. (#7048)
Added start_paused to settings and daemon. (#6728)
More accurate timestamps for daemon logs. (#7009)
Fixed minor memory leak. (#5695)
Avoid unnecessary heap memory allocations. (#5724)
Added documentation key to systemd service file. (#6781)
Use Type=notify-reload in the systemd service file. (#7570)
Included daemon-specific options in the generated settings.json. (#6499)
Updated transmission-daemon.1 to sync with --help. (#6059)
Deprecated tcp-enabled and udp-enabled in favour of preferred_transports. (#7988)
transmission-remote
Added support to download sequentially from a specific piece. This can enable apps to seek within media files for streaming use cases. (#6454, #7808, #7809)
Implemented idle seeding limits. (#2947)
transmission-remote --blocklist-update now prints blocklist size after update. (#8021)
Fixed display bug that failed to show some torrent labels. (#5572)
Fixed crash in printTorrentList. (#6819)
Improved error logging. (#7034)
Added 'months' and 'years' to ETA display for extremely slow torrents. (#5584)
Added default sorting by date added when listing torrents. (#5608)
Fixed layout bug that caused columns to be misaligned when transfer speed was >= 10MB. (#8019)
Exposed the torrent-get.percentDone key in transmission-remote. (#7622)
Deprecated --(no-)utp in transmission-remote. (#7990)
Everything Else
Improved libtransmission code to use less CPU. (#5651)
Improved support for building with the NDK on Android. (#6024)
Ran all PNG files through lossless compressors to make them smaller. (#5586)
Fixed RPC spec that confused torrent-get.wanted with torrent-get.fileStats.wanted. (#6677)
Updated documentation. (#5565, #5578, #5688, #5702, #5790, #5831, #6037, #6156, #6196, #6199, #6255, #6367, #6391, #6427, #6676, #6703, #6800, #6814, #7120, #7576, #7826, #7829, #7830, #7836, #7840, #8039)
Updated peer-id documentation to account for post-3.00 changes. (#6083)
Fixed potential build issue when compiling on macOS with gcc. (#5632)
Build with -latomic on platforms that need it. (#6774)
Fixed building with mbedtls 3.X. (#6822)
Configuring Transmission's CMake project no longer inserts third-party submodules to CMake's user package registry. (#7648)
Bumping libdeflate/small/utfcpp to newer versions. (#6709)
Bumped fast-float to 6.1.1 and miniupnpc to 2.2.7 and libdeflate to 1.2.0. (#6721)
Bumped miniupnpc to 2.2.8. (#6907)
Apply Xcode 26.0 recommendations. (#7823)
4.0.6
All Platforms
Improved parsing HTTP tracker announce response. (#6223)
Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483)
Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514)
Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846)
macOS Client
Fix: Sparkle support for handling beta version updates. (#5263)
Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523)
Fix: Sparkle Version Comparator. (#6623)
Qt Client
Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. (#6516)
GTK Client
Fixed build when compiling with GTKMM 4. (#6393)
Added developer name to metainfo files. (#6598)
Added the launchable desktop-id to metainfo files. (#6779)
Fixed build when compiling on BSD. (#6812)
Web Client
Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500)
Fixed layout issue in speed display. (#6570)
General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761)
Daemon
Fixed a couple of logging issues. (#6463)
Everything Else
Updated flatpak release metainfo. (#6357)
Fixed libtransmission build on very old cmake versions. (#6418)
UTP peer connections follow user-defined speed limits better now. (#6551)
Only use a single concurrent queue for timeMachineExclude instead of one queue per torrent (#6523). (#6558)
Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6563)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6564)
Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6565)
Improved parsing HTTP tracker announce response. (#6567)
Fixed compatibility with clang-format 18. (#6690)
Fixed build when compiling with mbedtls 3.x . (#6823)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:03 +0000 (17:11 +0200)]
strongswan: Update to version 6.0.5
- Update from version 6.0.4 to 6.0.5
- No change to rootfile
- One CVE fix included
- Changelog
6.0.5
- Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS
AVPs that can lead to a resource exhaustion or a crash.
This vulnerability has been registered as CVE-2026-25075.
- Added support for forwarding certain ICMP errors even if their source address
doesn't match the traffic selectors, when running on Linux 6.9+.
- The dhcp plugin now tracks leases across make-before-break reauthentications.
- charon-cmd support childless IKE SA initiation and IKEv2 PSK authentication.
- The kernel-netlink plugin now doesn't default to the peer's address as next
hop when installing routes if at least an interface was found.
- organizationIdentifier RDNs are supported when parsing ASN.1 DN identities
from strings.
- Options shared by all commands in the swanctl and pki tools (e.g. --debug) are
now parsed even if passed before the command. The log level is now always
changed before initializing the libraries and plugins. And due to conflicts,
the short options for swanctl's `--version` and `--uninstall` commands were
changed to `-V` and `-U`, respectively. Similarly, the short option for pki's
`--verify` command is now `-V`.
- For distributions that package plugins separately a new configure option is
provided to change the log message if a plugin can't be loaded.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3510100 to 3510300
- Update of rootfile
- Changelog 3510300
Fix the WAL-reset database corruption bug.
Other minor bug fixes. 3510200
Fix an obscure deadlock in the new broken-posix-lock detection logic in item 17 above.
Fix multiple problems in the EXISTS-to-JOIN optimization that was added as part of optimization item 6b above.
Other minor bug fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:01 +0000 (17:11 +0200)]
postfix: Update to version 3.11.1
- Update from version 3.10.7 to 3.11.1
- Update of rootfile
- Changelog
3.11.1
Major changes - database
[Incompat 20260220] The alias_maps and alias_database parameter
default values have changed from hash:/path/to/aliases (or
dbm:/path/to/aliases) to $default_database_type:/path/to/aliases.
This simplifies the migration away from Berkeley DB.
[Infrastructure 20260219] Support to migrate a Postfix configuration
that uses Berkeley DB hash: or btree: tables, to a configuration
that uses lmdb: or a combination of cdb: and lmdb:. This is needed
for (Linux) OS distributions that have removed Berkeley DB support.
See NON_BERKELEYDB_README for manual and automatic migration support.
Postfix already supports CDB and LMDB for more than 10 years. It
may be a good idea to do the migration before you need to upgrade
to an OS distribution that no longer supports Berkeley DB.
[Infrastructure 20251226] Tooling to help with the migration away
from Berkeley DB.
The new parameter default_cache_db_type controls the default database
type for address_verify_map, postscreen_cache_map, and
smtp_sasl_auth_cache_name, previously hard-coded as 'btree'.
[Feature 20250321] Safety: the SQLite client now logs a warning
when a query uses double quotes instead of the Postfix-recommended
single quotes. Only the recommended form is protected against SQL
injection.
[Feature 20250509] Support to run all memcache lookup keys through
an OpenSSL digest function. This prevents a database access error
when lookup keys may exceed the memcache server's key length limit
(usually, 250 bytes).
[Feature 20250624] Support for a new "debug:" pseudo lookup table.
Specify debug:maptype:mapname to encapsulate a maptype:mapname
lookup table and log all access. This builds on existing but unused
code to log table access. Contributed by Richard Hansen.
[Infrastructure 20250626] Overhauled in-memory lookup table life-cycle
management; overhauled sharing/isolation for proxied lookup tables.
Major changes - deprecation
[Feature 20250609] smtp_tls_enforce_peername and lmtp_tls_enforce_peername
are now officially deprecated. Postfix will log a warning until the
features are deleted. See DEPRECATION_README for a summary of
deprecated and deleted features.
[Feature 20251027] This adds 12 more deprecation warnings for
parameters that have been renamed in the past, and that still provide
a backwards-compatible default value for their replacement. The
parameters deprecated by this change are: authorized_verp_clients,
fallback_relay, lmtp_per_record_deadline, postscreen_blacklist_action,
postscreen_dnsbl_ttl, postscreen_dnsbl_whitelist_threshold,
postscreen_whitelist_interfaces, smtpd_client_connection_limit_exceptions,
smtp_per_record_deadline, tlsproxy_client_level, tlsproxy_client_policy,
virtual_maps.
[Feature 20251028] Deprecate the smtp_cname_overrides_servername
and lmtp_cname_overrides_servername parameters, and delete documentation
that has been obsolete since Postfix 2.11.
Major changes - logging
[Feature 20250910] TLS feature policy status summary in delivery
status logging. This shows the desired and actual TLS security level
enforcement status and, if a message requests REQUIRETLS, the
REQUIRETLS policy enforcement status. For a list of examples see
https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
[Feature 20251216] After a delivery failure, the bounce daemon
logged "<old-queue-id>: sender non-delivery notification: <new-queue-id>"
only if the notification was queued successfully. The bounce daemon
now always logs this, making Postfix behavior easier to understand.
Visible changes for logfile analyzers:
- The bounce daemon now logs "<old-queue-id>: sender non-delivery
notification: <new-queue-id>" BEFORE the cleanup daemon logs activity
with "<new-queue-id>". Previously, the bounce daemon logged the
old<=>new queue ID connection later, which made logfile analysis
more difficult.
- The bounce daemon now logs a logfile record "<old-queue-id>:
sender notification failed to <address>: <reason>" when the
notification was not queued. In some cases it will log "<old-queue-id>:
sender notification failed to <address>" (without the reason). In
those cases the failure reason was already logged by lower-level
code, but without the queue ID.
Major changes - management tool integration
[Feature 20251124] Basic JSON output support with "postconf
-j|-jM|-jF|-jP", "postalias -jq|-js", "postmap -jq|-js", and
"postmulti -jl". No support is planned for JSON input support.
Major changes - milter support
[Feature 20251208] Improved Milter error handling for messages that
arrive over a long-lived SMTP connection, by changing the default
milter_default_action from "tempfail" to the new "shutdown" action
(i.e. disconnect the remote SMTP client).
This avoids a worst-case scenario where after a single Milter error,
Postfix would tempfail all messages that the client sends over a
long-lived connection, even if the Milter error was only temporary.
Major changes - mime support
[Feature 20251104] New non_empty_end_of_header_action parameter
with the cleanup(8) server action when a primary message header is
terminated with a non-empty line:
1) fix_quietly: Insert an empty line before the offending text (the
backwards-compatible default),
2) add_header: Insert a MIME-Error: header before inserting an empty
line, or
3) reject: Log a "mime-error" and reject the message.
Note that the 'empty line' separator is not used for DKIM signature
checks. Therefore, adding a missing separator does not break DKIM.
Major changes - mta-sts
[Feature 20250906] Workaround for an interface mis-match between
the Postfix SMTP client and MTA-STS policy plugins. This introduces
a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes").
The MTA-STS plugin configuration needs to enable TLSRPT support,
so that it forwards STS policy attributes to Postfix. This works
even if Postfix TLSRPT support is disabled at build time or at
runtime.
With the above two configurations, the Postfix SMTP client will
connect to an MX host only if its name matches any STS policy MX
host pattern, and will match a server certificate against the MX
hostname. Otherwise, the old behavior stays in effect: connect to
any MX host listed in DNS, and match a server certificate against
any STS policy MX host pattern.
This code was published first in Postfix 3.11, and later back-ported
to Postfix 3.10.5.
Major changes - portability
[Feature 20241201] Support for the C23 built-in bool type. Older
Postfix releases have been updated with a makedefs script that
disables C23 built-in bool support.
Major changes - postqueue
[Feature 20251218] the postqueue (and mailq) command now also lists
recipients in bounce logfiles (in JSON output, this uses a new
object member 'bounce_reason' instead of the existing 'delay_reason').
Such recipients have already been deleted from the message queue
file, but they are still pending the creation of a non-delivery
status notification message that will be returned to the sender.
Major changes - relocated_maps
[Feature 20250608] Specify "relocated_prefix_enable = no" to disable
the hard-coded prefix "5.1.6 User has moved to " that is by default
prepended to all relocated_maps lookup results. This setting requires
that the table contains responses with both custom enhanced status
code (X.Y.Z) and text. For details, see "man 5 relocated" or
https://www.postfix.org/relocated.5.html .
Major changes - requiretls
[Feature 20241111] Support for the REQUIRETLS verb in SMTP. This,
and everything that was added later through 2025, is described in
REQUIRETLS_README.
[Feature 20250120] After a certificate check fails, or a remote
SMTP server does not announce REQUIRETLS support, the Postfix SMTP
client will override the RFC 8689 5.x.x. status and treat it as a
soft error, until there are no more alternate MX servers to try.
[Feature 20250827] New parameter requiretls_redact_dsn (default:
yes) to redact bounce messages as described in RFC 8689 section 5,
so that they don't need REQUIRETLS support on every hop in the
return path.
[Feature 20250827] smtp_requiretls_policy and lmtp_requiretls_policy
for responsible REQUIRETLS policy enforcement. REQUIRETLS must be
enforced with care, because at this time most domains do not publish
DANE or MTA-STS policies, and most MTAs and content filters do not
support REQUIRETLS.
[Feature 20250916] support for a "Require-TLS-ESMTP: yes" header
to propagate an ESMTP REQUIRETLS request through a FILTER_README
or SMTPD_PROXY_README style content filter. This header is detected
or added by the cleanup daemon and by the before-proxy-filter Postfix
SMTP server. This feature is enabled by default with
"requiretls_esmtp_header = yes". The Require-TLS-ESMTP header will
be visible to local and remote recipients. This feature can safely
be disabled when a configuration does not use REQUIRETLS, or does
not use FILTER_README or SMTPD_PROXY_README style content filters.
Major changes - smtp server
[Feature 20250801] smtpd_reject_filter_maps support to selectively
replace a reject response from the Postfix SMTP server, or from a
program that replies through the Postfix SMTP server.
Major changes - smtputf8
[Feature 20250122] New Postfix sendmail command option "-O smtputf8"
to request that deliveries over SMTP use the SMTPUTF8 extension.
This reuses logic that was introduced for REQUIRETLS.
[Feature 20250824] When a message needs to be delivered with SMTPUTF8,
but a remote server does not support it, the Postfix SMTP client
may now try alternate servers instead of returning the message
immediately. This reuses code that was implemented for REQUIRETLS.
Major changes - tls support
[Feature 20250623] This changes the Postfix SMTP client
smtp_tls_security_level default value to "may" if Postfix was built
with TLS support, and the compatibility_level is 3.11 or higher.
There is no change to the default lmtp_tls_security_level value.
It remains empty, because there is no default TLS security level
that makes sense for connections over UNIX-domain and loopback TCP
and non-loopback TCP sockets.
There also is no equivalent change for Postfix SMTP server TLS
security levels, because changing smtpd_tls_security_level is not
sufficient. Server-side TLS requires that at least one private key
and corresponding public-key certificate chain are configured.
[Feature 20251029] Debugging: depending on OpenSSL build options,
"posttls-finger -L ssl-debug" will decode TLS handshake messages.
[Feature 20251102] Post-quantum cryptography support: with OpenSSL
3.5 and later, change the tls_eecdh_auto_curves default value to
avoid problems with network infrastructure that mis-handles TLS
hello messages larger than one (Ethernet) TCP segment. This problem
is more generally known as "protocol ossification".
Major changes - tlsrpt
[Incompat 20250601] the default smtp_tlsrpt_skip_reused_handshakes
setting was changed from "yes" to "no". The new default is enabled
with compatibility level >= 3.11.
3.10.8
Major changes - tls
[Forward compatibility 20250212] Support for OpenSSL 3.5 post-quantum
cryptography. To manage algorithm selection, OpenSSL introduces new
TLS group syntax that Postfix will not attempt to imitate. Instead,
Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
parameter values to have an empty value. When both are set empty,
the algorithm selection can be managed through OpenSSL configuration.
For more, look for "Post-quantum" in the postconf(5) manpage.
[Feature 20250117] Support for the RFC 8689 "TLS-Required: no"
message header to request delivery of messages such as TLSRPT
summaries even if the preferred TLS security policy cannot be
enforced. This limits the Postfix SMTP client to "smtp_tls_security_level
= may" which does not authenticate server certificates and which
allows falling back to plaintext.
Support for the REQUIRETLS SMTP service extension remains future work.
[Feature 20240926] Support for the TLSRPT protocol (defined in RFC
8460). With this, a domain can publish a policy in DNS, and request
daily summary reports for successful and failed SMTP-over-TLS
connections to that domain's MX hosts.
Postfix supports TLSRPT summaries for DANE (built-in) and MTA-STS
(via an smtp_tls_policy_maps plugin). For details, see TLSRPT_README.
Major changes - privacy
[Feature 20250205] With "smtpd_hide_client_session = yes", the
Postfix SMTP server generates a Received: header without client
session info This setting may be used with the MUA submission
services (port 465 and 587), but it must not be used with the MTA
service (port 25).
Depending on the number of recipients, a redacted Received: header
has one of the following forms:
Received: by mail.example.com (Postfix) id postfix-queue-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
The redacted form hides that a message was received with SMTP, and
therefore it does not need to provide the information required by
RFC 5321. It only has to satisfy RFC 5322.
Major changes - rfc2047
[Feature 20250105] Support for automatic RFC 2047 encoding of
non-ASCII "full name" information in Postfix-generated From: message
headers. Encoding non-ASCII full names can avoid the need to use
SMTPUTF8, and therefore can avoid incompatibility with sites that
do not support SMTPUTF8.
The encoded result looks like "=?charset?Q?gibberish?=: for
quoted-printable encoding, or "=?charset?B?gibberish?=" for base64
encoding. Postfix uses quoted-printable for a full name that is
short or mostly ASCII, and uses base64 otherwise.
Background: when a message without a From: header is submitted with
the Postfix sendmail(1) command, Postfix may add a From: header and
use the sender's full name specified with the Postfix sendmail(1)
"-F" option, with the sendmail(1) "NAME" environment variable, or
with the GECOS field in the UNIX password database.
This introduces a new configuration parameter "full_name_encoding_charset"
(default: utf8) which specifies the character set of the full name
information in the Postfix sendmail(1) "-F" option or "NAME"
environment variable, or in the GECOS field in the UNIX password
database. The parameter value becomes part of the encoded full name,
and informs a Mail User Agent how to display the decoded gibberish.
Major changes - bugfix
[Incompat 20241130] The spawn(8) daemon failed to enforce the command
time limit. It was sending the SIGKILL signal using the wrong
effective UID and GID. The pipe(8) daemon has always done this
right.
Major changes - database
[Feature 20250207] When mysql: or pgsql: configuration specifies
a single host, assume that it is a load balancer and reconnect
immediately after a single failure, instead of failing all requests
for 60s.
[Feature 20250114] first/next iterator support for cdb: tables, and
other cdb: table code cleanups by Michael Tokarev.
[Feature 20241024] In a pgsql: client configuration, the setting
"dbname" is required, but ignored when the setting "hosts" contains
an URI with a database name.
[Feature 20241025] The Postfix pgsql: client configuration now
allows any well-formed URI prefix as a pgsql: client connection
target (the PostgreSQL URI parser decides what is allowed). The
dbname setting is now optional if the hosts setting specifies only
URIs.
Major changes - internal protocol
[Incompat 20250116] Postfix needs "postfix reload" after upgrade,
because of a change in the delivery agent protocol. If this step
is skipped, Postfix delivery agents will log a warning:
unexpected attribute smtputf8 from xxx socket (expecting: sendopts)
where xxx is the delivery agent service name.
Major changes - milter
[Incompat 20250106] The logging of the Milter 'quarantine' action
has changed. Instead of logging "milter triggers HOLD action", it
logs the reason given by a Milter application, or "default_action"
if a Milter application was unavailable and the milter_default_action
parameter or per-Milter "default_action" property specifies
"quarantine".
[Feature 20250106] The Postfix Milter implementation now logs the
reason for a 'quarantine' action, instead of "milter triggers HOLD
action".
- If the quarantine action was requested by a Milter application,
Postfix will log the reason given by the application.
- If the quarantine action was requested with the "milter_default_action"
parameter setting or with a per-Milter "default_action" property,
Postfix will log "default_action".
Major changes - logging
[Feature 20250106] The Postfix Milter implementation now logs the
reason for a 'quarantine' action, instead of "milter triggers HOLD
action".
- If the quarantine action was requested by a Milter application,
Postfix will log the reason given by the application.
- If the quarantine action was requested with the "milter_default_action"
parameter setting or with a per-Milter "default_action" property,
Postfix will log "default_action".
[Incompat 20250105] The SMTP server now logs the queue ID (or
"NOQUEUE") when a connection ends abnormally (timeout, lost connection,
or too many errors).
[Feature 20250105] The SMTP server now logs the queue ID (or
"NOQUEUE") when a connection ends abnormally (timeout, lost connection,
or too many errors).
[Incompat 20241104] The cleanup server now logs "queueid: canceled"
when a message transaction is started but not completed.
[Feature 20241104] The cleanup server now logs "queueid: canceled"
when a message transaction is started but not completed. This
provides a clear signal to logfile collation tools.
[Incompat 20241031] the Dovecot SASL client logging for "Invalid
authentication mechanism" now includes the name of that mechanism.
[Incompat 20241023] Postfix SMTP server 'reject' logging now shows
the sasl_method, sasl_username, and sasl_sender if available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:00 +0000 (17:11 +0200)]
pango: Update to version 1.57.1
- Update from version 1.57.0 to 1.57.1
- Update of rootfile
- Changelog
1.57.1
* Bugs fixed:
- #867 Bad font substitution causes application crashes
- #869 MacOS: subprojects/cairo/meson.build:1:0: ERROR: Value "gnu11,c11" (of
type "string") (sid)
- #870 MacOS: subprojects/pango/utils/viewer-cocoa.m:23:10: fatal error:
'cairo/cairo.h' file not found (sid)
- #871 gtk4-widget-factory crashes with pango error on macOS when an emoji is
entered into a text field
- #876 Inconsistency between documentation and code in
pango_context_set_font_description (Matthias Clasen)
- #882 The hex box characters generated in PDF can not be copied
- #885 warning: assignment discards 'const' qualifier from pointer target type
[-Wdiscarded-qualifiers]
- !884 Revert "meson: Rework introspection handling"
- !890 Update the code to support Unicode 17.0.0
- !892 Include fcfreetype.h where needed
- !893 meson: Update freetype2 wrap to fix ci warnings
- !894 Respect explicit language attribute when itemizing
- !895 Fix some subproject woes
- !896 meson: Add support for cross-compiling using Apple subsystems
- !897 (break.c) pass sentences to handle_sentences
- !898 add support for g_autoptr(PangoScriptIter)
- !900 fontmap: Mark get_family as nullable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:59 +0000 (17:10 +0200)]
nmap: Update to version 7.99
- Update from version 7.98 to 7.99
- No change to rootfile
- Changelog
7.99
o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS
fingerprints, as well as dozens of updated service fingerprints.
o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47,
liblinear 2.50, zlib 1.3.2
o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving
several crashes and stability-related issues. See https://npcap.com/changelog
o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel
(zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be
installed on any system with Python 3. [Daniel Miller]
o [Ncat][Windows] Limited the number of handles inherited by subprocesses
launched with -e, preventing interference between clients when -e and
--keep-open are used. Reported by Nimish Verma.
o [Ncat] Several fixes for regressions or longstanding failure cases in
ncat-test.pl [Daniel Miller]:
+ [Windows] Fixed handling of socket EOF with --exec
+ Fixed the -i (idle timeout) option for listen mode, which was broken
when adding the -q option in Ncat 7.96
+ Fixed HTTP proxy server when SSL is used.
+ DTLS (SSL over UDP) shutdown connection on stdin EOF.
o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual
adapters like OpenVPN TAP adapters. [Daniel Miller]
o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix
for #3130 had caused Nmap to send requests too slowly. [Daniel Miller]
o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in
incorrect MAC addresses being reported. [Daniel Miller]
o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer:
"TypeError: format requires a mapping" [Daniel Miller]
o [GH#2955] Fix a routing issue with -e and -S related to #2206
causing error "setup_target: failed to determine route" [Daniel Miller]
o [GH#3214] Improve compatibility of build process on various platforms and add
multiplatform autobuilds in Github workflow. [Jordan Ritter]
o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
of a given target hostname by default. In the past, it was reporting any
DNS name that included the target hostname as a substring (but not
necessarily as a suffix). The old behavior can be enabled by setting script
argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
o [NSE] Function url.parse_query was not interpreting plus signs as spaces.
[nnposter]
o [NSE] Function url.parse was not properly parsing URLs with query strings
but empty paths. [nnposter]
o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were
not behaving the same when the input table had a custom __pairs metamethod.
Both functions now perform a raw copy, ignoring the metamethod. [nnposter]
o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables
with Boolean keys. [nnposter]
o [NSE] IPP print queue job details were not getting populated, having
a hard dependency on Apple-specific attributes. [nnposter]
o [NSE][GH#3245] Functions connect and close have been removed from the IPP
library, as they served no purpose. [nnposter]
o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter]
o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959,
section 4.2. [nnposter]
o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter
that allows preloading the newly created buffer with data. [nnposter]
o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
including added support for IPv6 and HTTPS and more accurate processing
of target responses. [nnposter]
o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter]
o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:58 +0000 (17:10 +0200)]
nfs: Update to version 2.9.1
- Update from version 2.8.5 to 2.9.1
- No change to rootfile
- Changelog is just a list of the commits. The details can be found in the changelog at
2.9.1
https://sourceforge.net/projects/nfs/files/nfs-utils/2.9.1/
2.8.7
https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.7/
2.8.6
https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.6/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:57 +0000 (17:10 +0200)]
ncat: Update to version 7.99
- Update from version 7.98 to 7.99
- No change to rootfile
- Changelog
7.99
o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS
fingerprints, as well as dozens of updated service fingerprints.
o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47,
liblinear 2.50, zlib 1.3.2
o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving
several crashes and stability-related issues. See https://npcap.com/changelog
o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel
(zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be
installed on any system with Python 3. [Daniel Miller]
o [Ncat][Windows] Limited the number of handles inherited by subprocesses
launched with -e, preventing interference between clients when -e and
--keep-open are used. Reported by Nimish Verma.
o [Ncat] Several fixes for regressions or longstanding failure cases in
ncat-test.pl [Daniel Miller]:
+ [Windows] Fixed handling of socket EOF with --exec
+ Fixed the -i (idle timeout) option for listen mode, which was broken
when adding the -q option in Ncat 7.96
+ Fixed HTTP proxy server when SSL is used.
+ DTLS (SSL over UDP) shutdown connection on stdin EOF.
o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual
adapters like OpenVPN TAP adapters. [Daniel Miller]
o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix
for #3130 had caused Nmap to send requests too slowly. [Daniel Miller]
o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in
incorrect MAC addresses being reported. [Daniel Miller]
o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer:
"TypeError: format requires a mapping" [Daniel Miller]
o [GH#2955] Fix a routing issue with -e and -S related to #2206
causing error "setup_target: failed to determine route" [Daniel Miller]
o [GH#3214] Improve compatibility of build process on various platforms and add
multiplatform autobuilds in Github workflow. [Jordan Ritter]
o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
of a given target hostname by default. In the past, it was reporting any
DNS name that included the target hostname as a substring (but not
necessarily as a suffix). The old behavior can be enabled by setting script
argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
o [NSE] Function url.parse_query was not interpreting plus signs as spaces.
[nnposter]
o [NSE] Function url.parse was not properly parsing URLs with query strings
but empty paths. [nnposter]
o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were
not behaving the same when the input table had a custom __pairs metamethod.
Both functions now perform a raw copy, ignoring the metamethod. [nnposter]
o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables
with Boolean keys. [nnposter]
o [NSE] IPP print queue job details were not getting populated, having
a hard dependency on Apple-specific attributes. [nnposter]
o [NSE][GH#3245] Functions connect and close have been removed from the IPP
library, as they served no purpose. [nnposter]
o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter]
o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959,
section 4.2. [nnposter]
o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter
that allows preloading the newly created buffer with data. [nnposter]
o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
including added support for IPv6 and HTTPS and more accurate processing
of target responses. [nnposter]
o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter]
o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:56 +0000 (17:10 +0200)]
mdadm: Update to version 4.6
- Update from version 4.5 to 4.6
- No change to rootfile
- Changelog
4.6
Features:
- Add support for new lockless bitmap from Yu Kuai
- Add "PROBING ddf_extended" option in mdadm.conf from Martin Wilck
- Add --detail to usage in ReadMe from Brian Matheson
Fixes:
- Fix uuid endianness mismatch issue in sysfs_rules_apply() from Abirami0904
- Fix mdcheck: don't stop mdcheck_continue.timer from Martin Wilck
- Deal with hot-unplugged devices in platform-intel from Jean Delvare
- Detect corosync and libdlm via pkg-config in Makefile from Maxin John
- Fix UEFI backward compatibility for RAID10D4 in imsm from Blazej Kucman
- Optimize DDF header search using mmap for better performance from lilinzhe
- Set sysfs name after assembling imsm array in incremental from Xiao Ni
- Use creation_time for ctime in imsm container info from Xiao Ni
- Fix sigterm variable to be volatile sig_atomic_t from Cristian Rodríguez
- Use 64-bit off_t across both musl and glibc from Ankur Tyagi
- Fix format overflow error in super-intel.c from Martin Wilck
- Fix compilation errors for unused variables with GCC 16 from Martin Wilck
- Load md_mod first to avoid module loading issues from Xiao Ni
There are some important issues which led to boot failure. These issues
have been fixed recently. It's better to make a new release. So users
can choose a version without these problems.
https://github.com/md-raid-utilities/mdadm/issues/249 has the details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:54 +0000 (17:10 +0200)]
lvm2: Update to version 2.03.39
- Update from version 2.03.38 to 2.03.39
- Update of rootfile
- Changelog
2.03.39
Support --interval +N to delay first poll in pvmove and lvpoll.
Add lvmpolld 'cmd' log keyword to enable verbose lvpoll output.
Add atomic leases using Compare and Write (CAW) to lvmlockd.
Fix pofile generation to include SOURCES2 binaries and update xgettext options.
Reject lvreduce of CoW snapshot COW store when it would truncate exception data.
Skip filesystem resize handling for CoW snapshot COW store LVs in lvresize.
Fix dmeventd inode fallback to use /dev/dm-X when dm_dir() path is unavailable.
Use temporary activations for integrity, writecache, thin and VDO pool conv.
Add activate_lv_temporary() to consolidate LV_TEMPORARY and sync handling.
Add missing sync in add_mirror_log() and activate_and_wipe_lv_list().
Propagate bcache _wait_all() failure to bcache_flush() and bcache_invalidate_di().
Propagate io_getevents() EINTR failure through bcache wait chain to abort I/O.
Retry io_getevents() on EINTR unless LVM interrupt signal was caught.
Fix checking error codes from io_destroy() and io_getevents().
Add lvm-index(7), lvm-categories(7) and lvm-args(7) man pages.
Show active cache mode in kernel table line with lvs -o kernel_cache_mode.
Preserve file descriptors with CLOEXEC opened in library constructors.
Use -Wl,-rpath-link for library linking.
Switch from use of internal device_mapper library to libdm.
Refactor libbase radix tree to lib/datastruct.
Use dm_device_list_equal for DM cache comparison.
Fix cachevol cmeta/cdata device offsets.
Fix RAID LV health report to distinguish 'refresh needed' from 'repair needed'.
Fix vgreduce --removemissing --force infinite loop for raid/mirror snapshot.
Fix vgsplit to not fail on no active LV on a PV being split to an existing VG.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:53 +0000 (17:10 +0200)]
lmdb: Update to version 0.9.35
- Update from version 0.9.33 to 0.9.35
- No change to rootfile
- Changelog
0.9.35
ITS#10434 - Fix typo affecting Mac OSX
0.9.34
ITS#9564 - fix race condition freeing spilled pages at end of transaction
ITS#10222 - Update mdb_dump(1) and mdb_load(1) man pages for append (-a) option
ITS#10275 - mdb_load: add -Q option to use NOSYNC
ITS#10296 - fix fdatasync on MacOS
ITS#10342 - fix memleak in mdb_txn_begin for nested txns
ITS#10346 - fix mdb_env_copy2 with values > (2GB-16)
ITS#10355 - fix mplay build on musl
ITS#10396 - fix mdb_cursor_del0 with multiple DUPSORT cursors
ITS#10419 - add support for NetBSD
ITS#10420 - add support for Haiku
ITS#10421 - mdb_load: check for malicious input
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:52 +0000 (17:10 +0200)]
liburcu: Update to version 0.15.6
- Update from version 0.15.5 to 0.15.6
- No change to rootfile
- Changelog
0.15.6
* urcu-mb: Add missing TSAN annotation to _urcu_mb_read_lock_update
* lfstack: Coding style cleanup
* urcu-qsbr: Use CMM_SEQ_CST_FENCE for _urcu_qsbr_thread_online
* urcu-mb: Use CMM_SEQ_CST_FENCE for _urcu_mb_read_lock_update
* urcu-qsbr: Use CMM_SEQ_CST_FENCE for quiescent state update and offline
* urcu-mb: Use CMM_SEQ_CST_FENCE for _urcu_mb_read_unlock_update_and_wakeup
* Fix: Only include linux/time_types.h when __NR_futex_time64 is defined
* Use __NR_futex_time64 in futex syscall wrapper
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:51 +0000 (17:10 +0200)]
libsodium: Update to version 1.0.21
- Update from version 1.0.20 to 1.0.21
- Update of rootfile
- Changelog
1.0.21
This point release includes all the changes from 1.0.20-stable, which
include a security fix for the `crypto_core_ed25519_is_valid_point()`
function, as well as two new sets of functions:
- The new `crypto_ipcrypt_*` functions implement mechanisms for securely
encrypting and anonymizing IP addresses as specified in https://ipcrypt-std.github.io
- The `sodium_bin2ip` and `sodium_ip2bin` helper functions have been added
to complement the `crypto_ipcrypt_*` functions and easily convert addresses
between bytes and strings.
- XOF: the `crypto_xof_shake*` and `crypto_xof_turboshake*` functions
are standard extendable output functions. From input of any length, they can
derive output of any length with the same properties as hash functions. These
primitives are required by many post-quantum mechanisms, but can also be used
for a wide range of applications, including key derivation, session encryption
and more.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:50 +0000 (17:10 +0200)]
libpng: Update to version 1.6.56
- Update from version 1.6.55 to 1.6.56
- Update of rootfile
- Fixes for two high severity CVE's
- Changelog
1.6.56
Fixed CVE-2026-33416 (high severity):
Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`.
(Reported by Halil Oktay and Ryo Shimada;
fixed by Halil Oktay and Cosmin Truta.)
Fixed CVE-2026-33636 (high severity):
Out-of-bounds read/write in the palette expansion on ARM Neon.
(Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.)
Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers.
(Contributed by Halil Oktay.)
Fixed stale `info_ptr->palette` after in-place gamma and background
transforms.
Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path.
(Contributed by Yuelin Wang.)
Fixed wrong background color in colormap read.
(Contributed by Yuelin Wang.)
Fixed dead loop in sPLT write.
(Contributed by Yuelin Wang.)
Added missing null pointer checks in four public API functions.
(Contributed by Yuelin Wang.)
Validated shift bit depths in `png_set_shift` to prevent infinite loop.
(Contributed by Yuelin Wang.)
Avoided undefined behavior in library and tests.
Deprecated the hardly-ever-tested POINTER_INDEXING config option.
Added negative-stride test coverage for the simplified API.
Fixed memory leaks and API misuse in oss-fuzz.
(Contributed by Owen Sanzas.)
Implemented various fixes and improvements in oss-fuzz.
(Contributed by Bob Friesenhahn and Philippe Antoine.)
Performed various refactorings and cleanups.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:20 +0000 (14:03 +0200)]
btrfs-progs: Update to version 6.19.1
- Update from version 6.17.1 to 6.19.1
- Update of rootfile
- Version 6.18 was skipped
- Changelog
6.19.1
* fix balance filter 'usage' that was incorrectly used for ranged usage
* core:
* fix tree-checker vararg format print
* stability fixes
* compiler warning fixes
* other:
* CI updates, action version updates, more build targets
* cleanups, refactoring
* minor documentation updates
6.19
* mkfs:
* make block-group-tree default (support since linux 6.1), use -O ^bgt to
* unset it for backward compatibility
* speed up initial device discard by processing the ranges in order
* disable block-group-tree feature if a dependent feature is explicitly
unselected (like disabling no-holes), instead of erroring out
* check:
* add ability to detect and fix missing orphan items in deleted subvolumes
* add ability to fix inode refs from directory items
* enhance detection on unknown inode keys
* libbtrfsutil:
* minor version update to 1.4.0
* add missing aliases for API updates done in 0.1.3, C and python
* libbtrfs:
* patchlevel version update 0.1.5
* error handling updates
* fixes:
* with DUP profile and mixed sequential and conventional zoned make sure
to track the right write pointers
* scrub: fix ETA wraparound calculations, when many files get deleted
during the operation bytes_scrubbed and bytes_total get too much out of
sync, the ETA will be 0
* corrupt-block: add ability to specify key value when corrupting item keys
* experimental features:
* initial remap tree support (new logical-to-logical mapping layer),
coming in linux 7.0
* other:
* error handling improvements
* CI updates
* code cleanups and refactoring
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:19 +0000 (14:03 +0200)]
autoconf: Update to version 2.73
- Update from version 2.72 to 2.73
- Update of rootfile
- Changelog
2.73
New features
autoreconf has a new option to exclude certain steps
autoreconf --exclude <tool>[,<tool>[,…]] tells autoreconf not to
run any of the listed tools, even if it appears to be necessary.
This is useful, for example, in situations where autoreconf’s
heuristics for when to run each tool are incorrect. (All such
situations are considered bugs; please report them.) It may also
be useful in “bootstrap” scripts that can use autoreconf for most
of the work but need to take manual control over execution of some
of the tools.
In older versions of Autoconf, it is possible to get the same effect
by setting TOOL=true in the environment for each tool that should not
be run.
Patch originally developed by the OpenEmbedded project.
Notable bug fixes
AC_PROG_GO and AC_PROG_A68 now honor GOFLAGS and A68FLAGS set by the user
AC_C_FLEXIBLE_ARRAY_MEMBER and AC_PROG_LEX handle Solaris 10 better
autoheader takes more care not to overwrite hand-written config.h.in
Before overwriting an existing config.h.in, autoheader now checks
for the marker comment on the first line that indicates it was
generated by autoheader. It can be forced to overwrite a
config.h.in that doesn’t have that marker by using the new option
--replace-handwritten.
AC_OUTPUT issues an error if called with more than three arguments
All prior versions of GNU autoconf ignore extra arguments to AC_OUTPUT.
However, some software’s configure scripts expect a modified version
of autoconf in which a fourth argument does something useful.
The error is intended to stop redistributors of those programs
from regenerating the configure script with a version of autoconf
that does not have those modifications, as this is likely to produce
a broken configure script.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20250814.0 to 20260107.1
- Update of rootfile
- Changelog 20260107.1
absl::StringResizeAndOverwrite(): A new function in
absl/strings/resize_and_overwrite.h that acts as a polyfill for C++23's
std::basic_string::resize_and_overwrite. This allows for efficient resizing
and in-place initialization of strings, avoiding the overhead of default
initialization, which is particularly useful when working with C-style APIs
that write directly to a buffer. See #1136 (comment) for performance notes.
absl::chunked_queue: A new container in absl/container/chunked_queue.h
optimized for use as a FIFO (First-In, First-Out) queue.
absl::linked_hash_map and absl::linked_hash_set: New hash containers that
maintain iteration order matching the insertion order. These are available in
absl/container/linked_hash_map.h and absl/container/linked_hash_set.h.
absl::down_cast: Added to absl/base/casts.h. This function provides a safer
way to perform downcasts in a polymorphic type hierarchy. In debug builds (or
when hardened asserts are enabled), it uses dynamic_cast to verify the
validity of the cast and terminates the program if the cast is invalid. In
optimized builds, it uses static_cast for performance.
Mutex Deprecations: Legacy Mutex methods and MutexLock pointer constructors
have been marked as deprecated. Users should migrate to the recommended APIs.
The polyfill type absl::string_view is now an alias for std::string_view in all
builds. (9ebd93a)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:54 +0000 (14:03 +0200)]
libpciaccess: Update to version 0.19
- Update from version 0.17 to 0.19
- No change to rootfile
- Build process has been changed from autotools to meson
- Changelog
0.19
This release adds a new pci_device_is_boot_display() API, with support
currently implemented only for Linux systems using sysfs.
It also adds a -Dinstall-scanpci option to the meson configuration for
those who want to install this version of scanpci.
In addition, it corrects build issues on FreeBSD 15 and DragonFly, and
fixes a long-standing bug if there were multiple users of libpciaccess
in the same process and one called pci_system_cleanup before the others
were done using pciaccess.
Improve man page formatting
meson: Add -Dinstall-scanpci option, defaulting to false
gitlab CI: drop the ci-fairy check-mr job
common_vgaarb: Fix -Wtautological-constant-out-of-range-compare warning
Fix compilation on DragonFly
vgaarb: Check snprintf return value
trivial: allow forks to run CI
Add support for reading 'boot_display' attribute
include: Avoid redefining __deprecated macro
Make pci_system_{init,cleanup} use reference counting
0.18.1
This release fixes the meson.build to honor meson's
-Ddefault_library={shared,static,both} flag to control which types of
library are built, instead of always forcing the build of only a shared
library.
meson: allow building static library, not just shared
0.18
Since no complaints were received about the added meson build system
in the 0.17 release (October 2022), the autoconf build system has been
removed in this release.
Remove "All rights reserved" from Oracle copyright notices
Try fopen(".../pci.ids", "re") on Solarish systems as well
Remove autotools build
gitlab-ci: use `meson setup`
gitlab-ci: don't bother to configure meson for the version check
gitlab-ci: remove unnecessary call to `meson configure`
FreeBSD: Fallback to /usr/share/misc/pci_vendors
FreeBSD: Remove sparc64 code
Fix compilation warnings when building against hurd-amd64.
linux_sysfs: Use pwrite/pread instead of 64bit versions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:53 +0000 (14:03 +0200)]
libmpc: Update to version 1.4.0
- Update from version 1.3.1 to 1.4.0
- Update of rootfile
- Changelog
1.4.0
- New functions: mpc_exp10, mpc_exp2, mpc_log2
- Bug fixes:
- mpc_tan and mpc_tanh:
Fix wrong values and slowness for large imaginary part.
- mpc_pow: Agree on and implement the sign of the imaginary part when
both inputs are real.
- mpc_fr_div and mpc_ui_div: Treat the imaginary part of the dividend
as an exact zero and not as +0, following the C2Y draft of the C
standard. This changes the signs of zeroes in some results.
- Generate the pkg-config file mpc.pc
- Add support for non-standard complex types (_Dcomplex, _Lcomplex) under
Windows
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:52 +0000 (14:03 +0200)]
libmicrohttpd: Update to version 1.0.3
- Update from version 1.0.2 to 1.0.3
- Update of rootfile
- Changelog
1.0.3
This is a bugfix release.
It primarily fixes a list traversal issue that could
cause connection handling issues when other connections
were suspended.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:51 +0000 (14:03 +0200)]
libinih: Update to version 62
- Update from version 61 to 62
- No chgange to rootfile
- Changelog
62
This release adds INIReader::ParseErrorMessage() to the C++ wrapper, to return
a human-readable error string when there's a parse error. There are also
other minor fixes. Thanks @DimitriPapadopoulos and @msquire for your
contributions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:50 +0000 (14:03 +0200)]
libid3tag: Update to version 0.16.4
- Update from version 0.16.3 to 0.16.4
- Update of rootfile
- Patch removed as now included in this tarball
- Changelog
0.16.4
* Allow files greater than 2 GiB on 32-bit UNIX-based/UNIX-like systems.
* Add support for generating source packages with CPack.
* id3_tag_parse() now returns the number of parsed frames so far instead of
trashing the entire tag.
* Update ID3v1 genre list.
* Add genres from Winamp 5.60.
* Rename offensive genre.
* Auto-generate genre list code at build time.
* Require gperf at build time to generate gperf code.
* Bump minimum required CMake version to 3.10.
* Reorganize source tree.
* Fix mojibake with UTF-16LE-encoded tags.
* Fix build under pure C toolchain.
* Fix support for PIC frames, including setting the correct MIME type.
* Fix some miscellaneous build warnings.
* Improve iTunes compatibility.
* Apply more patches from Perl's Audio::Scan and FreeBSD.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:47 +0000 (14:03 +0200)]
libcap-ng: Update to version 0.9.2
- Update from version 0.9 to 0.9.2
- Update of rootfile
- Changelog
0.9.2
- Added netcap --advanced option for attack surface discovery and inventory
- Added acct name to pscap --tree output
- Code cleanups and deep review of all functions for correctness
- Add colorized output to netcap --advanced
- Improve correctness of cap-audit captures
- Update man pages
0.9.1
- Deprecate captest
- In cap-audit, if tested app uses file system based capabilities, drop setpcap
- In cap-audit, fully resolve paths before classifying
- In cap-audit, add JSON escaping to output
- In cap-audit, filter pre-exec, startup, and shutdown capability noise
- pscap now has a --tree disply mode
- More code cleanups
- Improve output alignment of various utilities (Miroslav Koškár)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:46 +0000 (14:03 +0200)]
libarchive: Update to version 3.8.6
- Update from version 3.8.5 to 3.8.6
- Update of rootfile
- Changelog
3.8.6
Notable fixes:
libarchive: fix incompatibility with Nettle 4.x (#2858)
libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859)
bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
RAR5 reader: fix infinite loop in rar5 decompression (#2877)
RAR5 reader: fix potential memory leak (#2892)
RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice
(#2893)
CAB reader: fix memory leak on repeated calls to
archive_read_support_format_cab (#2895)
mtree reader: Fix file descriptor leak in mtree parser cleanup
(CWE-775, #2878)
various small bugfixes in code and documentation
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:45 +0000 (14:03 +0200)]
keepalived: Update to version 2.3.4
- Update from version 2.3.1 to 2.3.4
- No change to rootfile
- Changelog
2.3.4
Improvements
core: properly restore process priorities after a reload.
core: allow specifying iproute_usr_dir even if no iproute2 support.
core: include network namespace name when error opening namespace fds.
core: resolve lang warning when comparing ordering of function addresses.
The only reason function addresses are compared is with a red-black
tree to quickly convert a function address into its name. It clearlt
isn’t a sandard thing to do to compare ordering of function addresses,
but it this case it is quite valid.
core: stop repeatedly calling getpid(). We only need to call getpid() once
per process, and can then save the value. A PID of a given process is
never going to change!
core: add code to calculate maximum stack usage and use it for no_swap.
When a process has no_Swap specified, if we want to ensure that the
stack is resident in memory we need to know the maximum size that it
is likely to grow to. This commit adds diagnostic code (usually
disabled) to report maximum usage, so that the code can be updated to
know, in advance, the maximum likely stack usage.
core: set CLOEXEC flag on all file descriptors except stdin/stdout/stderr.
core: set CLOEXEC flag on streams (fopen/popen).
snmp: set CLOEXEC on file descriptors opened by snmp.
snmp: use close_range() if available for closing snmp file descriptors.
core: call close_range() if available before exec’ing scripts.
Fixes
build: fix snap build process.
vrrp: fix segfault at reload when DBus re-enabled. If dbus as enabled,
then a reload disabled it, and another reload re-enabled it, then
keepalived would often segfault. This is resolved by clearing
dbus_startup_completed when dbus is stopped.
vrrp: fix track_process warn identified by -Wflex-array-member-not-at-end.
notify: fix resolving group name to gid for scripts. If a group had a
large number of members, the memory allocated for getgrnam_r() could
be insufficient and the call fail. This commit now allocates as much
memory as the size of the group file, which should be sufficient.
ipvs: resolve infinity loop when SMTP_CHECKers have ‘host’ config.
core: fix keepalived not coredumping after a reload. This made it very
difficult to resolve segfaults occurring due to a reload.
vrrp: document and fix specifying iproute_etc_dir and iproute_usr_dir.
build: fix some RHEL 7 and friends compilation problems.
core: fix memory leak in track_file.
2.3.3
New
vrrp: don’t allow unicast instance without interface to have a VMAC. If
the interface is not configured, we can’t know what interface to add
the VMAC to.
vrrp: Add setting IP_FREEBIND/IPV6_FREEBIND socket option. This allows
creating and configuring unicast sockets before the configured source
address is added to the system.
core: add O_CLOEXEC flag to pidfiles.
vrrp: Support logging rate-limiting specified by RFC 9568
vrrp: add option for address owner to drop received VRRP packets.
RFC 9568 (and RFC 5798 and RFC 3768) state that an address owner must
drop any received VRRP packets. The consequence of this is that if
there is more than one VRRP instance configured with priority 255 then
they will all be in master state simultaneously. It seems more
sensible for such received packets to be processed normally, and all
but the VRRP instance with the primary IP address will revert to
backup state. RFC 9568 appears to allow more than one instance to have
priority 255, since section 8.3.2 was changed from “No more than one
router on the link is to be configured with priority 255, especially
if preemption is set” (note the contradiction here) to “only a single
VRRP Router on the link SHOULD be configured with priority 255” and
then descibes the situation if there is more than one such router.
keepalived defaults to processing received packets when the local
priority is 255, but the option added by this patch allows working in
accordance with the RFC, i.e. to drop any received packets.
Improvements
core: Allow building on very old systems with kernels < 3.15. Open file
descriptor locks were introduced in Linux 3.15, so we cannot use that
type of locking on systems with older kernels (e.g. CentOS 7, which of
course is no longer supported). Since this problem only occurs on
kernels no longer supported by keepalived this commit simply removes
the file locking, rather than implementing a more comprehensive
solution. It is expected that at some point, in order to simplify the
code, support for kernels no longer supported by any of the main
distros will be removed from keepalived.
doc: add oldest distro versions with their EOL dates and kernel versions.
docker: Install linux-headers pkg to build in Docker.
vrrp: handle checking ip utility version properly with BusyBox.
snap: Misc snap improvements.
build: make default _FORTIFY_SOURCE setting 3. Various distros already
use _FORTIFY_SOURCE=3 by default, so we should do so too.
vrrp: check the iproute2 directories exist when read first file
vrrp: create /etc/iproute2 directory if it doesn’t exist.
vrrp: Restore priority 255 if duplicate address owner detected. The VRRP
RFCs assume that only one device is configured as the address owned
for any VRID. keepalived has extended functionality which detects if
two (or more) systems are configured as the address owner (this is
completely invalid configuration). To avoid multiple systems acting as
address owner, and hence all of them remaining in master mode,
keepalived will reduce an address owner’s priority to 254 if the other
device configured as address owner does not go away. This commit
restores the priority of a vrrp instance to 255 if it had reduced it
to 254 to avoid multiple VRRP instances simultaneously advertising
that they are the address owner.
vrrp: Only reduce address owner priority if primary ip address lower. If a
VRRP instance is configured as address owner and it detects another
device also advertising it is the address owner, only initially reduce
our priority if our primary IP address is lower than the other
device’s primary IP address.
vrrp: if duplicate address owners, reduce priority if other won’t. If a
VRRP instance is configured as address owner and it detects another
device also advertising it is the address owner, we don’t reduce our
priority if our primary IP address is higher than the other device’s
primary IP address. However, if the other system, with a lower
primary IP address, won’t reduce its priority (e.g. it is not a
keepalived implementation), then we will reduce our priority after a
suitable time.
vrrp: add more helpful log messages if duplicate address owner.
vrrp: log rate-limited message if advert has no VIPs.
vrrp: log rate-limited warning if VRRPv3 advert interval mismatch.
vrrp: it is not an error if VIPs in advert do not match configured. We
should accept a VRRP advert if the VIPs in an advert do not match our
configuration, but just log a rate-limited warning.
vrrp: update saved master address when receive high priority advert. If we
are in master state and receive a higher priority advert, saving the
new master address saves checking VIPs twice.
vrrp: include source address in log after receiving a bad advert.
vrrp: check that VIPs are not duplicated.
vrrp: check TTL/HL and unicast source ip even when not checking VIPs. The
checking of TTL/HL and unicast source ip was only being done if the
VIPs were being checked, whereas they should be checked even if the
VIPs are not being checked.
vrrp: change rx_ttl_hop_limit to rx_ttl_hl. The name was confusing since
it suggested the value was a limit.
vrrp: identify unicast peer in unicast_peer block configuration errors.
vrrp: detect and reject duplicate unicast_peers in configuration.
vrrp: add logging a change of master when detailed logging enabled.
vrrp: handle a reload with no more startup_delay. During the
vrrp_startup_delay time, if keepalived is reloaded with no more
startup_delay, the startup_delay is never timed out and all received
adverts is discarded. The commit causes the startup_delay timer to be
reinstated after a reload with no more startup_delay if the timer has
not yet expired.
vrrp: Skip running not idle vrrp scripts. When a vrrp script is to be run
(initially or after specified interval), first it is checked if it’s
in IDLE state. If not a log message is printed informing about
skipping run due to script being either running or timed out. However
despite not being idle the code continues to run new script process.
In heavily loaded systems this caused running multiple instances of
vrrp script at the same time. This patch brings back missing return,
which was lost during refactoring.
codeQL: update codeQL.yml
vrrp: add checks that interface fault flags not inconsistent. When a fault
is added in down_instance() or cleared in try_up_instance() check that
the flag that is being modified is not already set or cleared, as
appropriate. This check is enabled by configure option
–enable-fault-flags-check.
vrrp: use a fault flag if num_track_faults is non zero. It simplifies the
code to set a fault flag is num_track_faults is non-zero and clear the
flag if num_track_faults is zero.
vrrp: don’t attempt to send advert if socket is closed. This avoids an
unnecessary log message.
vrrp: don’t have multiple tracking objects for a VRRP instance. The code
did have separate tracking objects for dynamic and non dynamic
tracking objects for a VRRP instance. It also would add an addition
dynamic tracking object every time a tracked interface was created,
causing down_instance() to be called multiple times when an interface
was deleted and previous creations of the interface. Prior to the
patch to add fault flag bits this resulted in the vrrp instance not
coming back up after the interface was recreated. Ths issue of vrrp
instances remaining in fault state after after deletion and
re-creation of interfaces is now resolved.
vrrp: delay deleting VMACs are parent interface is deleted. The interface
structure needs to have the ifindex set for the first pass through the
VRRP instances, but it must be unset when the VMACs are cleaned up.
vrrp: don’t change link local IPv6 address when extra added to base if. If
an additional link local address was added to the base interface of a
VMAC, keepalived was changing the source address of adverts to be the
new address. The commit makes keepalived change the source address if
the one it is using is deleted.
track: don’t overwrite track file at startup unless configured to.
vrrp: allow interface up debounce timer to exceed 2 * advert interval.
There was no need to limit the up debounce timer in the same way that
the down debounce timer has to be limited, so this commit removes the
2 * advert interval upper limit.
vrrp: update delayed start time on reload if vrrp_startup_delay changed.
vrrp: ignore IPv6 tentative addresses. We can’t do anything with them, and
they are not usable, so we now wait until we are notified that the
address is no longer tentative before we consider using it.
Fixes
parser: Fix error handling for HEX_STR parsing in UDP_CHECK. Fixes an
issue where HEX_STR values with a trailing 0xff were incorrectly
treated as errors. This HEX_STR is used in UDP_CHECK configuration,
particularly in the payload and require_reply fields.
ipvs: Fix segfault when using track_file checker.
ipvs: Fix delay_loop for TCP_CHECK.
scheduler: Fix segfault caused double erase from child_pid rbtree. In a
situation when a child was timed out, but not yet processed, the
thread is THREAD_CHILD_TIMEOUT type and remains on ready queue. If it
gets terminated in this state, it needs to be removed from rb tree
child_pid and transitioned to THREAD_CHILD_TERMINATED, but without
additional moving it to ready queue as it is already there. The erase
from child_pid tree is required to clean up pid from not terminated
childs tree, but it needs to be done exactly once as rb tree
implementation is not guarded against double removal. Erasing or
adding same element multiple times, leads to malformed red-black tree
and segmentation faults. This patch removes double erase in described
scenario.
build: fix compilation failure if building without VMACs.
vrrp: fix reading of iproute2 conf files when directories don’t exist.
vrrp: fix segfault when instance has no interface configured. If a vrrp
instance has no interface configured (so it is unicast), processing
SIGUSR1 resulted ina segfault.
vrrp: Don’t segfault if open_sockpool_socket() fails to open sockets. If a
unicast VRRP instance is configured and the unicast_src_ip does not
exist on the system, then the bind() fails and the sockets are not
opened. This commit ensures that in that case vrrp->sockets is not
dereferenced. This is not a real fix to the problem. We need to track
the addition and removal of unicast_src_ip addresses, and enter fault
state if the address in not configured, or when it is removed.
vrrp: interface add should call setup_interface(). When an interface is
(re-)added, setup_interface() should be called even if vrrp->flags is
set (eg VRRP_FLAG_NOPREEMPT).
vrrp: fix recreating a VMAC interface with IPv6. The sin6_scope_id was not
being updated if a VMACs underlying interface were deleted and
recreated, causing the bind() call to fail. This commit now correctly
updates the sin6_scope_id field in mcast_daddr.
vrrp: fix persistent FAULT state with use_vmac when interfaces renamed. If
an existing base interface of a VMAC is renamed, delete the VMAC since
the configure base interface no longer exists. When an existing
interface is renamed to match the base interface for a VMAC for a VRRP
instance, for IPv6 when the VMAC interface is created a link local
address is added, so clear the NO_ADDRESS fault flag by calling
try_up_instance(). For IPv4 we do not add an address to the VMAC when
it is created, so will wait for notlink notifications of addresses on
the base interface, which can then be added to be VMAC.
vrrp: fix keepalived warning of ipsets specified without iptables.
keepalived was warning that using ipsets had been specified but
iptables had not been specified, even if ipsets had not been specified.
2.3.2
New
all: add –ignore-sigint option. This is needed for running keepalived
under GDB (see https://bugzilla.kernel.org/show_bug.cgi?id=9039#c8).
vrrp: allow specifing interval amd timeout to milli-second resolution.
Although running track_scripts too rapidly can have use cause heavy
system load, there are use cases for being able to run scripts more
frequently than 1 second, and also at intervals not in whole seconds.
This commit adds the option to be able to specify the interval and
timeout timers to a resolution in milli-seconds.
Improvements
vrrp: remove need for route to have configured interface to track it. If a
virtual route did not have an interface configured, keepalived would
log a warning saying that it could not track the route, and then would
disable tracking of that route. It appears that it is not necessary to
know the interface in order to track the route, and in any event the
netlink message received after adding the route identifies the
interface for the route if it is appropriate. So this commit removes
the requirement to specify an interface in order to track a route.
intall: Update INSTALL instructions - add openSUSE.
ipvs: Retry ipvs_nl_send_message() in ipvs_getinfo(). If we have to call
keepalived_modprobe() for the ip_vs module, on some distros (e.g.
RHEL based ones but not Fedora) we need to call ipvs_nl_send_message()
twice in ipvs_getinfo(), since the first call fails. On most distros
keepalived_modprobe() does not need to be called, since calling
genl_ctrl_resolve(sock, IPVS_GENL_NAME) loads the ip_vs module.
core: improve error message for process event listen.
all: Properly handle an include file name ending with ‘’.
vrrp: Allow for Ethernet frame padding for short packets. Some network
interface cards do not strip Ethernet frame padding before passing a
packet to userspace (recvmesg()). keepalived checks the received
packet length but wasn’t allowing for extra bytes to be received that
were added as frame padding. This commit allows for frame padding to
be received and not report an incorrect packet length.
vrrp: Remove duplicate dumping of master advert interval. Don’t write
master advert interval in keepalived.data twice when using VRRPv3 and
the VRRP instance is in backup state.
vrrp: Handle empty ipset names with vrrp_ipsets keyword. We now handle
empty ipset names and return a config error.
vrrp: handle empty iptables chain names - vrrp_iptables keyword. We now
return an error if a chain name is empty.
vrrp-ipvs: handle empty nftables chain names. We now return an error if a
chain name is empty.
vrrp: use configured vrrp ipset names rather than ignore them.
vrrp: check configured vrrp ipset names are all different. If a pair of
configured ipset names are the same, there will be an error when using
the ipsets. This commits checks and logs an error if two ipset names
are the same.
core: remove some duplicate include files.
core: ensure only one instance of keepalived can run per config_id. There
was a window when keepalived starts up when if two (or more) instances
were starting at the same time, they might not detect the other
instance is running. This commit add advisort file locking on the PID
files to ensure that only one instance can run at a time.
vrrp: Duplicate/drop MLDv1 listener reports on VMACs. MLDv2 listener
reports were being handled, but not MLDv1. This commit now adds
handling of MLDv1 listener reports as well.
all: Ensure pid file exists when respawning child process. If a child
process is respawned, the old pidfile may or may not still exist. If
it doesn’t exist, we need to recreate it. If it still exists we need
to reset our file offset and truncate the file before re-wrighting it.
all: better pidfile handling after reload.
vrrp: add thread_timer_expired keyword as a synonym of
timer_expired_backup. The release notes referred to
thread_timer_expired, so it is added for completeness but logs a
message to change the keyword to timer_expired_backup.
bfd: use time_t to avoid implicit ptr type casting. This fixes an
incompatible pointer type [-Wincompatible-pointer-types] issue when
compiling keepalived with GCC 14 [1] in 32-bit architectures where
time_t size is 64 bits.
vrrp-ipvs: Stop setting SO_LINGER on TCP sockets. Setting SO_LINGER causes
the close() call to block until the first of: 1. the ACK of the FIN is
received 2. the SO_LINGER timeout expires Since the SO_LINGER timeout
was set to 5 seconds, if the FIN or the subsequent ACK were lost, then
keepalived would block for 5 seconds, which must not be allowed to
happen. The only TCP sockets that keepalived opens are for TCP_CHECK,
HTTP_GET, SSL_GET, SMTP_CHECK and sending notify emails. For all of
these, for any data that keepalived sends it receives data in
response, and so there is no purpose in using SO_LINGER. Removing
setting SO_LINGER will stop the occasional ‘A thread timer expired
5.1nnnnn seconds ago’, as reported in issue #2271.
all: use correct format specifier for time fields. 32 bit Debian uses a 32
bit TIMESIZE, whereas 32 bit Ubuntu uses a 64 bit TIMESIZE. This means
that on 32 bit Ubuntu some time types need to be printed using “%lld”,
whereas on 32 bit Debian, and on 64 bit systems “%ld” is what is
needed. Using the wrong format specifier was causing compilation
warnings on 32 bit Debian. The issue impacts printing time_t, struct
timeval tv_sec and tv_usec and struct timespec tv_sec fields.
Peversely, on a 32 bit system when TIMESIZE is 64, struct timeval
tv_usec is 64 bits, whereas struct timesec tv_nsec is 32 bits. The
commit adds configure time checking of the right format specifiers to
use, and adds definitions PRI_time_t, PRI_tv_sec, PRI_ts_sec etc.
core: update addattr_l to match current iproute2 code - almost. The
alignment calculations were not coerect, so this commit updates
addattr_l to match the iproute2 version, EXCEPT there appears to be 1
issue in the iproute2 code when NLMSG_ALIGN is used when RTA_ALIGN
should be used. The difference is entirely cosmetic (at the moment)
since the functionality of the 2 macros is currently identical.
lib: add micro-second timers to memory allocation debugging. Previously
the time was logged for memory allocation/freeing operations in
seconds. When comparing when memory was allocated/freed to debugging
logging via a log file, it was helpful, in terms of being able to
identify the sequence of events, to have the time of memory
allocations etc logged in micro-seconds.
vrrp: on reload only configured track_script name was checked. On a
reload, only the configured name of a track_script was being checked
to see if the new config track_script matched the old config
track_script. If the script to be executed were changed, but the
configured named of the script were kept the same, then the status of
the old script would be transferred to the new script, despite the
scripts being completely different. This commit now checks that the
script really is the same, in terms of the path, parameters and user
executing the script.
vrrp: On reload with addresses added to VRRP instance send 2nd GARPs. If
garp_master_delay is non zero, then after a reload when VIPs are added
to a VRRP instance in master state, as well as the initial block of
GARP messages that are sent, the messages need to be repeated after
garp_master_delay seconds. This commit adds sending the second block.
vrrp: merge vrrp instance garp_pending and gna_pending flags. Combine
garp_pending and gna_pending flags into a single flags; that is all
that is necessary and simplifies the code.
vrrp: Use timer threads for delayed sending of GARPs/GNAs. Previously
whenever a VRRP instance send an advert, it checked to see if any more
GARPs/GNAs were due to be sent, either for garp_master_delay or
garp_master_refresh. Using timer threads removes the checking every
time an advert is sent, and the relevant code is only triggered when a
timer expires.
vrrp: stop using alloc_strvec() for parsing rttables files. It was a good
idea at the time, but is not really appropriate. The parsing can be
done just as simply without using alloc_strvec().
all: stop “unmatched quotes” warning for quoted strings. If a line with a
quoted string has unbalanced quote characters when parsed as a
standard (not quoted) string, an innapropriate warning was issued for
unmatches quotes. This commit now stops the warning. This commit is
not elegant, and it would be appreciated if a neater solution could be
found. If anyone has a better solution, please submit a pull request
or raise an issue explaining the solution.
all: change checking process name at reload to include not NULL checks.
The code was using the reload variable as an indicator that
prev_global_data was not NULL, and this was causing some static code
analysers to to flag up NULL pointer dereferences. The patch
explicitly checks whether prev_global_data is NULL or not, since this
is synonymous with testing the reload variable.
all: clear pointers to old data structures freed after reload. This means
that if that if there is a subsequent reference to the old data via
thoe old_global_data, or old{bfd,check,vrrp} pointers, it should cause
a segfault rather than undefined behaviour. It will also make it more
straightford to debug any problem should it occur.
vrrp: update location of iproute config files. Since iproute2 version 3.3
the location of the config files has been configurable, with the
default being /etc/iproute2. Since version 4.4 there has been an
rt_tables.d sub-directory. Version 4.10 added an rt_protos.d
sub-directory, and version 6.5 added a second directory
(/usr/lib/iproute2 or /usr/lib64/iproute) which 6.7 changed to
/usr/share/iproute2 as the default. No major distro appears to change
the default locations, and the only distro that used verion 6.5 or 6.6
was Fedora 40, but that has now upgraded to 6.7 so we are not bothered
with the /usr/lib* options. The two directories have configure
options, and if they are not specified, configure attempts to get the
locations from the ip-route man page or the ip executable.
vrrp: Specify protocol for IP addresses that keepalived adds. This is
similar to being able to specify a protocol of ip routes and rules.
vrrp: Add configure option to update /etc/rt_addrprotos. If there is no
keepalived entry in rt_addrprotos create an entry which is removed
when keepalived terminates. This will allow ip address show to display
the protocol of an address as “keepalived” rather than 0x12.
vrrp: always add a keepalived entry to rt_addrprotos is none exists.
doc: Some updates.
Fixes
vrrp: Handle a reload before vrrp_delayed_start has expired. If
keepalived reloaded its configuration before a specified
vrrp_startup_delay had expired, the startup_delay was never being
timed out, and so all received adverts would be discarded. The commit
caused the startup_delay timer to be reinstated after a reload if the
timer has not yet expired.
ipvs: Update status code of misc checker if changes while in fault state.
The exit code of a misc checker can be read via SNMP. The misc check
code was not updating the last exit code if the checker was not
dynamic, the checker was already down (i.e. returned a non 0 exit
code), and the exit code changed from the previous exit code. This
meant that the exit code reported via SNMP was not the latest exit
code, but the exit code that caused the status of the checker to
change. This commit now updates the last exit code, even if the
checker is already down.
vrrp: Ensure VRRPv3 advert interval strictly <= 40.95 seconds. If an
advert interval of 40.958 seconds was configured, it was being round
up to 40.96 after the check that the advert interval was less than
40.96. The consequence of this was that adverts were being sent at
40.96 second intervals, but worse, the advert interval in the VRRP
packet was set to 0. This commit now ensures that after the rounding
the advert interval is <= 40.95 seconds.
vrrp: fix track process reinitialize fork delay timer. Github user
Bbulatov identified that terminate_delay was being used when
fork_delay should have been used. While investigating, it was also
found, albeit in a debug message that fork_delay was used where
terminate_delay should have been used. Further, the process state was
being updated immediately even if the fork_delay was being invoked.
vrrp: fix memory leak if error in vrrp_ipsets configuration.
vrrp: stop memory leak when error in configuring vrrp_iptables.
bfd: make alloc_bfd() return NULL rather than false on error. alloc_bfd()
returns a bfd_t *, but in the case of errors it was returning false,
which clearly should have been NULL. This issues was identified by
compiling with -std=c23.
vrrp: fix corruption of master-child_pid red black tree. Child process
thread_t structures use two red-black trees, one for the timeout, and
the other for pids. It is important to ensure that threads are removed
from the child_pid RB tree at the correct time. This was not happening
when reloads were occurring and there was a THREAD_CHILD_TIMEOUT
thread on the ready list. A few other instances of the thread not
being removed from the child_pid RB tree correctly, which are also
resolved by this commit.
all: Fix parsing of xNN in quoted strings. Following x keepalived
processed all following hex digits, but only returned one byte. For
example x20file would result in a byte 0x0f followed by the string
“ile”. This commit limits the number of hex digits consumed to 2.
all: fix parsing of escaped characters in quoted strings.
core: fix error report in json version parser.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20260210 to 20260227
- No change to rootfile
- Changelog 20260227
Purpose
- Update for functional issues. Refer to [Intel® Xeon® 6700P-B/6500P-B-Series SoC with P-Cores](https://cdrdv2.intel.com/v1/dl/getContent/843306/view?wapkw=intel%20xeon%206700P-B) for details.
Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GNR-D | B0/B1 | 06-ae-01/97 | 010002f3 | 01000303 | Xeon 6700P-B/6500P-B Series SoC with P-Cores
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:42 +0000 (14:03 +0200)]
harfbuzz: Update to version 14.0.0
- Update from version 12.3.2 to 14.0.0
- Update of rootfile
- Changelog
14.0.0
- New `libharfbuzz-gpu` library: GPU text rasterization based on the
Slug algorithm by Eric Lengyel. Encodes glyph outlines on the CPU
into compact blobs that the GPU decodes and rasterizes directly in
the fragment shader, with no intermediate bitmap atlas.
Shader sources provided in GLSL, WGSL, MSL, and HLSL.
New `hb-gpu` installed utility for interactive GPU text rendering.
Live web demo: https://harfbuzz.github.io/hb-gpu-demo/
- New `harfbuzz-world.cc` amalgamated source for building a subset of
all HarfBuzz libraries into one compilation unit, driven by a custom
`hb-features.h`.
- Updated README with libraries overview and project description.
- Various bug fixes.
- New API:
+ hb_gpu_draw_t
+ hb_gpu_draw_create_or_fail()
+ hb_gpu_draw_reference()
+ hb_gpu_draw_destroy()
+ hb_gpu_draw_set_user_data()
+ hb_gpu_draw_get_user_data()
+ hb_gpu_draw_get_funcs()
+ hb_gpu_draw_glyph()
+ hb_gpu_draw_encode()
+ hb_gpu_draw_get_extents()
+ hb_gpu_draw_reset()
+ hb_gpu_draw_recycle_blob()
+ hb_gpu_shader_lang_t
+ hb_gpu_shader_fragment_source()
+ hb_gpu_shader_vertex_source()
13.2.1
- Fix regression in tracing messages from previous release.
13.2.0
- Fix `hb-view` glyph positioning with `--glyphs` input from `hb-shape --ned`.
- Various fuzzing fixes for `harfbuzz-subset`, `harfbuzz-raster` and
`harfbuzz-vector` libraries.
- Various improvements to tracing messages.
- Various documentation improvements.
- New API:
+ HB_OT_SHAPE_BUFFER_FORMAT_SERIAL
+ hb_ot_shape_get_buffer_format_serial()
13.1.1
- Support gzip-compressed `SVG` glyphs in `harfbuzz-raster` and
`harfbuzz-vector` libraries. This new functionality requires `zlib`, and will
not be available if HarfBuzz is built without `zlib`.
- Improve handling of `SVG` glyphs in `harfbuzz-raster` and
`harfbuzz-vector` libraries.
- Further harden application of `stch` feature against malicious fonts.
- Various fuzzing fixes.
- Various build fixes:
* Add missing `chafa` dependency to `hb-raster` utility, and remove
accidental `cairo` dependency.
* Don’t build raster and vector fuzzers if the library is disabled.
* Add meson options for enabling / disabling `libpng` and `zlib`.
* Support building `harfbuzz-raster` and `harfbuzz-vector` libraries with
CMake.
13.1.0
- The `harfbuzz-raster` library can now render bitmap color glyph formats
(`CBDT` and `sbix`). It now also has an API to serialize / deserialize images
to and from PNGs. This new functionality requires `libpng`, and will not be
available if HarfBuzz is built without `libpng`.
- Install `hb-raster` command line utility.
- Fix overflow when applying `stch` feature with malicious fonts.
- Fix memory leaks in `harfbuzz-raster` and `harfbuzz-vector` in error
conditions, as well as more robust handling of allocation failures.
- Various documentation improvements and build fixes.
- New API:
+hb_raster_image_serialize_to_png_or_fail()
+hb_raster_image_deserialize_from_png_or_fail()
13.0.1
- Bug fixes in rendering `COLR` v1 fonts.
- Various build fixes.
13.0.0
- New experimental drawing and rendering libraries:
* New public `hb-vector` API for vector output of glyph outlines. The only
supported output format currently is SVG.
The new API is available in a separate `harfbuzz-vector` library.
* New public `hb-raster` API for rasterizing glyphs to A8 / BGRA32 images.
The new API is available in a separate `harfbuzz-raster` library.
* Both APIs are still experimental and subject to change.
* Both libraries support monochrome as well as vector color glyph formats
(`COLR` v0, v1, and `SVG`).
* Additionally, `hb-vector` supports also bitmap color glyph formats (`CBDT`
and `sbix`).
* New command line utilities to accompany the new APIs: `hb-vector` and
`hb-raster`. They share many of the same options as `hb-view`.
- New subset flag `HB_SUBSET_FLAGS_DOWNGRADE_CFF2` to convert instantiated
`CFF2` table to `CFF `. This options will desubroutinize `CFF2` table and
convert it to CID-keyed `CFF` table. This is useful for compatibility with
older renderers that do not support `CFF2` table, including embedding
instantiated fonts in PDF documents.
- The `hb-view` command-line utility got a few bells and whistles as well,
including support for logical / ink extents (with the default being the union
of both), stroke, and an option to rotate glyph foreground colors
(rainbow coloring).
- New API to inspect color-glyph documents in `SVG` table.
- New API to signal that the buffer content was changed by the client in
message callbacks.
- Improve `VARC` drawing accuracy with multiple transform / rounding fixes.
- Don’t reject malformed `cmap` subtables, a regression from 12.3.0 when we
stopped sanitizing malformed tables.
- Disallow calling `hb_buffer_set_message_func()` from within the message
callback.
- Various performance optimizations, fuzzing fixes, and documentation
improvements.
- New API:
* harfbuzz:
+hb_buffer_changed()
+hb_ot_color_get_svg_document_count()
+hb_ot_color_get_svg_document_glyph_range()
+hb_ot_color_glyph_get_svg_document_index()
* harfbuzz-subset:
+HB_SUBSET_FLAGS_DOWNGRADE_CFF2
* harfbuzz-raster:
+hb_raster_draw_t
+hb_raster_extents_t
+hb_raster_format_t
+hb_raster_image_t
+hb_raster_paint_t
+hb_raster_draw_create_or_fail()
+hb_raster_draw_destroy()
+hb_raster_draw_get_extents()
+hb_raster_draw_get_funcs()
+hb_raster_draw_get_scale_factor()
+hb_raster_draw_get_transform()
+hb_raster_draw_get_user_data()
+hb_raster_draw_glyph()
+hb_raster_draw_recycle_image()
+hb_raster_draw_reference()
+hb_raster_draw_render()
+hb_raster_draw_reset()
+hb_raster_draw_set_extents()
+hb_raster_draw_set_glyph_extents()
+hb_raster_draw_set_scale_factor()
+hb_raster_draw_set_transform()
+hb_raster_draw_set_user_data()
+hb_raster_image_clear()
+hb_raster_image_configure()
+hb_raster_image_create_or_fail()
+hb_raster_image_destroy()
+hb_raster_image_get_buffer()
+hb_raster_image_get_extents()
+hb_raster_image_get_format()
+hb_raster_image_get_user_data()
+hb_raster_image_reference()
+hb_raster_image_set_user_data()
+hb_raster_paint_clear_custom_palette_colors()
+hb_raster_paint_create_or_fail()
+hb_raster_paint_destroy()
+hb_raster_paint_get_extents()
+hb_raster_paint_get_funcs()
+hb_raster_paint_get_scale_factor()
+hb_raster_paint_get_transform()
+hb_raster_paint_get_user_data()
+hb_raster_paint_glyph()
+hb_raster_paint_recycle_image()
+hb_raster_paint_reference()
+hb_raster_paint_render()
+hb_raster_paint_reset()
+hb_raster_paint_set_custom_palette_color()
+hb_raster_paint_set_extents()
+hb_raster_paint_set_foreground()
+hb_raster_paint_set_glyph_extents()
+hb_raster_paint_set_scale_factor()
+hb_raster_paint_set_transform()
+hb_raster_paint_set_user_data()
* harfbuzz-vector:
+hb_vector_draw_t
+hb_vector_extents_mode_t
+hb_vector_extents_t
+hb_vector_format_t
+hb_vector_paint_t
+hb_vector_draw_create_or_fail()
+hb_vector_draw_destroy()
+hb_vector_draw_get_extents()
+hb_vector_draw_get_funcs()
+hb_vector_draw_get_scale_factor()
+hb_vector_draw_get_transform()
+hb_vector_draw_get_user_data()
+hb_vector_draw_glyph()
+hb_vector_draw_recycle_blob()
+hb_vector_draw_reference()
+hb_vector_draw_render()
+hb_vector_draw_reset()
+hb_vector_draw_set_extents()
+hb_vector_draw_set_glyph_extents()
+hb_vector_draw_set_scale_factor()
+hb_vector_draw_set_transform()
+hb_vector_draw_set_user_data()
+hb_vector_paint_clear_custom_palette_colors()
+hb_vector_paint_create_or_fail()
+hb_vector_paint_destroy()
+hb_vector_paint_get_extents()
+hb_vector_paint_get_funcs()
+hb_vector_paint_get_scale_factor()
+hb_vector_paint_get_transform()
+hb_vector_paint_get_user_data()
+hb_vector_paint_glyph()
+hb_vector_paint_recycle_blob()
+hb_vector_paint_reference()
+hb_vector_paint_render()
+hb_vector_paint_reset()
+hb_vector_paint_set_custom_palette_color()
+hb_vector_paint_set_extents()
+hb_vector_paint_set_foreground()
+hb_vector_paint_set_glyph_extents()
+hb_vector_paint_set_palette()
+hb_vector_paint_set_scale_factor()
+hb_vector_paint_set_transform()
+hb_vector_paint_set_user_data()
+hb_vector_svg_paint_set_flat()
+hb_vector_svg_paint_set_precision()
+hb_vector_svg_set_flat()
+hb_vector_svg_set_precision()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:41 +0000 (14:03 +0200)]
groff: Update to version 1.24.1
- Update from version 1.23.0 to 1.24.1
- Update of rootfile
- Changelog
1.24.1
This release corrects bugs in the groff 1.24.0 release, adds automated
test scripts, revises a misleading diagnostic message, and improves
documentation. There are no new features.
1.24.0
This is too large to include here. For details see the NEWS file in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:40 +0000 (14:03 +0200)]
frr: Update to version 10.6.0
- Update from version 10.4.1 to 10.6.0
- Update of rootfile
- Changelog is too large to include here so links porovided for each version
10.6.0
https://github.com/FRRouting/frr/releases/tag/frr-10.6.0
10.5.3
https://github.com/FRRouting/frr/releases/tag/frr-10.5.3
10.5.2
https://github.com/FRRouting/frr/releases/tag/frr-10.5.2
10.5.1
https://github.com/FRRouting/frr/releases/tag/frr-10.5.1
10.5.0
https://github.com/FRRouting/frr/releases/tag/frr-10.5.0
10.4.3
https://github.com/FRRouting/frr/releases/tag/frr-10.4.3
10.4.2
https://github.com/FRRouting/frr/releases/tag/frr-10.4.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:39 +0000 (14:03 +0200)]
freetype: Update to version 2.14.3
- Update from version 2.14.1 to 2.14.3
- Update of rootfile
- Changelog is too large to include here. Details can be found in the file ChangeLog
in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:37 +0000 (14:03 +0200)]
e2fsprogs: Update to version 1.47.4
- Update from version 1.47.3 to 1.47.4
- No change to rootfile
- Changelog
1.47.4
UI and Features
Suppress warnings in mke2fs regarding large block sizes if the kernel
supports blocksize greater than page size.
Add mke2fs extended option in root_selinux to set a SELinux security
context label for the root directory.
Enable mke2fs to support multiple -E options in the command line.
Fix e4defrag crashing when it tries to defragment an inline data file.
Fixes
Fix e2fsck incorrectly flagging fast symlinks with a large external
extended attribute (using an EA inode) as having an invalid number of
blocks.
Add a check in e2fsck for an extended attributes with a value stored in
an EA inode that has an invalid zero size.
Fix e2scrub so that it the retry loop for lvremove works properly (in
case of a temporary busy failure).
Mke2fs warnings about dax are now printed to stdout instead of stderr,
since they aren't failures.
Fix mke2fs so it won't create an orphan file inode which is larger than
what the kernel now permits when using a 64k blocksize.
Fix mke2fs -d so it can handle copying a file larger than 2 GiB.
Many bug fixes for fuse2fs and libext2fs to make fuse2fs behave more
like the Linux kernel's implementation of ext4. These were found when
running fuse2fs under xfstests, and fixing the resulting test failures.
- Set the EXT2_ERRORS_FS flag when recording errors in the superblock,
so that e2fsck will automatically try to fix the corrupted file system
- Restrict which error codes that will be recorded in the superblock to
those which indicate file system corruption, and not those that are
cuased by operational failures
- Refuse to mount a file system which is marked as having inconsistencies
- Abort and avoid mounting the file systems if there are errors parsing
the command line options
- Fix parsing the offset= option so the mount options structure doesn't
get corrupted.
- Move operations which could fail while mounting the file system to
before the fuse2fs is daemonized so that errors can be reported to the
user
- Fix the locking logic for the "-o lockfile" command-line option
- Fix a memory leak if ext2fs_close() fails
- Avoid failures when mounting a file system read-only and the user does
not have write access to the file system image or block device
- Handle the case where the underlying storage (e.g., block device) of
the file system is read-only more like the kernel. (Fixes generic/050)
- Handle the case where the user requested a read-only mount, the
underying file system storage is writeable, and there is a journal
which needs to be replayed so that it is safe to reference the file
system image. (Fixes ext4/271)
- Recheck the file system feature flags after replaying the journal in
case an unsupported feature was enabled by a journal transaction and
this causes fuse2fs to have a bellyache.
- Recheck the journal to make sure it is consistent to catch problems
caused by replaying (possibly maliciously) corrupted journals
- Make sure there is enough free space to create a symlink before
trying to create it
- Correctly report errors when deleting files back to fuse
- Always check the process gid when checking file permissions
- Don't update atime when reading executable file contents
- Correctly propagate default acls to non-directory inodes
- Set the group id ownership for newly created files in setgid directories
- Fix fssetxattr() by preserving iflags bits that don't exist in xflags
- Fix various bugs when punching holes in a file
- Fix various bugs in FITRIM
- Prevent fallocation or zero range indirect-mapped files, which don't
support unwritten extents
- Fix error handing for fuse_getgroups() and readlink(2)
- Fix various data corruption bugs when reading and writing to inline
data files
- Correctly set the ST_RDONLY flag returned by statfs(2)
- Fix potential races in op_statfs and op_destroy
- Fix relatime handling to pay attention to nanosecond portion of the
timestamp
- Fix permission checks when opening a file with O_APPEND and O_TRUNC at
the same time
- Don't truncate a newly created file so the ctime/mtime timestamps are
consistent
Various man page cleanups.
Performance, Internal Implementation, Development Support etc.
Fixed various Debian packaging issues. (Addresses Debian Bugs: #1118461)
Remove extra "pkg-config pkgconfig" in the Debian rules file. This
appears to be harmless, but it's not correct. (Addresses "Debian Bugs: #1126636)
Stop trying to test building e2fsprogs on mingw32 using Github Actions.
Sometime between November and December 2025, probably coincident with
github uploading a newer Windows 11 to windows-latest, running the test
mke2fs is now taking over 4 hours, when previously it took 8 seconds.
Update autoconf and libtool to be based on autoconf 2.72. Also updated
config.{guess,sub,rpath} to be the latest from FSF.
Fix ext2fs_block_alloc_stats_range() to pass the original parameters to
its callback function.
Change the unixfd I/O manager to close the file descriptor when it is
passed into the manager.
In the unixfd_io_manager, trust the caller to assert that the file
descriptor was opened using O_EXCL, since we can't find out whether
it's the case by checking the file flags usign fcntl's F_GETFL. Also
check using F_GETFL instead of F_GETFD.
Fix a bug in the unix_io where if there is an error when writing the I/O
channel, and a write_error handler is registered, and it requests that
the failed write is tried, the cache mutex wasn't getting reocked,
leaving the lock state inconsistent.
Fix a portability issue in fuse2fs regarding how to redirect
stdout/stderr which works across multiple C libraries. (For a detailed
description of the challenges created by different standards
specification see commit f79abd8554e6.)
Fix a portability issue so e2fsprogs can compile when the
linux/fsverity.h header file exists, but it doesn't define
FS_IOC_READ_VERITY_METADATA.
Update the Malay translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 5 Apr 2026 12:03:36 +0000 (14:03 +0200)]
curl: Update to version 8.19.0
- Update from version 8.18.0 to 8.19.0
- No change to rootfile
- Changelog
8.19.0
Changes:
o we stopped the bug bounty [23]
o cmake: add `CURL_BUILD_EVERYTHING` option [51]
o initial support for MQTTS [81]
o tool: support fractions for --limit-rate and --max-filesize [79]
o tool_cb_hdr: with -J, use the redirect name as a backup [147]
o vquic: drop support for OpenSSL-QUIC [80]
o windows: add build option to use the native CA store [82]
o windows: bump minimum to Vista (from XP) [12]
Bugfixes:
o altsvc: only accept 17 byte dates from files [22]
o asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails [107]
o async-ares: blocking resolve timeout handling, better [239]
o badwords: move into ./scripts, speed up [187]
o build: add missing `GENERATEDCERTS` files [210]
o build: adjust minimum version for some clang picky warnings [211]
o build: check `MSG_NOSIGNAL` directly, drop detection and interim macro [26]
o build: constify `memchr()`/`strchr()`/etc result variables (cont.) [85]
o build: detect and include `inttypes.h` again [13]
o build: do not include wolfSSL header in `curl_setup.h` [215]
o build: drop duplicate C includes [54]
o build: drop global suppression of `-Wformat-nonliteral`, fix fallouts [19]
o build: drop unused `snprintf()` feature check on Windows [261]
o build: fix `-Wunused-macros` warnings, and related tidy-ups [176]
o build: fix building rare combinations [109]
o build: fully omit verbose strings and code when disabled [113]
o build: globally suppress DJGPP warnings in `FD_SET()` [56]
o build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option [46]
o build: move curl stat struct type to the curlx namespace [156]
o build: opt-in MSVC to C99-style verbose logging logic [108]
o build: require POSIX `strdup()` [159]
o build: tidy up and dedupe `strdup` functions [162]
o cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks [226]
o cf-socket: use SOCK_CLOEXEC in socket_open when available [130]
o checksrc-all.pl: skip non-repository files [144]
o checksrc: do not apply `BANNEDFUNC` to struct member functions [35]
o checksrc: warn for leading spaces before the preprocessor hash [72]
o clang-tidy: add missing and delete redundant parentheses [155]
o clang-tidy: add more missing parentheses in macro values [224]
o clang-tidy: avoid/silence `bugprone-not-null-terminated-result` [222]
o clang-tidy: check `bugprone-macro-parentheses`, fix fallouts [212]
o clang-tidy: drop redundant conditions reported by
`misc-redundant-expression` [217]
o clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts [227]
o clang-tidy: enable more checks [225]
o clang-tidy: enable scanning headers [205]
o clang-tidy: fix issues found with build-fuzzing [275]
o clang-tidy: silence more minor issues found by v22 [276]
o cmake/FindMbedTLS: add workaround for missing static MSVC
`mbedcrypto.lib` 4.0.0 [174]
o cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes [105]
o cmake: add native clang-tidy support for tests, with concatenated
sources [223]
o cmake: always build curlu and curltool test libs in unity mode [190]
o cmake: always define `CURL::win32_winsock` on Windows in
`curl-config.cmake` [104]
o cmake: convert `curl_add_clang_tidy_test_target()` macro to function [281]
o cmake: enable binutils ld workaround for all toolchains at build-time [57]
o cmake: fix `LOCATION` property access condition (debug) [241]
o cmake: fix `LOCATION` property read errors in target debug function [243]
o cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` [254]
o cmake: fix confusing error when a dependency is undetected in
`curl-config.cmake` [169]
o cmake: fix logic for openssl/zlib binutils ld workaround [71]
o cmake: fix passing system header directories to clang-tidy for tests [221]
o cmake: fix system include directory position for clang-tidy in tests [284]
o cmake: improve clang-tidy test command-line reproduction [242]
o cmake: minor fixes to test targets after prev [214]
o cmake: normalize uppercase hex winver (for display) [191]
o cmake: omit `curl.rc` from curltool lib [209]
o cmake: reference OpenSSL and ZLIB imported targets only when enabled [41]
o cmake: replace internal option with a new `tt` (test tools) target [220]
o cmake: silence potential unused var warnings in C++ test snippet [201]
o cmake: silence silly Apple clang warnings in C89 mode, test in CI [14]
o cmake: silence useless compiler warnings triggered by the FASTBuild
generator [43]
o cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED` [90]
o cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values [192]
o cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies [49]
o config-plan9: set `HAVE_STDINT_H` again [17]
o config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST [120]
o config2setopts: fix for --disable-aws build configuration [34]
o configure: drop always true `if` check (Windows) [250]
o content_encoding: return 'identity' if none other exists [235]
o curl: add -I and -i to -h important [135]
o curl: limit Windows-specific code to Windows builds, other tidy-ups [48]
o curl_easy_nextheader.md: a new transfer invalidates 'prev' [69]
o curl_get_line: drop single-use macro [93]
o curl_multi_perform.md: resolve inconsistency [143]
o curl_ntlm_core: merge two `#if` blocks [177]
o curl_setup.h: drop extra header guard for internal include [91]
o curl_setup.h: merge back single-use internal header `curl_setup_once.h` [78]
o curl_setup.h: simplify curl memory macro mappings [163]
o curl_setup_once: allow CURL_DEBUGASSERT for customization [125]
o CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols [97]
o curlx: drop unused `curlx_saferealloc()` [161]
o digest: escape double quotes and backslashes in realm and nonce [83]
o digest: fix memory leak in auth_create_digest_http_message() [263]
o digest: handle quotes in the path [50]
o docs/INSTALL: update configure details [45]
o docs/libcurl: unify WARNING use [89]
o docs: add LibreELEC to DISTROS.md
o docs: add reproducible example for generating man page [95]
o docs: avoid starting sentences with However, [175]
o docs: avoid using the word 'magic' [256]
o docs: clarify --ipv4 and --ipv6 [149]
o docs: document the need for a 64-bit type and stdint.h [118]
o docs: drop basically [229]
o docs: explicitly call out Slowloris as not a security flaw [6]
o docs: fix grammar nitpicks [128]
o docs: handle error in `curl_global_init*` examples [204]
o docs: replace instances of the vague qualifier 'quite' [171]
o docs: reword explanation of --variable option [150]
o docs: some nitpicks [277]
o docs: use dot instead of comma at end of sentences [168]
o easy: reset errorbuf on eyeballing success [179]
o easy: reset pausing when resetting request [218]
o examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA [188]
o examples: improve OpenSSL certificate examples [248]
o examples: omit forward declarations, apply misc fixes [60]
o FAQ: syntax improvements [230]
o fopen.h: simplify curl memory macro mappings [160]
o ftp: replace a `curlx_free()` with `curlx_dyn_free()` [86]
o ftp: split ftp_state_use_port into sub functions [172]
o GOVERNANCE.md: Post-Daniel BDFL [31]
o gss: exclude verbose error logic from non-verbose builds [122]
o h2+h3: align stream close handling [131]
o hostip.c: fix leak of addrinfo [11]
o hostip6: remove debug-only code [24]
o hostip: fix unreachable code in rare build configuration [74]
o http/3: add description for known server error codes [15]
o http1: fix potential NULL dereference in `Curl_h1_req_parse_read()` [268]
o http: only send bearer if auth is allowed [228]
o http_aws_sigv4: fix query normalization of %2b [117]
o imap: add a check for Curl_meta_get() [157]
o imap: check `imap_sendf()` printf masks at compile-time [67]
o imap: skip literals inside quoted strings [30]
o include: avoid recursive macros [182]
o include: mask computed auth/proto bitmasks to 32 bits [145]
o INSTALL-CMAKE.md: document Apple framework options [53]
o INSTALL.md: fix typo [278]
o INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets [68]
o KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows [37]
o ldap: silence clang-tidy v22 warning [279]
o ldap: silence potential unused variable warning (OS400) [55]
o lib: delete unused local includes [181]
o lib: disable websockets early if no http [140]
o lib: make sigpipe handling more lazy [52]
o lib: reorder protocol functions to avoid forward declarations (email) [76]
o lib: reorder protocol functions to avoid forward declarations (ftp) [75]
o lib: reorder protocol functions to avoid forward declarations
(misc cont.) [66]
o lib: reorder protocol functions to avoid forward declarations (misc) [77]
o lib: reorder protocol functions to avoid forward declarations (ssh) [65]
o lib: separate scheme info from protocol implementation [42]
o lib: skip compiling code with features disabled [189]
o lib: use (u)int64_t instead of long long [39]
o libcurl docs: reduce 'since ...' in descriptions [28]
o libcurl-security.md: fix typos and add a point about URLs
o libtests: drop two redundant `memset()`s [110]
o Makefile.am: delete RPM targets referencing non-existent files [9]
o Makefile.am: drop stray VC project files from dist [5]
o managen: silence Perl warnings [141]
o mbedtls: guard TLS 1.3 + session tickets usage inside ifdef [260]
o mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE [29]
o mbedtls: remove newline from failf() call [25]
o mbedtls: split mbed_connect_step1 into sub functions [166]
o md4, md5: drop redundant forward declarations [64]
o md4, md5: replace custom types with `uint32_t` [111]
o memdebug: include `backtrace.h` as system header [148]
o mime: drop fallback for unused `R_OK` macro [58]
o mimepost: allocate main struct on-demand [20]
o mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos [138]
o mod_curltest: silence unused argument compiler warning [63]
o mprintf: drop old sprintf fallback [7]
o mprintf: rename internal enum to avoid collision with AmigaOS symbol [183]
o mprintf: silence clang-tidy `readability-suspicious-call-argument` [262]
o mprintf: use `_snprintf()` when compiled with VS2013 and older [280]
o mqtt: better too-big-message-check [73]
o mqtt: fix EOF handling [231]
o mqtt: verify Remaining Length for CONNACK and PUBACK [153]
o msvc: drop exception, make `BIT()` a bitfield with Visual Studio [2]
o msvc: VS2026: unlock picky warning in cmake, test in CI [198]
o multi: avoid a theoretical 32-bit wrap [186]
o multi: fix unreachable code compiler warning [264]
o multi: probe for IPv6 functionality in multi_init() [114]
o multi: split multi_runsingle into sub functions [197]
o multi: update timer unconditionally in multi_remove_handle [158]
o ngtcp2: stabilize recv [18]
o noproxy: simplify, don't mix const non-const in strchr() [88]
o openldap: avoid forward declarations in ldaps code [62]
o openssl+ech: workaround for insecure handshakes [238]
o openssl: adapt to OpenSSL master adding const to more APIs [253]
o OpenSSL: check reuse of sessions for verify status [142]
o openssl: disable local keylog feature if built-in upstream [178]
o openssl: fix compiler warning with OpenSSL master [193]
o openssl: fix potential NULL dereference when loading certs (Windows) [165]
o openssl: fix potential OOB read in debug/verbose logging [216]
o plan9: drop special build and orphaned references [33]
o proxy-auth: additional tests [232]
o pytest: remove 03_02 [127]
o quiche: use PRIu64 for outputting the stream id [184]
o rand: drop impossible preprocessor branches (wincrypt) [246]
o rand: drop scan-build silencer [245]
o ratelimit: download finetune [16]
o request.h: rename parameter 'buf' to 'req' in Curl_req_send [219]
o REUSE: drop broken reference to `MAIL-ETIQUETTE` [59]
o rtsp: fix assertion failure on zero-length RTP payload [180]
o rtspd: fix to check `realloc()` result [173]
o runtests: pass config filename to stunnel in native format (Windows) [94]
o schannel: refactor: reduce variable scopes, fix comment, fix indent [196]
o send: drop `CURL_UNCONST()` from buffer argument on most platforms [116]
o setopt: fix checking range for CURLOPT_MAXCONNECTS [92]
o setopt: refuse blobs with zero length [167]
o setup-os400.h: drop no longer used custom type `u_int32_t` [112]
o sigpipe: unset SA_SIGINFO since it is using sa_handler [40]
o silent.md: also mention it shuts off warning messages [213]
o smb: free the path in the request struct properly [137]
o smb: include arpa/inet.h for NonStop [195]
o socket: check result of SO_NOSIGPIPE [124]
o socketpair: clear 'err' when retrying due to EINTR [233]
o socketpair: set SO_NOSIGPIPE where possible [103]
o socks: ensure DNS is freed in failure cases. [247]
o src: simplify declaring `curl_ca_embed` [185]
o ssh: dedupe state change function [99]
o stop using the word 'just' [257]
o sws: prevent "connection monitor" to say disconnect twice
o synctime: fix use of uninitialized buffer on non-Windows [234]
o system_win32: replace manual init code with `curlx_now_init()` call [170]
o tests/server/sockfilt: avoid possible endless loop on Windows [101]
o tests/server: drop unused `curlx/version_win32.c` [151]
o tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable [207]
o tests/server: tidy-up error messages (Windows) [102]
o tests: avoid assignment in `if` conditions in `first.h` [126]
o tests: convert base64 data to %b64[] [87]
o tftp: correct the filename length check [70]
o timeout handling: auto-detect effective timeout [121]
o tls: add new SSLSUPP flags for several options [32]
o tls: remove checks for DEFAULT [136]
o tool: enable header separation for HTTPS proxies [106]
o tool: improve config error messaging [208]
o tool: improve error/warning messages when output filename sanitization
fails [36]
o tool: rename curl handle and result variable in `--libcurl`-generated
code [146]
o tool: return code variable consistency [84]
o tool_cb_hdr: suppress header output when --out-null [10]
o tool_cb_prg: drop duplicate preprocessor logic [119]
o tool_dirhie: drop superfluous `F_OK` fallback (Windows) [8]
o tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_* [236]
o tool_doswin: avoid Windowsisms in socket code (cont.) [134]
o tool_doswin: avoid Windowsisms in socket code [139]
o tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain
support [44]
o tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode [38]
o tool_operate: remove 'else' for VMS [3]
o tool_operate: reset the URL --url-query between --next [237]
o typos: silence false positives found in C code [164]
o unit3205: suppress two clang-tidy false positives [206]
o URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP [200]
o url.c: code/comment cleanup around conn creation [132]
o url.h: fix `-Wdocumentation` [61]
o url: fix reuse of connections using HTTP Negotiate [100]
o urlapi: use U_CURLU_URLDECODE when toggling it off unsigned [255]
o urldata.h: remove two forward-declared structs not used [4]
o urldata: byebye `conn->hostname_resolve` [240]
o urldata: change 'keep_post' into three distinct bitfields [21]
o urldata: convert 'long' fields to fixed variable types [47]
o urldata: switch to uint* types [1]
o usercertinmem: use the correct cert BIO [249]
o verbose.md: explain the { and } prefixes [96]
o vquic: fix unused variable warning reported by clang-tidy [152]
o vquic: handle SOCKEMSGSIZE correctly [129]
o vtls: dedupe common on-session-reuse logic [98]
o vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests [123]
o VULN-DISCLOSURE-POLICY.md: push reports to the web form [154]
o VULN-DISCLOSURE-POLICY.md: use hackerone [202]
o winapi: use FormatMessageA instead of FormatMessageW [115]
o windows: `USE_WINSOCK` to guard winsock2 code (where missing) [133]
o windows: determine `RtlVerifyVersionInfo` address on global init [258]
o windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround [203]
o wolfssl: fix build without USE_BIO_CHAIN [27]
o ws/tftp: include header file even when protocol disabled [194]
o x509asn1: make encodeOID stop on too long input [199]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 3 Apr 2026 12:41:31 +0000 (12:41 +0000)]
strongswan: Fix chain name when removing rules
This caused that a lot of rules have been appended to IPSECOUTPUT which
never were removed again. There were no implications but a very log
chain with a lot of redundant rules.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fix crash when reconfiguring zone update policy during active updates.
We fixed a crash that could occur when running rndc reconfig to change
a zone's update policy (e.g., from allow-update to update-policy) while
DNS UPDATE requests were being processed for that zone.
ISC would like to thank Vitaly Simonovich for bringing this issue to
our attention. [GL #5817]
Bug Fixes
Fix intermittent named crashes during asynchronous zone operations.
Asynchronous zone loading and dumping operations occasionally
dispatched tasks to the wrong internal event loop. This threading
violation triggered internal safety assertions that abruptly terminated
named. Strict loop affinity is now enforced for these tasks, ensuring
they execute on their designated threads and preventing the crashes.
[GL #4882]
Count temporal problems with DNSSEC validation as attempts.
After the KeyTrap vulnerability (CVE-2023-50387), any temporal DNSSEC
errors were originally hard errors that caused validation failures,
even if the records had another valid signature. This has been changed;
RRSIGs outside of the inception and expiration time are not counted as
hard errors. However, these errors were not even counted as validation
attempts, so an excessive number of expired RRSIGs would cause some
non-cryptographic extra work for the validator. This has been fixed and
the temporal errors are now correctly counted as validation attempts.
[GL #5760]
Fix a possible deadlock in RPZ processing.
The named process could hang when processing a maliciously crafted
update for a response policy zone (RPZ). This has been fixed. [GL
#5775]
Fix a crash triggered by rndc modzone on a zone from a configuration
file.
Calling rndc modzone on a zone that was configured in the configuration
file caused a crash. This has been fixed. [GL #5800]
Fix the processing of empty catalog zone ACLs.
The named process could terminate unexpectedly when processing a
catalog zone ACL in an APL resource record that was completely empty.
This has been fixed. [GL #5801]
Fix a crash triggered by rndc modzone on zone that already existed in
NZF file.
Calling rndc modzone didn't work properly for a zone that was
configured in the configuration file. It could crash if BIND 9 was
built without LMDB or if there was already an NZF file for the zone.
This has been fixed. [GL #5826]
Fix potential resource leak during resolver error handling.
Under specific error conditions during query processing, resources were
not being properly released, which could eventually lead to unnecessary
memory consumption for the server. A potential resource leak in the
resolver has been fixed. [GL !11658]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 31 Mar 2026 14:16:53 +0000 (14:16 +0000)]
dnsdist: Update to 2.0.3
The issues fixed in these releases are:
- CVE-2026-0396: An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either "DynBlockRulesGroup:setSuffixMatchRule" or "DynBlockRulesGroup:setSuffixMatchRuleFFI"
- CVE-2026-0397: When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard
- CVE-2026-24028: An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses "newDNSPacketOverlay" to parse DNS packets
- CVE-2026-24029: When the "early_acl_drop" ("earlyACLDrop" in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the "nghttp2" provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL
- CVE-2026-24030: An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in denial of service
- CVE-2026-27853: An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the "DNSQuestion:changeName" or "DNSResponse:changeName" methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service
- CVE-2026-27854: Denial of service when using DNSQuestion:getEDNSOptions method in custom Lua code
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
