Adolf Belka [Sun, 26 Apr 2026 11:44:07 +0000 (13:44 +0200)]
iproute2: Update to version 7.0.0
- Update from version 6.17.0 to 7.0.0
- Update of rootfile
- Changelog is not provided. Details of changes for versions 7.0.0, 6.19.0 and 6.18.0
can be found from the git commit changes
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:09 +0000 (13:44 +0200)]
libcap: Update to version 2.78
- Update from version 2.77 to 2.78
- Update of rootfile
- Changelog
2.78
Fix mistakes in setcap for reporting errors: report them with the appropriate filename.
Thanks to Nikolas for reporting these in Bug 220245.
Fix bug in cap.GetIAB() reported and fix provided by Garret Kelly via Bug 220420.
Improve libcap managed memory allocation and support CHERI RISC-V. Reported with fix
by Chris Hofer via Bug 220415.
Add (unverified) support for the PSX mechanism on microblaze, arc, openrisc and xtensa
architectures. Thanks to Tom Petazzoni for including these in Bug 219915
Please let me know if these work or fail on these architectures.
Add C++ support to the run a .so file as an executable mechanism employed by libcap.so,
libpsx.so and pam_cap.so. Not really necessary for the libcap build tree, but wanted
to capture the details of my recent update to a Stackoverflow answer on the topic.
Use BUILD_LDFLAGS when compiling _makenames fix contributed by Khem Raj.
Fix broke some builds, so will revert and apply a more comprehensive fix.
Fixed sendmail issue discussion link. Thanks to Ariel Otilibili for noticing the
breakage and contributing a fix.
Some debugging fixes for use of the kdebug/ testing setup
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:10 +0000 (13:44 +0200)]
libgcrypt: Update to version 1.12.2
- Update from version 1.12.0 to 1.12.2
- Update of rootfile
- Changelog
1.12.2
* Bug fixes:
- Fix possible ECDH buffer overwrite with zeroes. [T8211]
- Add a missing bounds check to the Dilithium context handling.
[T8208]
- Add point validation when using the new KEM interface. [T8212]
* Other:
- Fix the dead-code of stronger_key_check for RSA. [T8171]
1.12.1
* Bug fixes:
- Fix for aSmartOS (Solaris) build problem due to AVX2 changes.
[T8071]
- Fix a regression in gcry_mpi_ec_curve_point. [T8080]
- Make sure to have MPI limbs pre-allocated in ECC and fix
Weierstrass curve use with PUBKEY_FLAG_PARAM. [T8094]
* Other:
- Add MPI configuration for NetBSD m68k. [T8069]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:11 +0000 (13:44 +0200)]
libjpeg: Update to version 3.1.4.1
- Update from version 3.1.3 to 3.1.4.1
- No change to rootfile
- Changelog
3.1.4.1
1. Fixed multiple issues, some long-standing and some that were regressions
introduced in 3.1.4, that made the CMake package config files non-relocatable
and broke the `--prefix` option to `cmake --install`.
3.1.4
1. Fixed an issue in the TurboJPEG 2.x compatibility wrapper whereby, if a
calling program attempted to decompress a lossless JPEG image using
`tjDecompress2()` with decompression scaling, the decompressed image was
unexpectedly unscaled. This could have led to a buffer overrun if the caller
allocated the packed-pixel destination buffer based on the assumption that the
decompressed image would be scaled down.
2. The SIMD dispatchers now use `getauxval()` or `elf_aux_info()`, if
available, to detect support for Neon and AltiVec instructions on AArch32 and
PowerPC Linux, Android, and *BSD systems.
3. Hardened the libjpeg API against hypothetical applications that may
erroneously set one of the exposed quantization table values to 0 just before
calling `jpeg_start_compress()`. (This would never happen in a
correctly-written program, because `jpeg_add_quant_table()` clamps all values
less than 1.)
4. Fixed a division-by-zero error that occurred when attempting to use the
jpegtran `-drop` option with a specially-crafted malformed drop image
(specifically an image in which one or more of the quantization table values
was 0.)
5. Fixed an issue in the TurboJPEG API library's data destination manager that
manifested as:
- a memory leak that occurred if a pre-allocated JPEG destination buffer
was passed to `tj3Compress*()` or `tj3Transform()`, `TJPARAM_NOREALLOC` was
unset, and it was necessary for the library to re-allocate the buffer to
accommodate the destination image, and
- a potential caller double free that occurred if pre-allocated JPEG
destination buffers were passed to `tj3Transform()`, multiple lossless
transform operations were performed, and it was necessary for the library to
re-allocate the second buffer to accommodate the second destination image.
6. Fixed an issue in `tj3Transform()` whereby, if `TJPARAM_SAVEMARKERS` was set
to 2 or 4, `TJXOPT_COPYNONE` was not specified, an ICC profile was extracted
from the source image, and another ICC profile was associated with the
TurboJPEG instance using `tj3SetICCProfile()`, both profiles were embedded in
the destination image. The documented API behavior is for `TJXOPT_COPYNONE` to
take precedence over `TJPARAM_SAVEMARKERS` and for `TJPARAM_SAVEMARKERS` to
take precedence over the associated ICC profile. Thus, `tj3Transform()` now
ignores the associated ICC profile unless `TJXOPT_COPYNONE` is specified or
`TJPARAM_SAVEMARKERS` is set to something other than 2 or 4.
7. Fixed an oversight in the libjpeg API whereby, if a calling application
manually set `cinfo.Ss` (the predictor selection value) to a value less than 1
or greater than 7 after calling `jpeg_enable_lossless()` and prior to calling
`jpeg_start_compress()`, an incorrect (all white) lossless JPEG image was
silently generated.
8. Further hardened the TurboJPEG Java API against hypothetical applications
that may erroneously pass huge values to one of the compression, YUV encoding,
decompression, YUV decoding, or packed-pixel image I/O methods, leading to
signed integer overflow in the JNI wrapper's buffer size checks that rendered
those checks ineffective.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:13 +0000 (13:44 +0200)]
libpng: Update to version 1.6.58
- Update from version 1.6.56 to 1.6.58
- Update of rootfile
- CVE fix applied in 1.6.57
- Changelog
1.6.58
Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
to return stale palette data after applying gamma and background transforms
in-place.
(Reported by ralfjunker <ralfjunker@users.noreply.github.com>.)
1.6.57
Fixed CVE-2026-34757 (medium severity):
Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST`
leading to corrupted chunk data and potential heap information disclosure.
Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`,
`png_set_unknown_chunks`) against a theoretical variant of the same
aliasing pattern.
(Reported by Iv4n <Iv4n550@users.noreply.github.com>.)
Fixed integer overflow in rowbytes computation in read transforms.
(Contributed by Mohammad Seet.)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:14 +0000 (13:44 +0200)]
libsodium: Update to version 1.0.22
- Update from version 1.0.21 to 1.0.22
- Update of rootfile
- Patch fix for arm build has been integrated into the tarball in this version
- Changelog
1.0.22
- Post-quantum key encapsulation is now available. ML-KEM768, the
NIST-standardized lattice-based KEM, is accessible through the
`crypto_kem_mlkem768_*()` functions.
- X-Wing, a hybrid KEM combining ML-KEM768 with X25519 for protection
against both classical and quantum adversaries, is available through the
`crypto_kem_*()` functions. X-Wing is the recommended KEM for most
applications.
- SHA-3 hash functions are now available as `crypto_hash_sha3256_*()`
and `crypto_hash_sha3512_*()`, with both one-shot and streaming APIs.
1.0.21-stable
- Performance: NEON optimizations for Argon2 on ARM platforms.
- Performance: SHA3 (Keccak1600) now leverages ARM SHA3 instructions when
available on ARM platforms.
- Performance: WebAssembly SIMD implementations of Argon2 have been added.
- Emscripten: LTO is now disabled. With Emscripten 4, LTO produced
WebAssembly modules with functions that ran significantly slower than
without it.
- Emscripten: a new option allows compilation with SIMD support.
- Emscripten: native ESM module generation is now supported.
- JavaScript sumo builds now allow up to 80 MiB memory usage, so that
`crypto_pwhash` with the interactive settings can be used in pure
JavaScript, not just WebAssembly.
- XOF state alignment has been relaxed.
- `crypto_core_keccak1600_state` has been added.
- Export missing `crypto_ipcrypt_nd_keygen()` helper function.
- `crypto_auth_hmacsha256_init` and `crypto_auth_hmacsha512_init` now
accept NULL key pointers (with a zero key length), for consistency with
other `_init` functions.
- apple-xcframework: headers are now in a Clibsodium subdirectory
to prevent module.modulemap collisions with other xcframeworks.
- Fixed compilation with GCC on aarch64 and gcc 4.x.
- On aarch64, aes256-gcm is now enabled even when not using clang,
including MSVC.
- Added compatibility with Visual Studio 2026 when toolsets do not
define PlatformToolsetVersion.
- Libsodium can be directly used as a dependency in a Zig project.
- Performance of MSVC builds has been improved.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:15 +0000 (13:44 +0200)]
libxml2: Update to version 2.15.3
- Update from version 2.15.1 to 2.15.3
- Update of rootfile
- Five CVE fixes applied in 2.15.2
- Changelog
2.15.3
Security
- parser: Pass userData to SAX text callbacks in xmlParseReference (type-confusion)
- entities: copy children in xmlCopyEntity
- c14n: Fix Type confusion in xmlC14NProcessAttrsAxis
- python: Do not decref string after adding to the list (double-free / use-after-free)
- c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free)
Improvements
- schemas: Fix relative schemaLocation resolution in XSI assembly in streaming mode
- xmlreader: propagate reader resource loaders to validator parsers
- python: Make python bindings python2 compatible
- xmlregexp: Fix escape-sequence character range matching
- xmlreader: Free input in xmlReaderForFd (memory-leak)
- xmlstring: Free cur on every error for xmlStrncat (memory-leak)
- catalog: Free xmlCatalogResolveCache on cleanup (memory leak)
- Fix nanohttp.c build when --without-output
- test: fix mismatched signed/unsigned comparison
2.15.2
Security
- CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c
- CVE-2026-0990 fix: Prevent infinite recursion in
xmlCatalogListXMLResolve
- CVE-2026-0992 fix: Exponential behavior when handling
- parser: Fix infinite loop in xmlCtxtParseContent
- CVE-2025-10911 libxslt related: Ignore next/prev of documents when
traversing XPath
- CVE-2026-0989 fix: Add RelaxNG include limit
- xmlIO: use size_t for buffer size reallocation
- uri: fix signed integer overflow in xmlBuildRelativeURISafe
- schematron: fix memory leaks on error paths in xmlSchematronParseRule
- catalog: fix stack overflow from self-referencing SGML CATALOG entries
Improvements
- fuzz: Make fuzzy encoding match more lenient
- Fix C14N type confusion
- meson: Fix build with Meson < 1.3
- xmllint: Use zlib directly
- xmllint: New option to separate xpath results using null, --xpath0
- autotools: Make valgrind actually check for leaks
- meson: Add valgrind test setup
- Fix xmlOutputBufferGetContent output when encoder is set
- threads: don't force _WIN32_WINNT to Vista if it's set to a higher value
- dist: Add generated documentation to the dist as "dist-doc" folder
to simplify downstream packaging of doc
- Fix xmlRemoveEntity removing from wrong hash table
- use duplicating variant in relaxng to mitigate UAF
- Fix memory leak in xmlTextWriterStartAttributeNS on OOM
- meson: remove hardcoded buildtype=debug default
- Fix memory leak of prefix in xmlTextWriterStartElementNS()
- writer: Add a few extra NULL checks to avoid memory leaks on corrupt
writer path.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:16 +0000 (13:44 +0200)]
parted: Update to version 3.7
- Update from version 3.6 to 3.7
- Update of rootfile
- Changelog
3.7
Promoting alpha release to stable release 3.7
3.6.37
New Features
hurd: Support USB device names
Bug Fixes
Stop adding boot code into the MBR if it's zero when updating an
existing msdos partition table.
disk.c: Update metadata after reading partition table
Fix initialization of atr_c_locale inside PED_ASSERT
nilfs2: Fixed possible sigsegv in case of corrupted superblock
libparted: Do not detect ext4 without journal as ext2
libparted: Fix dvh disklabel unhandled exception
libparted: Fix sun disklabel unhandled exception
parted: fix do_version declaration to work with gcc 15
libparted: Fail early when detecting nilfs2
doc: Document IEC unit behavior in the manpage
parted: Print the Fixing... message to stderr
docs: Finish setup of libparted API docs
libparted: link libparted-fs-resize.so to libuuid
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:17 +0000 (13:44 +0200)]
pciutils: Update to version 3.15.0
- Update from version 3.14.0 to 3.15.0
- Update of rootfile
- Changelog
3.15.0
* New capabilities are decoded: MMIO Register Block Locator,
Flit Error Injection, Flit Logging.
* Decoding of PCIe capabilities updated to Gen7.
* Both lspci and setpci warn when the "-s" or "-d" option
is given multiple times.
* Improved display of interrupts in "lspci -vv". Routing of
interrupt pins is shown only if the pins are not disabled.
Routing of MSI(X) interrupts is shown when available
(which is currently supported by the sysfs back-end only).
* Minor improvements to Windows back-ends.
* The dump back-end can read the dump from stdin when given "-"
as a file name.
* FreeBSD supports 64-bit addresses.
* Added README.DJGPP.
* Updated pci.ids.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 11:44:18 +0000 (13:44 +0200)]
texinfo: Update to version 7.3
- Update from version 7.2 to 7.3
- Update of rootfile
- Changelog
7.3
* Language
. new commands for title page creation: @documentinfo, @publication,
and @maketitle. you can use these instead of explicit formatting
inside @titlepage.
. you can use heading commands such as @heading after @node. nodes
defined this way are not part of the chapter structure of the document
(unlike if @section etc. were used).
. new command @xrefname can follow @node in place of a heading command.
this is for when you do not want any heading at all to be displayed.
. new command @namedanchor for defining text to be used for a cross-
reference to an anchor (with @xrefautomaticsectiontitle on)
. new command @thispart to print part name in headings or footings
. deprecate @clickstyle
. if there is no @documentlanguage, the language is unspecified, rather
than en_US. (texi2any will still use English strings by default,
but will not put en_US in the output, depending on output format.)
* texi2any
. texi2any uses the Perl extensions in C for converters when possible,
which results in a large speed-up for HTML output.
set the `TEXINFO_XS_CONVERT' environment variable to 0 for pure Perl.
. optional experimental texi2any program implementation in C embedding Perl.
use --enable-using-c-texi2any to prefer the C implementation.
. report leading directory components of input file names in messages
(this reverses 6.8 release change, 2021).
. when CHECK_NORMAL_MENU_STRUCTURE is on, give the line number of the
problem menu entry
. DUMP_TREE should now be a file name, or - to output to standard error
. remove USE_REL_REV variable; former effect is now always on
. (API only) rename LINKS_BUTTONS customization variable to LINKS_DIRECTIONS
. (API only) rename space direction ' ' to 'Space'
. HTML output:
. the HIGHLIGHT_SYNTAX variable can be used for syntax highlighting
of code samples. this feature was present in earlier releases but
is no longer marked as experimental.
. do not wrap the contents of <style> elements in an HTML comment,
as this is no longer needed for browser compatibility
. the --transliterate-file-names option (which sets the
TRANSLITERATE_FILE_NAMES variable) is now off by default.
. when creating redirection files with --node-files (the default),
ignore the settings of TRANSLITERATE_FILE_NAMES, BASEFILENAME_LENGTH,
and EXTENSION.
. likewise, ignore these variables for links to external manuals
(they are still used for the file names generated for the
converted manual content).
. the default setting of WORDS_IN_PAGE has changed from 300 to 200.
this means that a navigation panel is more likely to be output at
the bottom of fairly short nodes.
. use the last @printindex in the input file for the Index direction
. only output 'accesskey' attributes when splitting by node
. for locations of external manuals, use files ending with the
.cnf extension in the htmlxref.d directories (in addition to files
called htmlxref.cnf). this should make it easier to combine
information on HTML cross-references from different sources.
. in an htmlxref file, you can explicity trigger a link to a local
manual by using an empty URL
. you can set FORMAT_MENU to 'menu_no_detailmenu' to omit an
automatically generated @detailmenu from the Top node
. info.js (with INFO_JS_DIR) fixes and improvements:
. avoid pop-up over Top node and display the correct title
. --internal-links outputs more types of internal link, including
anchors, sections and floats. the possible type names reported
in the second column have changed.
. USE_NEXT_HEADING_FOR_LONE_NODE removed. former effect is now
always on.
. (API only) remove the buttons specifications with scalar references,
direction text or functions references should be used instead
. (API only) remove the Texinfo::TeX4HT customization package
. Info output:
. new experimental variable INFO_MATH_IMAGES allows outputting
images for mathematics notation
. LaTeX output:
. use UTF-8 encoding for output by default, regardless of input
encoding. override with OUTPUT_ENCODING_NAME.
. XML output:
. use HTML entities names for @H and @dotaccent accents types
* texinfo.tex
. add entries in PDF outline for index initials
. use Unicode in PDF outline for input documents encoded in UTF-8
. '@set xrefautomaticsectiontitle on' does not affect cross-references
to anchors, matching the HTML output
. separate adjacent footnote markers with commas, e.g. '1, 2' not '1 2'
* info
. you can use hook scripts to handle an info manual not being found.
these hooks can provide a message to the user with information on
how to install the manual.
. when run as 'info TOPIC INDEX-ENTRY', prefer index entries that
refer to the node that would be loaded by 'info TOPIC'. this aids
in retrieving documentation of command-line options when multiple
programs are documented in the same manual.
for example, 'info cp -- -s' goes to the documentation of the -s
option for the cp program in the coreutils manual, rather than the
-s option of any other program.
. list all customizable variables in help buffer including how they
got their values
. reuse introductory text in dir file rather than supplying our own text,
as was the case in older version of info and is the case in Emacs
. removed fallback if a node is not found in a cross-reference to
searching for a file of the same name. e.g. "* Foo::" in a menu
would go to a file called "Foo", if no node called "Foo" was found.
now only the node is looked for.
. new variable 'raw-utf8-output' supports viewing UTF-8 Info files
on MS-Windows
* Distribution
. automake 1.18.1, autoconf 2.72, gettext 0.26, libtool 2.5.4
. support for DJGPP removed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 26 Apr 2026 21:37:41 +0000 (23:37 +0200)]
expat: Update to version 2.8.0
- Update from version 2.7.5 to 2.8.0
- Update of rootfile
- CVE fix
- Changelog
2.8.0
Security fixes:
47 1183 CVE-2026-41080 -- The existing hash flooding protection
(based on SipHash) only used 4 to 8 bytes of entropy for
a salt, when 16 bytes of salt are supported by the
implementation of SipHash used by Expat. Now full 16 bytes
of entropy are used to improve protection against hash
flooding attacks.
Existing API function XML_SetHashSalt is now deprecated
because of its limitations, and its use should be
considered a vulnerability. Please either use the new API
function XML_SetHashSalt16Bytes (with known-high-quality
entropy input only!) instead, or leave the derivation of
a 16-bytes hash salt from high quality entropy to Expat's
internal machinery (by *not* calling either of the two
XML_SetHashSalt* functions).
Bug fixes:
1188 Avoid propagating /dev/urandom file descriptor to child
processes
1193 Fix interpretation of `errno` after randomization calls
1195 Avoid assuming uint8_t is a character type
Other changes:
1180 1199 Add support for `getentropy(3)` as a source of entropy;
this helps with protecting against hash flooding attacks,
in particular with WASI SDK (where none of the other
entropy sources supported by libexpat are available).
1200 Autotools: Add `--without-arc4random` and
`--without-arc4random-buf`
1200 Autotools: Make `./configure` output report on available
high quality entropy sources
1173 Autotools|macOS: Sync CMake templates with CMake 4.3.0
1201 Autotools|CMake: Improve checks for `arc4random` and
`arc4random_buf` e.g. with modern glibc
1201 CMake: Report on availability of functions `arc4random` and
`arc4random_buf`
1201 CMake: Mark entropy related build switches as advanced
1189 ..
1203 1204 Extract new files from entropy extraction code
1194 Stop duplicating C tests 1:1 as C++ ("runtests_cxx")
1202 Fix a comment typo in expat_external.h
1187 Fix grammar in compile error message
1192 examples: Build warning-free with -Wwrite-strings
1171 tests: Address harmless warning from Coverity
1170 1176 Sync file headers
1190 1206 Version info bumped from 12:3:11 (libexpat*.so.1.11.3)
to 13:0:12 (libexpat*.so.1.12.0); see https://verbump.de/
for what these numbers do
Infrastructure:
1166 1167 ..
1172 1175 ..
1178 1179 ..
1185 1205 CI: Make Perl XML::Parser integration tests run against
both version 2.47 and the latest release 2.58
1169 CI: Adapt to breaking changes regarding Inno Setup
1173 CI: Adapt to breaking changes regarding CMake
1174 CI: Include public corpus of fuzzer `xml_lpm_fuzzer` with
regression testing
1181 1182 CI: Bump WASI SDK from 30 to 32
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 24 Apr 2026 16:43:00 +0000 (18:43 +0200)]
tzdata: Update to version 2026b
- Update from version 2026a to 2026b
- No change in rootfile
- Changelog
2026b
Briefly:
British Columbia moved to permanent -07 on 2026-03-09.
Some more overflow bugs have been fixed in zic.
Changes to future timestamps
British Columbia’s 2026-03-08 spring forward was its last
foreseeable clock change, as it moved to permanent -07 thereafter.
(Thanks to Arthur David Olson.) Although the change to permanent
-07 legally took place on 2026-03-09, temporarily model the change
to occur on 2026-11-01 at 02:00 instead. This works around a
limitation in CLDR v48.2 (2026-03-17). This temporary hack is
planned to be removed after CLDR is fixed.
Changes to code
zic no longer mishandles a last transition to a new time type.
zic no longer overflows a buffer when generating a TZ string like
"PST-167:59:58PDT-167:59:59,M11.5.6/-167:59:59,M12.5.6/-167:59:59",
which can occur with adversarial input. (Thanks to Naveed Khan.)
zic no longer generates a longer TZif file than necessary when
an earlier time zone abbreviation is a suffix of a later one.
As a nice side effect, zic no longer overflows a buffer when given
a long series of abbreviations, each a suffix of the next.
(Buffer overflow reported by Arthur Chan.)
zic no longer overflows an int when processing input like ‘Zone
Ouch 2147483648:00:00 - LMT’. The int overflow can lead to buffer
overflow in adversarial cases. (Thanks to Naveed Khan.)
zic now checks for signals more often.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 24 Apr 2026 16:42:58 +0000 (18:42 +0200)]
openssh: Update to version 10.3p1
- Update from version 10.2p1 to 10.3p1
- No change in rootfile
- There are three changes listed as Potentially incompatible changes. They do not look
to me like thinmgs that will affect IPFire but I am happy to be corrected.
- Changelog
10.3p1
Potentially-incompatible changes
* ssh(1), sshd(8): remove bug compatibility for implementations
that don't support rekeying. If such an implementation tries to
interoperate with OpenSSH, it will now eventually fail when the
transport needs rekeying.
* sshd(8): prior to this release, a certificate that had an empty
principals section would be treated as matching any principal
(i.e. as a wildcard) when used via authorized_keys principals=""
option. This was intentional, but created a surprising and
potentially risky situation if a CA accidentally issued a
certificate with an empty principals section: instead of being
useless as one might expect, it could be used to authenticate as
any user who trusted the CA via authorized_keys. [Note that this
condition did not apply to CAs trusted via the sshd_config(5)
TrustedUserCAKeys option.]
This release treats an empty principals section as never matching
any principal, and also fixes interpretation of wildcard
characters in certificate principals. Now they are consistently
implemented for host certificates and not supported for user
certificates.
* ssh(1): the -J and equivalent -oProxyJump="..." options now
validate user and host names for ProxyJump/-J options passed
via the command-line (no such validation is performed for this
option in configuration files). This prevents shell injection in
situations where these were directly exposed to adversarial
input, which would have been a terrible idea to begin with.
Reported by rabbit.
Security
* ssh(1): validation of shell metacharacters in user names supplied
on the command-line was performed too late to prevent some
situations where they could be expanded from %-tokens in
ssh_config. For certain configurations, such as those that use a
"%u" token in a "Match exec" block, an attacker who can control
the user name passed to ssh(1) could potentially execute arbitrary
shell commands. Reported by Florian Kohnhäuser.
We continue to recommend against directly exposing ssh(1) and
other tools' command-lines to untrusted input. Mitigations such
as this can not be absolute given the variety of shells and user
configurations in use.
* sshd(8): when matching an authorized_keys principals="" option
against a list of principals in a certificate, an incorrect
algorithm was used that could allow inappropriate matching in
cases where a principal name in the certificate contains a
comma character. Exploitation of the condition requires an
authorized_keys principals="" option that lists more than one
principal *and* a CA that will issue a certificate that encodes
more than one of these principal names separated by a comma
(typical CAs strongly constrain which principal names they will
place in a certificate). This condition only applies to user-
trusted CA keys in authorized_keys, the main certificate
authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile)
is not affected. Reported by Vladimir Tokarev.
* scp(1): when downloading files as root in legacy (-O) mode and
without the -p (preserve modes) flag set, scp did not clear
setuid/setgid bits from downloaded files as one might typically
expect. This bug dates back to the original Berkeley rcp program.
Reported by Christos Papakonstantinou of Cantina and Spearbit.
* sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys.
Previously if one of these directives contains any ECDSA algorithm
name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm
would be accepted in its place regardless of whether it was
listed or not. Reported by Christos Papakonstantinou of Cantina
and Spearbit.
* ssh(1): connection multiplexing confirmation (requested using
"ControlMaster ask/autoask") was not being tested for proxy mode
multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by
Michalis Vasileiadis.
New features
* ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent
forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new
names is advertised via the EXT_INFO message. If a server offers
support for the new names, then they are used preferentially.
Support for the pre-standardisation "@openssh.com" extensions for
agent forwarding remains supported.
* ssh-agent(1): implement support for draft-ietf-sshm-ssh-agent
"query" extension.
* ssh-add(1): support querying the protocol extensions via the
agent "query" extension with a new -Q flag.
* ssh(1): support multiple files in a ssh_config RevokedHostKeys
directive. bz3918
* sshd(8): support multiple files in a sshd_config RevokedKeys
directive bz3918
* ssh(1): add a ~I escape option that shows information about the
current SSH connection.
* ssh(1): add an "ssh -Oconninfo user@host" multiplexing command
that shows connection information, similar to the ~I escapechar.
* ssh(1): add an "ssh -O channels user@host" multiplexing command to
get a running mux process to show information about what channels
are currently open.
* sshd(8): add 'invaliduser' penalty to PerSourcePenalties, which is
applied to login attempts for usernames that do not match real
accounts. Defaults to 5s to match 'authfail' but allows
administrators to block such attempts for longer if desired.
* sshd(8): add a GSSAPIDelegateCredentials option for the server,
controlling whether it accepts delegated credentials offered by
the client. This option mirrors the same option in ssh_config.
GHPR614
* ssh(1), sshd(8): support the VA DSCP codepoint in the IPQoS
directive.
* sshd(8): convert PerSourcePenalties to using floating point time,
allowing penalties to be less than a second. This is useful if you
need to penalise things you expect to occur at >=1 QPS.
* ssh-keygen(1): support writing ED25519 keys in PKCS8 format.
GHPR570
* Support the ed25519 signature scheme via libcrypto.
Bugfixes
* sshd(8): make IPQoS first-match-wins in sshd_config, like other
configuration directives. bz3924
* sshd(8): fix potential crash when MaxStartups is using a single
argument (i.e. not using the MaxStartps x:y:z form) to a value
below 10. bz3941
* sshd(8): fix a potential hang during key exchange if needed DH
group values were missing from /etc/moduli.
* ssh-agent(1): fix return values from extensions to be correct wrt
draft-ietf-sshm-ssh-agent: extension requests should indicate
failure using SSH_AGENT_EXTENSION_FAILURE rather than the generic
SSH_AGENT_FAILURE error code. This allows the client to discern
between "the request failed" and "the agent doesn't support this
extension".
* ssh(1): use fmprintf for showing challenge-response name and info
to preserve UTF-8 characters where appropriate. Prompted by GitHub
PR#452.
* scp(1): when uploading a directory using sftp/sftp (e.g. during a
recursive transfer), don't clobber the remote directory
permissions unless either we created the directory during the
transfer or the -p flag was set. bz3925
* All: implement missing pieces of FIDO/webauthn signature support,
mostly related to certificate handling and enable acceptance of this
signature format by default. bz3748 GHPR624 GHPR625
* sshd_config(5): make it clear that DenyUsers/DenyGroups overrides
AllowUsers/AllowGroups. Previously we specified the order in which
the directives are processed but it was ambiguous as to what
happened if both matched.
* ssh(1): don't try to match certificates held in an agent to
private keys. This matching is done to support certificates that
were loaded without their private key material, but is
unnecessary for agent-hosted certificate which always have
private key material available in the agent. Worse, this matching
would mess up the request sent to the agent in such a way as to
break usage of these keys when the key usage was restricted in
the agent. bz3752
* sftp(1): if editline has been switched to vi mode (i.e. via "bind
-v" in .editrc), setup a keybinding so that command mode can be
entered.
* ssh(1), sshd(8): improve performance of keying the sntrup761 key
agreement algorithm.
* ssh(1), sshd(8): enforce maximum packet/block limit during
pre-authentication phase.
* sftp(1): don't misuse the sftp limits extension's open-handles
field. This value is supposed to be the number of handles a
server will allow to be opened and not a number of outstanding
read/write requests that can be sent during an upload/download.
* sshd(8): don't crash at connection time if the main sshd_config
lacks any subsystem directive but one is defined in a Match block.
bz3906
* sshd_config(5): add a warning next to the ForceCommand directive
that forcing a command doesn't automatically disable forwarding.
* sshd_config(5): add a warning that TOKENS are replaced without
filtering or escaping and that it's the administrator's
responsibility to ensure they are used safely in context.
* scp(1): correctly quote filenames in verbose output for local->
local copies. bz3900
* sshd(8): don't mess up the PerSourceNetBlockSize IPv6 mask if
sscanf didn't decode it. GHPR598
* ssh-add(1): when loading FIDO2 resident keys, set the comment to
the FIDO application string. This matches the behaviour of
ssh-keygen -K. GHPR608
* sshd(8): don't strnvis() log messages that are going to be logged
by sshd-auth via its parent sshd-session process, as the parent
will also run them though strnvis(). Prevents double-escaping of
non-printing characters in some log messages. bz3896
* ssh-agent(1): escape SSH_AUTH_SOCK paths that are sent to the
shell as setenv commands. Unbreaks ssh-agent for home directory
paths that contain whitespace. bz3884
* All: Remove unnecessary checks for ECDSA public key validity.
* sshd(8): activate UnusedConnectionTimeout only after the last
channel has closed. Previously UnusedConnectionTimeout could fire
early after a ChannelTimeout. This was not a problem for the
OpenSSH client because it terminates once all channels have
closed but could cause problems for other clients (e.g. API
clients) that do things differently. bz3827
* All: fix PKCS#11 key PIN entry problems introduced in
openssh-10.1/10.2. bz3879
* scp(1): when using the SFTP protocol for transfers, fix implicit
destination path selection when source path ends with "..". bz3871
* sftp(1): when tab-completing a filename, ensure that the completed
string does not end up mid-way through a multibyte character, as
this will cause a fatal() later on. GHPR#587
* ssh-keygen(1): fix crash at exit (visible via ssh-keygen -D) when
multiple keys loaded.
* scp(1)/sftp(1): correctly display bandwidths >2GBps in the
progress meter.
Portability
* sshd(8): fix condition introduced in openssh 10.2p1 stable branch
here a PAM module that changed the requested username between
SSH_MSG_USERAUTH_REQUEST messages during authentication could
confuse the PAM stack and let it proceed with a different
understanding of the active username than the rest of sshd.
Reported by Mike Damm.
* sshd(8): immediately report interactive instructions to clients
when using keyboard-interactive authentication with PAM. bz2876
* sshd(8): fix duplicate PAM messages under some situations.
* sshd(8): don't leak PAM handle on repeat invocations. bz3882
* All: support linking libcrypto implementations (e.g. BoringSSL)
that require libstdc++.
* sshd(8): fix ut_type for btmp records, correctly using
LOGIN_PROCESS and USER_PROCESS.
* sshd(8): allow uname(3) in the seccomp sandbox. This is needed by
zlib-ng on RISC-V platforms.
* All: remove remaining OpenSSL_add_all_algorithms() calls.
We already have OPENSSL_init_crypto() in the compat layer.
Prompted by github PR#606
* All: fix builds on older Mac OS wrt nfds_t.
* mdoc2man: several improvements including better support for Dl
and Ns inside Ic.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 24 Apr 2026 16:42:59 +0000 (18:42 +0200)]
openssl: Update to version 3.6.2
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- This looks to be the last release in the 3.x branch as 4.0.0 has been released.
This patch updates that last 3.x branch version as it is a security release with
eight CVE fixes in it.
Also with the major change from 3.x to 4.x we will need to ensure that there are no
issues for IPFire. I will do a separate build for 4.0.0 and test it before submitting
that patch for consideration for 203 or 204
- Changelog
3.6.2
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
(CVE-2026-28386)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 11 Apr 2026 11:45:32 +0000 (13:45 +0200)]
ovpnmain.cgi: Update status extraction for Connection Status
- The format of the connection status has changed and this change ensures that the
status is correctly shown in the Connection Status and Control table
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 11 Apr 2026 11:45:29 +0000 (13:45 +0200)]
ovpnmain.cgi: Display only IP for Real Address in Connection Statistics Page
- In the Connection Statistics page under Real Address it was showing the IP:Port instead
of just the IP.
- The IP was being split out in $address but this variable was not then used to display
the Real Address.
- This patch fixes that so that only the IP is shown for the Real Address.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 11 Apr 2026 11:45:26 +0000 (13:45 +0200)]
openvpn: Update to version 2.7.1
- Update from version 2.6.19 to 2.7.1
- Update of rootfile
- Changelog
2.7.1
Bugfixes
Fix usage of --lport inside a <connection> block - this got broken with the multi-socket patchset (GH #995)
Do not try to run auto-pam unit test when cross-compiling.
Do not break private-key passphrases of length >= 64 (GH #993)
Fix obscure ASSERT() crash on TCP connects with TAP and no ip config.
Make DCO work on FreeBSD systems that have no IPv4 support in kernel (FreeBSD PR 286263)
Make DCO work on Linux on big endian systems (namely, MIPS and PowerPC) (GH OpenVPN/ovpn-dco#96)
New features
Add a new username-only flag argument to --auth-user-pass which will now make OpenVPN only query for username and send a dummy password to the server. This is only useful if auth schemes are used on the server side that will do some sort of external challenge base on username, and not password authentication. See discussion in GH #501 (starting Jan 30, 2024).
Increase default sizing of internal hash maps to 4 * --max-clients. The default used to be 256 with a --max-clients default of 1024 - this is bad for performance, while the memory savings are minimal. On a very memory constrained system, reduce --max-clients.
Long-term code maintenance
Work on OpenSSL 4.0 API support, reducing use of ASN1_STRING members.
Remove obsolete OpenSSL 1.0.x support code from unit tests.
Improve documentation of management client versioning, replace magic numbers in the code with an enum type.
Fixup responses to management interface version command (for >= 4).
Make --enable-async-push work on FreeBSD 15 (which has native inotify support, and consequently no libinotify.pc anymore)
Adjust some code parts to new "const" handling on string function returns (ISO C23, as implemented by glibc 2.43 and newer).
Remove erroneous usage of M_ERR | M_ERRNO throughout the code.
User-visible Changes
When compiled with the AWS-LC SSL library, using --tls-cert-profile will now print a run-time warning - the library does not support it, so it would silently do nothing.
Systemd unit files: change LimitNPROC to TasksMax and increase limit (GH: #929)
Documentation improvements.
port-share: log incoming connections at verb 3, not on error level anymore (GH: #976).
2.7.0
New features
Multi-socket support for servers
OpenVPN servers now can listen on multiple sockets at the same time. Multiple --local statements in the configuration can be used to configure this. This way the same server can e.g. listen for UDP and TCP connections at the same time, or listen on multiple addresses and/or ports.
Client implementations for DNS options sent by server for Linux/BSD/macOS
Linux, BSD and macOS versions of OpenVPN now ship with a per-platform default --dns-updown script that implements proper handling of DNS configuration sent by the server. The scripts should work on systems that use systemd or resolveconf to manage the DNS setup, as well as raw /etc/resolv.conf files. However, the exact features supported will depend on the configuration method. On Linux and MacOS this should usually make split-DNS configurations supported out-of-the-box now.
Note that this new script will not be used by default if a --up script is already in use to reduce problems with backwards compatibility.
See documentation for --dns-updown and --dns for more details.
New client implementation for DNS options sent by server for Windows
The Windows client now uses NRPT (Name Resolution Policy Table) to handle DNS configurations. This adds support for split-DNS and DNSSEC and improves the compatbility with local DNS resolvers. Requires the interactive service.
On Windows the block-local flag is now enforced with WFP filters.
The block-local flag to --redirect-gateway and --redirect-private is now also enforced via the Windows Firewall, making sure packets can't be sent to the local network. This provides stronger protection against TunnelCrack-style attacks.
Windows network adapters are now generated on demand
This means that on systems that run multiple OpenVPN connections at the same time the users don't need to manually create enough network adapters anymore (in addition to the ones created by the installer).
Windows automatic service now runs as an unpriviledged user
All tasks that need privileges are now delegated to the interactive service. NOTE this has the risk of breaking existing setups if the Windows certificate store is used (cryptoapi), and the certificates are not readable for NT SERVICE\OpenVPNService.
Support for new version of Linux DCO module
OpenVPN DCO module is moving upstream and being merged into the main Linux kernel. For this process some API changes were required. OpenVPN 2.7 will only support the new API. The new module is called ovpn. Out-of-tree builds for older kernels are available. Please see the release announcements for futher information.
Support for server mode in win-dco driver
On Windows the win-dco driver can now be used in server setups.
Support for TLS client floating in DCO implementations
The kernel modules will detect clients floating to a new IP address and notify userland so both data packets (kernel) and TLS packets (sent by userland) can reach the new client IP. (Actual support depends on recent-enough kernel implementation)
Enforcement of AES-GCM usage limit
OpenVPN will now enforce the usage limits on AES-GCM with the same confidentiality margin as TLS 1.3 does. This mean that renegotiation will be triggered after roughly 2^28 to 2^31 packets depending of the packet size. More details about usage limit of AES-GCM can be found here:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/
Epoch data keys and packet format
This introduces the epoch data format for AEAD data channel ciphers in TLS mode ciphers. This new data format has a number of improvements over the standard "DATA_V2" format.
AEAD tag at the end of packet which is more hardware implementation friendly
Automatic key switchover when cipher usage limits are hit, similar to the epoch data keys in (D)TLS 1.3
64 bit instead of 32 bit packet ids to allow the data channel to be ready for 10 GBit/s without having frequent renegotiation
IV constructed with XOR instead of concatenation to not have (parts) of the real IV on the wire
Support for Epoch data channel on Windows, using the win-dco driver (2.8.0+)
Default ciphers in --data-ciphers
Ciphers in --data-ciphers can contain the string DEFAULT that is replaced by the default ciphers used by OpenVPN, making it easier to add an allowed cipher without having to spell out the default ciphers.
TLS alerts
OpenVPN 2.7 will send out TLS alerts to peers informing them if the TLS session shuts down or when the TLS implementation informs the peer about an error in the TLS session (e.g. mismatching TLS versions). This improves the user experience as the client shows an error instead of running into a timeout when the server just stops responding completely.
Support for tun/tap via unix domain socket and lwipovpn support
To allow better testing and emulating a full client with a full network stack OpenVPN now allows a program executed to provide a tun/tap device instead of opening a device.
The co-developed lwipovpn program based on lwIP stack allows to simulate full IP stack. An OpenVPN client using --dev-node unix:/path/to/lwipovpn can emulate a full client that can be pinged, can serve a website and more without requiring any elevated permission. This can make testing OpenVPN much easier.
For more details see lwipovpn on Github.
Allow overriding username with --override-username
This is intended to allow using --auth-gen-token in scenarios where the clients use certificates and multi-factor authentication. This will also generate a push "auth-token-user newusername" directive in push replies.
--port-share now properly supports IPv6
Issues with logging of IPv6 addresses were fixed. The feature now allows IPv6 connections towards the proxy receiver.
Support for Haiku OS
TLS1.3 support with mbedTLS (requires mbedTLS >= 3.6.4)
PUSH_UPDATE client support
It is now possible to update parts of the client-side configuration (IP address, routes, MTU, DNS) by sending a new server-to-client control message, PUSH_UPDATE,<options>. See also: https://openvpn.github.io/openvpn-rfc/openvpn-wire-protocol.html NOTE: PUSH_UPDATE client support is currently disabled if DCO is active (on all platforms).
PUSH_UPDATE server support (minimal)
New management interface commands push-update-broad and push-update-cid to send PUSH_UPDATE option updates to all clients ("there is a new DNS server") or only a specific client ID ("privileges have changed, here's a new IP address"). See doc/management-notes.txt NOTE: PUSH_UPDATE server support is currently disabled if DCO is active (on all platforms).
Support for user-defined routing tables on Linux
See the --route-table option in the manpage
PQE support for WolfSSL
Two new environment variables have been introduced to communicate desired
default gateway redirection to plugins like Network Manager, route_redirect_gateway_ipv4 and route_redirect_gateway_ipv6. See the "Environmental Variables" section in the man page
Improved logging of service events/errors to event log on Windows.
"Recursive Routing" check is now more granular, and will only drop
packets-in-tunnel if destination IP, protocol and port matches with those needed to reach the VPN server. With that change, you can now use policies that direct "everything that is not OpenVPN" into the tunnel, and have IP packets to the VPN server address arrive as expected (no such policies are currently installed by OpenVPN) (GH: #669).
COPYING: license details only relevant to our Windows installers have
been updated and moved to the openvpn-build repo
Improved BYTECOUNT support - more strictly adhere to timing interval
requested, correctly support client and server counters with Linux and Windows DCO offloading.
Improve compatibility with OpenSSL 3.6.0 (do not fail t_lpback selftest)
New option --tls-crypt-v2-max-age n to check tls-crypt-v2 timestamps
(When a client is older than n days or has no timestamp, the server
will reject it)
mbedTLS 4 support has been added.
Note that with mbedTLS 4 algorithms need to be translated to mbedTLS 4 internal IDs by OpenVPN, and some names might be missing.
Deprecated features
secret support has been removed (by default).
static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.
This mode can still be enabled by using --allow-deprecated-insecure-static-crypto but will be removed in OpenVPN 2.8.
Support for wintun Windows driver has been removed.
OpenVPN 2.6 added support for the new dco-win driver, so it supported three different device drivers: dco-win, wintun, and tap-windows6. OpenVPN 2.7 now drops the support for wintun driver. By default all modern configs should be supported by dco-win driver. In all other cases OpenVPN will fall back automatically to tap-windows6 driver.
NTLMv1 authentication support for HTTP proxies has been removed.
This is considered an insecure method of authentication that uses obsolete crypto algorithms. NTLMv2 support is still available, but will be removed in a future release. When configured to authenticate with NTLMv1 (ntlm keyword in --http-proxy) OpenVPN will try NTLMv2 instead.
persist-key option has been enabled by default.
All the keys will be kept in memory across restart.
OpenSSL 1.0.2 support has been removed.
Support for building with OpenSSL 1.0.2 has been removed. The minimum supported OpenSSL version is now 1.1.0.
mbedTLS 2.x support has been removed
Support for building with mbedTLS 2.x has been removed (it is out of support since March 2025, and the necessary compatibility code is making maintenance and support for mbedTLS 4.x hard). The minimum supported mbedTLS version is now 3.2.1.
Compression on send has been removed.
OpenVPN 2.7 will never compress data before sending. Decompression of received data is still supported. --allow-compression yes is now an alias for --allow-compression asym.
--memstats feature removed
The --memstats option was largely undocumented and there is no known user of this feature. This feature provided very limited statistics (number of users, link bytes read/written) and we do not except any usage because of this.
Using --push in a mode that is not --mode server will now print a
clear warning that this is an unsupported operation and might cause negotiation failures.
--reneg-bytes and --reneg-packets do not work in DCO mode, and will
now print an appropriate warning.
On-connect resolving of --remote addresses in --tcp-server mode
was not working since 2.4, so the code was completely removed.
--opt-verify feature removed
This option was already deprecated and it is now being converted to a no-op. Using this option will only print a warning.
User-visible Changes
Default for --topology changed to subnet for --mode server. Previous releases always used net30 as default. This only affects configs with --mode server or --server (the latter implies the former), and --dev tun, and only if IPv4 is enabled. Note that this changes the semantics of --ifconfig, so if you have manual settings for that in your config but not set --topology your config might fail to parse with the new version. Just adding --topology net30 to the config should fix the problem. By default --topology is pushed from server to client.
--x509-username-field will no longer automatically convert fieldnames to uppercase. This was deprecated since OpenVPN 2.4, and has now been removed.
--dh none is now the default if --dh is not specified. Modern TLS implementations will prefer ECDH and other more modern algorithms anyway. And finite field Diffie Hellman is in the proces of being deprecated (see draft-ietf-tls-deprecate-obsolete-kex)
--lport 0 does not imply --bind anymore.
--redirect-gateway now works correctly if the VPN remote is not reachable by the default gateway.
--show-gateway now supports querying the gateway for IPv4 addresses.
--static-challenge option now has a third parameter format that can change how password and challenge response should be combined.
--key and --cert now accept URIs implemented in OpenSSL 3 as well as optional OpenSSL 3 providers loaded using --providers option.
--cryptoapicert now supports issuer name as well as Windows CA template name or OID as selector string.
TLS handshake debugging information contains much more details now when using recent versions of OpenSSL.
The IV_PLAT_VER variable sent by Windows clients now contains the full Windows build version to make it possible to determine the Windows 10 or Windows 11 version used.
The --windows-driver option to select between various windows drivers will no longer do anything - it's kept so existing configs will not become invalid, but it is ignored with a warning. The default is now ovpn-dco if all options used are compatible with DCO, with a fallback to tap-windows6. To force TAP (for example because a server pushes DCO incompatible options), use the --disable-dco option.
Apply more checks to incoming TLS handshake packets before creating new state - namely, verify message ID / acked ID for "valid range for an initial packet". This fixes a problem with clients that float very early but send control channel packet from the pre-float IP (Github: #704).
Use of --dh dh2048.pem in all sample configs has been replaced with --dh none. The dh2048.pem file has been removed.
The startup delay in t_client.sh has been reduced from 3s to 1s, making a noticeable difference for setups with many tests.
Changed from using uncrustify for code formatting and pre-commit checks to clang-format. This reformatted quite a bit of code, and requires that regular committers change their pre-commit checks accordingly.
On Linux, on interfaces where applicable, OpenVPN explicitly configures the broadcast address again. This was dropped for 2.6.0 "because computers are smart and can do it themselves", but the kernel netlink interface isn't, and will install "0.0.0.0". This does not normally matter, but for broadcast-based applications that get the address to use from "ifconfig", this change repairs functionality (this has been backported to 2.6.15, but is not in earlier 2.6 versions).
max-routes-per-client 0 used to be silently upgraded to 1. This now produces an error.
ifconfig and ifconfig-ipv6 values are now stored in pre-connect options cache, and will be restored to pre-connect values on reconnects if the server stops pushing the respective option.
tapctl.exe helper binary on Windows has been reworked to improve help texts (making clear that it can not only do TAP-Adapters but Win-DCO as well), add printing of the hwid to all adapter outputs, and change the default adapter type created to ovpn-dco.
The default for multihome egress interface handling has changed. 2.7.0 will default to ipi_ifindex=0, that is, leave the decision to the routing/policy setup of the operating system. The pre-2.7 behaviour (force egress = ingress interface) can be achieved with the new --multihome same-interface sub-option.
Windows openvpn.exe binary manifest now sets code page UTF8 - which has no direct effect on OpenVPN itself, but this repairs OpenSSL file loading for key/cert files with non-ASCII characters in their file names (GH: #920).
The test-crypto option no longer requires a --secret argument and will automatically generate a random key.
The configure-time option --enable-x509-alt-username is no longer conditional, and always-on (GH: #917).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:34 +0000 (17:10 +0200)]
boost: Update to version 1_90_0
- Update from version 1_89_0 to 1_90_0
- Update of rootfiles for all three architectures
- Changelog
1_90_0
New Libraries
OpenMethod:
Open-(multi-)methods in C++17 and above, from Jean-Louis Leroy.
Updated Libraries
Asio
Added the execution::inline_exception_handling property to describe what exception handling guarantees are made when execution occurs inline.
Added inline_executor, which always executes the submitted function inline.
Changed the default candidate executor for associated_executor from system_executor to inline_executor.
Added the inline_or_executor<> adapter and inline_or() helper, which will execute inline if possible and otherwise delegate to another executor.
Added overloads of dispatch, post and defer that take a function object to be run on the target executor, and deliver the result to the completion handler.
Added the redirect_disposition completion token adapter, as a generic counterpart for redirect_error.
Annotated deprecated items with the [[deprecated]] attribute.
Added a new configuration parameter "reactor" / "reset_edge_on_partial_read", which determines whether a partial read consumes the edge when using epoll.
Added new configuration parameters "reactor" / "use_eventfd" and "reactor" / "use_timerfd" that are used to determine whether the epoll backend uses eventfd and timerfd respectively.
Added the missing preprocessor check for BOOST_ASIO_DISABLE_TIMERFD.
Implemented a compile-time feature check for std::source_location support, in addition to std::experimental::source_location.
Stopped using the deprecated boost::array::c_array() function.
Fixed a resource leak in asio::awaitable move assignment.
Fixed a memory leak in ssl stream move assignment.
Fixed a thread sanitizer issue in kqueue reactor.
Fixed handler tracking arguments in io_uring backend.
Fixed an unused parameter warning in boost::asio::detail::null_thread.
Changed the macro-based coroutine implementation to ensure deterministic case labels when __COUNTER__ is used.
Fixed synchronous SSL stream shutdown to remap error::eof as async_shutdown does.
Changed stream_file and random_access_file on Windows to treat file paths as UTF-8 encoded strings.
Added checks to experimental::parallel_group and experimental::ranged_parallel_group to detect empty operation sets.
Removed workaround for _FORTIFY_SOURCE, added address length checking to ip::basic_resolver_results.
Fixed experimental::coro to have protection against max as a macro.
Updated detection of std::aligned_alloc for newer libc++ versions.
Various documentation fixes and improvements.
Consult the Revision History for further details.
Beast:
http::parser rejects non-standard trailer fields by default.
http::basic_parser uses a dedicated callback for trailer fields.
http::field constants are updated.
Fixed allocator move/copy assignment in flat_buffer and multi_buffer.
Fixed websocket permessage-deflate error on partial message consumption.
http::buffer_body ignores empty chunks.
Added http::basic_fields::contains member function.
Removed dependency on Boost.Preprocessor and Boost.StaticAssert.
Bloom:
Added bulk-mode insertion and lookup for increased performance.
Made lookup implementation branchless for block, fast_multiblock32 and fast_multiblock64, which results in some performance gains, particularly for mixed successful/unsuccessful queries.
Charconv:
Fixed quadmath detection in CMake for cross-compilation.
Fixed an issue where a sufficiently big buffer would error as not large enough in floating point to_chars.
Compat:
Added to_underlying.hpp (contributed by Braden Ganetsky.)
Container:
Reimplemented deque. The original implementation was based on the SGI’s original data structure (similar to libstdc++). Main changes:
sizeof(deque) was 10 words, now is 4 words. Probably the lightest implementation around.
sizeof(deque::iterator) was 4 words, now is is 2 words (similar to libc++ and MSVC).)
Several internal algorithms were reimplemented to speed up the segmented nature of deque.
Defaults were slightly changed, 64 bit platforms now use 1024 byte blocks by default instead of classic SGI 512 byte blocks.
The new implementation eases further deque-like variations and optimizations in the future.
Fixed bugs/issues:
GitHub #248: "flat_map slow insertion introduced in boost-1.80.0".
GitHub #254: "C++20 std::erase_if".
GitHub #293: "UBSAN reports unaligned access error".
GitHub #294: "CMake: Add option to use header-only Boost::container".
GitHub #300: "Warnings when building with Clang 20".
GitHub #304: "Usage of boost::container::small_vector with custom allocator".
GitHub #305: "Warnings with -Wstrict-prototypes".
GitHub #307: "Fix all instances of MSVC warning C4146 (unsigned negation)".
GitHub #309: "Performance regression of boost::container::static_vector introduced in boost v1.86".
GitHub #306: "new_allocator.hpp error: '__cpp_sized_deallocation' is not defined, evaluates to 0 [-Werror,-Wundef"].
GitHub #310: "flat_map: Mention correct type in documentation of emplace and emplace_hint".
GitHub #312: "flat_map std::allocator::is_always_equal is deprecated".
GitHub #317: "Partial revert of changes for Issue #209 - compiler warnings".
GitHub #321: "devector does not work with pmr allocators".
Conversion:
Dropped dependency on Boost.SmartPtr.
Core:
The implementation of BOOST_TEST_THROWS and BOOST_TEST_NO_THROW macros defined in boost/core/lightweight_test.hpp has been changed to avoid compiler warnings on some compilers, when the macros are used in if/else blocks. As a side effect of this change, the semicolon after the macro is now necessary. (PR#205)
boost::data and boost::size are now aliases for std::data and std::size, respectively, when the latter are provided by compiler. This resolves potential ambiguities when both boost:: and std:: alternatives are found by the compiler, e.g. as a result of ADL. (PR#206)
DLL:
Fixed issues with std::error_code being passed to boost::system::error_code&. Many thanks to Thomas Klausner for the fix (PR#106).
Fixed install with CMake. Many thanks to Yury Bura for the fix (PR#103).
Fixed size variable shadowing.
DynamicBitset:
Added C++20 iterators.
Allowed choosing the underlying container type.
Added constexpr support when compiling as C++20 or later.
Made push_back(), pop_back() and lowest_bit() more efficient.
Made the constructor from basic_string explicit.
Removed several dependencies.
Added push_front(), pop_front(), find_first_off(), find_next_off() and constructors from C-style strings and basic_string_view (the latter in C++17 or later).
Changed the stream inserter to set badbit if an exception is thrown during output.
Made the stream extractor rethrow any exception coming from the underlying vector.
Ported the documentation to MrDocs and Antora.
Filesystem:
Clear passed error_code argument on successful completion of the permissions operation. (PR#338)
On Windows, added a workaround for directory_iterator constructor failing with an "Invalid Signature" error for a Samba 3.0.2 share, when SMB signing is required. (#334)
Flyweight:
Fixed compile errors in Clang 19 and later due to P0522R0 support.
Geometry:
Major improvements
GitHub #1409: "Implement is_valid algorithm for polyhedral surfaces".
Improvements
GitHub #1413: "Add supported combinations for convert".
GitHub #1417: "Improved documentation".
GitHub #1423: "Avoid stack overflow in traverse".
Solved issues
GitHub #1006: "bg::projections::detail::epsg_to_parameters causes excessive compile times".
Various fixes of errors and warnings
GIL:
Improvements
GitHub #773: "Improved documentation (histogram and typos). Fixed the build for latest sphinx version.".
Solved issues
GitHub #778: "Fixed build with Clang".
Interprocess:
Minor documentation fixes.
Fixed bugs:
GitHub #245: "Fix UBSan runtime error (load of 'boost::interprocess::mode_t')".
GitHub #269: "Minor documentation fixes and template parameter renames".
JSON:
Removed dependencies on Boost.Align and Boost.StaticAssert.
Switched to a faster hashing algorithm.
LexicalCast:
More tests and fixes for floating-point special value conversions to integers and bool. Fixes compiler warning C4804 when lexical casting from float to bool.
Dropped dependency to Boost.TypeTraits. Many thanks to Romain Geissler for implementing the major part of the work (PR#87).
Switch from implicit to explicit type conversion to avoid compiler warnings. Many thanks to bmagistro for the PR (PR#85).
Fixed mistakes in documentation. Many thanks to ivanpanch for the PR (PR#86).
Fixed regression in unsigned short to wstring casting without wchar_t builtin type.
Locale:
Fixed B2 build files to avoid building dynamic versions of various Boost libraries when only static ones are requested (PR#266).
When ISO8859-1 or ISO8859-8 encoding is requested, allow using Windows codepages 1252 or 1255, respectively, instead of using the "C" (classic) locale when the selected Windows locale doesn’t support that ISO8859 encoding.
Enabled a workaround for an issue in Cygwins stdlib when converting some long UTF-8 sequences to UTF-16.
Log:
Fixed a missed optimization in value_ref visitation.
Fixed a possible long and useless loop on log file rotation in text_file_backend. If the log file name pattern did not include a file counter and the log file size exceeded the rotation_size limit, then the sink backend would repeatedly try to open a new log file with a different counter value and end up opening the same file every time. (#252)
Made file size checks more robust against integer overflows in text_file_backend.
Math:
Added new sub-library: Reverse-Mode Automatic Differentiation.
Added new constant: log_pi.
Added proper promotion policy support to logit, logistic_sigmoid, and logistic distributions.
Numerous fixes and edge case repairs to the special functions.
Mp11:
Updated mp_reverse_fold to work on fixed size lists
MQTT5:
Removed dependency on Boost.Spirit.
Auto-reconnection now triggers on any transport-layer error instead of a limited whitelist (#38).
Added at_transport_error callback to the Logger interface.
MSM:
Refurbished and updated the documentation to use Antora.
Added a new back-end backmp11 offering heavily reduced compile times, a refactored API and a couple of new features. Requires C++17, more details are available in the documentation.
Fixed bug GitHub #87: "boost::any stopped working as Kleene event in 1.86 in boost::msm".
Multiprecision:
Significant improvements to testing and coverage of newer cpp_double_fp_backend.
MySQL:
Deprecated support for Clang versions older than 4.0. These compilers might still work, but they won’t be actively tested in CI.
Added tests to guarantee compatibility with MySQL 9.x.
Added tests to guarantee compatibility with Clang versions up to 20, and GCC versions up to 15.
Parser:
Fixed ill-formedness when using move-only callables with closures (PR#284)
Fix wonky const-incompatibility in GlobalState parser template params (#250).
Fix ill-formedness in some cases when using the permutation parser (#268).
Fixed an error in sequence parsing that could cause some attributes to be overwritten by later parsers in a sequence (#279).
Fix the handling of opt-parsers that could leave a std::optional attribute containing a value even though the parser that produced it failed (#279 and #285).
Multiple runtime optimizations (#245, PR#254, PR#255, PR#256).
A modest compile-time and code size optimization (#250).
Make transform constexpr (PR#275).
Move-versus-forward warning mitigation (#272).
Correct the documentation for the attribute type of the if_ directive (#278).
Correct many, many typos in the docs (PR#271).
PFR:
Added an implementation based on C++26 destructuring into a pack, that fixes majority of known limitations of the library and avoids excessive template instantinations. The new implementation can be explicitly enabled/disabled by a new BOOST_PFR_USE_CPP26 macro. Many thanks to Jean-Michaël Celerier for the PR (PR#194).
Multiple fixes to CMake. Many thanks to Alexander Grund for the PRs!
Random:
Fix for construction of xoshiro family of generators from SeedSeq.
Redis:
Important changes to cancellation:
Improved the per-operation support in async_exec(), and added support for asio::cancel_after. Requests can now be cancelled at any point, and cancellations don’t interfere with other requests anyhow. Pull requests PR#310 and #226.
Deprecated the cancel_on_connection_lost and cancel_if_not_connected flags in request::config. To limit the time span that async_exec might take, use asio::cancel_after, instead. cancel_on_connection_lost default has been changed to false. Pull requests PR#329 and PR#334.
Deprecated calling cancel with operation::resolve, connect, ssl_handshake, reconnection and health_check. Users should employ cancel(operation::run), instead. Pull request PR#321.
Added support for per-operation cancellation in async_run(). Issue #319.
Added support for custom setup requests using config::setup. When setting these fields, users can replace the library-generated HELLO request by any other arbitrary request. Issue #302 and pull request PR#303.
Deprecated request::config::hello_with_priority. If you need to execute a request before any other, use config::setup, instead. Pull request PR#305.
Valkey long-term support: we guarantee Valkey compatibility starting with this release. Issue #296.
Added a request::append() function, to concatenate request objects. Issue #341.
The health checker algorithm has been redesigned to avoid false positives under heavy loads. PING commands are now only issued when the connection is idle, instead of periodically. Issue #104.
Added config::read_buffer_append_size, which allows to control the expansion of the connection’s read buffer. Pull request PR#283.
Added usage::bytes_rotated, which measures data copying when reading and parsing data from the server. Pull request PR#311.
Bug fixes:
Fixed a bug causing an exception to be thrown when parsing a response that contains an intermediate error into a generic_response. Issue #287.
Fixed a number of race conditions in the cancel() function of connection and basic_connection that could cause cancellations to be ignored. Issue #318.
Users with an empty password but a non-default username are now correctly authenticated. Issue #298.
Fixed a problem that could cause an error during HELLO to make subsequent HELLO attempts during reconnection to fail. Issue #290.
Errors during HELLO are now correctly logged. Issue #297.
SmartPtr:
The functionality enabled by the deprecated macros BOOST_SP_ENABLE_DEBUG_HOOKS, BOOST_SP_USE_STD_ALLOCATOR, and BOOST_SP_USE_QUICK_ALLOCATOR has been removed.
The header <boost/smart_ptr/detail/quick_allocator.hpp> has been marked deprecated and will be removed in a future release.
Configurations that define BOOST_NO_CXX11_HDR_ATOMIC are no longer supported; a conforming C++11 <atomic> is now required.
The deprecated macros BOOST_AC_USE_SPINLOCK, BOOST_AC_USE_PTHREADS, BOOST_SP_USE_SPINLOCK, and BOOST_SP_USE_PTHREADS are no longer functional.
Platform-specific implementations of atomic_count, sp_counted_base and spinlock are no longer used and have been removed.
Configurations that define BOOST_NO_CXX11_HDR_MUTEX are no longer supported; a conforming C++11 <mutex> is now required.
Some unused headers in boost/smart_ptr/detail/ have been removed.
Stacktrace:
Fixed missing include. Thanks to Orgad Shaneh for the fix!
Fixed URL in libbacktrace_impls.hpp, thanks to Jonathan Wakely.
StaticString:
Aligned to_static_[w]string() with std::to_[w]string() in C++26.
Removed usage of an additional buffer in to_static_[w]string().
Added resize_and_overwrite().
STLInterfaces:
Fixed ill-formedness with GCC 14 (PR#80).
Fixed ill-formedness when using move-only callables with closures.
Test:
Fixed a few warnings on Windows Clang.
TypeIndex:
Dropped dependency on Boost.Core.
Run all the tests in CMake too, Many thanks to Alexander Grund for some fixes and help.
URL:
segments_view and segments_encoded_view gained constant-time iterator-based subview constructors.
Added zone-id setters (e.g. for IPv6 link-local addresses).
Host setters now accept/propagate zone-id.
Fixed: resolve now replicates the reference fragment in all cases (#920).
Fixed: encoded_host_address assertions account for zone-id.
Refactor: replaced BOOST_STATIC_ASSERT with BOOST_CORE_STATIC_ASSERT (#934).
Refactor: preserved absolute semantics for segment subviews (#939).
Uuid:
string_generator is now constexpr on C++14 and higher.
Added header boost/uuid/constants.hpp.
Renamed boost/uuid/uuid_generators.hpp to boost/uuid/generators.hpp. The old name is retained for compatibility.
Variant2:
More functions have been marked as constexpr, including ~variant. This didn’t matter before C++20, but does now.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/htop-dev/htop/blob/main/ChangeLog
"What's new in version 3.5.0
* Implement line editor for Search, Filter and (re)naming Screens
* Add digits editing for numeric options
* Backtrace screen feature (using libunwind-ptrace)
* Add CPU SMT label option
* MemoryMeter: rework to allow full platform-specific control
* Fix CPU virtualization bar color and help text in non-detailed mode
* Add --no-meters option to hide meters
* Implement explicit NO_COLOR env support
* fix: support *-256color in $TERM key detection
* Add COLORSCHEME_NORD: Nordic inspired theme
* Add Tctl temperature reading
* Add SecondsUptimeMeter
* Adjust GPUMeter text display
* Make Ctrl-U clear the current Filter or Search string while editing it
* Make empty --filter= command line arguments invalid
* Make Infoscreen also show uppercase FILTER when filtering (F4) is active
* Graph meter dynamic scaling and percent graph drawing
* Update "total" value for non-percent bar meters
* Fix logic bug while iterating processes
* Change NetworkIOMeter "packets per second" display
* Add NetworkIOMeter description
* Rework DiskIOMeter into a combined display of 2 sub-meters
* Introduce DiskIORateMeter and DiskIOTimeMeter
* DiskIOMeter: Adjust code indent and formatting
* DiskIOMeter: Move cache update code to a new function
* Add --no-function-bar option to hide functionbar
* Fix function bar labels in Screens panel rename mode
* Make Meters function bar consistent with the Screens one
* Display a FAILED message in the FunctionBar on host scan failure
* Cancel pending renaming action for a screen in dtor of ScreensPanel
* Move prevSelected from ScreensPanel to Panel
* Only issue KEY_RECLICK when the focussed item has not changed
* Track oldFocus correctly in ScreensPanel
* Add lost focus event, make mouse actions consistent, handle rename and move explicitly across screens / meters / columns
* Make Cancel (F2, Esc) remove a newly added screen tab and not only abort the implicit rename
* Use default key list for DisplayOptions "Dec/Inc" function bar
* Make first click select option line but not toggle it, toggle with next click, handle right click
* Make the Panel items actually match what receives a mouse click
* No need for "phantom" CPU threads
* Simplify offline CPU marking
* Make the physicalID default to 0 because old Intel processors only have that
* Don't draw Meter caption if width is not enough (bar & graph)
* CPUMeter: Fix negative "x" positions of sub-meters
* Add sensors logic for Snapdragon 410
* Add sensors logic for Amlogic S905W support
* Add foot terminal to terminalSupportsDefinedKeys
* No longer write to htoprc file if it's not owned by EUID
* Remove initial enforced delay to reduce startup latency
* Improve bootup time by caching all getpwuid result
* Fix a small file descriptor leak in Settings_write()
* Keep track of the biggest PID and scale the column accordingly
* Allocate COMMAND (cmdline) and comm buffers dynamically
* Improve "comm" string highlighting in Process_makeCommandStr()
* Improve process cmdline basename matching with procExe path
* Don't make highlights of zero-length cmdline basename
* Shadow path prefixes used by NixOS
* Improve Generic_unameRelease() related code
* Linux: Check for CPU number on s390
* Linux: Handle special cases for CPU frequency data in /proc/cpuinfo
* Linux: Added support for OpenRC init system and metrics
* Linux: fix detection of NUL argument separator
* Linux: Skip loopback and MD (multi-device) driver entries in /proc/diskstats
* Darwin: Add GPUMeter code for macOS
* Darwin: Rewrite & improve Platform_getOSRelease() code
* Darwin: implement macOS version reporting in SysArchMeter
* Darwin: Handle legacy references to kIOMainPortDefault
* Darwin: Bring back conversion of process CPU time on macOS (#1638)
* PCP: Automatically reconnect PCP metrics contexts on disconnect
* PCP: Fixes to use units-based scaling in pcp-htop on macOS
* PCP: Fix PCPDynamicColumn parsing after a bad section name
* FreeBSD: Update the internal priority reference point
* NetBSD: Improve process state retrieval code
* OpenBSD: Check on AC power value being nonzero
* OpenBSD: Document sysctl indices for ACPI battery & AC code
* Solaris: Update memory info on every refresh
* Add v1.0 of the AI-Assisted Contributions Policy
* Add a Code of Conduct document for the project
* README: Add Quick Start section
* README: update instructions for those who use Arch
* Add Japanese support in htop.desktop
* Add Armenian support in htop.desktop
* docs: fix COLORS bullet list formatting and capitalization in man page
* CI: Add Github Action workflow for Coverity checking
* CI: Add libiberty and demangling support to backtrace screen build
* CI: Update LLVM/Clang versions to 22
* CI: Update FreeBSD to 15.0
* CI: Update to use OpenBSD 7.7
* build: Add packages for OpenSUSE/SLES
* build: Fix Autoconf 2.69 compatibility regressions
* build: Simplify curses header checking code
* build: remove the --with-os-release configure option
* build: Fix redundant newlines in configure help strings
* build: Allow custom search path for libnl; try pkg-config when needed
* build: Use HTOP_PKG_CHECK_MODULES in hwloc and libnl checking
* build: Introduce HTOP_PKG_CHECK_MODULES wrapper macro
* build: Introduce 'htop_search_header_dir' configure function
* build: Add configure check on whether local unwinding works
* build: Automatically detect backtrace(3) return type
* build: Use pkg-config to detect libnl3 header path
* build: Also check libunwind through pkg-config
* build: Simplify configure netlink/*.h detection code
* build: Fix netlink/*.h detection logic in configure
* build: Fix '-ffinite-math-only' configure warning
* build: Fix configure '--enable-delayacct' help text
* build: Fix a macOS AC_COMPILE_IFELSE misquoting"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.nano-editor.org/news.php
"2026 April 8 - GNU nano 9.0 "Le bonheur est dans le pré"
When the cursor almost goes offscreen to the right, all lines are
now scrolled sideways together, by just the amount needed to keep
the cursor in view. Use --solosidescroll or 'set solosidescroll'
to get back the old, jerky, single-line horizontal scrolling.
The viewport can be scrolled sideways (in steps of one tabsize)
with M-< and M->. See `man nanorc` if M-< and M-> should switch
between buffers (as they did earlier).
M-Left, M-Right, M-Up, and M-Down have become rebindable.
Stopping the recording of a macro immediately after starting it
cancels the recording and leaves an existing macro in place.
Feature toggles no longer break a chain of ^K cuts or M-6 copies,
except the M-K cut-from-cursor toggle.
With --mouse plus --indicator, one can click in the scrollbar area
to roughly navigate within the buffer."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3510300 to 3530000
- Update of rootfile
- Changelog 3530000
Fix the WAL-reset database corruption bug.
Add the Query Result Formatter (QRF) library for formatting the results of SQL queries for human readability on a fixed-pitch font screen.
Add the format method to the TCL Interface so that QRF is accessible from TCL.
QRF is used for result formatting in the CLI, resulting in improved display capabilities.
New SQL language features:
Enhance ALTER TABLE to permit adding and removing NOT NULL and CHECK constraints.
The REINDEX EXPRESSIONS statement rebuilds expression indexes. (Useful to repair stale expression indexes.)
The body of TEMP triggers may now modify and/or query tables in the main schema.
Enhance VACUUM INTO so that if a URI filename is used as the target and that filename has a reserve=N query parameter with N between 0 and 255, then the reserve amount for the generated database copy is set to N.
New SQL functions:
json_array_insert()
jsonb_array_insert()
Renovations to the CLI:
Major enhancements to the .mode command.
Improved result formatting, due to the addition of the QRF extension. For example, numeric values are now right-justified by default in tabular output modes.
The default output mode for interactive CLI sessions now uses QRF to display query results in boxes formed using Unicode box-drawing characters, for improved legibility. Batch CLI sessions use the legacy output format for compatibility.
Bare (unquoted) semicolons at the end of dot-commands are silently ignored. ← Potential incompatibility!
Fix the .testcase and .check commands so that they actually work, and use those commands in scripts that are part of the standard SQLite test suite included with the source tree.
Command-line arguments that match *.sql or *.txt and are the names of non-empty files are read and interpreted as scripts of SQL statements and/or dot-commands.
The argument to the ".timer" command can now be "once", to run the timer on only the next SQL statement.
The new "--timeout S" option to the ".progress" dot-command causes SQL statements to interrupt after S seconds.
The ".indexes" command was changed so that the PATTERN argument matches the name of the index, not the name of the table being indexed (thus making the PATTERN argument actually useful). And, several new options were added to ".indexes".
New C-language interfaces:
sqlite3_str_truncate()
sqlite3_str_free()
sqlite3_carray_bind_v2()
Add the SQLITE_PREPARE_FROM_DDL option to sqlite3_prepare_v3() which permits virtual table implementations to safely prepare SQL statements that are derived from the database schema.
Added the SQLITE_UTF8_ZT constant which can be used as the encoding parameter to sqlite3_result_text64() or sqlite3_bind_text64() to indicate that the value is UTF-8 encoded and zero terminated.
The SQLITE_LIMIT_PARSER_DEPTH option is added to sqlite3_limit().
The SQLITE_DBCONFIG_FP_DIGITS option is added to sqlite3_db_config(). See also item 9b below.
Query planner improvements:
Always use a sort-and-merge algorithm for EXCEPT, INTERSECT, and UNION, since this is almost always faster than using a hash table.
Improvements to join order selection in large multi-way joins on a star schema.
Enhance the EXISTS-to-JOIN optimization so that the inserted JOIN terms are not required to be on the inner-most loops, as long as all dependencies for the EXISTS-to-JOIN loops are in outer loops.
Enhance the omit-noop-join optimization so that it is able to omit a chain of joins that do not affect the output.
Allow queries that use "GROUP BY e1 ORDER BY e2" where e1 and e2 are identical apart from ASC/DESC sort-orders to be optimized using a single index.
Allow virtual tables to optimize DISTINCT in cases where the result-set of a query does not exactly match the ORDER BY clause.
Add new interfaces to the session extension that enable an application to add changes one at a time to the sqlite3_changegroup object:
sqlite3changegroup_change_begin()
sqlite3changegroup_change_blob()
sqlite3changegroup_change_double()
sqlite3changegroup_change_int64()
sqlite3changegroup_change_null()
sqlite3changegroup_change_text()
sqlite3changegroup_change_finish()
sqlite3changegroup_config()
Improvements to floating-point ↔ text conversions.
Reimplemented to improve performance.
Rounding is now done by default to 17 significant digits, instead of 15, as was the case for all prior versions. The sqlite3_db_config(SQLITE_DBCONFIG_FP_DIGITS) API (item 6g above) can change this, if desired.
Added the self-healing index feature to deal with the stale expression index problem.
Add the "-p|--port" option to sqlite3_rsync.
Discontinue support for Windows RT.
JavaScript/WASM
Add the "opfs-wl" VFS, functionally identical to the "opfs" VFS but using Web Locks for locking, which can promise fairer lock sharing than the "opfs" bespoke protocol can. "opfs-wl" requires Atomics.waitAsync(), so requires newer browsers than "opfs" does.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 20:23:07 +0000 (22:23 +0200)]
libsodium: Add patch to enable 1.0.21 to build on aarch64
- The update to 1.0.21 resulted in libsodium not building on aarch64. A fix has b
been developed and will ultimately be available with the next release. This uses that
patch fix to be applied to 1.0.21
- Build tested on aarch64 and was successfull.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 15:18:53 +0000 (17:18 +0200)]
tor: Update to version 0.4.9.6
- Update from version 0.4.8.21 to 0.4.9.6
- Version 0.4.8.22 was likely the last update on the 0.4.8 branch. Everything is now
focussed on the 0.4.9 branch.
- There are some security fixes in some of the update steps.
- No change in rootfile
- Changelog
0.4.9.6
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (portability):
- (Hopefully) fix our polyval implementation on big-endian
platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
0.4.9.5
This first stable release in the 0.4.9 series introduces a new
circuit-level encryption design for better client security, as well
as a more scalable way for large relay operators to annotate which
relays they run so clients can avoid using too many of them in a
single circuit.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major features (path selection):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family share a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.1-alpha.
o Major bugfixes (controller events):
- Fix spikes occurring in bandwidth cache events on control connection.
Fixes bug 31524; bugfix on 0.0.9pre5.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor features (client security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor features (exit relays):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (client extensibility):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor features (sandboxing):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor features (onion services):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow configuring
the minimum accepted relay version without requiring a new tor
release. Closes ticket 40817.
o Minor features (metrics port):
- New metrics on the MetricsPort for the number of BUG() calls that
occurred at runtime. Fixes bugs 40839 and 41104; bugfix on
0.4.7.1-alpha.
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (directory authority):
- Export unsigned consensus documents once we have seen a threshold
of signatures, as a step toward the consensus transparency
experiment.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 12, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database,
as retrieved on 2026/02/12.
o Minor features (windows):
- Various compilation fixes for our Windows CI. Closes ticket 41214.
o Minor bugfixes (exit relays):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. Fixes bug
41021; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (bridges):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (testing network):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (relay):
- Refuse to overwrite an existing *.secret_family_key when running
tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Removed features (relays):
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
o Removed features (directory authorities):
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
0.4.9.4-rc
Finally, the release candidate for the 0.4.9.x series. It consists of minor
features and several bugfixes. Nothing major has been added since the alpha.
If everything goes well, the next version will be the first stable.
o Minor features (security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor feature (Exit):
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (HTTPTunnelPort):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
o Minor features (linux seccomp2 sandbox):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor bugfixes (DNS, exit):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
o Minor bugfixes (warnings):
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
0.4.9.3-alpha
This is the third alpha release and likely the last before going stable.
This release contains the new CGO circuit encryption. See proposal 359 for
more details. Several TLS minor fixes which will strengthen the link
security.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Major features (cell format):
- Tor now has (unused) internal support to encode and decode relay
messages in the new format required by our newer CGO encryption
algorithm. Closes ticket 41051. Part of proposal 359.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major bugfixes (onion service directory cache):
- Preserve the download counter of an onion service descriptor
across descriptor uploads, so that recently updated descriptors
don't get pruned if there is memory pressure soon after update.
Additionally, create a separate torrc option MaxHSDirCacheBytes
that defaults to the former 20% of MaxMemInQueues threshold, but
can be controlled by relay operators under DoS. Also enforce this
threshold during HSDir uploads. Fixes bug 41006; bugfix
on 0.4.8.14.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
o Minor features (security, TLS):
- When we are running with OpenSSL 3.5.0 or later, support using the
ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
o Minor feature (client, TLS):
- Set the TLS 1.3 cipher list instead of falling back on the
default value.
o Minor feature (padding, logging):
- Reduce the amount of messages being logged related to channel
padding timeout when log level is "notice".
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 16, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/09/16.
o Minor features (hidden services):
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor features (hsdesc POW):
- Tolerate multiple PoW schemes in onion service descriptors, for
future extensibility. Implements torspec ticket 272.
o Minor features (performance TLS):
- When running with with OpenSSL 3.0.0 or later, support using
X25519 for TLS key agreement. (This should slightly improve
performance for TLS session establishment.)
o Minor features (portability):
- Fix warnings when compiling with GCC 15. Closes ticket 41079.
o Minor bugfix (conflux):
- Remove the pending nonce if we realize that the nonce of the
unlinked circuit is not tracked anymore. Should avoid the non
fatal assert triggered with a control port circuit event. Fixes
bug 41037; bugfix on 0.4.8.15.
o Minor bugfixes (bridges, pluggable transport):
- Fix a bug causing the initial tor process to hang instead of
exiting with RunAsDaemon, when pluggable transports are used.
Fixes bug 41088; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (circuit handling):
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Second fix attempt Fixes bug 41106; bugfix
on 0.4.8.17
o Minor bugfixes (compilation):
- Fix linking on systems without a working stdatomic.h. Fixes bug
41076; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (logging, metrics port):
- Count BUG statements for the MetricsPort only if they are warnings
or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
contributed by shadowcoder.
o Minor bugfixes (protocol):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay):
- Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
bug 41043; bugfix on 0.4.9.2-alpha.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17-dev.
o Removed features:
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
0.4.9.2-alpha
This is the second alpha of the 0.4.9.x series. We have several new minor
features and a big one, the happy families that was long awaited by relay
operators. This release also fixes a number of bugs including major ones.
o Major feature (happy families):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family shares a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major features (client):
- Clients now respect "happy families" per proposal 321. This
feature will eventually allow a much more compact representation
for relay families, for a significant savings in directory
download size.
o Minor feature (onion service, control port):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (compilation):
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor features (continuous integration):
- Upgrade CI runners to use Debian Bookworm instead of Bullseye.
Closes ticket 41029.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 05, 2025.
- Regenerate fallback directories generated on March 20, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/02/05.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/20.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/24.
o Minor features (recommended protocols):
- Directory authorities now vote to recommend that clients support
certain protocols beyond those that are required. These include
improved support for connecting to relays on IPv6, NtorV3, and
congestion control. Part of ticket 40836.
o Minor features (required protocols):
- Directory authorities now vote to require clients to support the
authenticated SENDME feature, which was introduced in
0.4.1.1-alpha. Part of ticket 40836.
- Directory authorities now vote to require relays to support
certain protocols, all of which have been implemented since
0.4.7.4-alpha or earlier. These include improved support for
connecting to relays on IPv6, NtorV3, running as a rate-limited
introduction point, authenticated SENDMEs, and congestion control.
Part of ticket 40836.
o Major bugfix (control-events, bw-cache):
- Fixes spikes occurring in bandwidth cache on control connection.
Fixes bug 31524; bugfix on 0.4.8.12-dev.
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.13.
o Major bugfixes (onion service directory cache):
- When the OOM killer kicks in, cleanup the descriptor cache of an
HSDir by looking at the lowest downloaded count instead of time in
cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (conflux):
- Avoid a non fatal assert when describing a conflux circuit on the
control port after being prepped to be freed. Fixes bug 41037;
bugfix on 0.4.8.15.
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
41035; bugfix on 0.4.8.15
o Minor bugfixes (control port):
- Correctly report conflux pair information to controller fields
Fixes bug 40872; bugfix on 0.4.8.1-alpha
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. (Fixes bug
41021; bugfix on 0.2.8.1-alpha.)
o Minor bugfixes (threads, memory):
- Improvements in cleanup of resources used by threads. Fixes bug
40991; bugfix on 0.4.8.13-dev.
- Rework start and exit of worker threads.
o Removed features:
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
0.4.9.1-alpha
This is the first alpha of the 0.4.9.x series. This release mostly consists
of bugfixes including some major ones. There are several minor features in
this release but no large new subsystem.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor feature (defense in depth):
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow modification of
minimal accepted version for relays without requiring a new tor
release. Closes ticket 40817.
o Minor feature (exit policies):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
o Minor feature (exit relay, DoS resistance):
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
o Minor feature (metrics port):
- New metrics on the MetricsPort for the number of BUG() that
occurred at runtime. Closes MR 760.
o Minor feature (metrics port, relay):
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor feature (testing):
- test-network now unconditionally includes IPv6 instead of trying
to detect IPv6 support.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (SOCKS):
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor bugfix (MetricsPort, relay):
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
o Minor bugfix (process):
- Avoid closing all possible FDs when spawning a process (PT). On
some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay, sandbox):
- Disable a sandbox unit test that is failing on Debian Sid breaking
our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (bridge):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (memory):
- Fix a pointer free that wasn't set to NULL afterwards which could
be reused by calling back in the free all function. Fixes bug
40989; bugfix on 0.4.8.13.
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (testing):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (tor-resolve):
- Create socket with correct family as given by sockshost, fixes
IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
o Removed features:
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
o Removed features (directory authority):
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
o Removed features (obsolete):
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Removed some vestigial code for selecting the TAP circuit
extension protocol.
0.4.8.22
This is likely the very last release of the 0.4.8.x series. Three major
bugfixes detailed below including two affecting directory servers (basically
all relays). We strongly recommend upgrading as soon as possible.
o Major bugfixes (security):
- Avoid an out-of-bounds read error that could occur with
V1-formatted EXTEND cells. Fixes bug 41180; bugfix on 0.4.8.1-alpha.
This is tracked as TROVE-2025-016.
o Major bugfixes (directory servers):
- Allow old clients to fetch the consensus even if they use version
0 of the SENDME protocol. In mid 2025 we changed the required
minimum version of the "FlowCtrl" protocol to 1, meaning directory
caches hang up on clients that send a version 0 SENDME cell. Since
old clients were no longer able to retrieve the consensus, they
couldn't learn about this required minimum version -- meaning
we've had many many old clients loading down directory servers for
the past months. Fixes bug 41191; bugfix on 0.4.1.1-alpha.
- Don't count networkstatus serves until they finish. When we
started serving a consensus document but the client didn't receive
all of it, we were still counting that as a success in our stats.
This mistake, which can be triggered for example by obsolete
clients or by DPI-based censorship, led to wildly inflated user
counts because we estimate total users in the world based on
successful consensus fetches. Fixes bug 41192; bugfix
on 0.2.1.1-alpha.
o Minor feature (testing, CI):
- Bump the CI version of chutney to the current version as of
2026-01-21 (3338f5c).
o Minor features (debugging, compression):
- Do not check for compression bombs for buffers smaller than 5MB
(increased from 64 KB). Fixes ticket 40739; bugfix on 0.2.1.29.
o Minor features (directory servers):
- Track how many times directory servers begin serving networkstatus
documents, so we can compare it to the number of times we finish
serving them. Motivated by the fixes in ticket 41192.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on January 28, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/01/28.
o Minor bugfixes (relay):
- Downgrade "Error relaying cell across rendezvous" log warn to info
as the error condition is possible under normal circumstances. Fixes
bug 40951; bugfix on 0.3.5.1-alpha.
o Code simplification and refactoring:
- Simplify SOCKS4a parsing to avoid the (false) appearance of
integer underflows, and to make the logic more obvious. Fixes bug
41190; bugfix on 0.3.5.1-alpha.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 15:18:52 +0000 (17:18 +0200)]
systemd: Update to version 260.1
- Update from version 258 to 260.1
- Update of rootfile
- Remove FTBFS patch as this has now been included in the tarball.
- Remove the sed line for fixing udev linking as this is now part of the tarball.
- Changelog entries only related to udev
260.1
* Support for non-system users and groups in udev rules and
systemd-networkd configuration has been restored, but is deprecated
and discouraged. systemd-udevd will emits warnings if a non-system
user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
will warn about User=/Group= settings with a non-system user/group
specified in .netdev files for Tun/Tap interfaces. This support will
be removed in a future release.
Device nodes should not be owned by a non-system user/group. It is
recommended to check udev rules files with 'udevadm verify' and/or
'udevadm test' commands.
* Permissions for /dev/ptp* are now set to 0664 (previously 0660),
allowing unprivileged read-only access. This relies on the kernel fix
"ptp: Add PHC file mode checks. Allow RO adjtime() without
FMODE_WRITE." (commit b4e53b15c04e3852949003752f48f7a14ae39e86 in
v6.15, backported to LTS releases in v6.12.68, v6.6.122, v6.1.162,
v5.15.199, and v5.10.249), which adds missing PTP ioctl permission
checks and keeps clock-modifying operations write-restricted. Systems
running stable kernel branches should ensure they are updated to patch
levels that include the fix.
* Persistent network interface naming has bee extended to MCTP devices
with the "mc" prefix.
* The minimum backlight brightness value used when restoring backlight
levels at boot has been lowered from 5% to 1%. This lower value
should be sufficient to avoid blacked-out displays, but allows user
environments to use a wider range of values (without lower values
being reset during reboot). Note that environments may still set very
low brightness values at runtime independently of the systemd clamp
which only applies during boot.
* A new udev property ID_INTEGRATION= is now exposed on devices that
have ID_BUS= defined. This variable can be set to 'internal' when the
device is integral part of the system or 'external' otherwise.
Internal buses like PCI, I2C, SPI... imply 'internal' and external
buses like bluetooth imply 'external'. For USB the 'removable'
attribute of the port the device is connected to determines the
result: 'fixed' implies 'internal' and 'removable' or 'unknown'
implies 'external'.
* ID_INPUT_JOYSTICK_INTEGRATION= property has been dropped in favour of
ID_INTEGRATION= because it was never used and the new variable covers
the idea that variable was intended for better.
* A new udev builtin "tpm2_id" is now available which will extract
vendor/model identification from connected TPM2 devices as they are
probed. This is then used to import data from the udev database,
possibly containing quirk and other information about specific TPMs.
259
* systemd-udevd rules gained support for OPTIONS="dump-json" to dump
the current event status in JSON format. This generates output
similar to "udevadm test --json=short".
* The net_id builtin for systemd-udevd now can generate predictable
interface names for Wifi devices on DeviceTree systems.
* systemd-udevd and systemd-repart will now reread partition tables on
block devices in a more graceful, incremental fashion. Specifically,
they no longer use the kernel BLKRRPART ioctl() which removes all
in-memory partition objects loaded into the kernel and then recreates
them as new objects. Instead they will use the BLKPG ioctl() to make
minimal changes, and individually add, remove, or grow modified
partitions, avoiding removal/re-adding where the partitions were left
unmodified on disk. This should greatly improve behaviour on systems
that make modifications to partition tables on disk while using them.
* A new udev property ID_BLOCK_SUBSYSTEM is now exposed on block devices
reporting a short identifier for the subsystem a block device belongs
to. This only applies to block devices not connected to a regular bus,
i.e. virtual block devices such as loopback, DM, MD, or zram.
* systemd-udevd will now generate /dev/gpio/by-id/… symlinks for GPIO
devices.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 8 Apr 2026 09:22:42 +0000 (11:22 +0200)]
util-linux: Update to version 2.42
- Update from version 2.41.2 to 2.42
- Update of rootfiles for all architectures
- Changelog
2.42
Two security fixes applied - one for a CVE and the other for a CWE. These were
also applied at version 2.41.4
The changelog for 2.42 is way too long to inlcude here (~1700 lines)
The details can be found in the tarball in
/Documentation/releases/v2.42-ReleaseNotes
2.41.4
Security fixes:
CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.
The SUID mount follows symlinks when resolving loop backing file
paths. On systems where non-root users are permitted to mount loop
devices (via 'user' option in fstab), this allows access to
arbitrary files.
CWE-190 - Integer overflow in libblkid parse_dos_extended().
A crafted MBR disk image can cause uint32_t wraparound in EBR
chain processing, causing reported partitions to not match the
on-disk layout. Tools like udisks may then register a partition
at logical sector 0.
Changes:
blkid:
- Drop const from blkid_partitions_get_name() (by Daan De Meyer)
build-sys:
- (gcc) ignore -Wunused-but-set-variable for bison (by Christian Goeschel Ndjomouo)
disk-utils:
- fix typo in fdisk.c (by Christian Kirbach)
libblkid:
- dos: validate EBR data and links within extended partition (by Karel Zak)
libfdisk:
- dos: validate EBR link within extended partition bounds (by Karel Zak)
loopdev:
- add LOOPDEV_FL_NOFOLLOW to prevent symlink attacks (by Karel Zak)
tools:
- update git-version-next from master (by Karel Zak)
2.41.3
bash-completion:
- (mount) add missing options (by Christian Goeschel Ndjomouo)
- add lsfd (by Karel Zak)
- add blkpr (by Karel Zak)
- add bits to dist tarball (by Karel Zak)
dmesg:
- fix const qualifier warnings in parse_callerid (by Karel Zak)
eject:
- fix const qualifier warning in read_speed (by Karel Zak)
enosys:
- fix const qualifier warning in parse_block (by Karel Zak)
libblkid:
- fix const qualifier warning in blkid_parse_tag_string (by Karel Zak)
- use snprintf() instead of sprintf() (by Karel Zak)
libfdisk:
- (dos) fix off-by-one in maximum last sector calculation (by Karel Zak)
liblastlog2:
- fix operator precedence in conditional assignments (by Karel Zak)
lib, lscpu:
- fix const qualifier discarded warnings in bsearch (by Karel Zak)
libmount:
- fix const qualifier warning in mnt_parse_mountinfo_line (by Karel Zak)
- fix const qualifier warnings for C23 (by Karel Zak)
logger:
- fix const qualifier warnings for C23 (by Karel Zak)
login-utils:
- fix setpwnam() buffer use [CVE-2025-14104] (by Karel Zak)
losetup:
- sort 'O' correctly for the mutual-exclusive check to work (by Benno Schulenberg)
lscpu:
- use maximum CPU speed from DMI, avoid duplicate version string (by Karel Zak)
- Add a few missing Arm CPU identifiers (by Jonathan Thackray)
lsfd:
- fix memory leak related to stat_error_class (by Masatake YAMATO)
- (bugfix) use PRIu32 for prining lport of netlink socket (by Masatake YAMATO)
- fix const qualifier warning in strnrstr (by Karel Zak)
- fix const qualifier warning in new_counter_spec (by Karel Zak)
- fix bsearch macro usage with glibc C23 (by Cristian Rodríguez)
lsns:
- fix const qualifier warnings for C23 (by Karel Zak)
namei:
- fix const qualifier warning in readlink_to_namei (by Karel Zak)
partx:
- fix const qualifier warning in get_max_partno (by Karel Zak)
po:
- update sr.po (from translationproject.org) (by Мирослав Николић)
po-man:
- merge changes (by Karel Zak)
- update sr.po (from translationproject.org) (by Мирослав Николић)
umount:
- consider helper return status for success message (by Christian Goeschel Ndjomouo)
wdctl:
- remove -d option leftover (by Munehisa Kamata)
whereis:
- fix const qualifier warnings for C23 (by Karel Zak)
Misc:
- Fix memory leak in setpwnam() (by yao zhang)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:08 +0000 (17:11 +0200)]
xz: Update to version 5.8.3
- Update from version 5.8.2 to 5.8.3
- Update of rootfile
- Fix for a CVE
- Changelog
5.8.3
IMPORTANT: This includes a fix for CVE-2026-34743 which affects all
XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x
releases will be made, but the fix is in the v5.2, v5.4, and v5.6
branches in the xz Git repository.
* liblzma:
- Fix a buffer overflow in lzma_index_append(): If
lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.
The lzma_index functions are rarely used by applications
directly. In the few applications that do use these functions,
the combination of function calls required to trigger this bug
are unlikely to exist, because there typically is no reason to
append Records to a decoded lzma_index. Thus, it's likely that
this bug cannot be triggered in any real-world application.
The bug was reported and discovered by Cantina using their
AppSec agent, Apex.
- Fix the build on Windows ARM64EC.
- Add "License: 0BSD" to liblzma.pc.
* xz:
- Fix invalid memory access in --files and --files0. All of
the following must be true to trigger it:
1. A string being read (which supposedly is a filename) is
at least SIZE_MAX / 2 bytes long. This size is plausible
on 32-bit platforms (2 GiB - 1 B).
2. realloc(ptr, SIZE_MAX / 2 + 1) must succeed.
On glibc >= 2.30 it shouldn't because the value
exceeds PTRDIFF_MAX.
3. An integer overflow results in a realloc(ptr, 0) call.
If it doesn't return NULL, then invalid memory access
will occur.
- On QNX, don't use fsync() on directories because it fails.
* Autotools: Enable 32-bit x86 assembler on Hurd by default.
It was already enabled in the CMake-based build.
* Translations: Add Arabic man page translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:07 +0000 (17:11 +0200)]
xfsprogs: Update to version 6.19.0
- Update from version 6.18.0 to 6.19.0
- No change to rootfile
- Changelog
6.19.0
xfs_io: print more realtime subvolume related information in statfs (Christoph Hellwig)
xfs_io: fix fsmap help (Christoph Hellwig)
mkfs: fix log sunit automatic configuration (Darrick J. Wong)
mkfs: fix protofile data corruption when in/out file block sizes don't match (Darrick J. Wong)
libxfs: fix data corruption bug in libxfs_file_write (Darrick J. Wong)
misc: fix a few memory leaks (Darrick J. Wong)
debian: Drop Uploader: Bastian Germann (Bastian Germann)
mkfs.xfs fix sunit size on 512e and 4kN disks. (Lukas Herbolt)
xfs_scrub_all: fix non-service-mode arguments to xfs_scrub (Darrick J. Wong)
mkfs: remove unnecessary return value affectation (Damien Le Moal)
xfs: use blkdev_report_zones_cached() (Damien Le Moal)
include blkzoned.h in platform_defs.h (Christoph Hellwig)
debian: don't explicitly reload systemd from postinst (Darrick J. Wong)
xfs_mdrestore: fix restoration on filesystems with 4k sectors (Darrick J. Wong)
mkfs: quiet down warning about insufficient write zones (Darrick J. Wong)
xfs_logprint: print log data to the screen in host-endian order (Darrick J. Wong)
mkfs: set rtstart from user-specified dblocks (Darrick J. Wong)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:06 +0000 (17:11 +0200)]
vim: Update to version 9.2.0305
- Update from version 9.2.0089 to 9.2.0305
- Update of rootfile
- Changelog is not available. Generally each patch version number update is related to
a commit entry in the git repository. The details for all the commit changes can be
found at https://github.com/vim/vim/commits/master/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:05 +0000 (17:11 +0200)]
tzdata: Update to version 2026a
- Update from version 2025c to 2026a
- No change to rootfile
- Changelog
2026a
Briefly:
Moldova has used EU transition times since 2022.
The "right" TZif files are no longer installed by default.
-DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds.
TZif files are no longer limited to 50 bytes of abbreviations.
zic is no longer limited to 50 leap seconds.
Several integer overflow bugs have been fixed.
Changes to past and future timestamps
Since 2022 Moldova has observed EU transition times, that is, it
has sprung forward at 03:00, not 02:00, and has fallen back at
04:00, not 03:00. (Thanks to Heitor David Pinto.)
Changes to data
Remove Europe/Chisinau from zonenow.tab, as it now agrees with
Europe/Athens for future timestamps.
Changes to build procedure
The Makefile no longer by default installs an alternate set
of TZif files for system clocks that count leap seconds.
Install with 'make REDO=posix_right' to get the old default,
which is rarely used in major downstream distributions.
If your system clock counts leap seconds (contrary to POSIX),
it is better to install with 'make REDO=right_only'.
This change does not affect the leapseconds file, which is still
installed as before.
The Makefile's POSIXRULES option, which was declared obsolete in
release 2019b, has been removed. The Makefile's build procedure
thus no longer optionally installs the obsolete posixrules file.
Changes to code
Compiling with the new option -DTZ_RUNTIME_LEAPS=0 disables
runtime support for leap seconds. Although this conforms to
POSIX, shrinks tzcode's attack surface, and is more efficient,
it fails to support Internet RFC 9636's leap seconds.
zic now can generate, and localtime.c can now use, TZif files that
hold up to 256 bytes of abbreviations, counting trailing NULs.
The previous limit was 50 bytes, and some tzdata TZif files were
already consuming 40 bytes. zic -v warns if it generates a file
that exceeds the old 50-byte limit.
zic -L can now generate TZif files with more than 50 leap seconds.
This helps test TZif readers not limited to 50 leap seconds, as
tzcode's localtime.c is; it has little immediate need for
practical timekeeping as there have been only 27 leap seconds and
possibly there will be no more, due to planned changes to UTC.
zic -v warns if its output exceeds the old 50-second limit.
localtime.c no longer accesses the posixrules file generated by
zic -p. Hence for obsolete and nonconforming settings like
TZ="AST4ADT" it now typically falls back on US DST rules, rather
than attempting to override this fallback with the contents of the
posixrules file. This removes library support that was declared
obsolete in release 2019b, and fixes some undefined behavior.
(Undefined behavior reported by GitHub user Naveed8951.)
The posix2time, posix2time_z, time2posix, and time2posix_z
functions now set errno=EOVERFLOW and return ((time_t) -1) if the
result is not representable. Formerly they had undefined behavior
that could in practice result in crashing, looping indefinitely,
or returning an incorrect result. As before, these functions are
defined only when localtime.c is compiled with the -DSTD_INSPIRED
option.
Some other undefined behavior, triggered by TZif files containing
outlandish but conforming UT offsets or leap second corrections,
has also been fixed. (Some of these bugs reported by Naveed8951.)
localtime.c no longer rejects TZif files that exactly fit in its
internal structures, fixing off-by-one typos introduced in 2014g.
zic no longer generates a no-op transition when
simultaneous Rule and Zone changes cancel each other out.
This occurs in tzdata only in Asia/Tbilisi on 1997-03-30.
(Thanks to Renchunhui for a test case showing the bug.)
zic no longer assumes you can fflush a read-only stream.
(Problem reported by Christos Zoulas.)
zic no longer generates UT offsets equal to -2**31 and localtime.c
no longer accepts them, as they can cause trouble in both
localtime.c and its callers. RFC 9636 prohibits such offsets.
zic -p now warns that the -p option is obsolete and likely
ineffective.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:04 +0000 (17:11 +0200)]
transmission: Update to version 4.1.1
- Update from version 4.0.5 to 4.1.1
- Update of rootfile
- Removal of patches that are no longer needed as content is included in tarball.
- Previously transmission had been updated to 4.0.6 but then reverted due to a bug that
caused transmission to spam tracker announcements. This bug was fixed in 4.1.0
- Changelog
4.1.1
All Platforms
Fixed a 4.1.0 bug that failed to report some filesystem errors to RPC clients who were querying the system's free space available. (#8258)
Fixed a 4.1.0 bug that kept a a torrent's updated queue position from being shown. (#8298)
Fixed a 4.1.0 bug that caused torrents' queuing order to sometimes be lost between sessions. (#8306)
Fixed "assertion failed: no timezone" error on OpenSolaris. (#8358)
Fixed a 4.0.0 bug that displayed the wrong mime-type icon for mp4 video files. (#8411)
Hardened .torrent parsing by exiting sooner if pieces has an invalid size. (#8412)
Reverted a 4.1.0 RPC change that broke some 3rd party code by returning floating-point numbers, rather than integers, for speed limit fields. (#8416)
Fixed crash that could happen if a user paused a torrent and edited its tracker list at the same time. (#8478)
Fixed 4.1.0 crash on arm32 by switching crc32 libraries to Mark Madler's crcany. (#8529)
Require UTF-8 filenames in .torrent files, as required by the BitTorrent spec. (#8541)
Fixed crash that could occur when parsing a .torrent file with a bad pieces key. (#8542)
Fixed potential file descriptor leak when launching scripts on POSIX systems. (#8549)
Changed the network traffic algorithm to spread bandwidth more evenly amongst peers. (#8259)
Improved laggy user interface when bandwidth usage is high. (#8454)
macOS Client
Fixed a 4.1.0 crash that occurred if deleting a torrent's files on macOS returned a system error. (#8275)
Fixed a crash in the "Rename File ..." dialog when trying to rename a torrent right when the torrent finished downloading. (#8425)
Fixed 4.1.0 crash when removing a torrent that was being show in the Inspector. (#8496)
Improved performance of internal Torrent lookup code. (#8505)
Improved responsiveness when scrolling the torrent list with keyboard navigation. (#8323)
Qt Client
Fixed a 4.1.0 bug where the RPC error response arguments were not handled. (#8414)
Fixed a long-standing bug that wouldn't let file:/// URIs be added from the command line. (#8448)
Fixed broken icons in the torrent list on Windows. (#8456)
GTK Client
Fixed a 4.1.0-beta.5 assertion failure when fetching a blocklist failed on a system compiled with GLIBCXX_ASSERTIONS enabled. (#8273)
Fixed a 4.1.0 bug that wouldn't let magnet links be added from the "Add URL" dialog. (#8277)
Fixed a 4.1.0 bug that broke keyboard shortcuts when built with GTK3. (#8293)
Fixed a crash that could happen when removing some torrents. (#8340)
Fixed a 4.1.0 bug that showed the wrong encryption mode being shown in the Preferences dialog. (#8345)
Fixed a 4.0.x bug that prevented a handful of strings from being marked for translation. (#8350)
Fixed a 4.1.0 packaging error that prevented the Qt and GTK clients from being installed side-by-side on Arch. (#8387)
Fixed a 4.1.0 bug that wouldn't let magnet links be added from the command line. (#8415)
Web Client
Reverted a 4.1.0 change that merged the "Remove torrent" and "Trash torrent" confirmation dialogs into a single dialog. (#8355)
Fixed a 4.1.0 bug that showed a "Connection failed" popup when opening the "Open torrent" dialog while the current download directory path was invalid. (#8386)
Everything Else
Updated documentation. (#8245, #8526)
4.1.0
Highlights
Improved µTP download performance. (#6508)
Added support for IPv6 and dual-stack UDP trackers. (#6687)
Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#7481)
New JSON-RPC 2.0-compliant RPC API. (#7269)
Added optional sequential downloading. (#4795)
Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client)
Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#7086)
All Platforms
Improved libtransmission code to use less CPU. (#4876, #5645, #5715, #5734, #5740, #5792, #6103, #6111, #6325, #6549, #6589, #6712, #7027, #7744, #7800)
Avoid unnecessary heap memory allocations. (#5519, #5520, #5522, #5527, #5540, #5649, #5666, #5672, #5676, #5720, #5722, #5725, #5726, #5768, #5788, #5830, #6542)
Slightly reduced latency when sending protocol messages to peers. (#5394)
Added the option preferred_transport to settings.json, so that users can choose their preference between µTP and TCP. (#5939)
Return X-Transmission-Rpc-Version header in RPC HTTP 409 response to indicate JSON-RPC support. (#7958)
Added an option to verify a torrent immediately after it finishes downloading. (#4178)
Feat: add stats for known peers, not just connected ones. (#4900)
Added support for using a proxy server for web connections. (#5038, #7486)
Added ability to cache IP addresses used in global communications, and use it to fix UDP6 warning log spam. (#5329, #5510)
Updated the torrent creator's default piece size to handle very large torrents better. (#5615)
Added support for sending an ipv4 parameter during the Extension Protocol handshake. (#5643)
Setting "cache-size-mb": 0 in settings.json now disables the disk write cache. (#5668)
Improved libtransmission code to use less CPU and RAM. (#5801)
The WebUI now does separate port checks for IPv4 and IPv6. (#5953)
Transmission now checks if local files exists after setting torrent location. (#5978)
Added forced variant of the "Verify Local Data" context menu item to WebUI. (#5981)
Improved handling of plaintext and MSE handshakes. (#6025)
If a torrent contains empty (zero byte) files, create them when starting the torrent. (#6232)
Added optional sequential downloading. (#6450, #6746, #6893, #7047)
The Qt and GTK Client now does separate port checks for IPv4 and IPv6. (#6525)
Improved DHT performance. (#6569, #6695)
Added advanced sleep-per-seconds-during-verify setting to settings.json. (#6572)
Improved µTP download performance. (#6586)
Added support for IPv6 Local Peer Discovery. (#6700)
Allow port forwarding state to automatically recover from error. (#6718)
Save upload/download queue order between sessions. (#6753, #7332)
Added BEP-21 downloader count to tr_tracker_view and RPC. (#6936)
Make client reqq configurable. (#7030)
Daemon log timestamps are now in local ISO8601 format. (#7057)
Log the reason when the RPC server rejects requests. (#7114)
Added peer traffic statistics to torrent-get rpc method. (#7172)
Added bytesCompleted field to torrent-get rpc call. (#7173)
Deprecate tcp-enabled and udp-enabled in favour of preferred_transports. (#7473)
Added raw PeerID to RPC interface. (#7514)
IPv4 patterns in the RPC whitelist can now match with IPv4-mapped IPv6 addresses. (#7523)
torrent_get.wanted is now an array of booleans in the JSON-RPC API. (#7997)
Encryption mode in settings.json and RPC are now serialized to the same set of strings. (#8032)
Fixed crash in tr_peerMgrPeerStats(). (#5279)
Fixed "no such file or directory" warning when adding a magnet link. (#5426)
Fixed bug that caused the wrong decimal separator to be used in some locales. (#5444)
Fixed bug in sending torrent metadata to peers. (#5460)
Fixed filename collision edge case when renaming files. (#5563)
Fixed locale errors that broke number rounding when displaying statistics, e.g. upload / download ratios. (#5587)
In RPC responses, change the default sort order of torrents to match Transmission 3.00. (#5604)
Improved handling of multiple connections from the same IP address. (#5619)
Always use a fixed-length key query in tracker announces. This isn't required by the spec, but some trackers rely on that fixed length because it's common practice by other BitTorrent clients. (#5652)
Fixed minor performance bug that caused disk writes to be made in smaller batches than intended. (#5671)
Fixed potential Windows crash when getstdhandle() returns NULL. (#5675)
Modified LTEP to advertise PEX support more proactively, and added an sanity check for magnet metadata exchange. (#5783)
Fixed 4.0.0 bug where the port numbers in LPD announces are sometimes malformed. (#5825)
Fixed a bug that prevented editing the query part of a tracker URL. (#5871)
Fixed a bug where Transmission may not announce LPD on its listening interface. (#5875)
Fixed a bug that prevented editing trackers on magnet links. (#5957)
Fixed HTTP tracker announces and scrapes sometimes failing after adding a torrent file by HTTPS URL. (#5969)
Fixed blocklist error seen on some Synology devices due to a bug in tr_sys_path_copy(). (#5974)
Run peerMgrPeerStats in session thread. (#5992)
In some locales, some JSON stirngs were incorrectly escaped. (#6005)
If there was some disk error with torrent removal, fail with a user readable error message. (#6055)
Fixed 1.60 bug where low priority torrents behaved as if they had a normal priority. (#6079)
Fixed 4.0.4 regression that could cause slower downloads when upload speed limits were enabled. (#6082)
Fixed 4.0.0 bug where the IP address field in UDP announces were not encoded in network byte order. [BEP-15]. (#6126)
Improved parsing HTTP tracker announce response. (#6223)
Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6355, #6405)
Fixed error when using mbedtls crypto backend: "CTR_DRBG - The requested random buffer length is too big". (#6379)
Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434)
Fixed a couple of logging issues. (#6463)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483)
Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514)
Fixed 4.0.0 bug where secondsDownloading and secondsSeeding will be reset when stopping the torrent. (#6844)
Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846)
Partial file suffixes will now be updated after torrent verification. (#6871)
Limit the number of bad pieces to accept from a webseed before banning it. (#6875)
Fixed a 4.0.0 bug where 2.20-3.00 torrent piece timestamps saved in the resume file aren't loaded correctly. (#6896)
Fixed a bug that could discard BT messages that immediately followed a handshake. (#6913)
Various bug fixes and improvements related to PEX flags. (#6917)
Fixed a bug where the turtle icon is active but not effective on starting Transmission. (#6937)
Fixed a bug where Transmission does not properly reconnect on handshake error. (#6950)
Fixed edge cases where date done and recently-active does not get updated after torrent state change. (#6992)
Fixed a 4.0.0 bug where the tracker error is not cleared when the tracker is removed from the torrent. (#7141)
Fixed a bug where torrent progress is not properly updated after verifying. (#7143)
Disconnect blocklisted peers immediately upon blocklist update. (#7167)
New files are assigned a file mode per the process umask defined in settings.json. (#7195)
Fixed 1.74 bug where resume files are not saved when shutting down Transmission. (#7216)
Fixed 4.0.0 bug where the download rate of webseeds are double-counted. (#7235)
Harden the HTTP tracker response parser. (#7326)
Fixed an issue where the speed limits are not effective below 16KiB/s. (#7339)
Added workaround for crashes related to Curl bug 10936. (#7416)
Sanitize torrent filenames depending on current OS. (#3823)
Added a workaround for users affected by Curl bug 6312. (#7447)
When downloading in sequential mode, flush pieces to disk as soon as they're completed and pass their checksum test. This helps apps that are trying to use the data in realtime, e.g. streaming media. (#7489)
Respect the min interval and interval keys from any tracker responses. (#7493)
Announce port-forwarded peer port instead of local peer port on DHT. (#7511)
Reject incoming BT data if they are not selected for download. (#7866)
Fixed intermittent crashes on macOS and GTK app. (#7948)
Fixed remote RPC bug where querying recently_active torrents missed some torrents. (#8029)
Fixed a bug where the UDP sockets are not rebound after changing the bind addresses. (#8106)
Fixed potential use-after-free bug when parsing torrent files on macOS. (#8146)
Fixed a bug where disk IO rate is much higher than transfer rate. (#7089)
Dropped jsonsl in favour of RapidJSON as our json lexer. (#6138)
Easier recovery from temporarily missing data files, no longer needing to remove and re-add torrent. (#6277)
Better utilize high Internet bandwidth. (#7029)
Renamed setting to cache_size_mib to reflect the correct size units. (#7971)
Renamed peer_socket_tos to peer_socket_diffserv. (#8004)
Use a consistent unit formatting code between clients. (#5108)
Raised minimum OpenSSL version to 1.1.0. (#6047)
Refactor: add libtransmission::Values. (#6215)
Fixed building with older versions of CMake. (#6418)
Support dual stack by manually creating and binding socket on Windows platform. (#6548)
Fixed building on macOS 10.14.6, 10.15.7 and 11.7. (#6590)
Added torrent priority to completion script environment variables. (#6629)
Dropped support for miniupnpc version below 1.7. (#6665)
Default initialize sleep callback duration in tr_verify_worker. (#6789)
Removed TR_ASSERT(now >= latest). (#7018)
Deprecated the RPC field torrent-get.manualAnnounceTime. (#7497)
Generate imported targets for MbedTLS. (#7631)
Added support for libevent 2.2.1-alpha-dev. (#7765)
Deprecated session_get.rpc_version and session_get.rpc_version_minimum in favour of session_get.rpc_version_semver in RPC. (#8022)
macOS Client
Added "Show Toolbar" toggle. (#4419)
Better dark mode support. (#6101, #6959)
Feat: support redirects to magnet. (#6012)
Render file tree in QuickLook plugin for .torrent files. (#6091)
Added an option to set Transmission as the default app for torrent files. (#6099)
Support pasting multiple magnets on the same line. (#6465)
Support multiple URL objects from pasteboard. (#6467)
Feat: clear the badge when quitting app. (#7088)
Reimplemented QuickLook previews for torrent files with Quick Look preview extension API on macOS 12+. (#7213)
Use modern macOS APIs to prevent idle system sleep and add support for Low Power Mode. (#7543)
Fix: apply i18n to percentage values. (#5568)
Fixed "Unrecognized colorspace number -1" error message. (#6049)
Fix: URL cleanup in BlocklistDownloader on macOS. (#6096)
Fixed early truncation of long group names in groups list. (#6104)
Use screen.visibleFrame instead of screen.frame. (#6321)
Fixed dock bug that prevented resizing. (#7188)
Fixed the context menu's appearance in compact mode. (#7350)
Fixed missing tooltips for Group rows in Torrent Table View. (#7828)
Fixed re-opening the filter bar is showing an incorrect selected filter. (#7844)
Fixed Hide Status Bar/Filter Bar never changing to "Show". (#8170)
Added alternating row color in QuickLook plugin. (#5216)
Updated app icon for Liquid Glass. (#7736)
Removing Liquid Glass icons on older Macs. (#7994)
Added sort-by-ETA option. (#4169)
Support localized punctuation for "Port:". (#4452)
Replace mac app default BindPort with a random port. (#5102)
Updated code that had been using deprecated API. (#5633)
Support macOS Sonoma when building from sources. (#6016)
Chore: replace deprecated NSNamePboardType with NSPasteboardTypeName. (#6107)
Fixed building on macOS Mojave. (#6180)
Improved macOS UI code to use less CPU. (#6452)
Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523)
Support finding Transmission in Spotlight with keywords "torrent" and "magnet". (#6578)
Removed warning "don't cut off end". (#6890)
Opt-in to secure coding explicitly. (#7020)
Added Afrikaans and Greek translations. (#7477)
Fixed crash when opening the messages log. (#8035)
Converted TorrentTableView to view based. (#5147)
Qt Client
Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client)
Added ETA to compact view. (#3926)
Added the web client's Labels feature. (#6428)
Added the ability to use a custom URL path when connecting to remote Transmission servers. (#7561)
Added color-coding to progressbars to differentiate torrent states. (#7756)
Fixed torrent name rendering when showing magnet links in compact view. (#5491)
Fixed bug that broke the "Move torrent file to trash" setting. (#5505)
Fixed poor resolution of the app icon. (#5570)
Fixed compatibility issue with 4.x clients talking to Transmission 3.x servers. (#6438)
Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog were not always up-to-date. (#6516)
Use semi-transparent color for inactive torrents. (#6544)
Correct "Queue for download" last activity. (#6872)
Fixed build script bug that could cause extra instances of Transmission to launch on Windows. (#7841)
Fixed a Qt API deprecation warning when building with Qt >= 6.13. (#7940)
Fixed "sequence not ordered" assertion error in debug builds. (#8000)
Fix: use URL base path. (#8078)
Fixed spinbox translation ambiguity. (#5124)
Improved Qt client's accessibility. (#6518, #6520)
Fix: QT build missing an icon. (#6683)
Changed Qt client CLI options parsing to accept Qt options as a separate group. (#7076)
Modified the "New Torrent" dialog's piece size range to [16 KiB..256 MiB]. (#6211)
Raised the minimum Qt5 version to 5.15. (#7943)
GTK Client
Use native file chooser dialogs (GTK client). (#6545)
Improved GTK client's accessibility. (#7119)
Adjust slider limits in GTK. (#7251)
Fixed file list text size adjustment based on global settings. (#7096)
Fixed missing 'Remove torrent' tooltip. (#5777)
Fixed crash when opening torrent file from "Recently used" section in GTK 4. (#6131)
Fixed 4.0.0 regression causing GTK client to hang in some cases. (#7097)
Setting default behaviour for GTK dialogs to add torrent from url and add tracker. (#7102)
Updated progressbar colours to match macOS and Web clients. (#5906)
Added developer_name entry to the Flathub build. (#6596)
Web Client
Added support for adding torrents by drag-and-drop. (#5082)
Added high contrast theme. (#5470)
Replaced background colors with system color keywords to enable using browser's colors. CSS style adjustments esp. for label and buttons. (#5897)
Added percent digits into the progress bar. (#5937)
Improved WebUI responsiveness and made quality of life improvements. (#5947)
Feat: Only show .torrent files in the web UI. (#6320)
Added separate port checks for IPv4 and IPv6. (#6607)
Added new options for web client to filter torrents by their privacy or error status. (#6977)
The inspector can now be hidden by clicking. (#6863)
Implemented a context menu for file list in web app making way to rename or copy name of individual file. (#7389)
Added a new alert message of a problem when renaming torrent or file name. (#7394)
Added accept torrent files in web. (#7683)
Don't show null as a tier name in the inspector's tier list. (#5462)
Fixed truncated play / pause icons. (#5771)
Fixed overflow when rendering peer lists and made speed indicators honor prefers-color-scheme media queries. (#5814)
Made the main menu accessible even on smaller displays. (#5827)
Fixed graying out inspector. (#5893)
Fixed updating magnet link after selecting same torrent again. (#6028)
Added seed progress percentage to compact rows. (#6034)
Fixed 4.0.0 bug where the WebUI "Set Location" dialogue does not auto fill the selected torrent's current download location. (#6334)
Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6409, #6430)
Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly. (#6491)
Fix(web): pressing the enter key now submits dialogs. (#7036)
Fixed a bug inflating per-torrent rows by long torrent names in compact view. (#7336)
Fixed incorrect text entry sensitivity when sessions changed. (#7346)
Fixed filtering torrents by tracker after a torrent's tracker list is edited. (#7761)
Removed excessive session-set RPC calls related to WebUI preference dialogue. (#5994)
Removed modifiers for keyboard shortcuts. (#5331)
Improved some UI styling and spacing. (#5466)
Updated WebUI progress bar and highlight colours. (#5762)
Improved the filterbar for narrowed viewports. (#5828)
Unified CSS shadow properties. (#5840)
Updated play/pause monochrome icons. (#5868)
Improved overflow menu for web client. (#5895)
Added display and time in torrent detail. (#5918)
Added touchscreen support in the context menu. (#5928)
Updated turtle for web app. (#6940)
Added waiting 1/4 seconds of typing in the search bar before executing and a new button to clear the search. (#6948)
Added checkbox to delete data while removing torrents. (#7000)
Fixed truncated hash in inspector page, added name section to inspector page. (#7014)
Added column mode for viewport unconstrained browsers. (#7051)
Updated gray color for grayed out objects. (#7248)
Updated displaying number in new gigabyte per second unit. (#7279)
Fixed an issue where Transmission web's custom context menu does not close when clicking on some outside element. (#7296)
Implemented a new popup management system for web client to support multiple popups in a hierarchy-like system. (#7297)
Updated viewport-sensitive layout and style to uniform across browsers of varying viewport. (#7328)
Increased base font sizes, and progress bar size in compact view. (#5340)
Use esbuild to build the web client. (#6280)
Gave labels to the mainwin buttons for web client. (#6985)
Daemon
Added optional sequential downloading. (#7048)
Added start_paused to settings and daemon. (#6728)
More accurate timestamps for daemon logs. (#7009)
Fixed minor memory leak. (#5695)
Avoid unnecessary heap memory allocations. (#5724)
Added documentation key to systemd service file. (#6781)
Use Type=notify-reload in the systemd service file. (#7570)
Included daemon-specific options in the generated settings.json. (#6499)
Updated transmission-daemon.1 to sync with --help. (#6059)
Deprecated tcp-enabled and udp-enabled in favour of preferred_transports. (#7988)
transmission-remote
Added support to download sequentially from a specific piece. This can enable apps to seek within media files for streaming use cases. (#6454, #7808, #7809)
Implemented idle seeding limits. (#2947)
transmission-remote --blocklist-update now prints blocklist size after update. (#8021)
Fixed display bug that failed to show some torrent labels. (#5572)
Fixed crash in printTorrentList. (#6819)
Improved error logging. (#7034)
Added 'months' and 'years' to ETA display for extremely slow torrents. (#5584)
Added default sorting by date added when listing torrents. (#5608)
Fixed layout bug that caused columns to be misaligned when transfer speed was >= 10MB. (#8019)
Exposed the torrent-get.percentDone key in transmission-remote. (#7622)
Deprecated --(no-)utp in transmission-remote. (#7990)
Everything Else
Improved libtransmission code to use less CPU. (#5651)
Improved support for building with the NDK on Android. (#6024)
Ran all PNG files through lossless compressors to make them smaller. (#5586)
Fixed RPC spec that confused torrent-get.wanted with torrent-get.fileStats.wanted. (#6677)
Updated documentation. (#5565, #5578, #5688, #5702, #5790, #5831, #6037, #6156, #6196, #6199, #6255, #6367, #6391, #6427, #6676, #6703, #6800, #6814, #7120, #7576, #7826, #7829, #7830, #7836, #7840, #8039)
Updated peer-id documentation to account for post-3.00 changes. (#6083)
Fixed potential build issue when compiling on macOS with gcc. (#5632)
Build with -latomic on platforms that need it. (#6774)
Fixed building with mbedtls 3.X. (#6822)
Configuring Transmission's CMake project no longer inserts third-party submodules to CMake's user package registry. (#7648)
Bumping libdeflate/small/utfcpp to newer versions. (#6709)
Bumped fast-float to 6.1.1 and miniupnpc to 2.2.7 and libdeflate to 1.2.0. (#6721)
Bumped miniupnpc to 2.2.8. (#6907)
Apply Xcode 26.0 recommendations. (#7823)
4.0.6
All Platforms
Improved parsing HTTP tracker announce response. (#6223)
Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483)
Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514)
Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846)
macOS Client
Fix: Sparkle support for handling beta version updates. (#5263)
Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523)
Fix: Sparkle Version Comparator. (#6623)
Qt Client
Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. (#6516)
GTK Client
Fixed build when compiling with GTKMM 4. (#6393)
Added developer name to metainfo files. (#6598)
Added the launchable desktop-id to metainfo files. (#6779)
Fixed build when compiling on BSD. (#6812)
Web Client
Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500)
Fixed layout issue in speed display. (#6570)
General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761)
Daemon
Fixed a couple of logging issues. (#6463)
Everything Else
Updated flatpak release metainfo. (#6357)
Fixed libtransmission build on very old cmake versions. (#6418)
UTP peer connections follow user-defined speed limits better now. (#6551)
Only use a single concurrent queue for timeMachineExclude instead of one queue per torrent (#6523). (#6558)
Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6563)
Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6564)
Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6565)
Improved parsing HTTP tracker announce response. (#6567)
Fixed compatibility with clang-format 18. (#6690)
Fixed build when compiling with mbedtls 3.x . (#6823)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:03 +0000 (17:11 +0200)]
strongswan: Update to version 6.0.5
- Update from version 6.0.4 to 6.0.5
- No change to rootfile
- One CVE fix included
- Changelog
6.0.5
- Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS
AVPs that can lead to a resource exhaustion or a crash.
This vulnerability has been registered as CVE-2026-25075.
- Added support for forwarding certain ICMP errors even if their source address
doesn't match the traffic selectors, when running on Linux 6.9+.
- The dhcp plugin now tracks leases across make-before-break reauthentications.
- charon-cmd support childless IKE SA initiation and IKEv2 PSK authentication.
- The kernel-netlink plugin now doesn't default to the peer's address as next
hop when installing routes if at least an interface was found.
- organizationIdentifier RDNs are supported when parsing ASN.1 DN identities
from strings.
- Options shared by all commands in the swanctl and pki tools (e.g. --debug) are
now parsed even if passed before the command. The log level is now always
changed before initializing the libraries and plugins. And due to conflicts,
the short options for swanctl's `--version` and `--uninstall` commands were
changed to `-V` and `-U`, respectively. Similarly, the short option for pki's
`--verify` command is now `-V`.
- For distributions that package plugins separately a new configure option is
provided to change the log message if a plugin can't be loaded.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3510100 to 3510300
- Update of rootfile
- Changelog 3510300
Fix the WAL-reset database corruption bug.
Other minor bug fixes. 3510200
Fix an obscure deadlock in the new broken-posix-lock detection logic in item 17 above.
Fix multiple problems in the EXISTS-to-JOIN optimization that was added as part of optimization item 6b above.
Other minor bug fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:01 +0000 (17:11 +0200)]
postfix: Update to version 3.11.1
- Update from version 3.10.7 to 3.11.1
- Update of rootfile
- Changelog
3.11.1
Major changes - database
[Incompat 20260220] The alias_maps and alias_database parameter
default values have changed from hash:/path/to/aliases (or
dbm:/path/to/aliases) to $default_database_type:/path/to/aliases.
This simplifies the migration away from Berkeley DB.
[Infrastructure 20260219] Support to migrate a Postfix configuration
that uses Berkeley DB hash: or btree: tables, to a configuration
that uses lmdb: or a combination of cdb: and lmdb:. This is needed
for (Linux) OS distributions that have removed Berkeley DB support.
See NON_BERKELEYDB_README for manual and automatic migration support.
Postfix already supports CDB and LMDB for more than 10 years. It
may be a good idea to do the migration before you need to upgrade
to an OS distribution that no longer supports Berkeley DB.
[Infrastructure 20251226] Tooling to help with the migration away
from Berkeley DB.
The new parameter default_cache_db_type controls the default database
type for address_verify_map, postscreen_cache_map, and
smtp_sasl_auth_cache_name, previously hard-coded as 'btree'.
[Feature 20250321] Safety: the SQLite client now logs a warning
when a query uses double quotes instead of the Postfix-recommended
single quotes. Only the recommended form is protected against SQL
injection.
[Feature 20250509] Support to run all memcache lookup keys through
an OpenSSL digest function. This prevents a database access error
when lookup keys may exceed the memcache server's key length limit
(usually, 250 bytes).
[Feature 20250624] Support for a new "debug:" pseudo lookup table.
Specify debug:maptype:mapname to encapsulate a maptype:mapname
lookup table and log all access. This builds on existing but unused
code to log table access. Contributed by Richard Hansen.
[Infrastructure 20250626] Overhauled in-memory lookup table life-cycle
management; overhauled sharing/isolation for proxied lookup tables.
Major changes - deprecation
[Feature 20250609] smtp_tls_enforce_peername and lmtp_tls_enforce_peername
are now officially deprecated. Postfix will log a warning until the
features are deleted. See DEPRECATION_README for a summary of
deprecated and deleted features.
[Feature 20251027] This adds 12 more deprecation warnings for
parameters that have been renamed in the past, and that still provide
a backwards-compatible default value for their replacement. The
parameters deprecated by this change are: authorized_verp_clients,
fallback_relay, lmtp_per_record_deadline, postscreen_blacklist_action,
postscreen_dnsbl_ttl, postscreen_dnsbl_whitelist_threshold,
postscreen_whitelist_interfaces, smtpd_client_connection_limit_exceptions,
smtp_per_record_deadline, tlsproxy_client_level, tlsproxy_client_policy,
virtual_maps.
[Feature 20251028] Deprecate the smtp_cname_overrides_servername
and lmtp_cname_overrides_servername parameters, and delete documentation
that has been obsolete since Postfix 2.11.
Major changes - logging
[Feature 20250910] TLS feature policy status summary in delivery
status logging. This shows the desired and actual TLS security level
enforcement status and, if a message requests REQUIRETLS, the
REQUIRETLS policy enforcement status. For a list of examples see
https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
[Feature 20251216] After a delivery failure, the bounce daemon
logged "<old-queue-id>: sender non-delivery notification: <new-queue-id>"
only if the notification was queued successfully. The bounce daemon
now always logs this, making Postfix behavior easier to understand.
Visible changes for logfile analyzers:
- The bounce daemon now logs "<old-queue-id>: sender non-delivery
notification: <new-queue-id>" BEFORE the cleanup daemon logs activity
with "<new-queue-id>". Previously, the bounce daemon logged the
old<=>new queue ID connection later, which made logfile analysis
more difficult.
- The bounce daemon now logs a logfile record "<old-queue-id>:
sender notification failed to <address>: <reason>" when the
notification was not queued. In some cases it will log "<old-queue-id>:
sender notification failed to <address>" (without the reason). In
those cases the failure reason was already logged by lower-level
code, but without the queue ID.
Major changes - management tool integration
[Feature 20251124] Basic JSON output support with "postconf
-j|-jM|-jF|-jP", "postalias -jq|-js", "postmap -jq|-js", and
"postmulti -jl". No support is planned for JSON input support.
Major changes - milter support
[Feature 20251208] Improved Milter error handling for messages that
arrive over a long-lived SMTP connection, by changing the default
milter_default_action from "tempfail" to the new "shutdown" action
(i.e. disconnect the remote SMTP client).
This avoids a worst-case scenario where after a single Milter error,
Postfix would tempfail all messages that the client sends over a
long-lived connection, even if the Milter error was only temporary.
Major changes - mime support
[Feature 20251104] New non_empty_end_of_header_action parameter
with the cleanup(8) server action when a primary message header is
terminated with a non-empty line:
1) fix_quietly: Insert an empty line before the offending text (the
backwards-compatible default),
2) add_header: Insert a MIME-Error: header before inserting an empty
line, or
3) reject: Log a "mime-error" and reject the message.
Note that the 'empty line' separator is not used for DKIM signature
checks. Therefore, adding a missing separator does not break DKIM.
Major changes - mta-sts
[Feature 20250906] Workaround for an interface mis-match between
the Postfix SMTP client and MTA-STS policy plugins. This introduces
a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes").
The MTA-STS plugin configuration needs to enable TLSRPT support,
so that it forwards STS policy attributes to Postfix. This works
even if Postfix TLSRPT support is disabled at build time or at
runtime.
With the above two configurations, the Postfix SMTP client will
connect to an MX host only if its name matches any STS policy MX
host pattern, and will match a server certificate against the MX
hostname. Otherwise, the old behavior stays in effect: connect to
any MX host listed in DNS, and match a server certificate against
any STS policy MX host pattern.
This code was published first in Postfix 3.11, and later back-ported
to Postfix 3.10.5.
Major changes - portability
[Feature 20241201] Support for the C23 built-in bool type. Older
Postfix releases have been updated with a makedefs script that
disables C23 built-in bool support.
Major changes - postqueue
[Feature 20251218] the postqueue (and mailq) command now also lists
recipients in bounce logfiles (in JSON output, this uses a new
object member 'bounce_reason' instead of the existing 'delay_reason').
Such recipients have already been deleted from the message queue
file, but they are still pending the creation of a non-delivery
status notification message that will be returned to the sender.
Major changes - relocated_maps
[Feature 20250608] Specify "relocated_prefix_enable = no" to disable
the hard-coded prefix "5.1.6 User has moved to " that is by default
prepended to all relocated_maps lookup results. This setting requires
that the table contains responses with both custom enhanced status
code (X.Y.Z) and text. For details, see "man 5 relocated" or
https://www.postfix.org/relocated.5.html .
Major changes - requiretls
[Feature 20241111] Support for the REQUIRETLS verb in SMTP. This,
and everything that was added later through 2025, is described in
REQUIRETLS_README.
[Feature 20250120] After a certificate check fails, or a remote
SMTP server does not announce REQUIRETLS support, the Postfix SMTP
client will override the RFC 8689 5.x.x. status and treat it as a
soft error, until there are no more alternate MX servers to try.
[Feature 20250827] New parameter requiretls_redact_dsn (default:
yes) to redact bounce messages as described in RFC 8689 section 5,
so that they don't need REQUIRETLS support on every hop in the
return path.
[Feature 20250827] smtp_requiretls_policy and lmtp_requiretls_policy
for responsible REQUIRETLS policy enforcement. REQUIRETLS must be
enforced with care, because at this time most domains do not publish
DANE or MTA-STS policies, and most MTAs and content filters do not
support REQUIRETLS.
[Feature 20250916] support for a "Require-TLS-ESMTP: yes" header
to propagate an ESMTP REQUIRETLS request through a FILTER_README
or SMTPD_PROXY_README style content filter. This header is detected
or added by the cleanup daemon and by the before-proxy-filter Postfix
SMTP server. This feature is enabled by default with
"requiretls_esmtp_header = yes". The Require-TLS-ESMTP header will
be visible to local and remote recipients. This feature can safely
be disabled when a configuration does not use REQUIRETLS, or does
not use FILTER_README or SMTPD_PROXY_README style content filters.
Major changes - smtp server
[Feature 20250801] smtpd_reject_filter_maps support to selectively
replace a reject response from the Postfix SMTP server, or from a
program that replies through the Postfix SMTP server.
Major changes - smtputf8
[Feature 20250122] New Postfix sendmail command option "-O smtputf8"
to request that deliveries over SMTP use the SMTPUTF8 extension.
This reuses logic that was introduced for REQUIRETLS.
[Feature 20250824] When a message needs to be delivered with SMTPUTF8,
but a remote server does not support it, the Postfix SMTP client
may now try alternate servers instead of returning the message
immediately. This reuses code that was implemented for REQUIRETLS.
Major changes - tls support
[Feature 20250623] This changes the Postfix SMTP client
smtp_tls_security_level default value to "may" if Postfix was built
with TLS support, and the compatibility_level is 3.11 or higher.
There is no change to the default lmtp_tls_security_level value.
It remains empty, because there is no default TLS security level
that makes sense for connections over UNIX-domain and loopback TCP
and non-loopback TCP sockets.
There also is no equivalent change for Postfix SMTP server TLS
security levels, because changing smtpd_tls_security_level is not
sufficient. Server-side TLS requires that at least one private key
and corresponding public-key certificate chain are configured.
[Feature 20251029] Debugging: depending on OpenSSL build options,
"posttls-finger -L ssl-debug" will decode TLS handshake messages.
[Feature 20251102] Post-quantum cryptography support: with OpenSSL
3.5 and later, change the tls_eecdh_auto_curves default value to
avoid problems with network infrastructure that mis-handles TLS
hello messages larger than one (Ethernet) TCP segment. This problem
is more generally known as "protocol ossification".
Major changes - tlsrpt
[Incompat 20250601] the default smtp_tlsrpt_skip_reused_handshakes
setting was changed from "yes" to "no". The new default is enabled
with compatibility level >= 3.11.
3.10.8
Major changes - tls
[Forward compatibility 20250212] Support for OpenSSL 3.5 post-quantum
cryptography. To manage algorithm selection, OpenSSL introduces new
TLS group syntax that Postfix will not attempt to imitate. Instead,
Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
parameter values to have an empty value. When both are set empty,
the algorithm selection can be managed through OpenSSL configuration.
For more, look for "Post-quantum" in the postconf(5) manpage.
[Feature 20250117] Support for the RFC 8689 "TLS-Required: no"
message header to request delivery of messages such as TLSRPT
summaries even if the preferred TLS security policy cannot be
enforced. This limits the Postfix SMTP client to "smtp_tls_security_level
= may" which does not authenticate server certificates and which
allows falling back to plaintext.
Support for the REQUIRETLS SMTP service extension remains future work.
[Feature 20240926] Support for the TLSRPT protocol (defined in RFC
8460). With this, a domain can publish a policy in DNS, and request
daily summary reports for successful and failed SMTP-over-TLS
connections to that domain's MX hosts.
Postfix supports TLSRPT summaries for DANE (built-in) and MTA-STS
(via an smtp_tls_policy_maps plugin). For details, see TLSRPT_README.
Major changes - privacy
[Feature 20250205] With "smtpd_hide_client_session = yes", the
Postfix SMTP server generates a Received: header without client
session info This setting may be used with the MUA submission
services (port 465 and 587), but it must not be used with the MTA
service (port 25).
Depending on the number of recipients, a redacted Received: header
has one of the following forms:
Received: by mail.example.com (Postfix) id postfix-queue-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
The redacted form hides that a message was received with SMTP, and
therefore it does not need to provide the information required by
RFC 5321. It only has to satisfy RFC 5322.
Major changes - rfc2047
[Feature 20250105] Support for automatic RFC 2047 encoding of
non-ASCII "full name" information in Postfix-generated From: message
headers. Encoding non-ASCII full names can avoid the need to use
SMTPUTF8, and therefore can avoid incompatibility with sites that
do not support SMTPUTF8.
The encoded result looks like "=?charset?Q?gibberish?=: for
quoted-printable encoding, or "=?charset?B?gibberish?=" for base64
encoding. Postfix uses quoted-printable for a full name that is
short or mostly ASCII, and uses base64 otherwise.
Background: when a message without a From: header is submitted with
the Postfix sendmail(1) command, Postfix may add a From: header and
use the sender's full name specified with the Postfix sendmail(1)
"-F" option, with the sendmail(1) "NAME" environment variable, or
with the GECOS field in the UNIX password database.
This introduces a new configuration parameter "full_name_encoding_charset"
(default: utf8) which specifies the character set of the full name
information in the Postfix sendmail(1) "-F" option or "NAME"
environment variable, or in the GECOS field in the UNIX password
database. The parameter value becomes part of the encoded full name,
and informs a Mail User Agent how to display the decoded gibberish.
Major changes - bugfix
[Incompat 20241130] The spawn(8) daemon failed to enforce the command
time limit. It was sending the SIGKILL signal using the wrong
effective UID and GID. The pipe(8) daemon has always done this
right.
Major changes - database
[Feature 20250207] When mysql: or pgsql: configuration specifies
a single host, assume that it is a load balancer and reconnect
immediately after a single failure, instead of failing all requests
for 60s.
[Feature 20250114] first/next iterator support for cdb: tables, and
other cdb: table code cleanups by Michael Tokarev.
[Feature 20241024] In a pgsql: client configuration, the setting
"dbname" is required, but ignored when the setting "hosts" contains
an URI with a database name.
[Feature 20241025] The Postfix pgsql: client configuration now
allows any well-formed URI prefix as a pgsql: client connection
target (the PostgreSQL URI parser decides what is allowed). The
dbname setting is now optional if the hosts setting specifies only
URIs.
Major changes - internal protocol
[Incompat 20250116] Postfix needs "postfix reload" after upgrade,
because of a change in the delivery agent protocol. If this step
is skipped, Postfix delivery agents will log a warning:
unexpected attribute smtputf8 from xxx socket (expecting: sendopts)
where xxx is the delivery agent service name.
Major changes - milter
[Incompat 20250106] The logging of the Milter 'quarantine' action
has changed. Instead of logging "milter triggers HOLD action", it
logs the reason given by a Milter application, or "default_action"
if a Milter application was unavailable and the milter_default_action
parameter or per-Milter "default_action" property specifies
"quarantine".
[Feature 20250106] The Postfix Milter implementation now logs the
reason for a 'quarantine' action, instead of "milter triggers HOLD
action".
- If the quarantine action was requested by a Milter application,
Postfix will log the reason given by the application.
- If the quarantine action was requested with the "milter_default_action"
parameter setting or with a per-Milter "default_action" property,
Postfix will log "default_action".
Major changes - logging
[Feature 20250106] The Postfix Milter implementation now logs the
reason for a 'quarantine' action, instead of "milter triggers HOLD
action".
- If the quarantine action was requested by a Milter application,
Postfix will log the reason given by the application.
- If the quarantine action was requested with the "milter_default_action"
parameter setting or with a per-Milter "default_action" property,
Postfix will log "default_action".
[Incompat 20250105] The SMTP server now logs the queue ID (or
"NOQUEUE") when a connection ends abnormally (timeout, lost connection,
or too many errors).
[Feature 20250105] The SMTP server now logs the queue ID (or
"NOQUEUE") when a connection ends abnormally (timeout, lost connection,
or too many errors).
[Incompat 20241104] The cleanup server now logs "queueid: canceled"
when a message transaction is started but not completed.
[Feature 20241104] The cleanup server now logs "queueid: canceled"
when a message transaction is started but not completed. This
provides a clear signal to logfile collation tools.
[Incompat 20241031] the Dovecot SASL client logging for "Invalid
authentication mechanism" now includes the name of that mechanism.
[Incompat 20241023] Postfix SMTP server 'reject' logging now shows
the sasl_method, sasl_username, and sasl_sender if available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:11:00 +0000 (17:11 +0200)]
pango: Update to version 1.57.1
- Update from version 1.57.0 to 1.57.1
- Update of rootfile
- Changelog
1.57.1
* Bugs fixed:
- #867 Bad font substitution causes application crashes
- #869 MacOS: subprojects/cairo/meson.build:1:0: ERROR: Value "gnu11,c11" (of
type "string") (sid)
- #870 MacOS: subprojects/pango/utils/viewer-cocoa.m:23:10: fatal error:
'cairo/cairo.h' file not found (sid)
- #871 gtk4-widget-factory crashes with pango error on macOS when an emoji is
entered into a text field
- #876 Inconsistency between documentation and code in
pango_context_set_font_description (Matthias Clasen)
- #882 The hex box characters generated in PDF can not be copied
- #885 warning: assignment discards 'const' qualifier from pointer target type
[-Wdiscarded-qualifiers]
- !884 Revert "meson: Rework introspection handling"
- !890 Update the code to support Unicode 17.0.0
- !892 Include fcfreetype.h where needed
- !893 meson: Update freetype2 wrap to fix ci warnings
- !894 Respect explicit language attribute when itemizing
- !895 Fix some subproject woes
- !896 meson: Add support for cross-compiling using Apple subsystems
- !897 (break.c) pass sentences to handle_sentences
- !898 add support for g_autoptr(PangoScriptIter)
- !900 fontmap: Mark get_family as nullable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:59 +0000 (17:10 +0200)]
nmap: Update to version 7.99
- Update from version 7.98 to 7.99
- No change to rootfile
- Changelog
7.99
o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS
fingerprints, as well as dozens of updated service fingerprints.
o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47,
liblinear 2.50, zlib 1.3.2
o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving
several crashes and stability-related issues. See https://npcap.com/changelog
o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel
(zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be
installed on any system with Python 3. [Daniel Miller]
o [Ncat][Windows] Limited the number of handles inherited by subprocesses
launched with -e, preventing interference between clients when -e and
--keep-open are used. Reported by Nimish Verma.
o [Ncat] Several fixes for regressions or longstanding failure cases in
ncat-test.pl [Daniel Miller]:
+ [Windows] Fixed handling of socket EOF with --exec
+ Fixed the -i (idle timeout) option for listen mode, which was broken
when adding the -q option in Ncat 7.96
+ Fixed HTTP proxy server when SSL is used.
+ DTLS (SSL over UDP) shutdown connection on stdin EOF.
o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual
adapters like OpenVPN TAP adapters. [Daniel Miller]
o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix
for #3130 had caused Nmap to send requests too slowly. [Daniel Miller]
o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in
incorrect MAC addresses being reported. [Daniel Miller]
o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer:
"TypeError: format requires a mapping" [Daniel Miller]
o [GH#2955] Fix a routing issue with -e and -S related to #2206
causing error "setup_target: failed to determine route" [Daniel Miller]
o [GH#3214] Improve compatibility of build process on various platforms and add
multiplatform autobuilds in Github workflow. [Jordan Ritter]
o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
of a given target hostname by default. In the past, it was reporting any
DNS name that included the target hostname as a substring (but not
necessarily as a suffix). The old behavior can be enabled by setting script
argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
o [NSE] Function url.parse_query was not interpreting plus signs as spaces.
[nnposter]
o [NSE] Function url.parse was not properly parsing URLs with query strings
but empty paths. [nnposter]
o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were
not behaving the same when the input table had a custom __pairs metamethod.
Both functions now perform a raw copy, ignoring the metamethod. [nnposter]
o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables
with Boolean keys. [nnposter]
o [NSE] IPP print queue job details were not getting populated, having
a hard dependency on Apple-specific attributes. [nnposter]
o [NSE][GH#3245] Functions connect and close have been removed from the IPP
library, as they served no purpose. [nnposter]
o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter]
o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959,
section 4.2. [nnposter]
o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter
that allows preloading the newly created buffer with data. [nnposter]
o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
including added support for IPv6 and HTTPS and more accurate processing
of target responses. [nnposter]
o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter]
o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:58 +0000 (17:10 +0200)]
nfs: Update to version 2.9.1
- Update from version 2.8.5 to 2.9.1
- No change to rootfile
- Changelog is just a list of the commits. The details can be found in the changelog at
2.9.1
https://sourceforge.net/projects/nfs/files/nfs-utils/2.9.1/
2.8.7
https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.7/
2.8.6
https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.6/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:57 +0000 (17:10 +0200)]
ncat: Update to version 7.99
- Update from version 7.98 to 7.99
- No change to rootfile
- Changelog
7.99
o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS
fingerprints, as well as dozens of updated service fingerprints.
o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47,
liblinear 2.50, zlib 1.3.2
o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving
several crashes and stability-related issues. See https://npcap.com/changelog
o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel
(zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be
installed on any system with Python 3. [Daniel Miller]
o [Ncat][Windows] Limited the number of handles inherited by subprocesses
launched with -e, preventing interference between clients when -e and
--keep-open are used. Reported by Nimish Verma.
o [Ncat] Several fixes for regressions or longstanding failure cases in
ncat-test.pl [Daniel Miller]:
+ [Windows] Fixed handling of socket EOF with --exec
+ Fixed the -i (idle timeout) option for listen mode, which was broken
when adding the -q option in Ncat 7.96
+ Fixed HTTP proxy server when SSL is used.
+ DTLS (SSL over UDP) shutdown connection on stdin EOF.
o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual
adapters like OpenVPN TAP adapters. [Daniel Miller]
o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix
for #3130 had caused Nmap to send requests too slowly. [Daniel Miller]
o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in
incorrect MAC addresses being reported. [Daniel Miller]
o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer:
"TypeError: format requires a mapping" [Daniel Miller]
o [GH#2955] Fix a routing issue with -e and -S related to #2206
causing error "setup_target: failed to determine route" [Daniel Miller]
o [GH#3214] Improve compatibility of build process on various platforms and add
multiplatform autobuilds in Github workflow. [Jordan Ritter]
o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
of a given target hostname by default. In the past, it was reporting any
DNS name that included the target hostname as a substring (but not
necessarily as a suffix). The old behavior can be enabled by setting script
argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
o [NSE] Function url.parse_query was not interpreting plus signs as spaces.
[nnposter]
o [NSE] Function url.parse was not properly parsing URLs with query strings
but empty paths. [nnposter]
o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were
not behaving the same when the input table had a custom __pairs metamethod.
Both functions now perform a raw copy, ignoring the metamethod. [nnposter]
o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables
with Boolean keys. [nnposter]
o [NSE] IPP print queue job details were not getting populated, having
a hard dependency on Apple-specific attributes. [nnposter]
o [NSE][GH#3245] Functions connect and close have been removed from the IPP
library, as they served no purpose. [nnposter]
o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter]
o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959,
section 4.2. [nnposter]
o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter
that allows preloading the newly created buffer with data. [nnposter]
o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
including added support for IPv6 and HTTPS and more accurate processing
of target responses. [nnposter]
o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter]
o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:56 +0000 (17:10 +0200)]
mdadm: Update to version 4.6
- Update from version 4.5 to 4.6
- No change to rootfile
- Changelog
4.6
Features:
- Add support for new lockless bitmap from Yu Kuai
- Add "PROBING ddf_extended" option in mdadm.conf from Martin Wilck
- Add --detail to usage in ReadMe from Brian Matheson
Fixes:
- Fix uuid endianness mismatch issue in sysfs_rules_apply() from Abirami0904
- Fix mdcheck: don't stop mdcheck_continue.timer from Martin Wilck
- Deal with hot-unplugged devices in platform-intel from Jean Delvare
- Detect corosync and libdlm via pkg-config in Makefile from Maxin John
- Fix UEFI backward compatibility for RAID10D4 in imsm from Blazej Kucman
- Optimize DDF header search using mmap for better performance from lilinzhe
- Set sysfs name after assembling imsm array in incremental from Xiao Ni
- Use creation_time for ctime in imsm container info from Xiao Ni
- Fix sigterm variable to be volatile sig_atomic_t from Cristian Rodríguez
- Use 64-bit off_t across both musl and glibc from Ankur Tyagi
- Fix format overflow error in super-intel.c from Martin Wilck
- Fix compilation errors for unused variables with GCC 16 from Martin Wilck
- Load md_mod first to avoid module loading issues from Xiao Ni
There are some important issues which led to boot failure. These issues
have been fixed recently. It's better to make a new release. So users
can choose a version without these problems.
https://github.com/md-raid-utilities/mdadm/issues/249 has the details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:54 +0000 (17:10 +0200)]
lvm2: Update to version 2.03.39
- Update from version 2.03.38 to 2.03.39
- Update of rootfile
- Changelog
2.03.39
Support --interval +N to delay first poll in pvmove and lvpoll.
Add lvmpolld 'cmd' log keyword to enable verbose lvpoll output.
Add atomic leases using Compare and Write (CAW) to lvmlockd.
Fix pofile generation to include SOURCES2 binaries and update xgettext options.
Reject lvreduce of CoW snapshot COW store when it would truncate exception data.
Skip filesystem resize handling for CoW snapshot COW store LVs in lvresize.
Fix dmeventd inode fallback to use /dev/dm-X when dm_dir() path is unavailable.
Use temporary activations for integrity, writecache, thin and VDO pool conv.
Add activate_lv_temporary() to consolidate LV_TEMPORARY and sync handling.
Add missing sync in add_mirror_log() and activate_and_wipe_lv_list().
Propagate bcache _wait_all() failure to bcache_flush() and bcache_invalidate_di().
Propagate io_getevents() EINTR failure through bcache wait chain to abort I/O.
Retry io_getevents() on EINTR unless LVM interrupt signal was caught.
Fix checking error codes from io_destroy() and io_getevents().
Add lvm-index(7), lvm-categories(7) and lvm-args(7) man pages.
Show active cache mode in kernel table line with lvs -o kernel_cache_mode.
Preserve file descriptors with CLOEXEC opened in library constructors.
Use -Wl,-rpath-link for library linking.
Switch from use of internal device_mapper library to libdm.
Refactor libbase radix tree to lib/datastruct.
Use dm_device_list_equal for DM cache comparison.
Fix cachevol cmeta/cdata device offsets.
Fix RAID LV health report to distinguish 'refresh needed' from 'repair needed'.
Fix vgreduce --removemissing --force infinite loop for raid/mirror snapshot.
Fix vgsplit to not fail on no active LV on a PV being split to an existing VG.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 7 Apr 2026 15:10:53 +0000 (17:10 +0200)]
lmdb: Update to version 0.9.35
- Update from version 0.9.33 to 0.9.35
- No change to rootfile
- Changelog
0.9.35
ITS#10434 - Fix typo affecting Mac OSX
0.9.34
ITS#9564 - fix race condition freeing spilled pages at end of transaction
ITS#10222 - Update mdb_dump(1) and mdb_load(1) man pages for append (-a) option
ITS#10275 - mdb_load: add -Q option to use NOSYNC
ITS#10296 - fix fdatasync on MacOS
ITS#10342 - fix memleak in mdb_txn_begin for nested txns
ITS#10346 - fix mdb_env_copy2 with values > (2GB-16)
ITS#10355 - fix mplay build on musl
ITS#10396 - fix mdb_cursor_del0 with multiple DUPSORT cursors
ITS#10419 - add support for NetBSD
ITS#10420 - add support for Haiku
ITS#10421 - mdb_load: check for malicious input
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
