commit d38aabc45e2ef60da07178340e30e563c40a6052 Author: Adolf Belka Date: Tue Apr 1 22:50:02 2025 +0200 backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc - This adds a check if the ipsec server is enabled. If it is then ipsecctrl is run to restart ipsec and ensure that the restored certs are all being used. - Tested this out on my vm testbed and confirmed that with this I could restore a backup and make the client connection as previously set up. - Without this I had to press the Save button on the ipsec WUI page to get the certs etc being used. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3014979c75a6e63cdb2698d1cf5c3ed9316fdccf Author: Michael Tremer Date: Wed Apr 2 09:59:12 2025 +0000 Revert "backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc" This reverts commit 1fda10e584da6b99237c94aa4e652d97589c7df6. Signed-off-by: Michael Tremer commit 973f41b88d6ea9864a0a63b634b111e9fbc04a75 Author: Adolf Belka Date: Tue Apr 1 20:08:02 2025 +0200 core194: Ship the backup file changes Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2639101b2dcf28dee6100d199c70591490f931de Author: Adolf Belka Date: Tue Apr 1 20:08:01 2025 +0200 core194: Ship the vpnmain.cgi changes Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1fda10e584da6b99237c94aa4e652d97589c7df6 Author: Adolf Belka Date: Tue Apr 1 20:08:00 2025 +0200 backup.pl: Fixes bug13737 - restarts ipsec to use the restored certs etc - This adds a check if the ipsec server is enabled. If it is then ipsecctrl is run to restart ipsec and ensure that the restored certs are all being used. - Tested this out on my vm testbed and confirmed that with this I could restore a backup and make the client connection as previously set up. - Without this I had to press the Save button on the ipsec WUI page to get the certs etc being used. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 85c0d3c1c73dfd8f625c99256f0e1706979b895e Author: Adolf Belka Date: Tue Apr 1 20:07:59 2025 +0200 include: Add the contents of the ipsec certs directory to the backup - Previously only the .pem files were bacdked up from the /var/ipfire/certs/ directory. That was okay in the past as the serial and index files never changed after the root/host cert set waqs created. - With the renew process then the serial and index files get updated and these are needed to match with the cert status that was backed up. Otherwise you could end up with one set of values in the serial and index files that did not match with the restored certs. - This patch adds all the contents of the certs directory to the backup. - Tested out on my vm testbed and successfully restored a backup and was able to connect with the same client settings. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 41c7cc325e1e2f922de803842d0625e564f6771e Author: Adolf Belka Date: Tue Apr 1 20:07:58 2025 +0200 vpnmain.cgi: Fixes bug13737 - revoke any deleted client certificate - As the serial number is incremented now for each new cert that is created, then when a client cert is deleted from the ipsec list in the wui then that cert must be revoked otherwise it will still be listed in the .index file as a valid certificate and then the certificate name and DN could never be used again. - Running the revoke command when deleting a client cert leaves the details in the .index file but the same name can then be re-used and will get a new serial number etc. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 65434dcc7bc297e7d2feabd68f93de1eace598f3 Author: Adolf Belka Date: Tue Apr 1 20:07:57 2025 +0200 vpnmain.cgi: Fixes bug13737 - remove unneeded &cleanssldatabase calls - This first part removes all usages of &cleanssldatabase with the client certificates. This is not needed here. If used then the serial number would be moved back to 01 when an existing client certificate is removged or a new one created, even if no errors occurred. - The usage of &cleanssldatabase has also been removed from the root/host cert creation if it was successful, otherwise the index file is moved back to being empty and the serial file to containing 01. - The only usage now of the &cleanssldatabase is for when the root/host cert set is being created or if an uploaded cert has been checked as good to install. - This now means that each time a new client certificate is created the serial number is incremented. - The removal of the x509 root/host cert also unlinks all .pem files in the certs directory and therefore also all the 01.pem, 02.pem etc files so the &cleanssldatabase routine no longer needs to unlink the 01.pem file - The &newcleanssldatabase script is no longer needed, as the &cleanssldatabase commands used covers the required cleaning, so it has been removed. - This patch together with the others from this set have been tested out on my vm system and I was able to create a new root/host cert set and then new client certs and make an ipsec certificate connection successfully. I could then renew the host cert and the client connection still worked. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7ee3ce2371504df0e14b6cb19437d5290f38a6f1 Author: Arne Fitzenreiter Date: Wed Apr 2 09:58:27 2025 +0200 core194: add kernel to update Signed-off-by: Arne Fitzenreiter commit a4726d9aff6374f1efe95d67a283988d41e6f79d Author: Arne Fitzenreiter Date: Wed Apr 2 09:44:24 2025 +0200 kernel: update to 6.12.21 MD_LINEAR (JBOD) is now back in the mainline kernel Signed-off-by: Arne Fitzenreiter commit b9a677a20b3b9e65e2d8976649574af00f318ecc Author: Arne Fitzenreiter Date: Wed Apr 2 09:43:49 2025 +0200 mympd: update to 20.1.0 Signed-off-by: Arne Fitzenreiter commit b3818cfc11a611d465e04b63bad852d219ee9ca0 Author: Arne Fitzenreiter Date: Wed Apr 2 09:42:41 2025 +0200 ovmf: update to 2025.02-1 Signed-off-by: Arne Fitzenreiter commit 899c06d767943eea338ba9bbb47dde6576ae9279 Author: Adolf Belka Date: Tue Apr 1 14:26:50 2025 +0200 core194: Ship changed openssl.cnf file from CU184 - openssl.cnf had copy_extensions = copyall added to the [ IPFire ] section as part of the ipsec host cert renewal process but the file was missed to be shipped with the Core Update 184 update. So only users doing fresh installs of CU184 or later will have the updated openssl.cnf file. - This patch rectifies that situation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 799aa347abb25ab304b4c162b6fef7af0daaee4e Author: Michael Tremer Date: Mon Mar 31 15:23:32 2025 +0000 core194: Ship changed firewall rules and aliases.cgi Signed-off-by: Michael Tremer commit 52c0e4819d07fc46339f9ea0b2fd66a74b69cfef Author: Michael Tremer Date: Mon Mar 31 17:16:24 2025 +0200 aliases.cgi: Reload firewall after updating aliases This is requried to update any REDNAT rules. Signed-off-by: Michael Tremer commit 1c1ff05cdc37fe9ccabda9413c270935c3a45478 Author: Michael Tremer Date: Mon Mar 31 16:35:26 2025 +0200 firewall: Explicitely don't NAT any aliases It seems that there is a problem with local connections that have preselected an outgoing interface. That will work just fine, but ultimately the packet will be NATed back to the primary RED IP address. To prevent this, we are adding some extra rules that skip the MASQUERADE target. Signed-off-by: Michael Tremer commit 8fa1831bff7e1d76eb83b145976211aa703062e1 Author: Michael Tremer Date: Mon Mar 31 16:31:43 2025 +0200 firewall: Collect all networks that should not be NATed in an array No functional changes. Signed-off-by: Michael Tremer commit e26b7aaa37c91fde4d7bc0fe338118bc93348dd3 Author: Michael Tremer Date: Mon Mar 31 15:22:14 2025 +0000 core194: Ship libxml2 Signed-off-by: Michael Tremer commit 4bbb98385f80537c50dd66d69afef97732149926 Author: Adolf Belka Date: Mon Mar 31 15:45:09 2025 +0200 tshark: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0ffe4b075e8dc5f12aaa60235b771a2f0e2a0453 Author: Adolf Belka Date: Mon Mar 31 15:45:08 2025 +0200 rng-tools: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2e052e656a542d4784fba8ef4c035ebb56690a0f Author: Adolf Belka Date: Mon Mar 31 15:45:07 2025 +0200 nfs: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fe75b1511278dead34aef04fcb051b5bcc7f1817 Author: Adolf Belka Date: Mon Mar 31 15:45:06 2025 +0200 libvirt: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4109b42e34cd85a5ae7b9a0d2cf3db0000e04068 Author: Adolf Belka Date: Mon Mar 31 15:45:05 2025 +0200 clamav: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e725c6691d8d2ca8470afcc1379e0794d43c6b6e Author: Adolf Belka Date: Mon Mar 31 15:45:04 2025 +0200 core194: Ship rrdtool Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 57cab5e367a89f1ddb4ba4b04f0f2094bf328335 Author: Adolf Belka Date: Mon Mar 31 15:45:03 2025 +0200 core194: Ship libxslt Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e8988295f2c9d2fc01a151296b1d5132a452a544 Author: Adolf Belka Date: Mon Mar 31 15:45:02 2025 +0200 core194: Ship collectd Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a5bea20c6a11c881294db4149c1a853781df20e5 Author: Adolf Belka Date: Mon Mar 31 15:45:01 2025 +0200 core194: Ship apache2 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee5bd0ef6fc6ba437430cd0e025ce8aa4fb2591c Author: Adolf Belka Date: Mon Mar 31 15:45:00 2025 +0200 libxml2: Update to version 2.14.0 - Update from version 2.13.5 to 2.14.0 - Update of rootfile - sobump so ran find-dependencies. apache2, clamav, collectd, libvirt, libxslt, nfs, rng-tools, rrdtool and tshark are all linked against the lib bump. So additional patches are in this set to bump the PAK_VER and ship the addons and to ship the linkied core packages. Hope it is done correctly. Let me know if not. - 2 CVE fixes added into version 2.13.6 - Changelog 2.14.0 Major changes The HTML tokenizer now conforms fully to HTML5. Several non-standard syntax warnings were removed. Note that HTML5 tree construction isn't implemented yet. Binary compatibility is restricted to versions 2.14 or newer. On ELF systems, the soname was bumped from libxml2.so.2 to libxml2.so.16. The serialization API will now take user-provided or default encodings into account when serializing attribute values, matching the serialization of text and avoiding unnecessary escaping. The XML parser won't try to merge consecutive CDATA sections as before to align with web standards. Each CDATA section will create exactly one node or SAX callback. Support for RELAX NG can now be disabled with a new configuration option independently of XML Schemas support. It is still enabled by default. The "legacy" configuration option won't enable support for HTTP and LZMA anymore. These features will be removed in the next release. Parts of the xmllint executable were refactored, allowing the combination of more options. OOM errors should be reported reliably now. Several improvements were made to the build systems. Meson is fully supported now. Parts of the buffering code were reworked and simplified. Overflow checks before reallocations were hardenend. Some unprefixed symbols were renamed to avoid namespace pollution. New features Input callbacks can now be set on a parser context and an improved API to create parser input is available. The following new functions, taking a parser input object, were added: - xmlCtxtParseDocument - xmlCtxtParseContent as replacement for xmlParseBalancedChunkMemory and xmlParseInNodeContext - xmlCtxtParseDtd The xmlSave API now has additional options to replace global settings. Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and XML_PARSE_CATALOG_PI were added. An API function to install a custom character encoding converter is now available. This makes it possible to use ICU for encoding conversion even if libxml2 was compiled without ICU support, see example/icu.c. Deprecations Access to many public struct members is now deprecated. Several accessor functions were added to use instead. More internal functions were deprecated. Removals Metadata about the HTML4 content model was removed from the htmlElemDesc struct and related functions were deprecated. The FTP module and related functions were removed. Support for the range and point extensions of the xpointer() scheme was removed. The rest of the XPointer implementation isn't affected. The xpointer() scheme now behaves like the xpath1() scheme. Several legacy symbols and the functions in xmlunicode.h were removed. ELF version information was removed. The shell was moved from libxml2 to xmllint. Several related functions are no longer available. The libxml.m4 file containing autoconf macros was removed. The --with-tree configuration option was removed. The hack to detect single-threaded programs under glibc was removed. Planned removals Support for HTTP and LZMA compression is planned to be removed in the 2.15 release. The following features are considered for removal: - Modules API (xmlmodule.h) - Schematron support - Support for zlib compressed file I/O - Legacy Windows build system in win32 RELAX NG support is still in a bad state and a long-term removal candidate. 2.13.7 Regressions - tree: Fix xmlTextMerge with NULL args - io: Fix `compressed` flag for uncompressed stdin - parser: Fix parsing of DTD content 2.13.6 Security - [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements - [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd - pattern: Fix compilation of explicit child axis Regressions - xmllint: Support compressed input from stdin - uri: Fix handling of Windows drive letters - reader: Fix return value of xmlTextReaderReadString again - SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL Portability - dict: Handle ENOSYS from getentropy gracefully - Fix compilation with uclibc (Dario Binacchi) - python: Declare init func with PyMODINIT_FUNC - tests: Fix sanitizer version check on old Apple clang - cmake: Work around broken sys/random.h in old macOS SDKs Build - autotools: Set AC_CONFIG_AUX_DIR - cmake: Always build Python module as shared library - cmake: add missing `Bcrypt` link on Windows (Saleem Abdulrasool) - cmake: Fix compatibility in package version file Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e8100bfb1dc9bf8c58d2e6d770cdd60e6e0d8b9b Author: Michael Tremer Date: Mon Mar 31 15:21:09 2025 +0000 core194: Ship procps Signed-off-by: Michael Tremer commit 9a84686cd29d213361db02d11e6ca8555aa787f1 Author: Adolf Belka Date: Mon Mar 31 15:18:23 2025 +0200 core194: Ship coreutils Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 89628cc97418d1e78475640385f80ee9bbaa2eef Author: Adolf Belka Date: Mon Mar 31 15:18:22 2025 +0200 procps: Update to version 4.0.5 - Update from version 4.0.4 to 4.0.5 - Update of rootfile - sobump so ran find-dependencies. usr/bin/uptime from coreutils is linked to the procps libs. So a separate patch created to ship coreutils. I hope I have done it correctly - Changelog 4.0.5 * library increment current, revision and age to 0: 1:0:0 internal: days/users when value is 0 issue #303 internal: dont print 60s but increment minute issue #302 internal: stat api fixed remaining cpu distortions issue #321 internal: only count user sessions internal: Recover from meminfo seek using LXC Debian #1072831 internal: stat api no longer counts guest tics twice issue #339 external: zswap & zswapped added to meminfo api external: schedule class added to pids api external: disk sleep added to pids api, sleep revised issue #265 external: docker containers added to pids api external: procps_users new exported function external: procps_uptime_snprint uses given upseconds external: procps_container_uptime external: meminfo api adds SecPageTables, Unaccepted external: pids api now provides open file descriptors external: 'info' parm removed from all 'VAL' macros issue #332 external: Add procps_sigmask_names external: Add procps_capability_names external: Add PIDS_CAP__PRM Permitted Capabilities * build-sys: Added --disable-pidwait and fixed logic issue #352 * kill: Correctly parse negative pids issue #354 * pgrep: select process by environment variable issue #167 * pgrep: Rework pidfile reading to include stdin issue #318 * pmap: Don't escape correct UTF-8 characters * ps: Add environ field * ps: Add htprv and htshr fields for HugeTables * ps: restore lost tasks for options --sort with -H issue #304 * ps: add 'docker' containers field, similar to 'lxc' * ps: Restore AIX free-format issue #323 * ps: can display open file descriptors for each task * ps: Fix signames scanning issue #341 * ps: Add -o pcap,pcaps to show permitted capabilities * ps: Zombies show in the commandname issue #355 * ps: Use quick mode if possible merge #239 * slabtop: Add --human option for slab size * snice: Minor fix for help screen Debian #1086441 * sysctl: Add glob excludes merge #206 * sysctl: --all skips stat_refresh Debian #978688 * top: added a 'CLS' scheduling class field, like ps * top: exploit library addition of 'disk sleep' issue #265 * top: add 'docker' containers field, similar to 'lxc' * top: provides additional control over colors * top: can display open file descriptors for each task * top: corrected cpu % for hosts with qemu processes issue #339 * top: remains functional if /proc mounted subset=pid * top: can display a task's permitted capabilities (^A) * uptime: Add container uptime option issue #300 * vmstat: Add page allocation to --stats * vmstat.8: si/so are changed by --unit Debian #1061944 * w: Don't segfault with -s option issue #301 * w: Cache pids list issue #305 * w: Add container uptime option * w.1: Note utmp is for non-systemd Debian #1080333 * watch: use clock_gettime issue #295 * watch.1: --chgexit only works for visible changes Debian #729569 * hugetop: a new utility to show huge page information merge #214 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit af709863fbb597ee9c91d57cb6935db3ac70c4c5 Author: Michael Tremer Date: Mon Mar 31 15:20:20 2025 +0000 core194: Ship xz Signed-off-by: Michael Tremer commit d32897e39727502a0957d5cc7b0dd88445f9a9a5 Author: Adolf Belka Date: Mon Mar 31 15:15:55 2025 +0200 xz: Update to version 5.8.0 - Update from version 5.6.3 to 5.8.0 - branch 5.8 is the new stable branch. Branch 5.6 from now on will only get critical fixes, there will be no new releases on that old branch. - Update of rootfile - Changlog 5.8.0 This bumps the minor version of liblzma because new features were added. The API and ABI are still backward compatible with liblzma 5.6.x, 5.4.x, 5.2.x, and 5.0.x. * liblzma on 32/64-bit x86: When possible, use SSE2 intrinsics instead of memcpy() in the LZMA/LZMA2 decoder. In typical cases, this may reduce decompression time by 0-5 %. However, when built against musl libc, over 15 % time reduction was observed with highly compressed files. * CMake: Make the feature test macros match the Autotools-based build on NetBSD, Darwin, and mingw-w64. * Update the Croatian, Italian, Portuguese, and Romanian translations. * Update the German, Italian, Korean, Romanian, Serbian, and Ukrainian man page translations. Summary of changes in the 5.7.x development releases: * Mark the following LZMA Utils script aliases as deprecated: lzcmp, lzdiff, lzless, lzmore, lzgrep, lzegrep, and lzfgrep. * liblzma: - Improve LZMA/LZMA2 encoder speed on 64-bit PowerPC (both endiannesses) and those 64-bit RISC-V processors that support fast unaligned access. - Add low-level APIs for RISC-V, ARM64, and x86 BCJ filters to lzma/bcj.h. These are primarily for erofs-utils. - x86/x86-64/E2K CLMUL CRC code was rewritten. - Use the CRC32 instructions on LoongArch. * xz: - Synchronize the output file and its directory using fsync() before deleting the input file. No syncing is done when xz isn't going to delete the input file. - Add --no-sync to disable the sync-before-delete behavior. - Make --single-stream imply --keep. * xz, xzdec, lzmainfo: When printing messages, replace non-printable characters with question marks. * xz and xzdec on Linux: Support Landlock ABI versions 5 and 6. * CMake: Revise the configuration variables and some of their options, and document them in the file INSTALL. CMake support is no longer experimental. (It was already not experimental when building for native Windows.) * Add build-aux/license-check.sh. 5.6.4 * liblzma: Fix LZMA/LZMA2 encoder on big endian ARM64. * xz: - Fix --filters= and --filters1= ... --filters9= options parsing. They require an argument, thus "xz --filters lzma2" should work in addition to "xz --filters=lzma2". - On the man page, note in the --compress and --decompress options that the default behavior is to delete the input file unless writing to standard output. It was already documented in the DESCRIPTION section but new users in a hurry might miss it. * Windows (native builds, not Cygwin): Fix regressions introduced in XZ Utils 5.6.3 which caused non-ASCII characters to display incorrectly. Only builds with translation support were affected (--enable-nls or ENABLE_NLS=ON). The following changes affect builds that have translations enabled: - Require UCRT because MSVCRT doesn't support UTF-8 locales and thus translations won't be readable on Windows 10 version 1903 and later. (MSVCRT builds are still possible with --disable-nls or ENABLE_NLS=OFF.) - Require gettext-runtime >= 0.23.1 because older versions don't autodetect the use of the UTF-8 code page. This resulted in garbled non-ASCII characters even with UCRT. - Partially fix alignment issues in xz --verbose --list with translated messages. Chinese (simplified), Chinese (traditional), and Korean column headings are misaligned still because Windows and MinGW-w64 don't provide wcwidth() and XZ Utils doesn't include a replacement function either. * CMake: Explicitly disable unity builds. This prevents build failures when another project uses XZ Utils via CMake's FetchContent module, and that project enables unity builds. * Update Chinese (traditional) and Serbian translations. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee688ea061b242eb9eaf61d7c406fda5a957addc Author: Adolf Belka Date: Mon Mar 31 15:15:53 2025 +0200 harfbuzz: Update to version 11.0.0 - Update from version 10.4.0 to 11.0.0 - Update of rootfile - Changelog 11.0.0 - There are three new font-functions implementations (integrations) in this release: * `hb-coretext` has gained one, calling into the CoreText library, * `hb-directwrite` has gained one, calling into the DirectWrite library. * `hb-fontations` has gained one, calling into the Skrifa Rust library. All three are mostly useful for performance and correctness testing, but some clients might find them useful. An API is added to use them from a single API by providing a backend name string: * `hb_font_set_funcs_using()` - Several new APIs are added, to load a font-face using different "face-loaders", and a single entry point to them all using a loader name string: * `hb_ft_face_create_from_file_or_fail()` and `hb_ft_face_create_from_blob_or_fail()` * `hb_coretext_face_create_from_file_or_fail()` and `hb_coretext_face_create_from_blob_or_fail()` * `hb_directwrite_face_create_from_file_or_fail()` and `hb_directwrite_face_create_from_blob_or_fail()` * `hb_face_create_from_file_or_fail_using()` - All drawing and painting operations using the default, `hb-ot` functions have become memory allocation-free. - Several performance optimizations have been implemented. - Application of the `trak` table during shaping has been improved. - The `directwrite` shaper now supports font variations, and correctly applies user features. - The `hb-directwrite` API and shaper has graduated from experimental. - Various bug fixes and other improvements. - New API: +hb_malloc +hb_calloc +hb_realloc +hb_free +hb_face_list_loaders +hb_face_create_or_fail_using +hb_face_create_from_file_or_fail_using +hb_font_list_funcs +hb_font_set_funcs_using +hb_coretext_face_create_from_blob_or_fail +hb_directwrite_face_create_from_file_or_fail +hb_directwrite_face_create_from_blob_or_fail +hb_directwrite_font_create +hb_directwrite_font_get_dw_font_face +hb_directwrite_font_set_funcs +hb_fontations_font_set_funcs +hb_ft_face_create_from_blob_or_fail +hb_paint_push_font_transform +hb_paint_push_inverse_font_transform +HB_BUFFER_CLUSTER_LEVEL_GRAPHEMES +HB_BUFFER_CLUSTER_LEVEL_IS_MONOTONE +HB_BUFFER_CLUSTER_LEVEL_IS_GRAPHEMES +HB_BUFFER_CLUSTER_LEVEL_IS_CHARACTERS - Deprecated API: +hb_directwrite_font_get_dw_font Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b3cb61cac304abaefcf3bbf0ba0a2e8baf39ace0 Author: Michael Tremer Date: Mon Mar 31 15:18:58 2025 +0000 core194: Ship iproute2 Signed-off-by: Michael Tremer commit 1a69d7f81a5096b754f6acab189a436416aa517d Author: Adolf Belka Date: Mon Mar 31 15:15:54 2025 +0200 iproute2: Update to version 6.14.0 - Update from version 6.11.0 to 6.14.0 - Update of rootfile - Changelog is not available. Details of changes have to be found by reviewing the git log file - https://web.git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit cfad72e8f13d471f88f76dd74e8c6938c0546601 Author: Stephen Cuka Date: Sun Mar 30 11:05:21 2025 -0600 pakfire.cgi: Add upgrade confirmation page. - Add upgrade confirmation page. Clicking on the 'Upgrade' button on the main page displays the confirmation page. - The upgrade confirmation page runs 'pakfire update' then displays all available core and add-on upgrades for confirmation. If there are any 'ERROR' messages from the 'pakfire update', they are displayed on the confirmation page. - Changed translations for consistency: - 'pakfire updates' -> 'pakfire upgrades' - 'pakfire confirm updates' -> 'pakfire confirm upgrades' Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 2848f341692f52135b4ed0590b86a6962b144080 Author: Robin Roevens Date: Sat Mar 29 00:23:32 2025 +0100 zabbix_agentd: Set passive check agents to 3 by default on new installations. Zabbix Agent since v7 by default forks 10 instances to listen for and concurrently execute incoming (passive) checks. This was only 3 in previous versions and should be plenty on an IPFire instance where resources can be scarce. Users with an existing installation will have to manually add the parameter to their config if they don't want the Zabbix new default of 10 . This will be documented in the wiki. Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 746ff257d04cebb7fa8aadf9804215c9d38e6873 Author: Michael Tremer Date: Sun Mar 30 13:06:59 2025 +0000 core194: Ship expat Signed-off-by: Michael Tremer commit 861a79c14e30fd2bfda0463f0d3d06cc8ec6a29a Author: Adolf Belka Date: Fri Mar 28 22:03:25 2025 +0100 expat: Update to version 2.7.1 - Update from version 2.7.0 to 2.7.1 - Update of rootfile - Changelog 2.7.1 Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ab7e955f1210e1f23fbcae4b64e499c8dde588e1 Author: Michael Tremer Date: Fri Mar 28 12:11:22 2025 +0000 credits.cgi. Update contributors Signed-off-by: Michael Tremer commit 80208fe4e628d7148e4439053e25f9de0bcd6ecb Author: Michael Tremer Date: Fri Mar 28 12:11:08 2025 +0000 core194: Ship pakfire.cgi Signed-off-by: Michael Tremer commit 22e7fefc22d23a033c32ffed035995892a895ad7 Author: Stephen Cuka Date: Wed Mar 26 23:34:40 2025 -0600 pakfire.cgi: Convert icons to buttons. - Convert icons to buttons on main and confirmation pages. - Disable Upgrade button if no core or add-on updates available. - Disable Install and Remove buttons until an add-on is selected to install or remove. - Change 'abort' to 'cancel'. - Change 'uninstall' to 'remove'. - Set fixed height on select boxes to keep the size the same if there are no options for the select. - Change translation for install/remove description text, the previous text referred to the icons. 'pakfire install description' -> 'Please select one or more add-ons to install.' 'pakfire uninstall description' -> 'Please select one or more add-ons to remove.' Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit e0dc059b360d0609961d588694dfc7e386e63306 Author: Stephen Cuka Date: Tue Mar 25 13:25:42 2025 -0600 pakfire.cgi: Change to new translations. upgrade -> pakfire upgrade install -> pakfire install available updates -> pakfire updates calamaris refresh list -> pakfire refresh list Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit b79accc2a46d289667c05e43893ffa200fb5ddf9 Author: Stephen Cuka Date: Mon Mar 24 16:12:55 2025 -0600 langs: Add trs for upgrade confirmation page. 'pakfire confirm updates' => 'Do you want to install all updates?' 'pakfire updating' => 'Updating pakfire database, please wait...' Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 3e79d2a2544377a83c6ccde5feed7eb2e48883d8 Author: Stephen Cuka Date: Mon Mar 24 13:13:47 2025 -0600 langs: Add trs for install/remove confirmation pages. 'pakfire dependencies found' => 'Dependencies found:' 'pakfire no dependencies found' => 'No dependencies found.' 'pakfire resolvedeps wait' => 'Checking for dependencies, please wait...' Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 0378ba767ae0698b3f909671177ea2f1369b291f Author: Stephen Cuka Date: Sun Mar 23 19:10:10 2025 -0600 langs: Add 'pakfire refresh list' translation. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 88838a2a2580a55bbbb3f5b4e8a9492aa5a15cb6 Author: Stephen Cuka Date: Sun Mar 23 18:35:43 2025 -0600 langs: Add 'pakfire updates' translation. Add missing 'pakfire updates' tr to en.pl and it.pl. For other languages, in cases where the existing 'pakfire updates' tr does not match the 'available updates' tr currently used by pakfire.cgi, give precedence to the 'available updates' tr and update 'pakfire updates' accordingly. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 9f82bd84751feaf9c4596a8cab0695110f0675c1 Author: Stephen Cuka Date: Sun Mar 23 15:25:13 2025 -0600 langs: Add 'pakfire install' translation. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 5a16ed0b0224de172f03516f15fb2108e87f1b8c Author: Stephen Cuka Date: Sun Mar 23 14:42:13 2025 -0600 langs: Add 'pakfire upgrade' translation. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer