commit 18702b07f5c59ce600adcf6f069cecf686e7e2d4 Author: Michael Tremer Date: Mon May 5 10:47:37 2025 +0000 core195: Ship xfsprogs Signed-off-by: Michael Tremer commit fb9f234c9c9a3c91b1343a139ee06b5add8adaa0 Author: Adolf Belka Date: Sun May 4 15:17:11 2025 +0200 xfsprogs: Update to version 6.14.0 - Update from version 6.13.0 to 6.14.0 - Update of rootfile not required - Changelog 6.14.0 xfs_scrub_all: localize the strings in the program (Darrick J. Wong) xfs_protofile: add messages to localization catalog (Darrick J. Wong) Makefile: inject package name/version/bugreport into pot file (Darrick J. Wong) xfs_scrub_all: rename source code to .py.in (Darrick J. Wong) xfs_protofile: rename source code to .py.in (Darrick J. Wong) xfs_repair: handling a block with bad crc, bad uuid, and bad magic number needs fixing (Bill O'Donnell) xfs_repair: fix stupid argument error in verify_inode_chunk (Darrick J. Wong) xfs_repair: fix infinite loop in longform_dir2_entry_check* (Darrick J. Wong) xfs_repair: fix crash in reset_rt_metadir_inodes (Darrick J. Wong) xfs_repair: don't recreate /quota metadir if there are no quota inodes (Darrick J. Wong) xfs_repair: fix wording of error message about leftover CoW blocks on the rt device (Darrick J. Wong) xfs_io: Add cachestat syscall support (Ritesh Harjani (IBM)) xfs_io: Add RWF_DONTCACHE support to preadv2 (Ritesh Harjani (IBM)) xfs_io: Add RWF_DONTCACHE support to pwritev2 (Ritesh Harjani (IBM)) xfs_io: Add support for preadv2 (Ritesh Harjani (IBM)) make: remove the .extradep file in libxfs on "make clean" (Theodore Ts'o) xfs_{admin,repair},man5: tell the user to mount with nouuid for snapshots (Darrick J. Wong) xfsprogs: Fix mismatched return type of filesize() (Pavel Reichl) xfs_io: don't fail FS_IOC_FSGETXATTR on filesystems that lack support (Anthony Iliopoulos) configure: additionally get icu-uc from pkg-config (Alyssa Ross) xfs_scrub: use the display mountpoint for reporting file corruptions (Darrick J. Wong) xfs_scrub: don't warn about zero width joiner control characters (Darrick J. Wong) xfs_scrub: fix buffer overflow in string_escape (Darrick J. Wong) xfs_db: add command to copy directory trees out of filesystems (Darrick J. Wong) xfs_db: make listdir more generally useful (Darrick J. Wong) xfs_db: use an empty transaction to try to prevent livelocks in path_navigate (Darrick J. Wong) xfs_db: pass const pointers when we're not modifying them (Darrick J. Wong) mkfs: enable reflink on the realtime device (Darrick J. Wong) mkfs: validate CoW extent size hint when rtinherit is set (Darrick J. Wong) xfs_logprint: report realtime CUIs (Darrick J. Wong) xfs_repair: validate CoW extent size hint on rtinherit directories (Darrick J. Wong) xfs_repair: allow realtime files to have the reflink flag set (Darrick J. Wong) xfs_repair: rebuild the realtime refcount btree (Darrick J. Wong) xfs_repair: reject unwritten shared extents (Darrick J. Wong) xfs_repair: check existing realtime refcountbt entries against observed refcounts (Darrick J. Wong) xfs_repair: compute refcount data for the realtime groups (Darrick J. Wong) xfs_repair: find and mark the rtrefcountbt inode (Darrick J. Wong) xfs_repair: use realtime refcount btree data to check block types (Darrick J. Wong) xfs_repair: allow CoW staging extents in the realtime rmap records (Darrick J. Wong) xfs_spaceman: report health of the realtime refcount btree (Darrick J. Wong) xfs_db: add rtrefcount reservations to the rgresv command (Darrick J. Wong) xfs_db: copy the realtime refcount btree (Darrick J. Wong) xfs_db: support the realtime refcountbt (Darrick J. Wong) xfs_db: display the realtime refcount btree contents (Darrick J. Wong) man: document userspace API changes due to rt reflink (Darrick J. Wong) mkfs: create the realtime rmap inode (Darrick J. Wong) xfs_logprint: report realtime RUIs (Darrick J. Wong) xfs_repair: reserve per-AG space while rebuilding rt metadata (Darrick J. Wong) xfs_repair: rebuild the bmap btree for realtime files (Darrick J. Wong) xfs_repair: check for global free space concerns with default btree slack levels (Darrick J. Wong) xfs_repair: rebuild the realtime rmap btree (Darrick J. Wong) xfs_repair: always check realtime file mappings against incore info (Darrick J. Wong) xfs_repair: check existing realtime rmapbt entries against observed rmaps (Darrick J. Wong) xfs_repair: find and mark the rtrmapbt inodes (Darrick J. Wong) xfs_repair: refactor realtime inode check (Darrick J. Wong) xfs_repair: create a new set of incore rmap information for rt groups (Darrick J. Wong) xfs_repair: use realtime rmap btree data to check block types (Darrick J. Wong) xfs_repair: flag suspect long-format btree blocks (Darrick J. Wong) xfs_repair: tidy up rmap_diffkeys (Darrick J. Wong) xfs_spaceman: report health status of the realtime rmap btree (Darrick J. Wong) xfs_db: add an rgresv command (Darrick J. Wong) xfs_db: make fsmap query the realtime reverse mapping tree (Darrick J. Wong) xfs_db: copy the realtime rmap btree (Darrick J. Wong) xfs_db: support the realtime rmapbt (Darrick J. Wong) xfs_db: display the realtime rmap btree contents (Darrick J. Wong) xfs_db: don't abort when bmapping on a non-extents/bmbt fork (Darrick J. Wong) xfs_db: compute average btree height (Darrick J. Wong) man: document userspace API changes due to rt rmap (Darrick J. Wong) xfs_scrub: try harder to fill the bulkstat array with bulkstat() (Darrick J. Wong) xfs_scrub: ignore freed inodes when single-stepping during phase 3 (Darrick J. Wong) xfs_scrub: hoist the phase3 bulkstat single stepping code (Darrick J. Wong) xfs_scrub: don't blow away new inodes in bulkstat_single_step (Darrick J. Wong) xfs_scrub: return early from bulkstat_for_inumbers if no bulkstat data (Darrick J. Wong) xfs_scrub: don't complain if bulkstat fails (Darrick J. Wong) xfs_scrub: don't (re)set the bulkstat request icount incorrectly (Darrick J. Wong) xfs_scrub: don't double-scan inodes during phase 3 (Darrick J. Wong) xfs_scrub: actually iterate all the bulkstat records (Darrick J. Wong) xfs_scrub: selectively re-run bulkstat after re-running inumbers (Darrick J. Wong) xfs_scrub: remove flags argument from scrub_scan_all_inodes (Darrick J. Wong) xfs_scrub: call bulkstat directly if we're only scanning user files (Darrick J. Wong) xfs_scrub: don't report data loss in unlinked inodes twice (Darrick J. Wong) man: document new XFS_BULK_IREQ_METADIR flag to bulkstat (Darrick J. Wong) xfs_db: obfuscate rt superblock label when metadumping (Darrick J. Wong) mkfs,xfs_repair: don't pass a daddr as the flags argument (Darrick J. Wong) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f7593e7e293905e0362a2b6b865ba5aee3a589ba Author: Adolf Belka Date: Sun May 4 15:17:10 2025 +0200 tshark: Update to version 4.4.6 - Update from version 4.4.5 to 4.4.6 - Update of rootfile - Changelog 4.4.6 Bug Fixes Bug in EtherCAT dissector with ECS order. Issue 13718. Conversation dialog columns return to default width on each new packet in live capture. Issue 15978. Tests fail in LTO-enabled builds in Ubuntu/Debian. Issue 18216. Incorrect conditions in BFCP dissector. Issue 18717. Static build fails on Ubuntu 24.04 because the c-ares library isn’t found. Issue 20343. Flutter’s Image Picker Generated JPEG Files Detected as Malformed Packet. Issue 20355. QUIC dissector breaks when src and dst change. Issue 20371. s390x: build fail on Ubuntu PPA nighty build. Issue 20372. Trailing octet after IPv4 packet end is not detected or displayed in raw bytes. Issue 20423. [packet-ax25-nol3.c] Only call APRS dissector on UI Frames. Issue 20429. Wireshark hangs when refreshing interfaces with the debug console preference set to "always" and a file open (Windows) Issue 20434. BGP EVPN - Type-8 route not correctly read after addition of Max. Response Time field. Issue 20459. Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP. Issue 20463. MQTT-SN: WILLTOPIC message not decoded correctly (missing some flags) Issue 20476. New Protocol Support There are no new protocols in this release. Updated Protocol Support ADB, ASAM CMP, AX.25, BACapp, BFCP, BGP, CP2179, DCERPC WKSSVC, DCT2000, DECT-NWK, DHCP, DOF, EAPOL-MKA, ECAT, ErlDP, Ethertype, F1AP, GSM BSSMAP, GSM DTAP, HomePlug AV, ICMP, IEEE 802.11, ITS, LDP, MQTT-SN, NAS-EPS, NR RRC, OER, PCEP, PNIO, PPP, QUAKE, QUIC, Raw, Signal PDU, TCP, TECMP, TLS, and USB DFU New and Updated Capture File Support 3GPP and pcapng Updated File Format Decoding Support There is no updated file format support in this release. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e0e79dbfab117e10ded509bb58ba73580f66e0f3 Author: Michael Tremer Date: Mon May 5 10:47:06 2025 +0000 core195: Ship patch Signed-off-by: Michael Tremer commit 0dc3298f4637e3ef95ac0c357e90c769f15c7eb8 Author: Adolf Belka Date: Sun May 4 15:17:09 2025 +0200 patch: Update to version 2.8 - Update from version 2.7.6 to 2.8 - Update of rootfile not required - Changelog 2.8 * The --follow-symlinks option now applies to output files as well as input. * 'patch' now supports file timestamps after 2038 even on traditional GNU/Linux platforms where time_t defaults to 32 bits. * 'patch' no longer creates files with names containing newlines, as encouraged by POSIX.1-2024. * Patches can no longer contain NUL ('\0') bytes in diff directive lines. These bytes would otherwise cause unpredictable behavior. * Patches can now contain sequences of spaces and tabs around line numbers and in other places where POSIX requires support for these sequences. * --enable-gcc-warnings no longer uses expensive static checking. Use --enable-gcc-warnings=expensive if you still want it. * Fix undefined or ill-defined behavior in unusual cases, such as very large sizes, possible stack overflow, I/O errors, memory exhaustion, races with other processes, and signals arriving at inopportune moments. * Remove old "Plan B" code, designed for machines with 16-bit pointers. * Assume C99 or later; previously it assumed C89 or later. * Port to current GCC, Autoconf, Gnulib, etc. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit cef089d72efe0155966794d4d7235e7d6ac89aa7 Author: Michael Tremer Date: Mon May 5 10:46:45 2025 +0000 core195: Ship hwdata Signed-off-by: Michael Tremer commit efdf7fd6c717887e69b8c52cace44938a41148fe Author: Adolf Belka Date: Sun May 4 15:17:08 2025 +0200 hwdata: Update to version 0.394 - Update from version 0.393 to 0.394 - Update of rootfile not required - Changelog 0.394 Update pci and vendor ids Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7d9f6569b3de748191ec5d81f23298cdbb010035 Author: Michael Tremer Date: Mon May 5 10:46:28 2025 +0000 core195: Ship harfbuzz Signed-off-by: Michael Tremer commit 8c22902cf8114da2917dbd658944836ab57f8bdc Author: Adolf Belka Date: Sun May 4 15:17:07 2025 +0200 harfbuzz: Update to version 11.2.0 - Update from version 11.0.0 to 11.2.0 - Update of rootfile - Changelog 11.2.0 - Painting of COLRv1 fonts without clip boxes is now about 10 times faster. - Synthetic bold/slant of a sub font is now respected, instead of using the parent’s. - Glyph extents for fonts synthetic bold/slant are now accurately calculated. - Various build fixes - New API: +hb_font_is_synthetic() +hb_font_draw_glyph_or_fail_func_t +hb_font_paint_glyph_or_fail_func_t +hb_font_funcs_set_draw_glyph_or_fail_func() +hb_font_funcs_set_paint_glyph_or_fail_func() +hb_font_draw_glyph_or_fail() +hb_font_paint_glyph_or_fail() - Deprecated API: -hb_font_draw_glyph_func_t -hb_font_paint_glyph_func_t -hb_font_funcs_set_draw_glyph_func() -hb_font_funcs_set_paint_glyph_func() 11.1.0 - Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this behaviour. - Various bug fixes. - Various build fixes and improvements. - Various test suite improvements. - New API: +HB_SUBSET_FLAGS_NO_BIDI_CLOSURE 11.0.1 - The change in version 10.3.0 to apply “trak” table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. - When `directwrite` integration is enabled, we now link to `dwrite.dll` instead of dynamically loading it. - A new experimental APIs for getting raw “CFF” and “CFF2” CharStrings. - We now provide manpages for the various command line utilities. Building manpages requires “help2man” and will be skipped if it is not present. - The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. - Various fixes and improvements to `fontations` font functions. - All shaping operations using the `ot` shaper have become memory allocation-free. - Glyph extents returned by `hb-ot` and `hb-ft` font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. - Fix “AAT” deleted glyph marks interfering with fallback mark positioning. - Glyph outlines emboldening have been moved out of `hb-ot` and `hb-ft` font functions to the HarfBuzz font layer, so that it works with any font functions implementation. - Fix our fallback C++11 atomics integration, which seems to not be widely used. - Various testing fixes and improvements. - Various subsetting fixes and improvements. - Various other fixes and improvements. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 057c57c54c53501ea765bede7dad601c4a5cd11a Author: Michael Tremer Date: Mon May 5 10:46:09 2025 +0000 core195: Ship grep Signed-off-by: Michael Tremer commit dad824623c9468b62582d36eb34fab0d96885e30 Author: Adolf Belka Date: Sun May 4 15:17:06 2025 +0200 grep: Update to version 3.12 - Update from version 3.11 to 3.12 - Update of rootfile not required - Changelog 3.12 ** Bug fixes Searching a directory with at least 100,000 entries no longer fails with "Operation not supported" and exit status 2. Now, this prints 1 and no diagnostic, as expected: $ mkdir t && cd t && seq 100000|xargs touch && grep -r x .; echo $? 1 [bug introduced in grep 3.11] -mN where 1 < N no longer mistakenly lseeks to end of input merely because standard output is /dev/null. ** Changes in behavior The --unix-byte-offsets (-u) option is gone. In grep-3.7 (2021-08-14) it became a warning-only no-op. Before then, it was a Windows-only no-op. On Windows platforms and on AIX in 32-bit mode, grep in some cases now supports Unicode characters outside the Basic Multilingual Plane. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2e650d998f26d5e8eb421ae325abf98c8bf2095b Author: Michael Tremer Date: Mon May 5 10:45:50 2025 +0000 core195: Ship gawk Signed-off-by: Michael Tremer commit 7aa26afd649613767876ed1e8b69046e76ef88b0 Author: Adolf Belka Date: Sun May 4 15:17:05 2025 +0200 gawk: Update to version 5.3.2 - Update from version 5.3.1 to 5.3.2 - Update of rootfile - Changelog 5.3.2 1. The pretty printer now produces fewer spurious newlines; at the outermost level it now adds newlines between block comments and the block or function that follows them. The extra final newline is no longer produced. 2. OpenVMS 9.2-2 x86_64 is now supported. 3. On Linux and macos systems, the -no-pie linker flag is no longer required. PMA now works on macos systems with Apple silicon, and not just Intel systems. 4. Still more subtle issues related to uninitialized array elements have been fixed. 5. Associative arrays should now not grow quite as fast as they used to. 6. The code and documentation are now consistent with each other with respect to path searching and adding .awk to the filename. Both are always done, even with --posix and --traditional. 7. As usual, there have been several minor code cleanups and bug fixes. See the ChangeLog for details. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 218cfec11ee2194b384a310bf78b9f6306c71ca0 Author: Michael Tremer Date: Mon May 5 10:45:23 2025 +0000 core195: Ship diffutils Signed-off-by: Michael Tremer commit 5f705c1d35e21cb4119cd690f5871b26079e9791 Author: Adolf Belka Date: Sun May 4 15:17:04 2025 +0200 diffutils: Update to version 3.12 - Update from version 3.11 to 3.12 - Update of rootfile not required - Changelog 3.12 Bug fixes diff -r no longer merely summarizes when comparing an empty regular file to a nonempty regular file. [bug#76452 introduced in 3.11] diff -y no longer crashes when given nontrivial differences. [bug#76613 introduced in 3.11] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 341eb00a821c4254ddd04968beed2e98e5a33aff Author: Michael Tremer Date: Sat May 3 15:10:16 2025 +0200 fwhosts.cgi: Correctly show IP addresses for WireGuard RW peers Signed-off-by: Michael Tremer commit 6e8d853c8103da10ee6a4abc804848d57fceeb8b Author: Michael Tremer Date: Wed Apr 30 09:14:46 2025 +0000 core195: Remove dropped packages Signed-off-by: Michael Tremer commit 524b5c0c3e7a2c8e3f40158a7b6a495d37d3f749 Author: Michael Tremer Date: Tue Apr 29 17:02:18 2025 +0000 xvid: Drop package Signed-off-by: Michael Tremer commit 67e924b6d2c6e62d382b571b25b95f91ca8aaa42 Author: Michael Tremer Date: Tue Apr 29 16:59:09 2025 +0000 libmpeg2: Drop package Signed-off-by: Michael Tremer commit a1ea68d434cfe4587456d34b91cc742dd99baca1 Merge: 057b3e49c f0acc9e4a Author: Michael Tremer Date: Tue Apr 29 15:23:11 2025 +0000 Merge branch 'master' into next commit f0acc9e4a3a446307684dfe9ee9031313407546a Author: Adolf Belka Date: Tue Apr 29 16:42:19 2025 +0200 backup.pl: Fix restores for ipsec backups before regen was fixed - Prior to the ipsec host cert regen fix, the backup did not include the serial or the index.txt files. - After the ipsec regen patch set, if a backup from before the change is retsored then the serial and index.attr could end up not matching. This would break the ipsec regen again. - All backups before the change will have hostcerts with serial numbers of 1. - This patch extracts the serial number from the restored hostcert.pem. If the serial number is 1 and if the existing serial number file does not contain 02, then the serial file contents are replaced by 02 and the index.txt contents are deleted. - If the restored hostcert.pem serial number is greater than 1 then the backup will contain the serial anf index.txt files. - If the restored hostcert.pem serial number is 1 and the serial file contains 02 then the ipsec regen will work correctly. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5f0a9eb10ee55181179dbb54985c9559e5390ba9 Author: Michael Tremer Date: Tue Apr 29 15:22:37 2025 +0000 core194: Fix missing whitespace and quote filenames Signed-off-by: Michael Tremer commit cc6e5188fa3f8ffaeb52f644e411195a7cfa12b8 Author: Adolf Belka Date: Tue Apr 29 12:10:49 2025 +0200 update.sh: Core 194 - increment ipsec serial file if x509 set exists - This is related to the fix patch set for bug13737. That patch set works with no problems if the root/host x509 set is created for the first time with that patch set merged. However if the x509 is already created previously then the contents of serial will still be 01 instead of 02. - This patch checks if the hostcert.pm file exists and that the index.txt file is empty, and then increments the serial content from 01 to 02. This means that when the x509 is regenerated the system will not complain that 01 cannot be used as it has already been revoked but will use 02 for the new host and everything works fine after that. Fixes: bug13737 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 73a2afbcf5b923c4b56637227d5621f7800d4d62 Author: Michael Tremer Date: Tue Apr 29 14:56:48 2025 +0000 dnsdist: Update to 1.9.9 We released PowerDNS DNSdist 1.9.9 today, an emergency release fixing a security issue tracked as CVE-2025-30194 where a remote, unauthenticated attacker can cause a denial of service via a crafted DNS over HTTPS connection. The issue was reported to us via our public GitHub tracker, so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. Signed-off-by: Michael Tremer commit 057b3e49c5e8aadb2c35ee2c65641ad7b073dacb Author: Michael Tremer Date: Tue Apr 29 08:54:07 2025 +0000 core195: Ship vpnmain.cgi This is because of changes that were applied late to c194. Signed-off-by: Michael Tremer commit c85560b8c558e95490687a1e798ae16d9652e74e Merge: 43867c1e0 f9f02b4c2 Author: Michael Tremer Date: Tue Apr 29 08:53:48 2025 +0000 Merge remote-tracking branch 'origin/master' into next commit f9f02b4c244fea3025245348678bb08bbfbd48a8 Author: Michael Tremer Date: Mon Apr 28 09:45:51 2025 +0000 vpnmain.cgi: Fix editing connections that are using a PSK This patch takes care of properly decoding the PSK if it was already stored base64-encoded. If the connection is edited, it always will be stored base64-encoded upon save. It would have been nice to not send the PSK back to the browser again (although the security benefits would have been marginal), but that would make the code even messier than it is. Signed-off-by: Michael Tremer Tested-by: Adolf Belka Tested-by: Christian Hernmarck commit 43867c1e070fc96420a666b0bb21182eff16787b Author: Michael Tremer Date: Sun Apr 27 18:30:59 2025 +0200 wireguard: Add a custom routing table for peers This is a dirty hack to make connections to VPN providers actually work. We mark all WG packets after encryption and use a secondary routing table to look up any routes to the peers. That way, we can replace the default route in the main routing table without having to care about the special routes there. Signed-off-by: Michael Tremer commit 8b7f769451feade69f7a269387f67d3f95dcaa90 Author: Michael Tremer Date: Sun Apr 27 18:01:44 2025 +0200 wireguard-functions.pl: Tolerate any IP addresses with subnet masks on import Signed-off-by: Michael Tremer commit 5c71c87e88446bd42bdc3ec7143b8f032499aa06 Author: Michael Tremer Date: Sun Apr 27 17:50:09 2025 +0200 wireguard-functions.pl: Don't strictly require a port in imported configurations If importing a client configuration, there might not be a port. This is quite likely to happen with VPN providers that don't create a connection but are awaiting incoming connections only. Signed-off-by: Michael Tremer commit d365234701bb68bbf8826c7b7b74248021393cfe Author: Michael Tremer Date: Sun Apr 27 17:48:19 2025 +0200 wireguard.cgi: Show public key when hovering over a peer name This is quite useful when debugging a client. Signed-off-by: Michael Tremer commit ff566655f74bdbbba135520d7b29633b4d18fa6a Author: Michael Tremer Date: Sun Apr 27 17:47:39 2025 +0200 wireguard-functions.pl: Append /32 subnet mask to client address Some clients seem to want this or otherwise refuse the import. Signed-off-by: Michael Tremer commit 569a0a9d33e37c6967c47033bed75cdca8984fd1 Author: Michael Tremer Date: Sat Apr 26 15:03:53 2025 +0200 langs: Add German translation for WireGuard Signed-off-by: Michael Tremer commit 9fba112e94900d0a64a140a7d945d7ec651ce7ae Author: Michael Tremer Date: Sat Apr 26 14:37:29 2025 +0200 wireguard.cgi: Check the first available option on add Signed-off-by: Michael Tremer commit 459bb750298c09990c0c8d4677f0f442887304d0 Author: Michael Tremer Date: Sat Apr 26 14:30:44 2025 +0200 wireguard: Automatically apply MASQUERADE for peers with local address In this case we are the client and we cannot leak any local subnets. Signed-off-by: Michael Tremer commit 361437f82984effc7408d4428cd6c89855163de4 Author: Michael Tremer Date: Sat Apr 26 14:25:27 2025 +0200 wireguard: Support having a local IP address This is what we need to support VPN providers. Signed-off-by: Michael Tremer commit 5abfabb8bd81ded8c01f34e71b0d01717a4952b4 Author: Michael Tremer Date: Sat Apr 26 14:04:54 2025 +0200 wireguard-functions.pl: Complain if required fields are missing Signed-off-by: Michael Tremer commit 0dc47e5dbd6df2ba54f20617bd54b2ae3f0bbec5 Author: Michael Tremer Date: Sat Apr 26 13:54:30 2025 +0200 wireguard.cgi: Rebuild the importer This is now a two-step process that is asking for all sorts of required information. Signed-off-by: Michael Tremer commit fa53185b7b50b3ffb40186a3c7d1c7a0204ca8cc Author: Michael Tremer Date: Sat Apr 26 13:13:32 2025 +0200 wireguard.cgi: Add some extra spacing when chosing a connection type Signed-off-by: Michael Tremer commit cae7916decc645cd7ea9cefec739db0f9da93354 Author: Michael Tremer Date: Sat Apr 26 13:06:47 2025 +0200 wireguard.cgi: Allow full access to everywhere by default for RW I think this is a more what people would expect. Signed-off-by: Michael Tremer commit 0bdbbd0e323062eab81504f61affc985e2c44cae Author: Michael Tremer Date: Sat Apr 26 13:05:18 2025 +0200 wireguard.cgi: Fail if we are trying to edit a peer that does not exist Signed-off-by: Michael Tremer commit d0943219087f39fe69a47e20dff748297e4a5fb7 Author: Michael Tremer Date: Fri Apr 25 14:53:47 2025 +0200 core195: Ship network-functions.pl Signed-off-by: Michael Tremer commit 08f60babc98dad3b37c626867f2530998f5ca81c Author: Michael Tremer Date: Fri Apr 25 14:53:07 2025 +0200 wireguard.cgi: Normalize the pool address Signed-off-by: Michael Tremer commit f4fa8b317d41fa5650ddcad5d42cdee1affc51e5 Author: Michael Tremer Date: Fri Apr 25 14:11:49 2025 +0200 wireguard: Don't block RW peer traffic Signed-off-by: Michael Tremer commit 3948ba05ec12cddf75a70174baa75097107c407b Author: Michael Tremer Date: Fri Apr 25 14:06:36 2025 +0200 wireguard-functions.pl: Fix collecting used IP addresses Signed-off-by: Michael Tremer commit 25ac8dbdcf88184daa9e41bcc4cc489a5d3a5f11 Author: Michael Tremer Date: Fri Apr 25 12:30:37 2025 +0200 wireguard-functions.pl: Dereference another array for local subnets Signed-off-by: Michael Tremer commit 9638ab6ea9223e41dc21bc52ee189ab760c02327 Author: Michael Tremer Date: Fri Apr 25 10:00:10 2025 +0000 core195: Ship gzip Signed-off-by: Michael Tremer commit c55ed9a6022109ccc2a69d3d9066125ac862ff82 Author: Adolf Belka Date: Thu Apr 24 15:43:47 2025 +0200 gzip: Update to version 1.14 - Update from version 1.13 to 1.14 - Update of rootfile not required - Changelog 1.14 ** Bug fixes 'gzip -d' no longer omits the last partial output buffer when the input ends unexpectedly on an IBM Z platform. [bug introduced in gzip-1.11] 'gzip -l' no longer misreports lengths of multimember inputs. [bug introduced in gzip-1.12] 'gzip -S' now rejects suffixes containing '/'. [bug present since the beginning] ** Changes in behavior The GZIP environment variable is now silently ignored except for the options -1 (--fast) through -9 (--best), --rsyncable, and --synchronous. This brings gzip into line with more-cautious compressors like zstd that limit environment variables' effect to relatively innocuous performance issues. You can continue to use scripts to specify whatever gzip options you like. 'zmore' is no longer installed on platforms lacking 'more'. ** Performance improvements gzip now decompresses significantly faster by computing CRCs via a slice by 8 algorithm, and faster yet on x86-64 platforms that support pclmul instructions. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 8afbef0fce2fde7d12ddbab26390c6a71c173bdc Author: Michael Tremer Date: Fri Apr 25 11:56:20 2025 +0200 wireguard-functions.pl: Fix array dereference when generating the client configuration Signed-off-by: Michael Tremer commit dfb7062fba3bcac4a422f8d473d3fbe001cd1c65 Author: Michael Tremer Date: Fri Apr 25 11:52:01 2025 +0200 wireguard-functions.pl: Don't crash when configuration files don't exist This should never really happen, but since we include this file in pretty much everything Perl, we should not fail. Signed-off-by: Michael Tremer