commit 6351c81763fa3c4b198a1751b0b6cbea6e6d1e25 Author: Adolf Belka Date: Fri May 23 18:03:44 2025 +0200 screen: Update to version 5.0.1 - This v2 version is with the correct tarball, without the binary object files. - Update from version 5.0.0 to 5.0.1 - Update of rootfile - 5 CVE fixes included in this version - Changelog 5.0.1 Security fix CVE-2025-46805: do NOT send signals with root privileges CVE-2025-46804: avoid file existence test information leaks CVE-2025-46803: apply safe PTY default mode of 0620 CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher CVE-2025-23395: reintroduce lf_secreopen() for logfile buffer overflow due bad strncpy() uninitialized variables warnings typos combining char handling that could lead to a segfault Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 50ce4246c034fe21ddf2ff49597bcbb07473f34d Author: Michael Tremer Date: Sun May 25 11:54:54 2025 +0000 core196: Ship whois Signed-off-by: Michael Tremer commit b30a24ead88befb8f2604e1edb1d3f62a536eadb Author: Adolf Belka Date: Sat May 24 16:36:55 2025 +0200 whois: Update to version 5.6.1 - Update from version 5.5.23 to 5.6.1 - Update of rootfile not required - Changelog 5.6.1 * Added the .pg TLD server. * Updated the .gov, .mu, .中国 (.xn--fiqs8s) and .中國 (.xn--fiqz9s) TLD servers. * Removed the .jobs TLD server. * Added the encodings for whois.afrinic.net and whois.apnic.net. * Enabled the UTF-8 encoding for whois.ripe.net. * Use the last ReferralServer returned by the ARIN server instead of the first, because we want to follow the referral for the most specific record returned. * Make sure to avoid trivial referral loops. 5.6.0 * Fixed the mangling of RADB queries with commands. * Implemented the parsing of more variants of ARIN's ReferralServer field. * Implemented following the APNIC pseudo-referrals. * Added the .ad and .za TLD servers. * Updated the .ao, .bz, .gi, .gq, .gr, .gw, .lc, .md, .pn, .pr, .uy, .vc, .info, .mobi, .ελ (.xn--qxam, Greece) and .გე (.xn--node, Georgia) TLD servers. * Added 2410::/12. * Removed 7 new gTLDs which are no longer active. * Cleaned up the markup of the man pages, courtesy of Bjarni Ingi Gislason. (Closes: #1036826, #1094208) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ae7baa15abd118c975e26291864b9eb69964f46b Author: Michael Tremer Date: Sun May 25 11:54:36 2025 +0000 core196: Ship meson Signed-off-by: Michael Tremer commit fb3374d22e7d7ab0a790245a7b71ff5eaf2bb916 Author: Adolf Belka Date: Sat May 24 16:36:52 2025 +0200 meson: Update to version 1.8.0 - Update from version 1.6.0 to 1.8.0 - Update of rootfile - Changelog 1.8.0 https://mesonbuild.com/Release-notes-for-1-8-0.html 1.7.0 https://mesonbuild.com/Release-notes-for-1-7-0.html Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 01c46944656652c8560a88526884ffb9aaf687de Author: Michael Tremer Date: Sun May 25 11:54:13 2025 +0000 core196: Ship man Signed-off-by: Michael Tremer commit 185bd11debd6d32042f29a50e51ed132fb5724cc Author: Adolf Belka Date: Sat May 24 16:36:51 2025 +0200 man: Update to version 2.13.1 - Update from version 2.13.0 to 2.13.1 - Update of rootfile - Changelog 2.13.1 Fixes: * Fix various minor formatting issues in manual pages. * Tolerate additional spaces in preprocessor strings. * Fix check for generated source files in out-of-tree builds. * Fix building with the `musl` C library. Improvements: * Recognize another Ukrainian translation of the `NAME` section. * Increase the maximum size of the `NAME` section from 8192 to 16384 bytes. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fe58fcee44b1aefb8340a89917653272a736e4e1 Author: Michael Tremer Date: Sun May 25 11:53:54 2025 +0000 core196: Ship libconfig Signed-off-by: Michael Tremer commit 8962704ad172f44fda8b25ec581dd7110821f4fc Author: Adolf Belka Date: Sat May 24 16:36:50 2025 +0200 libconfig: Update to version 1.8 - Update from version 1.7.3 to 1.8 - Update of rootfile - Changelog 1.8 - Added support for binary integer values - Miscellaneous code cleanup 1.7.4 - Handle malloc failures by calling a fatal error handler - New API to provide alternative fatal error handler - Bugfixes to lookup (by name or path) routines - Bugfixes to APIs with inconsistent const-ness - Bugfixes to APIs with inconsistent use of short/unsigned short - Bugfixes to int/int64 auto-conversion - Various cleanup/fixes to build files - Added some unit tests Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 999b263bfd0f76b82732dd07ab6edea908ecab33 Author: Michael Tremer Date: Sun May 25 11:53:30 2025 +0000 core196: Ship less Signed-off-by: Michael Tremer commit 5dd84ae0ffef528a2e497a90effcf61b465c2d68 Author: Adolf Belka Date: Sat May 24 16:36:49 2025 +0200 less: Update to version 678 - Update from version 668 to 678 - Update of rootfile not required - Changelog 678 * Treat -r in LESS environment variable as -R. * Add ESC-j and ESC-k commands (github #560). * Add --no-paste option (github #523). * Add --no-edit-warn option (github #513). * Add --form-feed option (github #496). * Add ESC-b command (github #615). * Make TAB complete option name in -- command (github #531). * Update the file size on an attempt to go past end of file. * Make -R able to pass through any OSC escape sequences, not just OSC 8 (github #504). * Setting LESS_IS_MORE=0 now disables "more" compatibility even if invoked via a file link named "more" (github #500). * Pass through escape sequences in prompts even if -R is not set. * Add LESS_SHELL_LINES to support shell prompts which use more than one line (github #514). * Add LESSANSIOSCALLOW to define OSC types which may be passed through. * Add LESSANSIOSCCHARS to define non-standard OSC intro chars. * Add LESS_SIGUSR1 to define user signal handler (github #582). * Add mouse and mouse6 commands to lesskey (github #569). * Improve behavior of ^O^N and ^O^P commands. * Leave stty tabs setting unchanged (github #620). * Fix unexpected behavior when entering a partial command followed by a valid command (github #543). * Fix bug when coloring prompt string with SGR sequences (github #516). * Fix bug when searching for text near an invalid UTF-8 sequence (github #542). * Fix display bug when file contains ESC followed by NUL (github #550). * Fix bug when using +:n +:p +:x or +:d on the command line (github #552). * Fix bug with --no-number-headers when header is not at start of file (github #566). * Fix bug where lesstest fails if window is resized (github #570). * Fix bug using "configure --with-secure=no" (github #584). * Fix bug using multibyte command chars (github #595). * Fix auto_wrap setting on Windows (github #497). * Fix two bugs using ^S search modifier (github #605). * Fix bug searching for UTF-8 strings with the PCRE2 library (github #610). * Fix bug highlighting OSC 8 links when opening a new file. * Fix bug when & filtering is active (github #618). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 09756a89b5b524a5a74224c894decdc48a19b9f9 Author: Michael Tremer Date: Sun May 25 11:53:12 2025 +0000 core196: Ship bc Signed-off-by: Michael Tremer commit e3e6e0833389e44a8a3d42ed1582c087329c2ca1 Author: Adolf Belka Date: Sat May 24 16:36:46 2025 +0200 bc: Update to version 1.08.1 - Update from version 1.07.1 to 1.08.1 - Update of rootfile not required - Changelog 1.08.1 Fix a formatting botch in doc/bc.1 (which was rendered as blank lines at the top of the page). 1.08.0 Streamlined the build process; should now be better behaved for those doing cross-compilation builds. Made some minor improvements to the documentation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d7a8188d38ba40cd091754533a44612729081240 Author: Michael Tremer Date: Sun May 25 11:52:14 2025 +0000 core196: Ship ipblocklist-functions.pl Signed-off-by: Michael Tremer commit 476277d0febf510489c314bc950f91ec6efb717b Author: Stefan Schantl Date: Sat May 24 10:14:36 2025 +0200 ipblocklist-functions.pl: Allow downloading empty blocklists Some blocklist providers does serve blocklists for current events or with very limited updates. Therefore there is a chance such a blocklist could be empty for a certain time. This patch allows to replace an existing filled blocklist by an empty one and vice versa. Fixes #13804. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit d58f2de9efd78285b82940ab516dfbbe3d152e3b Author: Michael Tremer Date: Fri May 23 15:23:25 2025 +0000 dnsdist: Update to 1.9.10 We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests. https://www.dnsdist.org/changelog.html#change-1.9.10 Signed-off-by: Michael Tremer commit e6791a9e4a3210201188daa981d3b2d2c092846e Author: Michael Tremer Date: Fri May 23 09:34:45 2025 +0000 ruby: Fix build on aarch64 Signed-off-by: Michael Tremer commit bfbf3566b6a206cac68c1b36764451f73f89049f Author: Michael Tremer Date: Thu May 22 15:37:46 2025 +0000 Revert "screen: Update to version 5.0.1" This reverts commit de98f72736d8ee27c31226df46403b4e122733e2. The source tarball contains binaries. Read more here: https://lists.ipfire.org/development/98828B86-5323-4EFA-9278-6BB578AB77E2@ipfire.org/T/#t Signed-off-by: Michael Tremer commit 89bd70bc4054d3c53148374f86e9812e90a26a5a Merge: c405b9701 1e50e6e79 Author: Michael Tremer Date: Thu May 22 15:18:45 2025 +0000 Merge branch 'master' into next commit 1e50e6e79163d3e0ef551044f1cd11807f6e2ba5 Author: Adolf Belka Date: Tue May 20 12:57:39 2025 +0200 http-client-functions.pl: Fixes bug13852 Suggested-by: Adam G Fixes: bug13852 Tested-by: Adolf Belka Tested-by: Adam G Signed-off-by: Adolf Belka Acked-by: Stefan Schantl Signed-off-by: Michael Tremer commit 186cfa34b580f70f9ccf00aa4503e479df2cd31b Author: Adolf Belka Date: Wed May 21 20:57:38 2025 +0200 core195: Ship ntp - fixes bug13855 Fixes: bug13855 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c405b9701fb86ef1e1b21c08db7c8110a162e70b Author: Michael Tremer Date: Thu May 22 15:16:45 2025 +0000 core196: Ship libarchive Signed-off-by: Michael Tremer commit 6f76ad5ffd6d93c5996a33cc42129cabf0d03a36 Author: Adolf Belka Date: Thu May 22 15:08:31 2025 +0200 libarchive: Update to version 3.8.0 - Update from version 3.7.9 to 3.8.0 - Update of rootfile - Changelog 3.8.0 New features: bsdtar: support --mtime and --clamp-mtime (#2601) lib: mbedtls 3.x compatibility (#2602) 7-zip reader: improve self-extracting archive detection (#2088) xar: xmllite support for the XAR reader and writer (#2388) zip writer: added XZ, LZMA, ZSTD and BZIP2 support (#2137, #2284, #2391) zip writer: added LZMA + RISCV BCJ filter (#2403) Notable security fixes: rar: do not skip past EOF while reading (#2584) rar: fix double free with over 4 billion nodes (#2598) rar: fix heap-buffer-overflow (#2599) warc: prevent signed integer overflow (#2568) tar: fix overflow in build_ustar_entry (#2588) Notable bugfixes: bsdtar: don't hardlink negative inode files together (#2587) gz: allow setting the original filename for gzip compressed files (#2544) lib: improve lseek handling (#2564) lib: support @-prefixed Unix epoch timestamps as date strings (#2606) rar: support large headers on 32 bit systems (#2596) tar reader: Improve LFS support on 32 bit systems (#2582) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2bb2919a72318e5279ebf07617d36f7a2fb6c8f5 Author: Michael Tremer Date: Thu May 22 15:16:12 2025 +0000 core196: Ship BIND Signed-off-by: Michael Tremer commit 14c452287d009e080976e67526cf6e088fd3e3dd Author: Adolf Belka Date: Thu May 22 15:08:30 2025 +0200 bind: Update to version 9.20.9 - Update from version 9.20.8 to 9.20.9 - Update of rootfile - Changelog 9.20.9 Security Fixes - [CVE-2025-40775] Prevent assertion when processing TSIG algorithm. ``b8c198ac5ca`` DNS messages that included a Transaction Signature (TSIG) containing an invalid value in the algorithm field caused :iscman:`named` to crash with an assertion failure. This has been fixed. :cve:`2025-40775` :gl:`#5300` Feature Changes - Use jinja2 templates in system tests. ``8f545784ff0`` `python-jinja2` is now required to run system tests. :gl:`#4938` :gl:`!10396` Bug Fixes - Fix EDNS yaml output. ``8c3b226d89b`` `dig` was producing invalid YAML when displaying some EDNS options. This has been corrected. Several other improvements have been made to the display of EDNS option data: - We now use the correct name for the UPDATE-LEASE option, which was previously displayed as "UL", and split it into separate LEASE and LEASE-KEY components in YAML mode. - Human-readable durations are now displayed as comments in YAML mode so as not to interfere with machine parsing. - KEY-TAG options are now displayed as an array of integers in YAML mode. - EDNS COOKIE options are displayed as separate CLIENT and SERVER components, and cookie STATUS is a retrievable variable in YAML mode. :gl:`#5014` :gl:`!10414` - Return DNS COOKIE and NSID with BADVERS. ``34b7323bad6`` This change allows the client to identify the server that returns the BADVERS and to provide a DNS SERVER COOKIE to be included in the resend of the request. :gl:`#5235` :gl:`!10392` - Disable own memory context for libxml2 on macOS. ``51e51d5ea8f`` Apple broke custom memory allocation functions in the system-wide libxml2 starting with macOS Sequoia 15.4. Usage of the custom memory allocation functions has been disabled on macOS. :gl:`#5268` :gl:`!10411` - `check_private` failed to account for the length byte before the OID. ``2b827380e75`` In PRIVATEOID keys, the key data begins with a length byte followed by an ASN.1 object identifier that indicates the cryptographic algorithm to use. Previously, the length byte was not accounted for when checking the contents of keys and signatures, which could have led to interoperability problems with any zones signed using PRIVATEOID. This has been fixed. :gl:`#5270` :gl:`!10376` - Fix a serve-stale issue with a delegated zone. ``d839d11bf62`` When ``stale-answer-client-timeout 0`` option was enabled, it could be ignored when resolving a zone which is a delegation of an authoritative zone belonging to the resolver. This has been fixed. :gl:`#5275` :gl:`!10420` - Fix the ksr two-tone test. ``3e2b255b5b7`` The two-tone ksr subtest (test_ksr_twotone) depended on the dnssec-policy keys algorithm values in named.conf being entered in numerical order. As the algorithms used in the test can be selected randomly this does not always happen. Sort the dnssec-policy keys by algorithm when adding them to the key list from named.conf. :gl:`#5286` :gl:`!10435` - Revert NSEC3 closest encloser lookup improvements. ``ac41f158fad`` The performance improvements for NSEC3 closest encloser lookups that were restored in BIND 9.20.8 turned out to cause incorrect NSEC3 records to be returned in nonexistence proofs and were therefore reverted again. :gl:`#5292` :gl:`!10443` Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit add0b84fd6a0b529a71206fac79e7a79cc7572e9 Author: Michael Tremer Date: Thu May 22 15:15:05 2025 +0000 core196: Ship apr Signed-off-by: Michael Tremer commit 8509b471f3085aebbc596e6addaee5f3b731cb7f Author: Adolf Belka Date: Thu May 22 15:08:29 2025 +0200 apr: Update to version 1.7.6 - Update from version 1.7.5 to 1.7.6 - Update of rootfile - Changelog 1.7.6 *) test/testsock.c (test_get_addr): Fix test to portably switch the socket to non-blocking mode using apr_socket_timeout_set(). Also make the test SKIP for the case where the connect() completes synchronously. [Ivan Zhakov] *) network_io/win32/sockets.c: (apr_socket_connect): Copy the remote address by value rather than by reference. This ensures that the sockaddr object returned by apr_socket_addr_get is allocated from the same pool as the socket object itself, as apr_socket_accept does; avoiding any potential lifetime mismatches. [Ivan Zhakov] *) CMake: Install include/apr_encode.h. [Ivan Zhakov] *) CMake: Fix installation PDB files with multi-config generators. [Ivan Zhakov] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1fbd20b8fadef562c5f5897ef8c4f7d0d9d4306b Author: Michael Tremer Date: Thu May 22 15:14:19 2025 +0000 core196: Ship man-pages Signed-off-by: Michael Tremer commit 30b83e7161724a4101a9aba83befa2177c6c675f Author: Adolf Belka Date: Tue May 20 11:09:27 2025 +0200 man-pages: Update to version 6.14 - Update from version 6.9.1 to 6.14 - Update of rootfile - -R had to be added in to make command. See changelog Global changes for version 6.11 The -R will be able to be removed after make version 4.5 has been released. - Changelog 6.14 New and rewritten pages man2const/ UFFDIO_MOVE.2const man7/ mctp.7 Newly documented interfaces in existing pages man2/ fanotify_init.2 FAN_REPORT_FD_ERROR FAN_REPORT_MNT fanotify_mark.2 FAN_PRE_ACCESS FAN_MARK_MNTNS FAN_MNT_ATTACH, FAN_MNT_DETACH open_by_handle_at.2 AT_HANDLE_CONNECTABLE AT_HANDLE_MNT_ID_UNIQUE man2const/ TIOCLINUX.2const TIOCL_SELCHAR TIOCL_SELWORD TIOCL_SELLINE TIOCL_SELPOINTER TIOCL_SELCLEAR TIOCL_SELMOUSEREPORT man3/ abs.3 uabs(3) ulabs(3) ullabs(3) uimaxabs(3) man7/ fanotify.7 FAN_DENY_ERRNO() FAN_REPORT_FD_ERROR FAN_PRE_ACCESS FAN_RESPONSE_INFO_AUDIT_RULE FAN_REPORT_MNT FAN_MNT_ATTACH, FAN_MNT_DETACH FAN_EVENT_INFO_TYPE_MNT New and changed links man3/ uabs.3 (abs(3)) ulabs.3 (abs(3)) ullabs.3 (abs(3)) uimaxabs.3 (abs(3)) Global changes - CREDITS, * - Move in-source contribution records to a new CREDITS file, and update copyright notices to be uniform across the project. - man/ - Use GNU forward declarations of parameters for sizes of array parameters. - \fX => \f[X] - Use 'path' instead of 'pathname' for parameters. 6.13 Newly documented interfaces in existing pages man7/ landlock.7 Landlock ABI v6 LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET LANDLOCK_SCOPE_SIGNAL Global changes - Build system: - PDF book: - Add support for UNIX V10 sources. - Makefiles: - Don't pass an escaped # to grep(1). Use a trick to work with both new and old systems. This fixes a regressions in the build system from man-pages-6.11, which was itself introduced while fixing a regression introduced in man-pages-6.10. 6.12 Newly documented interfaces in existing pages man2/ mbind.2 MPOL_PREFERRED_MANY set_mempolicy.2 MPOL_PREFERRED_MANY Global changes - Build system: - Use ifndef and := instead of ?= (fixes regression introduced in 6.11, which affected at least the version string). 6.11 New and rewritten pages man7/ pathname.7 Global changes - Build system: - [Breaking change!] Require the user to pass '-R' to make(1). This is necessary to be able to do the following change. When GNU make(1) releases a new version, it will not be necessary to pass -R, but in current versions of make(1) it is necessary. - [Breaking change!] Use '?=' assignments instead of ':=', to support setting make(1) variables in the environment. Now one can do this: $ export prefix=/usr $ make -R $ sudo make install -R (The -R is only necessary in GNU make(1) versions prior to the yet-unreleased 4.5.) - Escape '#' in regexes, to support old versions of GNU make(1). This fixes a regression in man-pages-6.10, which caused issues in users with an old-enough version of GNU make(1), such as the one present in Debian old-old-stable. - Fix duplicate overview-panel entries in the PDF book. - CONTRIBUTING.d/: - Add C coding style guide. - RELEASE: - Document the production of the book. - man/: - Refresh bpf-helpers(7) from Linux v6.13. 6.10 New and rewritten pages man1/ diffman-git.1 mansect.1 pdfman.1 sortman.1 man2/ keyctl.2 (split into many pages) listmount.2 statmount.2 uretprobe.2 man2const/ KEYCTL_ASSUME_AUTHORITY.2const (previously, keyctl.2) KEYCTL_CHOWN.2const (previously, keyctl.2) KEYCTL_CLEAR.2const (previously, keyctl.2) KEYCTL_DESCRIBE.2const (previously, keyctl.2) KEYCTL_DH_COMPUTE.2const (previously, keyctl.2) KEYCTL_GET_KEYRING_ID.2const (previously, keyctl.2) KEYCTL_GET_PERSISTENT.2const (previously, keyctl.2) KEYCTL_GET_SECURITY.2const (previously, keyctl.2) KEYCTL_INSTANTIATE.2const (previously, keyctl.2) KEYCTL_INVALIDATE.2const (previously, keyctl.2) KEYCTL_JOIN_SESSION_KEYRING.2const (previously, keyctl.2) KEYCTL_LINK.2const (previously, keyctl.2) KEYCTL_READ.2const (previously, keyctl.2) KEYCTL_RESTRICT_KEYRING.2const (previously, keyctl.2) KEYCTL_REVOKE.2const (previously, keyctl.2) KEYCTL_SEARCH.2const (previously, keyctl.2) KEYCTL_SESSION_TO_PARENT.2const (previously, keyctl.2) KEYCTL_SETPERM.2const (previously, keyctl.2) KEYCTL_SET_REQKEY_KEYRING.2const (previously, keyctl.2) KEYCTL_SET_TIMEOUT.2const (previously, keyctl.2) KEYCTL_UNLINK.2const (previously, keyctl.2) KEYCTL_UPDATE.2const (previously, keyctl.2) PR_RISCV_SET_ICACHE_FLUSH_CTX.2const man3/ __riscv_flush_icache.3 timespec_get.3 wcscasecmp.3 (merged wcsncasecmp.3 with it) wcsncasecmp.3 (merged into wcsncasecmp.3) Newly documented interfaces in existing pages man2/ io_submit.2 RWF_ATOMIC RWF_NOAPPEND landlock_add_rule.2 Landlock ABI v4 landlock_create_ruleset.2 Landlock ABI v4 madvise.2 MADV_GUARD_INSTALL MADV_GUARD_REMOVE perf_event_open.2 struct perf_event_attr::inherit && cpus=-1 posix_fadvise.2 POSIX_FADV_NOREUSE prctl.2 PR_RISCV_SET_ICACHE_FLUSH_CTX process_madvise.2 All flags permitted for calling process readv.2 RWF_ATOMIC RWF_NOAPPEND stat.2 AT_EMPTY_PATH && NULL statx.2 AT_EMPTY_PATH && NULL STATX_DIO_READ_ALIGN STATX_MNT_ID_UNIQUE STATX_SUBVOL STATX_WRITE_ATOMIC man3/ dlinfo.3 RTLD_DI_PHDR fnmatch.3 FNM_IGNORECASE man7/ landlock.7 Landlock ABI v4 Landlock ABI v5 rtnetlink.7 struct ifa_cacheinfo New and changed links man2/ riscv_flush_icache.2 (__riscv_flush_icache(3)) man2const/ KEYCTL_INSTANTIATE_IOV.2const (KEYCTL_INSTANTIATE(2const)) KEYCTL_NEGATE.2const (KEYCTL_INSTANTIATE(2const)) KEYCTL_REJECT.2const (KEYCTL_INSTANTIATE(2const)) man3/ timespec_getres.3 (timespec_get(3)) wcsncasecmp.3 (wcscasecmp(3)) Global changes - src/bin/ - Add a few programs that are useful for maintaining manual pages: diffman-git(1), mansect(1), pdfman(1), sortman(1) - SPONSORS - Add file listing the sponsors of this project. - CONTRIBUTING* - Expand documentation for contributing to the project. Especially, regarding help using git(1). - man/ - Split keyctl.2 - man2/, man3/: SYNOPSIS: Rename function parameters for consistency and correctness. - man2/, man3/: SYNOPSIS: Use typeof() to improve readability of function pointers. - man1/: SYNOPSIS: Use .SY/.YS for formatting commands. - share/mk/ - Refactor *FLAGS and LDLIBS variables, as requested by some distros. - LICENSES/ - Add GPL-3.0-or-later. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b9b9e7da02fb5cb22c27ef61970ea6df472c1815 Author: Michael Tremer Date: Thu May 22 15:13:42 2025 +0000 core196: Ship libgcrypt Signed-off-by: Michael Tremer commit 9b163cfe595d0215957e6ef06ea34780c207d1a6 Author: Adolf Belka Date: Tue May 20 11:09:26 2025 +0200 libgcrypt: Update to version 1.11.1 - Update from version 1.11.0 to 1.11.1 - Update of rootfile - Changelog 1.11.1 * Bug fixes: - Fix build regression on 32 bit Windows using Clang. [T7175] - Fix build regression on macOS due to symbol naming. [T7170] - Fix Kyber secret-dependent branch introduced by recent versions of Clang. [rCf765778e82] - Fix build regression due to the use of AVX512 in Blake. [T7184] - Do not build i386 asm on amd64 and vice versa. [T7220] - Fix build regression on armhf with gcc-14. [T7226] - Return the proper error code on malloc failure in hex2buffer. [rCc51151f5b0] - Fix long standing bug for PRIME % 2 == 0. [rC639b0fca15] * Performance: - Add AES Vector Permute intrinsics implementation for AArch64. [rC94a63aedbb] - Add GHASH AArch64/SIMD intrinsics implementation. [rCfec871fd18] - Add RISC-V vector permute AES. [rCb24ebd6163] - Add GHASH RISC-V Zbb+Zbc implementation. [rC0f1fec12b0] - Add ChaCha20 RISC-V vector intrinsics implementation. [rC8dbee93ac2] - Add SHA3 acceleration for RISC-V Zbb extension. [rC1a660068ba] * Other: - Add CET support for i386 and amd64 assembly. [T7220] - Add PAC/BTI support for AArch64 asm. [T7220] - Apply changes to Kyber from upstream for final FIPS 203. [rCcc95c36e7f] - Introduce an internal API for a revampled FIPS service indicator. [T7340] - Several improvements for constant time operation by the introduction of Least Leak Intended (LLI) variants of internal functions. [T7519,T7490] - Remove WindowsCE support. [T7486] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1560233869b50d528d9d7052174d8126941d0cc6 Author: Adolf Belka Date: Tue May 20 11:09:25 2025 +0200 iperf3: Update to version 3.19 - Update from version 3.16 to 3.19 - Update of rootfile not required - CVE fix in version 3.18 and another in 3.17. The CVE fix in 3.17 results in a breaking change. The vulnerable option can be enabled in the build but that doesn't seem to be a good approach for IPFire. I am not sure that the non backwards compatible changed padding on encrypted strings would create a problem for us. I suspect this is more if iperf3 is being used in a continuous measuring mode and in IPFire it is an addon that is used to measure throughput rates when required. - Changelog 3.19 Notable user-visible changes iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the -m or --mptcp flag. (PR #1661) iperf3 now supports a --cntl-ka option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) iperf3 now supports the MSG_TRUNC receive option, specified by the --skip-rx-copy. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) iperf3 now exits with a non-error 0 exit code if exiting via a SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829) The current behavior of iperf3 with respect to the -n and -k options is now documented as correct. (#1768, #1775, #596, PR #1800) Notable developer-visible changes iperf3 now supports a callback function to get the JSON output strings. (#1711, PR #1798) iperf3 now builds correctly with gcc-15 (#1838, PR #1805) Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822) A potential segfault crash was fixed (#1807) Improved warning messages when reading malformed JSON messages (PR #1817) The Github CI configuration was changed to use a more up-to-date set of runners (PR #1864) 3.18 Notable user-visible changes SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). Several segmentation faults related to threading were fixed. One where pthread_cancel was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). A segmentation fault from calling freeaddrinfo with NULL was fixed (PR#1755). Some JSON options were fixed, including checking the size for json_read (PR#1709), but the size limit was removed for received server output (PR#1779). A rcv-timeout error has been fixed. The Nread timeout was hardcoded and timed out before the --rcv-timeout option (PR#1744). There is no longer a limit on the omit time period (#1770/PR#1774). Fixed an output crash under 32-bit big-endian systems (PR#1713). An issue was fixed where CPU utilization was unexpectedly high during limited baud rate tests. The --pacing-timer option was removed, but it is still available in the library (#1741/PR#1743). Add SCTP information to --json output and fixed compile error when SCTP is not supported (#1731). --fq-rate was changed from a uint to a uint64 to allow pacing above 32G. Not yet tested on big-endian systems (PR#1728). Notable developer-visible changes Clang compilation failure on Android were fixed (PR#1687). iperf_time_add() was optimizated to improve performance (PR#1742). Debug messages were added when the state changes (PR#1734). To increase performance, the old UDP prot_listener is cleared and removed after each test (PR#1708). A file descriptor leak was closed (PR#1619). 3.17.1 Notable user-visible changes Version number has been corrected. (#1699) Notable developer-visible changes No longer signing tags 3.17 Notable user-visible changes BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) iperf3 no longer changes its current working directory in --daemon mode. This results in more predictable behavior with relative paths, in particular finding key and credential files for authentication. (PR#1672) A new --json-stream option has been added to enable a streaming output format, consisting of a series of JSON objects (for the start of the test, each measurement interval, and the end of the test) separated by newlines (#444, #923, #1098). UDP tests now work correctly between different endian hosts (#1415). The --fq-rate parameter now works for --reverse tests (#1632, PR#1667). The statistics reporting interval is now available in the --json start test object (#1663). A negative time test duration is now properly flagged as an error (IS#1662 / PR#1666). Notable developer-visible changes Fixes have been made to better (unofficially) support builds on Android (#1641 / #1651) and VxWorks (#1595). iperf3 now builds correctly on architectures without native support for 64-bit atomic types, by linking with the libatomic library (#1611). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9f8ef171fbcc28b6afa3c01202c342df996cb32e Author: Michael Tremer Date: Thu May 22 15:13:04 2025 +0000 core196: Ship iana-etc Signed-off-by: Michael Tremer commit bfc55a86577c518f803ac924f5c9c8cb1914b3e8 Author: Adolf Belka Date: Tue May 20 11:09:24 2025 +0200 iana-etc: Update to version 20250505 - Update from version 20250311 to 20250505 - Update of rootfile not required - No changelog provided Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 93feaf664d666a454c70872f4ab5b3172745b926 Author: Michael Tremer Date: Thu May 22 15:12:44 2025 +0000 core196: Ship dhcpcd Signed-off-by: Michael Tremer commit 873255ad80c8383c2c02b00aabc092293f83fc6b Author: Adolf Belka Date: Mon May 19 17:46:11 2025 +0200 dhcpcd: Update to version 10.2.3 - Update from version 10.2.2 to 10.2.3 - Update of rootfile not required - Changelog 10.2.3 Restore logic on when to open an address specific socket by @dougnazar in #502 [Fix] DHCP Failure on WAN Interface Rename (Fixes #504) by @ngxquanganh in #505 BSD: routes via P2P interfaces now find their out-going interface -b --background fixed resolv: Fix processing more DNSSL options than RDNSS] dhcpcd: Remove option rapid_commit from dhcpcd.conf privsep: Fix valgrind and hardened-malloc on Linux with SECCOMP route: Don't spam route changes for lifetime Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit dc244cf8aec2f0127ccf0fb135a783d5af7ac061 Author: Adolf Belka Date: Mon May 19 12:37:32 2025 +0200 fr.pl: Fixes bug 12060 - remove extraneous spaces at end of lines - All lines where there was a space at the end of the french translation, and the other language files did not have a space for that line, had the space removed. - ./make.sh lang was run but nothing else was created by that. Fixes: bug12060 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 89b4ea56bb123e2833526c2ae44ef23ce959d28e Merge: 7f3848504 0563f17ea Author: Michael Tremer Date: Thu May 22 15:11:18 2025 +0000 Merge branch 'master' into next commit 0563f17ea5d018cff939f95a3b6545442ee32f5d Author: Michael Tremer Date: Thu May 22 15:09:28 2025 +0000 initscripts: Ship runlevel symlinks for WireGuard Fixes: #13850 Signed-off-by: Michael Tremer commit 84f2a8a7b3247db125397c8ebd14cbbeafd956d4 Author: Adolf Belka Date: Fri May 16 14:30:38 2025 +0200 core195: Ship backup include file Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 91b60bbe8b4dcdd8fccd7ac2ed2b69acff4f2db1 Author: Adolf Belka Date: Fri May 16 13:20:46 2025 +0200 include: Add wireguard directory to the backup include file Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7f38485048922932b13d3c10edf5ecd2d15ed37d Author: Adolf Belka Date: Sat May 17 13:43:11 2025 +0200 core196: Ship zlib-ng Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 75d71006db82b731f5208dac3b7b2807ce1beee7 Author: Adolf Belka Date: Sat May 17 13:43:10 2025 +0200 zlib-ng: Update to version 2.2.4 - Update from version 2.2.3 to 2.2.4 - Update of rootfile - Changelog 2.2.4 Important fixes Fix potential shift overflow problems reported by static checkers #1859 VS2015: Fix an unfortunate bug #1862 RVV: Workaround error G6E97C40B #1853 s390x: Disable CRC32-VX Extensions for some broken Clang versions #1852 Buildsystem Improve include directory usage #1855 CMake: disable LTO for some configure checks #1850 Tests/Benchmarks Add uncompress benchmark #1860 CI Fix automatic Windows 32-bit ARM release builds #1839 CI changes for Ubuntu 24 #1843 #1857 Increase CMake workflow timeout #1854 s390x: Update CI clang version #1858 s390x docker rebuild script improvements #1846 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2b050ede16d8ca16ede1c29b745fa5bfa5e0119e Author: Adolf Belka Date: Sat May 17 13:42:51 2025 +0200 core196: Ship m4 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 78d239c0621f9af550ebade05fb55e224dd140fe Author: Adolf Belka Date: Sat May 17 13:42:50 2025 +0200 m4: Update to version 1.4.20 - Update from version 1.4.19 to 1.4.20 - Update of rootfile - Changelog 1.4.20 ** Fix a bug in the `eval' builtin where it does not suppress warnings about division by zero that occurs within a more complex expression on the right hand side of || or && (present since short-circuiting was introduced in 1.4.8b). ** The `syscmd' and `esyscmd' builtins no longer mishandle a command line starting with `-' or `+' (present since "the beginning"). ** Fix regression introduced in 1.4.19 where trace output (such as with `debugmode(t)') could read invalid memory when tracing a series of pushed macros that are popped during argument collection. ** Fix regression introduced in 1.4.19 where the `format' builtin inadvertently took on locale-dependent parsing and output of floating point numbers as a side-effect of introducing message translations. While it would be nice for m4 to be fully locale-aware, such a behavior change belongs in a major version release such as 1.6, and not a minor release. ** Fix regression introduced in 1.4.11 where the experimental `changeword' builtin could cause a crash if given a regex that does not match all one-byte prefixes of valid longer matches. As a reminder, `changeword' is not recommended for production use, and will likely not be present in the next major version release. ** On non-Unix platforms where binary files differ from text, loading a frozen file (which should be cross-platform compatible) now correctly uses binary mode. ** Several documentation improvements to the manual. ** Update to comply with newer C standards, and inherit portability improvements from gnulib. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 48adbf5d5fc1b12d95be68679e9637fa5d884c3d Author: Adolf Belka Date: Sat May 17 13:42:27 2025 +0200 libxml2: Update to version 2.14.3 - Update from version 2.14.2 to 2.14.3 - Update of rootfile - Changelog 2.14.3 ### Regressions - reader: Fix reading compressed data - parser: Make undeclared entities in XML content fatal - save: Fix XML escape table - save: Fix xmlSave with NULL encoding - Revert "valid: Remove duplicate error messages when streaming" ### Bug fixes - save: Fix serialization of attribute defaults containing < - io: Fix linkage of __xml*BufferCreateFilename functions ### Build systems - cmake: Fix installation directories in libxml2-config.cmake - meson: Install libxml2.py ### Improvements - parser: Make xmlCtxtGetValidCtxt depend on VALID_ENABLED - html: Avoid HTML_PARSE_HTML5 clashing with XML_PARSE_NOENT Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7b58a102a6191e94b19890f4b1e10b3aea45272e Author: Adolf Belka Date: Sat May 17 13:42:07 2025 +0200 core196: Ship harfbuzz Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3f5ce8391fb3b698db1e8790dfbb8931823c6022 Author: Adolf Belka Date: Sat May 17 13:42:06 2025 +0200 harfbuzz: Update to version 11.2.1 - Update from version 11.2.0 to 11.2.1 - Update of rootfile - Changelog 11.2.1 - Various build improvements. - Fix build with HB_NO_DRAW and HB_NO_PAINT - Add an optional “harfruzz” shaper that uses HarfRuzz; an ongoing Rust port of HarfBuzz shaping. This shaper is mainly used for testing the output of the Rust implementation. - Fox regression that caused applying unsafe_to_break() to the whole buffer to be ignored. - Update USE data files. - Fix getting advances of out-of-rage glyph indices in DirectWrite font functions. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ca35133b416be3306ea7e1a7be93f294b7ccd339 Author: Adolf Belka Date: Sat May 17 13:41:41 2025 +0200 fmt: Update to version 11.2.0 - Update from version 11.1.3 to 11.2.0 - Update of rootfile - Changelog 11.2.0 Added the s specifier for std::error_code. It allows formatting an error message as a string. For example: #include int main() { auto ec = std::make_error_code(std::errc::no_such_file_or_directory); fmt::print("{:s}\n", ec); } prints No such file or directory (The actual message is platform-specific.) Fixed formatting of std::chrono::local_time and tm (#3815, #4350). For example (godbolt): #include int main() { std::chrono::zoned_time zt( std::chrono::current_zone(), std::chrono::system_clock::now()); fmt::print("{}", zt.get_local_time()); } is now formatted consistenly across platforms. Added diagnostics for cases when timezone information is not available. For example: fmt::print("{:Z}", std::chrono::local_seconds()); now gives a compile-time error. Deprecated fmt::localtime in favor of std::localtime. Fixed compilation with GCC 15 and C++20 modules enabled (#4347). Thanks @tkhyn. Fixed handling of named arguments in format specs (#4360, #4361). Thanks @dinomight. Added error reporting for duplicate named arguments (#4367). Thanks @dinomight. Fixed formatting of long with FMT_BUILTIN_TYPES=0 (#4375, #4394). Optimized text_style using bit packing (#4363). Thanks @LocalSpook. Added support for incomplete types (#3180, #4383). Thanks @LocalSpook. Fixed a flush issue in fmt::print when using libstdc++ (#4398). Fixed fmt::println usage with FMT_ENFORCE_COMPILE_STRING and legacy compile-time checks (#4407). Thanks @madmaxoft. Removed legacy header fmt/core.h from docs (#4421, #4422). Thanks @krzysztofkortas. Worked around limitations of __builtin_strlen during constant evaluation (#4423, #4429). Thanks @brevzin. Worked around a bug in MSVC v141 (#4412, #4413). Thanks @hirohira9119. Removed the fmt_detail namespace (#4324). Removed specializations of std::is_floating_point in tests (#4417). Fixed a CMake error when setting CMAKE_MODULE_PATH in the pedantic mode (#4426). Thanks @rlalik. Updated the Bazel config (#4400). Thanks @Vertexwahn. 11.1.4 Fixed ABI compatibility with earlier 11.x versions on Windows (#4359). Improved the logic of switching between fixed and exponential format for float (#3649). Moved is_compiled_string to the public API (#4342). Thanks @SwooshyCueb. Simplified implementation of operator""_cf (#4349). Thanks @LocalSpook. Fixed __builtin_strlen detection (#4329). Thanks @LocalSpook. Fixed handling of BMI paths with the Ninja generator (#4344). Thanks @tkhyn. Fixed gcc 8.3 compile errors (#4331, #4336). Thanks @sergiud. Fixed a bogus MSVC warning (#4356). Thanks @dinomight. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 593ce447494d67f09a005544449eabe222ff958f Author: Adolf Belka Date: Sat May 17 13:41:18 2025 +0200 core196: Ship exfatprogs Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer