commit e7bc484b8113f0bbe1ff0f73622434eaf6d8dd5c Author: Matthias Fischer Date: Wed Jun 4 19:07:13 2025 +0200 dhcpcd: Update to 10.2.4 For details see: https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.2.4 "compat: use timingsafe_bcmp if available IPv6: Sort routers by reachability correctly. definitions: define ND Route Information option IPv6: Clear previous address RA flags on receipt of a RA." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 657b6dac93a33506786b7e30782bc7c087039bba Author: Michael Tremer Date: Tue Jun 3 14:44:33 2025 +0000 core196: Ship SQLite Signed-off-by: Michael Tremer commit c241e00f3b0bc885d04d8c0350249e28556f1a52 Author: Adolf Belka Date: Tue Jun 3 14:18:35 2025 +0200 sqlite: Update to version 3.50.0 - Update from version 3.49.2 to 3.50.0 - Update of rootfile - Changelog 3.50.0 Add the sqlite3_setlk_timeout() interface which sets a separate timeout, distinct from the sqlite3_busy_timeout(), for blocking locks on builds that support blocking locks. The SQLITE_DBCONFIG_ENABLE_COMMENTS constraint (added in the previous release) is relaxed slightly so that comments are always allowed when reading the schema out of a pre-existing sqlite_schema table. Comments are only blocked in new SQL. New SQL functions: unistr() unistr_quote() For the %Q and %q conversions in the built-in printf() (which covers the sqlite3_mprintf() API and the format() SQL function and similar) the alternate-form-1 flag ("#") causes control characters to be converted into backslash-escapes suitable for unistr(). CLI enhancements: Avoids direct output of most control characters. The output of the .dump command makes use of the new unistr() SQL funtion to encode special characters, unless the --escape mode is set to off. Better formatting of complex partial indexes in the output from the ".schema --indent" command. Enhancements to sqlite3_rsync: The requirement that the database be in WAL mode has been removed. The sync protocol is enhanced to use less network bandwidth when both sides start out being very similar to one another. The sqlite3_rsync program now works on Macs without having to specify the full pathname of the sqlite3_rsync executable on the remote side as long as you install the sqlite3_rsync executable in one of these directories: $HOME/bin:/usr/local/bin:/opt/homebrew/bin Changes to JSON functions: Bug fix: Enforce the JSON5 restriction that the "\0" escape must not be followed by a digit. Bug fix: When the LABEL argument to json_group_object(LABEL,VALUE) is NULL, that element of the resulting object is omitted. Optimization: If the jsonb_set() or jsonb_replace() functions make a change in the interior of a large JSONB object, they strive to keep the size of the JSONB object unchanged and to modify as few bytes as possible on the interior of the object. This helps reduce I/O as it allows SQLite to write only the page that contains the changed bytes and not all the surrounding pages. Improved support for building on Cygwin and MinGW and similar, as well as Termux. Typo fixes in the documentation and in the source code comments. Miscellaneous performance improvements. JavaScript/WASM: Fix a long-standing filename digest calculation bug in the OPFS SAHPool VFS. Databases created in that VFS by 3.50.0+ cannot be read by older versions of the VFS, but 3.50.0 can backwards-compatibly work with existing databases created by older versions. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1eaafb19e85615592596d7f9f6f28dd18001524e Author: Michael Tremer Date: Tue Jun 3 14:43:19 2025 +0000 core196: Ship smartmontools Signed-off-by: Michael Tremer commit b7e786fadb229fc908357902cc31d1511a44acb6 Author: Adolf Belka Date: Tue Jun 3 14:18:34 2025 +0200 smartmontools: Update to version 7.5 - Update from version 7.4 to 7.5 - Update of rootfile not required - Changelog 7.5 - CI and release builds are now reproducible if same SOURCE_DATE_EPOCH, build recipes and toolchains are used. - smartctl '-j -A': New JSON value 'endurance_used' (ATA/SCSI/NVMe). - smartctl '-j -A': New JSON value 'spare_available' (ATA/NVMe). - smartctl '-j -i': Re-added the JSON value 'model_name' also for SCSI devices (regression). - smartctl '-j -c': NVMe support. - smartctl '-j -n ...': New JSON values 'power_mode.*' (ATA only). - smartctl '-H -A': Support for NVMe SMART/Health Information per namespace. - smartctl '-i': ATA ACS-6 updates. - smartctl '-x': No longer includes '-g wcreorder'. - smartctl '-x', '-l scterc': No longer returns exit status 4 if SCT ERC is not supported by the device. - smartctl '-l error': No longer prints bogus ATA error log entries if the error index is nonzero but the error count is zero. - smartctl '-l ssd': Fixed corruption of the output of the SCSI Format Status log page. - smartctl '-l ssd': Now detects 'no format since manufacture' from the SCSI Format Status log page. - smartctl '-l farm': Fixed the unit of 'Write Power On' time. - smartctl '-l farm': Fixed the byte order of ATA 'Assembly Date'. - smartctl '-l farm': Fixed a possible segfault. - smartctl '-l farm -q noserial': Suppresses serial and WWN also from FARM. - smartctl '-l farm -T permissive': Overrides false negative FARM support check for rebranded drives. - smartctl '-t TEST': Fixed self-tests of single namespace NVMe devices. - smartd '-A': NVMe attribute log support. - smartd: Ignores NSID in duplicate check of single namespace devices. - smartd: No longer issues LOG_CRIT warnings for 'Set Feature' related NVMe error information log entries. - smartd: No longer hangs on systems with large file descriptor limits. - smartd: No longer logs invalid "old test ... not run" messages if staggered self-tests are used. - smartd.conf '-l selftest[sts] -s ...': NVMe self-test support. - smartd.conf '-H MASK': Ability to ignore specific bits of NVMe SMART/Health value 'Critical Warning'. - smartd.conf '-p': Checks NVMe SMART/Health value 'Available Spare'. - smartd.conf '-u [-f]': Checks NVMe SMART/Health values 'Percentage Used' and 'Media and Data Integrity Errors'. - smartd.conf '-W ...': No longer includes individual sensors in NVMe temperature check as some devices report other values there. - ATA: Device type '-d jmb39x-q2,N' for another JMB39x protocol variant used by QNAP-TR002 NAS devices. - SCSI: Fixed range checks of mode page offset and VPD inquiry. - SCSI: Fixed buffer overflow parsing of VPD page. - SCSI: Fixed handling of multiple designators in VPD page. - USB/NVMe: '-d sntjmicron' no longer triggers USB resets on queries of the self-test log. - USB/NVMe: '-d sntasmedia' now supports log pages > 512 bytes. - USB/NVMe/SAT: New experimental NVMe/SAT autodetection options '-d snt*/sat'. - Fixed segfault on missing option argument on systems using musl libc. - HDD, SSD and USB additions to drive database. - automake < 1.13 are no longer supported. - Custom make rules are now silenced if 'make V=0' is used. - Enhanced makefile targets 'dist-*' to create reproducible source tarballs if SOURCE_DATE_EPOCH is set. - The makefile no longer uses GNU make specific syntax elements (exception: reproducible builds for macOS). - Dropped support for platforms without 'sigaction()'. - configure: Now also detects MidnightBSD. - configure: Dropped option '--with-signal-func'. - configure: Default for '--with-nvme-devicescan' is now 'yes' also on NetBSD. - Version information is now also set if build from GH R/O mirror. - Linux: 'smartd.service' now avoids a warning about an unset environment variable. - Linux: Dropped autodetection of deprecated device type '-d marvell'. - macOS: Support for reproducible builds of the DMG image. - OpenBSD: NVMe support. - Windows: Increased WMI timeout. - Windows: Support for reproducible builds of the installer. - Windows: Uninstaller is no longer damaged if the installer is signed. - Windows 'update-smartd-drivedb.ps1': Fixed call of 'gpg.exe' if it appears more than once in the PATH. - Windows 'update-smartd-drivedb.ps1 -Verbose': Now also prints the download command. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a746ce560d807485ca077dc85377c39e56aa8f5e Author: Michael Tremer Date: Tue Jun 3 14:42:43 2025 +0000 core196: Ship kbd Signed-off-by: Michael Tremer commit 08aaf3da8414f0cd2ef4eca3ee575516ec0224f9 Author: Adolf Belka Date: Tue Jun 3 14:18:33 2025 +0200 kbd: Update to version 2.8.0 - Update from version 2.7.1 to 2.8.0 - Update of rootfile - Changelog 2.8.0 keymaps: Add Georgian font (LatCyrHebKa-16_GIA.psfu) and keymap (i386/qwerty/ge). Add new i386 azerty afnor keymap (i386/azerty/fr-afnor). Disable characters >=U+F000 in qwertz/de_alt_UTF-8. libkeymap: Support KT_DEAD2 diacritics. Fix memory leaks. utils: kbd_mode: support Disabled mode (K_OFF). build-sys: configure: Restore the old behavior when using gzip. configure: Disable lex implementations other than flex. other: tests: Fix tests on powerpc. tests: Add build and check on other architectures (x86_64, s390x, ppc64el). tests: Add valgrind check in unit tests. tests: Add sparse check and fix detected warnings. tests: Add tests to increase code coverage. tests: Check all distributed keymaps for loadability. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b4de7c4ee60ae2ac93b62a6ad3f3c9ff5184a386 Author: Michael Tremer Date: Tue Jun 3 14:41:08 2025 +0000 core196: Ship iproute2 Signed-off-by: Michael Tremer commit 4aa03c5268dbfeb82a6e2372964a6a56ac249e7f Author: Adolf Belka Date: Tue Jun 3 14:18:32 2025 +0200 iproute2: Update to version 6.15.0 - Update from version 6.14.0 to 6.15.0 - Update of rootfile not required - Changelog is not provided. Details of changes can be found from the git commit changes https://git.kernel.org/pub/scm/network/iproute2/iproute2.git Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5e55603f197d4ca311e5ae4c6b0af6413d8afdc1 Author: Adolf Belka Date: Tue Jun 3 14:18:31 2025 +0200 curl: Update to version 8.14.0 - Update from version 8.13.0 to 8.14.0 - Update of rootfile - Changelog 8.14.0 Changes: mqtt: send ping at upkeep interval schannel: handle pkcs12 client certificates containing CA certificates TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs vquic: ngtcp2 + openssl support wcurl: import v2025.04.20 script + docs websocket: add option to disable auto-pong reply Bugfixes: _SEEALSO.md: remove spaces around command and man page section asny-thrdd: fix detach from running thread asnyc-thrdd: explain how this is okay with a comment asyn resolver code improvements async-threaded resolver: use ref counter async: DoH improvements autotools: detect `wolfSSL_set_quic_use_legacy_code` like cmake does autotools: install shell completion files on cross build aws-sigv4: allow a blank string build: check required rustls-ffi version build: enable gcc-12/13+, clang-10+ picky warnings build: enable gcc-15 picky warnings certs: drop unused `default_bits` from `.prm` files cf-https-connect: use the passed in dns struct pointer cf-socket: fix FTP accept connect cfilters: remove assert cmake/FindNGTCP2: simplify multi-pkg-config detection cmake: append picky warnings to `CMAKE_REQUIRED_FLAGS` as string cmake: avoid 'target is imported but not globally visible' when consuming libcurl with old cmake cmake: do not install `mk-ca-bundle` script and manpage cmake: enable `-Wall` for MSVC when `PICKY_COMPILER=ON` cmake: extend integration tests cmake: fix `fish` install directory detection via `pkg-config` cmake: fix nghttp3 static linking with `USE_OPENSSL_QUIC=ON` cmake: fix option() and mark_as_advanced() mixed order cmake: fix shell completion install when just one flavor is enabled cmake: honor individual picky option overrides found in `CMAKE_C_FLAGS` cmake: install shell completions for cross-builds cmake: link `crypt32` for OpenSSL feature detection cmake: merge `CURL_WERROR` logic into `PickyWarnings.cmake` cmake: prefer `COMPILE_OPTIONS` over `CMAKE_C_FLAGS` for custom C options cmake: quotes, whitespace, use `VERSION_GREATER_EQUAL` cmake: revert `CURL_LTO` behavior for multi-config generators cmake: set `BUILDING_LIBCURL` directly for unit test targets cmake: stop deleting `-W` from `CMAKE_C_FLAGS` (MSVC) cmake: tidy up and document feature detections in dependencies cmake: use `CMAKE_COMPILE_WARNING_AS_ERROR` if available cmake: use `INCLUDE_DIRECTORIES` prop to specify local header dirs cmake: use `LIB_NAME` in `curl-config.cmake.in` cmake: use absolute paths for completion targets cmake: use the `LINK_OPTIONS` property with CMake 3.13+ configure: catch asking for double resolver without https-rr configure: fix --disable-rt configure: restore link checks configure: suppress command not found for brew conncache: make Curl_cpool_init return void connect: shutdown timer fix content_encoding: Transfer-Encoding parser improvements CONTRIBUTE: add project guidelines for AI use contrithanks.sh: drop set -e cpool/cshutdown: force close connections under pressure curl: fix memory leak when -h is used in config file curl: only warn once for --manual in manual-disabled build curl_get_line: handle lines ending on the buffer boundary curl_krb5: only use functions if FTP is still enabled curl_multibyte: fixup low-level calls, include in unity builds curl_osslq: remove a leftover debug fprintf() call curl_version_info.md: clarify ssl_version for MultiSSL CURLMOPT_TIMERFUNCTION.md: correct the example CURLOPT_ERRORBUFFER.md: buffer is read only after curl takes ownership CURLOPT_FOLLOWLOCATION.md: switch to GET => no body CURLOPT_READFUNCTION.md: mention the seek callback CURLOPT_XFERINFOFUNCTION.md: fix the callback return type in example curlx: move the docs to docs/internals/ DEPRECATE.md: drop support for VS2008 DEPRECATE.md: drop Windows CE support dist: drop duplicate entry from `CMAKE_DIST` dns_entry: move from conn to data->state Dockerfile: update debian:bookworm-slim Docker digest to 90522ee docs/INSTALL.md: drop reference to removed configure option docs/libcurl: fix type and prototype problems in examples docs/libcurl: make examples build with picky compiler options docs/libcurl: mention sensitive data/headers docs: add missing return statement in examples docs: fix incorrect shell substitution in docker run example command docs: fix typo in retry.md docs: update distros links doh: httpsrr fix doh: make sure CURLOPT_PROTOCOLS is set a with a "long" arg doh: reduce the DNS request buffer size easy_reset: fix dohfor_mid member ECH: reference the OpenSSL ECH feature branch etag-save.md: mention how using both options is a good idea eventfd: fix feature guards formdata: cleanups ftp: fix bug in failed init ftp: fix race in upload handling ftplistparser: add two overflow preventions ftplistparser: split up into more functions generate.bat: exclude curlinfo.c from legacy VS projects genserv.pl: fail with a message if `openssl` is missing or failing headers: enforce a max number of response header to accept headers: set an error message on illegal response headers hostip: fix build without threaded-resolver and without DoH hostip: show the correct name on proxy resolve error http2: fix stream window size after unpausing HTTP3.md: fix incorrect variable placeholders http: fix a build error when all auths are disabled http: fix HTTP/2 handling of TE request header using "trailers" http: in alt-svc negotiation only allow supported HTTP versions http_aws_sigv4: add additional verbose log statements http_aws_sigv4: improve sigv4 url encoding and canonicalization http_chunks: narrow variable scope for 'trlen' http_negotiate: fix non-SSL build with GSSAPI https-connect: fix httpsrr target check HTTPSRR.md: clarify somewhat if2ip: build the function also if FTP is present imap: remove redundant condition INSTALL-CMAKE.md: fix typo INSTALL.md: update the minimal libcurl size example KNOWN_BUGS: fix link in sivg4 issue 16.3 lib/src/docs/test: improve curl_easy_setopt() calls lib1560: use hex notation, drop non-ASCII exception lib3026: drop DLL pre-load perf mitigation for old mingw lib: add const to clientwriter tables lib: drop curlx_getpid, use fake pid in SMB lib: include files using known path lib: make Curl_easyopts const lib: unify conversions to/from hex libcurl-tutorial.md: fix read callback explanation libssh: add NULL check for Curl_meta_get() libssh: fix memory leak libssh: remove a condition that always equals false libtest/first: stop defining MEMDEBUG_NODEFINES libtests: define CURL_DISABLE_DEPRECATION first make: clean tests better mbedtls: TLS 1.3 is max when mbedtls has 1.3 support metahash: add asserts to help analyzers mk-ca-bundle.pl: follow redirects mk-ca-bundle: switch URLs to GitHub versions mkhelp: fix to not generate a line-ending space in some cases mqtt: use conn/easy meta hash multi: do transfer book keeping using mid multi: init_do(): check result netrc: avoid NULL deref on weird input netrc: avoid strdup NULL netrc: deal with null token better ngtcp2: clarify ignoring of result openssl-quic: avoid potential `-Wnull-dereference`, add assert openssl-quic: fix printf mask openssl-quic: fix shutdown when stream not open openssl: enable builds for *both* engines and providers openssl: set the cipher string before doing private cert parsedate: provide Curl_wkday also for GnuTLS builds processhelp.pm: always call `taskkill` with `-f` (force) processhelp.pm: avoid potential endless loop, log more (Windows) progress: avoid integer overflow when gathering total transfer size pytest tls: extend coverage pytest-xdist: pytest in parallel pytest: add pinnedpubkey test cases pytest: give parameterised tests better ids for read- and parsability pytest: make test_07_22 more lenient to exit codes quic: no local idle connection timeout, ngtcp2 keep-alive rand: update comment on Curl_rand_bytes weak random RELEASE-PROCEDURE.md: release candidate git tagging explained rtsp: remove redundant condition runtests: add retry option to reduce flakiness runtests: fix indentation runtests: recognize lowercase `windows` in `curl -V` runtests: remove server verification after start runtests: split `SSH_PWD` into `SCP_PWD` and `SFTP_PWD`, and more rustls: make max size of cert and key reasonable sasl: give help when unable to select AUTH scripts: completion.pl: sort the completion file for all shells scripts: drop unused import, formatting scripts: fix --opts-dir help in completion.pl scripts: fix perl indentation, whitespace, semicolons sectransp: fix building for macOS Sierra and older setopt: provide info for CURLE_BAD_FUNCTION_ARGUMENT smb: avoid integer overflow on weird input date socket: use accept4 when available socketpair: support pipe2 where available spacecheck.pl: check for non-ASCII chars, fix fallouts spacecheck.pl: verify `tests/data/test*` for non-ASCII chars src: drop strcase.[ch] from tool builds src: include memdebug.h consistently with angle brackets <> src: rename curlx_safefree to tool_safefree test1173.pl: whitelist some option-looking names that aren't options test1658: add unit test for the HTTPS RR decoder test: make unittest 1308 into a libtest tests/ech_tests.sh: sync shebang with rest of bash scripts tests/FILEFORMAT.md: clarify %hex[] formatting tests/FILEFORMAT.md: document the aws feature tests/README.md: document --test-duphandle tests/README.md: list the openssl tool among the prerequisites tests/server/dnsd: basic DNS server for test suite tests/server: check for `stream != NULL` in mqttd tests/server: fix typo in comment tests/server: stop using libcurl string comparisons tests/server: stop using libcurl's printf functions tests/serverhelp: remove last remnants of http-pipe server tests/tunit: make a separate directory for tool-based unit tests tests: add aws feature to the related tests tests: Add https-mtls server to force client auth tests: fix some test tag mismatches tests: mark ipfs tests to require ipfs tests: move a boolean variable out of the path section tests: prefer `--insecure` over `-k` tests: provide all non-ascii data hex encoded tests: remove some unused test case sections tests: require IPv6 for 1265, 1324, 2086 tests: separate tunit tests from unit tests more tests: stop using libcurl's strdup tests: unify test case keywords tests: use a more portable null device path TODO: remove "nicer lacking perl message" tool_cb_write.c: handle EINTR on flush tool_getparam: clear argument only when needed tool_operate: make retrycheck() a separate function tool_operate: when retrying, only truncate regular files tool_paramhlp: avoid integer overflow in secs2ms() tool_parsecfg: make get_line handle lines ending on the buffer boundary typecheck-gcc.h: fix the typechecks urlapi: redirecting to "" is considered fine urlapi: remove unneeded guards around PUNY2IDN urldata: remove the unused struct field 'hide_progress' VERSIONS: list all past releases vquic: consistent name for the stream struct across backends vquic: init for every call to recvmsg vtls: avoid NULL deref on bad PEM input vtls: fix build with ssl but without http VULN-DISCLOSURE-POLICY: use of weak algos winbuild: add the deprecation warning to the README winbuild: curl_get_line is not used for tool builds windows: fix builds targeting WinXP, test it in CI wolfssl: fix to enable ALPN when available ws: fix the header replace check ws: store protocol context as connection meta data Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e4d01c9d6f08a229bda70b2a73f9b42b37631c01 Author: Michael Tremer Date: Mon Jun 2 18:41:58 2025 +0000 core196: Ship OpenSSL This is being shipped because it has been rebuilt with GCC 15. There has been reports on some systems that OpenSSL triggers some compiler bug and therefore the openssl command tends to segfault a lot. This is now being resolved with GCC 15. Signed-off-by: Michael Tremer commit 37b16f78dd119b61f30191c65d6a8dcc36c2bb80 Merge: e38cf1e2c 8a31117c0 Author: Michael Tremer Date: Mon Jun 2 16:01:32 2025 +0000 Merge branch 'master' into next commit e38cf1e2cd33d19f34f0856a87e09014a7cd4f45 Author: Michael Tremer Date: Sun Jun 1 14:58:28 2025 +0000 linux: Backport support for BIG TCP GSO on WireGuard Advertise GSO_MAX_SIZE as TSO max size in order support BIG TCP for wireguard. This helps to improve wireguard performance a bit when enabled as it allows wireguard to aggregate larger skbs in wg_packet_consume_data_done() via napi_gro_receive(), but also allows the stack to build larger skbs on xmit where the driver then segments them before encryption inside wg_xmit(). We've seen a 15% improvement in TCP stream performance. Signed-off-by: Michael Tremer commit a5da7ef0fc9a1cf73abaa3696dcc0d9c80f07ef0 Author: Michael Tremer Date: Sun Jun 1 14:56:26 2025 +0000 core196: Fix link to intel-microcode rootfile Signed-off-by: Michael Tremer commit 90efa0bd3645699224c2ccad6a83e9b9cbd87759 Author: Adolf Belka Date: Fri May 30 23:48:55 2025 +0200 ruby: Change archive type from xz to gz - The gz archive has an sha256 sum for comparison. Th xz archive has nothing. - Changed the source location to the one with gz file and sha256sum. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 151616b2809972dd77e56c361cd3516242422677 Author: Michael Tremer Date: Fri May 30 14:15:13 2025 +0000 core196: Ship ruby Signed-off-by: Michael Tremer commit 823a9edefe82fcc1b61b715c7f635f2b619d2be6 Author: Adolf Belka Date: Fri May 30 14:38:17 2025 +0200 ruby: Update to version 3.4.4 - This v2 version keeps the CFLAGS line in place - Update from version 3.4.1 to 3.4.4 - Update of rootfile - Changelog 3.4.4 YJIT: Split the block on optimized getlocal/setlocal by k0kubun · Pull Request #13331 Bug #21257: YJIT can generate infinite loop when OOM - Ruby - Ruby Issue Tracking System Bug #21286: Windows - MSYS2 just updated to GCC 15.1.0, builds failing - Ruby - Ruby Issue Tracking System Bug #21327: Windows builds seem broken after clock_gettime changes? - Ruby - Ruby Issue Tracking System Bug #21331: heap-use-after-free caused by rehash during transform_values! - Ruby - Ruby Issue Tracking System Bug #21289: Fix C level backtraces for USE_ELF - Ruby - Ruby Issue Tracking System 3.4.3 Bug #21145: Prism accepts newlines in-between curly unicode escape - Ruby - Ruby Issue Tracking System Bug #21153: ::Foo ||= p 1 should parse - Ruby - Ruby Issue Tracking System Bug #21030: Bug: #step with Range behavior broken on Ruby 3.4.1 - Ruby - Ruby Issue Tracking System Bug #21131: IO.copy_stream: yielded string changes value when duped - Ruby - Ruby Issue Tracking System Feature #19521: Support for Module#name= and Class#name=. - Ruby - Ruby Issue Tracking System Bug #21159: Module#set_temporary_name should freeze given name - Ruby - Ruby Issue Tracking System Bug #21161: Crash when locale is set to Turkish tr_TR.UTF-8 - Ruby - Ruby Issue Tracking System Bug #21144: Win32: Use Windows time zone ID as the time zone name if TZ is not set - Ruby - Ruby Issue Tracking System Bug #21170: Corrupted Hash (bad VALUE and missing entry) when -1 returned from .hash - Ruby - Ruby Issue Tracking System Bug #21172: Race condition in register_fstring - Ruby - Ruby Issue Tracking System Bug #21163: Inconsistencies in Kernel.Float compared to other number parsing methods - Ruby - Ruby Issue Tracking System Bug #21173: RUBY_FREE_AT_EXIT does not work when error in -r - Ruby - Ruby Issue Tracking System Bug #21179: Introduction Happy Eyeballs Version 2 broke Socket.tcp from secondary Ractors - Ruby - Ruby Issue Tracking System Bug #19841: Marshal.dump stack overflow with recursive Time - Ruby - Ruby Issue Tracking System Bug #21180: SEGV while marking imemo_env->iseq - Ruby - Ruby Issue Tracking System Bug #21186: Inconsistent parsing of ?あand 0 - Ruby - Ruby Issue Tracking System Bug #21094: Module#set_temporary_name does not affect a name of a nested module - Ruby - Ruby Issue Tracking System Bug #21195: Crash when using IO#timeout - Ruby - Ruby Issue Tracking System Bug #21196: Ruby 3.4 ignores visibility when passing arguments using ... - Ruby - Ruby Issue Tracking System Bug #21141: Time#utc? does not work with a timezone object - Ruby - Ruby Issue Tracking System Bug #21211: Incomplete Backtrace for Socket Errors in Ruby 3.4+ - Ruby - Ruby Issue Tracking System Bug #21197: Prism does not accept newline after defined? keyword - Ruby - Ruby Issue Tracking System Bug #21183: Ractor error with Prism::VERSION - Ruby - Ruby Issue Tracking System Bug #21217: Integer.sqrt produces wrong results even on input <= 1e18 - Ruby - Ruby Issue Tracking System Bug #21220: Memory corruption in update_line_coverage() [write at index -1] - Ruby - Ruby Issue Tracking System 3.4.2 Bug #21024: Ruby including generates compilation warning with GCC 15, header is deprecated in C++17, Bug #21021: "try to mark T_NONE object" with 3.4.1 Bug #20997: YJIT panic assertion left == right failed: leave instruction expects stack size 1, but was: 2 Bug #20981: rb_undefine_finalizer is missing Bug #20989: Segmentation fault in Ripper when lexing /#{"\xcd"}/ Bug #21003: unexpected warning about ignored block Bug #21002: Please include license information of turbo_tests Bug #21001: unexpected nil result from proc with ensure and next Bug #21010: Endless method definition of []= is SyntaxError in parse.y but allowed in Prism Bug #20992: eval(ascii_encoded_code) raises EncodingError when multibyte local variable exists Bug #21017: --with-parser=parse.y configure option does not work Bug #21014: Prism doesn't set node_id on iseqs correctly Bug #21027: not() receiver should be nil Bug #20995: exception escapes block given to IO.popen("-") in child process Bug #21008: Array#sum, Enumerator#sum, Numeric subclass Bug #21044: Prism maximum recursion depth is 1_000, parse.y is 10_000 Bug #21031: Incompatibility with prism and parse.y when eval'ing unnamed forwarding variables Bug #21085: [BUG] Stack consistency error with -ne Bug #21048: [Prism] rescue in modifier form with condition behaves differently Bug #21046: Backport: TLS fix for ARM64 Bug #21012: Compiling a['a','b'],=1 with parse.y fails Bug #21038: Preserve errno in rb_fiber_scheduler_unblock Bug #21032: Module#autoload? is slow when $LOAD_PATH contains a relative path Bug #21092: error building ruby 3.4.1 on cygwin/msys2 Bug #21095: Prefer uname -n over hostname in tests. Bug #21103: Binding problem with delegate methods Bug #21088: TCPSocket.new raises Socket::ResolutionError instead of Errno::ECONNREFUSED for hosts defined in /etc/hosts Bug #21112: Typo in error message when an incorrect key is used with WeakKeyMap Bug #21117: Inconsistent behaviour between "_1" and "it" variables Bug #21114: Prism hangs up while parsing deeply nested def Bug #20984: ENV.inspect is not encoding aware Bug #20982: Inconsistency between Hash#inspect and ENV.inspect in Ruby 3.4 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2c386559184fc26f347fa1f37282badb51e6db6a Author: Stephen Cuka Date: Wed May 28 19:31:38 2025 -0600 manualpages: Fixbug13858 - Add doc link for Network/Aliases - Add missing documentation link for 'Network/Aliases'. Signed-off-by: Stephen Cuka Reviewed-by: Adolf Belka Signed-off-by: Michael Tremer commit bfcc82ecc1e201116b140db006248ccb4519e877 Author: Michael Tremer Date: Thu May 29 10:23:33 2025 +0000 core196: Ship vim Signed-off-by: Michael Tremer commit a6380ebea7900c231abec294d8783e8750ddeb3b Author: Adolf Belka Date: Sat May 24 16:36:54 2025 +0200 vim: Update to version 9.1.1406 - Update from version 9.1.1153 to 9.1.1406 - Update of rootfile - Changelog is not available. Generally each patch version number update is related to a commit entry in the git repository. The details for all the commit changes can be found at https://github.com/vim/vim/commits/master/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f3338972a1a30f9fe9fc60db170c3b17d021f383 Author: Michael Tremer Date: Wed May 28 16:27:10 2025 +0000 core196: Ship dracut Signed-off-by: Michael Tremer commit 084533638e69c7cf94da43fb5d99d3c1a5741b66 Author: Adolf Belka Date: Wed May 28 17:57:40 2025 +0200 ipfire.conf: Fixes bug13836 - Change dracut default to no binary strip Fixes: #13836 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b2bd76188198b0d4fd4ee85c55a6ccb5cc38a427 Author: Michael Tremer Date: Wed May 28 14:14:54 2025 +0000 core196: Ship backup.pl Signed-off-by: Michael Tremer commit 5d0b4d3b9df0d93aeb3d2400550c5ee355ba7146 Author: Michael Tremer Date: Wed May 28 14:14:04 2025 +0000 backup: Also update MLKEM configuration if a backup is being restored Signed-off-by: Michael Tremer commit 6ed4634be943fe125b61f0348063016fcacb89ee Author: Michael Tremer Date: Wed May 28 14:11:07 2025 +0000 core196: Don't break IPsec tunnels that use MLKEM The previous patch was changing the string regardless of it having been changed before. The CGI script also has to be called as nobody. Signed-off-by: Michael Tremer commit cb95115f5af2002830cb2bda255133ebb3619f64 Author: Peter Müller Date: Mon May 26 18:28:00 2025 +0000 Core Update 196: Adjust existing IPsec connections using ML-KEM This causes existing IPsec connections using ML-KEM to always use it in conjunction with Curve 25519, in line with the changes dfa7cd2bbac3c746569368d70fefaf1ff4e1fed2 implements for newly configured IPsec connections. Again, we can reasonably assume an IPsec peer supporting ML-KEM also supports Curve 25519. In case such a peer does not support RFC 9370, and the IPsec connection was created using our default ciphers, it will fall back to Curve 448, Curve 25519, or any other traditional algorithm. This patch will break existing IPsec connections only if they are exclusively using ML-KEM (which means the IPFire user reconfigured them manually using the "advanced connection settings" section in the WebUI), and the IPsec peer is configured in the same manner, and/or is an IPFire machine not yet updated to Core Update 196. Any other IPFire-to-IPFire IPsec connection will continue working, potentially falling back to Curve 448 or 25519 until both peers are updated to Core Update 196, after which ML-KEM in conjunction with Curve 25519 will be used again. The second version of this patch modifies IPFire's own configuration file for IPsec connections, rather than applying these changes directly to /etc/ipsec.conf, where they would have been overwritten by the next WebUI change. Signed-off-by: Peter Müller Signed-off-by: Michael Tremer commit 5ed68a18b06ac84e994b1065398370533f59eea0 Author: Peter Müller Date: Mon May 26 18:27:00 2025 +0000 vpnmain.cgi: Use ML-KEM only as a hybrid with Curve 25519 In commit 887778e0888d51eb9942ae310a43f6d2813efad3, the post-quantum key exchange algorithm ML-KEM was introduced, due to its support being added in strongSwan 6.0. However, using PQC key exchanges is commonly recommended only in conjunction with a traditional one, to avoid encrypted traffic becoming subject to trivial decryption in case a PQC algorithm proves weak, broken, or backdoored. OpenSSH, for instance, combines ML-KEM 768 with Curve 25519 (mlkem768x25519-sha256), rather than using ML-KEM alone. This patch changes the cipher suites offered for IPsec connections to always use ML-KEM as a hybrid with Curve 25519. This is possible due to strongSwan 6.0 having added support for IKE intermediary key exchanges (RFC 9370); see https://docs.strongswan.org/docs/latest/config/proposals.html#_key_exchange_methods for additional information. We can reasonably assume an IPsec peer supporting ML-KEM will also support Curve 25519, as this has been around for much longer, and is used quite commonly. Even if this is not the case, or if the IPsec peer does not implement RFC 9370, any IPsec connection using our default cipher selection will fall back to Curve 448, Curve 25519, or other, hence continue working. IPsec connections already created will need their ciphers to be changed once during the Core Update routine where this patch will be incorporated. Tested-by: Peter Müller Signed-off-by: Peter Müller Signed-off-by: Michael Tremer commit 23026ecc8531dfc41bd4cd7ca909b023f6fdc9a7 Author: Michael Tremer Date: Wed May 28 09:27:44 2025 +0000 core196: Ship header.pl Signed-off-by: Michael Tremer commit 1a89896a79d0060e08df287f9c4536dba12927d3 Author: Stephen Cuka Date: Wed May 28 00:42:23 2025 -0600 header.pl: Fixbug13857 - Disable Blue Access submenu if no BLUE network - Fix reference to BlueAccess menu item so that it is disabled when BLUE network is not in use. Signed-off-by: Stephen Cuka Signed-off-by: Michael Tremer commit 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 Author: Michael Tremer Date: Fri May 23 15:23:25 2025 +0000 dnsdist: Update to 1.9.10 We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests. https://www.dnsdist.org/changelog.html#change-1.9.10 Signed-off-by: Michael Tremer commit 313b34669c2d67635a473b6e3fa2ed5c593fc4c4 Author: Michael Tremer Date: Tue May 27 16:42:52 2025 +0000 core196: Ship boost Signed-off-by: Michael Tremer commit fc06f52f68902906b8e5efbff3b5a82545515d61 Author: Adolf Belka Date: Tue May 27 16:25:10 2025 +0200 boost: Update to version 1.88.0 - Update from version 1.83.0 to 1.88.0 - Update of rootfiles for all architectures - Changelogs are very large so urls provided for each release changelog 1.88.0 https://www.boost.org/releases/1.88.0/ 1.87.0 https://www.boost.org/releases/1.87.0/ 1.86.0 https://www.boost.org/releases/1.86.0/ 1.85.0 https://www.boost.org/releases/1.85.0/ 1.84.0 https://www.boost.org/releases/1.84.0/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9bb052e28681b38dff98eb0567062352c2df74c4 Author: Adolf Belka Date: Tue May 27 10:28:32 2025 +0200 collectd: Remove old version patches no longer used Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b3ca9cff8c939ae48e0036cda2203014917fb1cf Merge: f40e60082 333174d19 Author: Michael Tremer Date: Mon May 26 10:00:23 2025 +0000 Merge branch 'master' into next commit 333174d19fefb7262b0a8bd6359c9f14f767b392 Author: Roberto Peña Date: Mon May 26 09:56:42 2025 +0000 langs: Update Spanish translation https://community.ipfire.org/t/es-pl-updated-with-new-changes-wireguard-and-other/14107 Signed-off-by: Michael Tremer commit f40e600822ce836e82e8a46adba94cf3695eb72d Author: Michael Tremer Date: Mon May 26 11:47:21 2025 +0200 core196: Ship index.cgi and WireGuard changes Signed-off-by: Michael Tremer commit e35e6588673396fdaa3f33b25cd3075c0da9d577 Author: Michael Tremer Date: Mon May 26 11:46:35 2025 +0200 core196: Sort filelist alphanumerically Signed-off-by: Michael Tremer commit c00e6e49c3cd0ba0fa3826539c251d757f41bc9a Author: Michael Tremer Date: Mon May 26 11:45:34 2025 +0200 index.cgi: Use correct string for "WireGuard" Signed-off-by: Michael Tremer commit 8277dec16614df36ed0bd6f687ce244c2d243c62 Author: Michael Tremer Date: Mon May 26 11:44:30 2025 +0200 index.cgi: Translate "Online" Signed-off-by: Michael Tremer commit 9f1f3da8f5866098177edd68ef50b238a3dadf6a Author: Michael Tremer Date: Mon May 26 11:39:28 2025 +0200 index.cgi: Show the WireGuard client pool This is in line with the other Roadwarrior pools. Signed-off-by: Michael Tremer commit c29a07b2ee505811a6cd78ca643bf816beb77375 Author: Michael Tremer Date: Mon May 26 11:38:57 2025 +0200 index.cgi: Show WireGuard status using the function library The settings file is also loaded all the time and we don't need to load it again. Signed-off-by: Michael Tremer commit 5d14f5c10e43c3440e97f6ecc28d4b10709a0e07 Author: Adolf Belka Date: Sun May 25 13:35:01 2025 +0200 index.cgi: Add wireguard status to home screen - This fix adds a wireguard line to show when it is enabled. - This fix does not show a table for any net2net connections that are enabled. I have started working on that but as I only have an OpenVPN n2n connection in place, I can't test out the copy of the ipsec n2n code section that I have made. I need to get ipsec and wireguard n2n connections working first. - If someone else wants to provide a patch for the wireguard n2n connections tables I have no problems with that. If not then I will submit one when I have been able to test it. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fbbaa19d13a828a98170fb3b23330189e9eed1d5 Author: Michael Tremer Date: Mon May 26 11:31:54 2025 +0200 wireguard-functions.pl: Add a simple function to check if enabled Signed-off-by: Michael Tremer commit 08511b2750fd664970015f3a9bf5ffb81cdcfae9 Merge: f263d9e25 be068416c Author: Michael Tremer Date: Mon May 26 09:19:54 2025 +0000 Merge branch 'master' into next commit be068416ca90777a9bf8a473f2b89d994d8d69f5 Author: Michael Tremer Date: Mon May 26 09:12:52 2025 +0000 core195: Ship manual pages for the web UI Signed-off-by: Michael Tremer commit 36112ab9b8c127d529bf205edf19cb0d4f202e3d Author: Adolf Belka Date: Sat May 17 14:12:17 2025 +0200 manualpages: Fixes bug13849 - adds manual link to wireguard page Fixes: bug13849 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f263d9e25d5c0ea75fc9ebf933b8145de8a796b3 Author: Michael Tremer Date: Mon May 26 09:10:34 2025 +0000 core196: Ship texinfo Signed-off-by: Michael Tremer commit e0151f9d178d649eeea3d7ac0667c6f2d2c4e63c Author: Adolf Belka Date: Sat May 24 16:36:53 2025 +0200 texinfo: Update to version 7.2 - Update from version 7.1.1 to 7.2 - Update of rootfile - Changelog 7.2 * Build . "make install" installs files for texi2any under $datadir/texi2any, not $datadir/texinfo. * texinfo.tex . use @ as the escape character in all index files. this requires new enough texi2dvi (Texinfo 6.7, 2019) for index files to be properly processed. . a bug has been fixed where a mangled PDF outline could be produced for a document using @unnumberedsec . you can call @unmacro with an undefined macro name, matching the behavior of texi2any * texi2any . set CHECK_NORMAL_MENU_STRUCTURE by default. this means texi2any again checks menu structure by default (changed in 6.8 release, 2021). . only allow @definfoenclose to be used to redefine highlighting commands . sorting of indices is now independent of the input or output encodings . new customization variable COLLATION_LANGUAGE to allow linguistic tailoring of index sorting . new variable DOCUMENTLANGUAGE_COLLATION to use @documentlanguage for linguistic tailoring of index sorting . new variable USE_UNICODE_COLLATION to allow turning off the slower use of Unicode collation when sorting indices . rename BODYTEXT customization variable to BODY_ELEMENT_ATTRIBUTES . rename COMPLEX_FORMAT_IN_TABLE customization variable to INDENTED_BLOCK_COMMANDS_IN_TABLE . remove the following variables: AVOID_MENU_REDUNDANCY, FRAMES, FRAMESET_DOCTYPE, NO_USE_SETFILENAME, SILENT, USE_UP_NODE_FOR_ELEMENT_UP . remove SIMPLE_MENU variable and tree transformation . the use of the directories ~/.texinfo and ~/.texi2any for configuration files is deprecated, and should be replaced by texinfo or texi2any directories under XDG_CONFIG_HOME (usually ~/.config/). the new locations are compatible with the XDG Base Directory Specification. in future versions, the ~/.texinfo and ~/.texi2any directories will not be in search paths. . do not try the us-ascii encoding anymore as a locale for translated document strings. . some unused translation files have been removed for the `texinfo_document' domain . Info output: . output Info-documentlanguage in Local Variables section of output file if @documentlanguage is given . HTML, Texinfo and raw text output: . an implementation of the conversion in C has been included, which is much faster than the code in Perl. set the `TEXINFO_XS_CONVERT' environment variable to 1 to use. . HTML output: . CHECK_HTMLXREF set by default for warnings about links to unknown external manuals . you can use the MATHJAX_CONFIGURATION customization variable to add data to the MathJax configuration object . warn if there is a .inf or .info suffix for cross-reference manual . use 
 instead of 
 for output of @displaymath
                  . remove border, cellpadding, cellspacing and align attributes.  add
                    classes and use CSS when needed.
              . EPUB output:
                  . stricter conformance for conformance checkers
            * info
              . check for init file under XDG_CONFIG_HOME/texinfo/infokey after
                checking ~/.infokey, in accordance with the XDG Base Directory
                Specification
            * Distribution
              . automake 1.17, autoconf 2.72, gettext 0.22.5, libtool 2.5.3
    
    Signed-off-by: Adolf Belka 
    Signed-off-by: Michael Tremer 

commit 80de694468867ef5d16aaa71a0c75179921079c9
Author: Michael Tremer 
Date:   Mon May 26 09:09:54 2025 +0000

    core196: Ship gperf
    
    Signed-off-by: Michael Tremer 

commit f6e011f7a1b237ab7f34867c112d64fa26b89c59
Author: Adolf Belka 
Date:   Sat May 24 16:36:48 2025 +0200

    gperf: Update to version 3.3
    
    - Update from version 3.1 to 3.3
    - Update of rootfile not required
    - Changelog
        3.3
            * Speedup: gperf is now between 2x and 2.5x faster.
        3.2.1
            * The generated code avoids -Wundef warnings in C++ mode.
        3.2
            * The input file may now use Windows line terminators (CR/LF) instead of
              Unix line terminators (LF).
              Note: This is an incompatible change. If you want to use a keyword that
              ends in a CR byte, such as xyz, write it as "xyz\r".
            * The generated code avoids several types of warnings:
              - "implicit fallthrough" warnings in 'switch' statements.
              - "unused parameter" warnings regarding 'str' or 'len'.
              - "missing initializer for field ..." warnings.
              - "zero as null pointer constant" warnings.
    
    Signed-off-by: Adolf Belka 
    Signed-off-by: Michael Tremer