commit c03fb49f5ba1828ae3f99c3f817255fabc9ba823 Author: Michael Tremer Date: Thu Jul 3 15:02:14 2025 +0000 langs: Sort Chinese translations alphabetically Signed-off-by: Michael Tremer commit 207e59c1a4aa96d823a97fe94673fd1337f54d07 Author: Michael Tremer Date: Thu Jul 3 15:01:58 2025 +0000 make.sh: Add Chinese translations to automatic language checks Signed-off-by: Michael Tremer commit 500b01a0ce22d1e4e227a2498af8dcdea497e08a Author: Michael Tremer Date: Thu Jul 3 14:59:28 2025 +0000 core197: Ship the list of supported languages Signed-off-by: Michael Tremer commit c80c2ef15e61feed8978694b7c830d03e7aeb740 Author: Michael Tremer Date: Thu Jul 3 14:58:24 2025 +0000 core197: Ship changed menu files Signed-off-by: Michael Tremer commit 117570ace6dfcb49a6ea4b9418567a0941e4e7ca Author: Michael Tremer Date: Thu Jul 3 14:56:15 2025 +0000 Start Core Update 197 Signed-off-by: Michael Tremer commit f4d511e09a778e798683fc49c4081c118e463276 Author: Michael Tremer Date: Thu Jul 3 14:52:15 2025 +0000 make.sh: Update missing translations Signed-off-by: Michael Tremer commit b188f482fa43e9d4983a0f3055e0725bae57bc01 Author: Michael Tremer Date: Thu Jul 3 14:51:54 2025 +0000 langs: Remove foreign URL from Chinese translations Signed-off-by: Michael Tremer commit 60abeef8b92f68e400610bbda5906e44b28b8b73 Author: Adolf Belka Date: Wed Jul 2 14:01:11 2025 +0200 en.pl: Add "quality of service" and "mdstat" values into en lang file - The extrahd is already in the file but this change ensures that the lang additions to the 20-status and 40-services menu files are included in the en.pl file. Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3a9042e8ec246cb92dcf6ab8e6e5c46fd78eab6f Author: Adolf Belka Date: Wed Jul 2 14:01:10 2025 +0200 40-services.menu: Use lang files for caption and title - The "quality of service" and "extrahd" values are in the two Chinese language files Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9e209e08e258160663f6e85e17e1cabc736b00fe Author: Adolf Belka Date: Wed Jul 2 14:01:09 2025 +0200 20-status.menu: Use lang files for caption and title - the mdstat values are in the two Chinese language files Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 232d4bbed8477ef15da8887beda82558aa5c79ed Author: Adolf Belka Date: Wed Jul 2 14:01:08 2025 +0200 langs: Addition of Chinese language files - from ipfire github pull request - These langauage files have been provided by GitHub user Opnwall as a pull request - Tested out the result of these two patches on my vm testbed. As long as I made sure I had a font set installed that dealt with these types of character codes then it worked fine for me. I had to install noto-fonts-cjk on my archlinux system for the characters to be properly transcribed. - The associated patch is where a few menu items that had no language translation have been changed to use the language files, presumably so that those menu names are shown in the Chinese characters. Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4a12f983c1eba12a337bd0cfcc592181ff6a174b Author: Arne Fitzenreiter Date: Thu Jul 3 14:22:06 2025 +0200 vulnerabilities.cgi add indirect target selection Signed-off-by: Arne Fitzenreiter commit d329f1c2a51a59ade209f1a900c5b0d8f7c70409 Author: Michael Tremer Date: Thu Jul 3 07:33:41 2025 +0000 freeradius: Bump release Fixes: #13590 - Freeradius not starting: libssl version mismatch Signed-off-by: Michael Tremer commit ef9c801966e4b14fd53997adc256669a0d813480 Author: Michael Tremer Date: Wed Jul 2 10:45:50 2025 +0000 Revert "libusb: Add comment to update nut when libusb is updated" This reverts commit 80b5bcd5ed1c3dbad515e0835806999cdbe71e61. This change is no longer needed. Signed-off-by: Michael Tremer commit 1f28c8ad6e575c5663f3a4577d24b34a34670c88 Author: Adolf Belka Date: Wed Jul 2 13:00:55 2025 +0200 sudo: Update to version 1.9.17p1 - Update from version 1.9.17 to 1.9.17p1 - Update of rootfile not required - Changelog 1.9.17p1 * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the user to run commands on a different host. * Fixed CVE-2025-32463. An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The chroot support has been deprecated an will be removed entirely in a future release. Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 80b5bcd5ed1c3dbad515e0835806999cdbe71e61 Author: Adolf Belka Date: Mon Jun 30 18:12:02 2025 +0200 libusb: Add comment to update nut when libusb is updated - libusb is a run time requirement for nut Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 830a6725ead4285b2c8ae50ea184c14aed732977 Author: Adolf Belka Date: Tue Jul 1 15:44:35 2025 +0200 core196: Revert ship of customservices from fwhosts - Shipping the customservices file replaced the existing file on all users systems, which resulted in any modificationjs they had made being wiped out. - Having thought about it further what I shouldn have done is just added the additional custom service of "DNS over TLS" to the end of the customservices file during the update process using update.sh but that is also not so easy because what number to use for the "DNS over TLS" entry will depend on how many custom services the user has created. - At the least the shipping of the customservices file needs to be reverted. I and others can then think about alternative ways to provide that entry to existing files. - Alternatively we could leave it without doing anything. A fresh install will have the "DNS over TLS" entry and upgrades will just leave the existing customservices file alone. - Users can of course recover the file by doing a restore from the backup they have created but it is not good to overwrite those sorts of files. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4b8c437bbc2c45e7623ac56197036f6af103b8b7 Merge: baa22ec7a 99a3c58f2 Author: Michael Tremer Date: Mon Jun 30 08:53:10 2025 +0000 Merge branch 'next' commit 99a3c58f2f6cd18515e6baa3c0da70dd23c69f1d Author: Michael Tremer Date: Mon Jun 30 08:49:42 2025 +0000 make.sh: Update contributors Signed-off-by: Michael Tremer commit e119ed0c2dc49e398e41a6c5eff85fe934cc4054 Author: Arne Fitzenreiter Date: Mon Jun 30 08:50:02 2025 +0200 grub/installer: add console=tty1 to default entry this is needed because some arm systems try to set more than one console output via firmware/dtb and this is incompatible with the old initsystem that ipfire use. Signed-off-by: Arne Fitzenreiter commit 2c40362e9c34101082ae5c5ecfcf42eeffb5967a Author: Michael Tremer Date: Sun Jun 29 16:03:14 2025 +0000 core196: Ship fwhosts.cgi Signed-off-by: Michael Tremer commit 58199a11c0651acbd3f9d92de8e04f8cbc9907e1 Author: Michael Tremer Date: Mon Jun 23 17:16:58 2025 +0000 langs: Remove the unused "Unused" translation string Signed-off-by: Michael Tremer commit 798556ec29207d5131a7600d5489f1ee92a7b87a Author: Michael Tremer Date: Mon Jun 23 17:16:57 2025 +0000 fwhosts.cgi: Move the tooltip into the usage counter This will clutter the page less as we don't have any good icon sets. Signed-off-by: Michael Tremer Tested-by: Adolf Belka Signed-off-by: Michael Tremer commit 61b277aa9c578a9a69e552f593a8bde421b811bc Author: Michael Tremer Date: Mon Jun 23 17:16:56 2025 +0000 fwhosts.cgi: Don't show anything if a host/group is unused Signed-off-by: Michael Tremer commit ca811a746a79f0e02cfb780cbd4543a057131e3a Author: Michael Tremer Date: Mon Jun 23 17:16:55 2025 +0000 fwhosts.cgi: Remove whitespace issues Signed-off-by: Michael Tremer commit 5511d94ed0d8ea6fd372d52cba515b4d6726abed Author: Peer Dietzmann Date: Mon Jun 23 17:16:54 2025 +0000 fwhosts.cgi: Show in which firewall rule objects are being used Signed-off-by: Michael Tremer Tested-by: Adolf Belka Signed-off-by: Michael Tremer commit 97ec94159acc1de68e804c70efd5e8e534e2e0a7 Author: Adolf Belka Date: Sat Jun 28 15:48:53 2025 +0200 core196: Ship pakfire Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit da9987bf97ef88bf93d27ebdbe13558e5a2c76d9 Author: Adolf Belka Date: Sat Jun 28 15:48:52 2025 +0200 update.sh: Remove pakfire.log file as it is not used Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3bc224d7203c014f637369bfb43850679c3cf571 Author: Adolf Belka Date: Sat Jun 28 15:48:51 2025 +0200 backup.pl: Stop restore of the empty pakfire.log file - With the removal of the pakfire.log file from the install, this patch stops the empty file being restored from old backups Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2a39f4af1a0a2641c9a10fc96183a9d245c386a1 Author: Adolf Belka Date: Sat Jun 28 15:48:50 2025 +0200 pakfire: Remove creation of pakfire.log that is never used Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2527b86ee85ebe89d585f4fb1db2aac0c1026684 Author: Adolf Belka Date: Sat Jun 28 15:48:49 2025 +0200 functions.pl: pakfir cleanup - I wondered what was supposed to be in the pakfire.log file that has always been empty so I had a look around and discovered that it has been commented out since CU30 - So this patch removes that commented out line and the other patches in this set remove the creation of the empty pakfire.log file and stop it being restored etc Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d6a8e1a887977071d2dfbaeb2b9095571a6889d5 Author: Adolf Belka Date: Fri Jun 27 21:53:51 2025 +0200 core196: Ship libloc Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 61d78100dc1b7b217bd7aa443b28ced2c711dd70 Author: Adolf Belka Date: Fri Jun 27 21:53:50 2025 +0200 libloc: Fixes bug13861 - libloc-0.9.18 fails to find some ASN info - Patch added to fix bactracking after no match found bug. When the next version of libloc is released then this patch can be removed as the patch will be integrated in with that version. - Update of rootfile not required. - Tested out on local build of libloc-0.9.18 Fixes: bug13861 Reported-by: Adolf Belka Suggested-by: Michael Tremer Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e86bab0246ae7d23b978452a9b0cf2e835149edc Author: Michael Tremer Date: Sun Jun 29 16:00:21 2025 +0000 core196: Ship the WireGuard initscript This is required because the changes from 8e1a9a3699e7061405ae7ee49caf672558a1c792 were not shipped in the final release of c195. Signed-off-by: Michael Tremer commit c1d2c40d30a80981a499ba9260aedb8160b8ba13 Author: Michael Tremer Date: Wed Jun 25 15:23:47 2025 +0100 core196: Ship firewall.cgi Signed-off-by: Michael Tremer commit 0ee4f61deaf50b5c091d94afbedd5615c002cfae Author: Michael Tremer Date: Wed Jun 25 15:22:32 2025 +0100 firewall.cgi: Remove some left-over debugging code This code prevented that any firewall rules could have been created due to the WUI always assuming that there would be some error. Fixes: #13860 - Error message when creating a firewall rule with a subnet for src Signed-off-by: Michael Tremer commit 5b2a54312df207d20fad0e088deb17bd983fab28 Author: Michael Tremer Date: Wed Jun 25 13:55:51 2025 +0000 core196: Ship squid Signed-off-by: Michael Tremer commit 6b320b273d53746fca621b8fb073e8258a46904a Author: Matthias Fischer Date: Tue Jun 24 23:21:22 2025 +0200 squid: Update to 6.14 For details see: https://github.com/squid-cache/squid/releases/tag/SQUID_6_14 "Changes in squid-6.14 (24 Jun 2025): - Bug 5352: Do not get stuck in RESPMOD after pausing peer read(2) - Bug 5489: Fix "make check" linking on Solaris - Fix SNMP cacheNumObjCount -- number of cached objects - Do not duplicate received Surrogate-Capability in sent requests - Fix Mem::Segment::open() stub to fix build without shm_open() - ... and CI and documentation updates" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit dca208ea0c18abbfa19868109dfe9b166a575a28 Author: Michael Tremer Date: Wed Jun 25 13:55:26 2025 +0000 core196: Ship wireguard-tools Signed-off-by: Michael Tremer commit 2ea7d7bc637546112c83089515ebc7859baa24b2 Author: Adolf Belka Date: Tue Jun 24 23:15:26 2025 +0200 wireguard-tools: Update to version 1.0.20250521 - Update from version 1.0.20210914 to 1.0.20250521 - Update of rootfile not required - Changelog 1.0.20250521 config: handle strdup failure wg-quick: linux: add 'dev' to 'ip link add' to avoid keyword conflicts ipc: add stub for allowedips flags on other platforms ipc: linux: support incremental allowed ips updates ipc: freebsd: use AF_LOCAL for the control socket ipc: linux: enforce IFNAMSIZ limit man: set private key in PreUp rather than PostUp wg-quick: run PreUp hook after creating interface show: fix show all endpoints output ipc: freebsd: NULL out some freed memory in kernel_set_device() ipc: freebsd: avoid leaking memory in kernel_get_device() show: apply const to right part of pointer ipc: freebsd: move if_wg path to reflect new in-tree location wg-quick: linux: prevent traffic from momentarily leaking into tunnel global: dual license core files as MIT for FreeBSD wg-quick: android: use right regex for host-vs-IP reresolve-dns: use $EPOCHSECONDS instead of $(date +%s) embeddable-wg-library: add named wg_endpoint union ipc: use more clever PnP enumerator Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 32252117509cb1906d990b91b46368dd531cccaa Author: Adolf Belka Date: Mon Jun 23 12:57:16 2025 +0200 frr: Update to version 10.3.1 - Update from version 10.2.1 to 10.3.1 - Update of rootfile - CVE fix in 10.3.0 - Changelog 10.3.1 Bug Fixes babeld Check valid babel port Fix incorrect type assignment in parse_request_subtlv bgpd Fix set evpn gateway-ip ipv[46] route-map Fix bmp heap use after free on non connected session Fix evpn attributes being dropped on input Fix holdtime not working properly when busy Fix leaked memory when showing some bgp routes Fixed crash upon bgp network import-check command On shutdown free up memory leak found by topotest Prevent crash when issuing a show rpki connections Remove unused defines from bgp_label.h Retain the routes if we do a clear with n-bit set for graceful-restart Set the label for mp_unreach_nlri 0x800000 instead of 0x000000 Treat the peer as not active due to bfd down only if established isisd Fix srv6_sid memory leak lib Create vrf if needed Return duplicate ipv6 prefix-list entry test Return duplicate prefix-list entry test nhrpd Add hop count validation before forwarding in nhrp_peer_recv() ospf6d Disable and delete ospfv3 areas that no longer have interfaces or configuration. Fix lsa memory leaks related to graceful restart pimd Fix for crash during networking restart Fix memory leak on shutdown Initialize gm proxy to false staticd Avoid requesting srv6 sid from zebra when loc and sid block dont match Fix crash that occurs when modifying an srv6 sid tools Fix reload script for srv6 locators and formats zebrad Do not flush an existing vni configuration trying to remove wrong vni Ensure proper return for failure for sid allocation Fixes allowing srv6 func-bits length 0 10.3.0 New Features Highlight: Lua 5.4 support Fixed CVE-2024-55553 New match community-count BGP command to limit communities count New set metric igp|aigp BGP command to inject IGP metric as MED into BGP New bgp ipv6-auto-ra BGP command Optimize BGP EVPN L2VNI/L3VIN remote routes processing Respect non-transitive BGP extended communities between direct peers Drop deprecated bgp network import-check exact command Handle BGP ENHE (Extended Next Hop Encoding) capability via dynamic capability Implement BGP connect backoff retry Implement an ability to import BMP information from a separate BGP instance Add support of BGP color extended community color-only types Implement SBFD Add support for SRv6 static SIDs Implement embedded-rp for PIMv6 Implement AutoRP mapping-agent for PIM Implement MSDP peer SA limiting What's Changed zebra: Fix crash in pw code by @donaldsharp in #17042 bfdd, yang: change bfd timer and multiplier values by @louis-6wind in #17002 Adds note about VRRP issues inside a VM with underlying bridge networking by @chriswiggins in #17050 tools: Add missing mgmtd into logrotate/rsyslogd by @ton31337 in #17054 isisd: Lsp fragments will delete the corresponding dyn_cache entry. by @baozhen-H3C in #17044 bgpd: Allow specification of vrf in show bgp neighbor graceful-restart by @donaldsharp in #17057 bgpd: changes for code maintainability by @sri-mohan1 in #17040 10.3 dev deb/rpm housekeeping by @Jafaral in #17061 bgpd: fix ipv6 nexthop-local unchanged by @louis-6wind in #17037 doc: routemap: fix typos by @rudis in #17064 bgpd: Move some non BGP-specific route-map functions to lib by @ton31337 in #17059 bgpd: split nexthop-local unchanged peer subgroup by @louis-6wind in #17071 zebra: add back one field for debug by @anlancs in #17082 zebra: Only notify dplane work pthread when needed by @donaldsharp in #17062 bgpd: fix evpn mh esi down by @chiragshah6 in #17074 doc: clarify bgp as-override by @louis-6wind in #17087 bgpd: bmp loc-rib peer up/down for vrfs by @louis-6wind in #17001 zebra: vlan to dplane by @raja-rajasekar in #16737 bgpd: Remove unused BGP_NEXTHOP_CONNECTED_CHANGED flag for nexthop by @ton31337 in #17099 bgpd: Check if su_local/su_remote exist before encoding BMP peer state by @ton31337 in #17103 bgpd: fix route selection with AIGP by @enkechen-panw in #17093 bgpd: Drop deprecated bgp network import-check exact command by @ton31337 in #17053 lib: Apply and generate route-map commands earlier before any other protocol by @ton31337 in #17058 isisd: Remove circuit state check for openfabric by @ton31337 in #17083 ospfd: fix the bug that the empty area was not free after no_area_range was executed by @Shbinging in #17101 bgpd: fix bmp coverity issue 1600779 by @louis-6wind in #17106 tools/gcc-plugins: don't crash on array parameters by @eqvinox in #17104 bgpd, tests: don't send local nexthop from rr client by @louis-6wind in #17073 zebra: Prevent a kernel route from being there when a connected should by @donaldsharp in #17088 zebra: Attempt to explain the rnh tracking code better by @donaldsharp in #15586 bgpd: Derive and set MED from IGP or AIGP by @ton31337 in #17038 tests: iproute2_check_path_selection call the actual command by @donaldsharp in #17107 ospfd: Fixup ospf_lsa.[ch] to properly spell out parameters for funct… by @donaldsharp in #17126 zebra: unlock node only after operation in zebra_free_rnh() by @enkechen-panw in #17116 vtysh: fix SA warning, no need to call getenv() twice by @Jafaral in #17114 bgpd: Implement match src-peer ... command by @ton31337 in #16946 zebra: fix heap-use-after free on ns shutdown by @pguibert6WIND in #17020 *: Fix up improper handling of nexthops for nexthop tracking by @donaldsharp in #17076 lib, test: fix display ipv4 mapped ipv6 addresses by @louis-6wind in #16452 bgpd: fix several issues in sourcing AIGP attribute by @enkechen-panw in #17091 ospfd: fix some ospf commands by @Shbinging in #17065 *: fix clang-19 SA by @eqvinox in #17136 zebra: Fix possible null deref discovered by coverity by @donaldsharp in #17154 ospfd: update ospf_asbr_status when using no_area_nssa command by @Shbinging in #17134 lib: Correctly handle ppoll pfds.events == 0 by @donaldsharp in #17025 bgpd: changes for code maintainability by @sri-mohan1 in #17164 bgpd: changes for code maintainability by @sri-mohan1 in #17167 tests: logger masked in topotest.py by @liambrady in #17157 bgpd: allow value 0 in aigp-metric setting by @enkechen-panw in #17169 doc: Require unified config for all new topotests by @ton31337 in #17172 bgpd: fix AIGP calculation in route advertisement by @enkechen-panw in #17168 bgpd: Handle non-transitive extended communities by @ton31337 in #17151 bgpd: Do not filter no-export community for BGP OAD by @ton31337 in #17165 zebra: remove useless code by @anlancs in #17166 isisd: fix 'show isis route' and 'show isis fast-reroute summary' errors with vrf by @baozhen-H3C in #17174 zebra: drop NEWLINK event handling in the main thread by @anlancs in #17180 bgpd: Do not leak a stream with bmp code by @donaldsharp in #17192 Revert "lib: Attach stdout to child only if --log=stdout and stdout F… by @donaldsharp in #17198 ospfd:fix the bug that the empty area was not free after no area range command was executed by @Shbinging in #17183 zebra: fix showing nexthop vrf for ipv6 blackhole by @louis-6wind in #17162 bgpd: fix uninitialized bgp_labels by @louis-6wind in #17191 lib: debug memstats-at-exit improvements by @eqvinox in #17155 pimd: PIM autorp no path RP fix by @nabahr in #17215 Optimizations and problem fixing for large scale ecmp from bgp by @donaldsharp in #17229 tests: add bmpserver logging by @louis-6wind in #17207 bgpd: compare aigp after local route check in bgp_path_info_cmp() by @enkechen-panw in #17199 docs: Update evpn.rst by @systemcrash in #17255 pimd, tests: fix bsr assert and expand topotest to pimv6 by @Jafaral in #17216 lib, zebra: Keep zebra on-rib-process script in frr.conf by @ton31337 in #17160 isisd: fix change flex-algorithm number from uint32 to uint8 by @pguibert6WIND in #17250 bgpd: add bgp ipv6-auto-ra command by @Sokolmish in #16354 bgpd: fix display of local label in show bgp by @louis-6wind in #17243 vtysh: fix find and list commands by @eqvinox in #17200 Mrib nht wonky by @donaldsharp in #17254 zebra: add 'debug zebra srv6' command by @pguibert6WIND in #17257 ospfd:fix syntax of some ospf no commands by @Shbinging in #17189 bgpd: fix blank line in running-config with bmp listener cmd by @pguibert6WIND in #17278 bgpd: fix crash when polling bgp4v2PathAttrTable by @fdumontet6WIND in #17245 bgpd: fix prefix same as nexthop in label per nexthop by @lsang6WIND in #16990 isisd: The command "'show isis vrf all summary json" has no output. by @baozhen-H3C in #17190 tests: fix bmp tests random failure by @louis-6wind in #17226 bgpd: bestpath failure when you have a singlepath not in holddown by @donaldsharp in #17251 Bgp musings by @donaldsharp in #15563 doc: Use RST, not Markdown format for links by @ton31337 in #17311 doc: Create html_context before setting READTHEDOCS by @ton31337 in #17310 tests: respect RLIMIT_CORE hard limit by @liambrady in #17296 zebra: Add missing new line for help string by @ton31337 in #17318 tests: Add an ability to specify daemon params with unified config by @ton31337 in #17317 Add support to import alternate URIB tables into the main MRIB by @nabahr in #17281 Bgp update optimizations by @donaldsharp in #17327 Revert "ospfd: update ospf_asbr_status when using no_area_nssa command" by @donaldsharp in #17330 lib: Remove wheel name it is no longer used by @donaldsharp in #17329 tests: Do not set by default netlink receive buffer size for Zebra by @ton31337 in #17328 Clang 19 some more by @donaldsharp in #17230 ospfd: Fix opaque LSA refresh interval and modify LSA cmds. by @aceelindem in #17194 Remove event master free unused by @donaldsharp in #17280 Remove in6addr cmp by @donaldsharp in #17312 bgpd: Replace 128 with IPV6_MAX_BITLEN by @cscarpitta in #17335 zebra: Fix incorrect debug macros by @cscarpitta in #17334 doc: Fix a couple of misspellings in zebra documentation by @cscarpitta in #17333 tests: Remove unnecessary fields from expected JSON by @nabahr in #17332 zebra: On startup actually allow for nhe's to be early by @donaldsharp in #16960 nhrpd: fix passphrase handling, add topotest for resolution request by @jmuthiilabn in #17115 zebra: Don't display the vrf if not using namespace based vrfs by @donaldsharp in #16750 bgpd: Treat numbered community-list only if it's in a range 1-500 by @ton31337 in #17305 ospfd: Use router_id what Zebra has if we remove a static router_id by @ton31337 in #17319 zebra: fix missing kernel routes by @anlancs in #17326 ospfd: Fix assert in LSA refresh interval setting by @aceelindem in #17346 ospf6d: remove redundant null ptr check in ospf6_link_lsa_get_prefix_str() - CID 1599957 in #17364 ospf6d: remove redundant null ptr check in #17363 tests: Add a topology that supports a large number of ecmp by @donaldsharp in #17244 bgpd: Clear stale routes with multiple paths by @ton31337 in #17376 lib: Add ability to track time in individual routemaps by @donaldsharp in #12109 bgpd:support of color extended community color-only types by @guoguojia2021 in #17231 bgpd:support tcp-mss for neighbor group by @zice312963205 in #17341 Bgp withdraw and unlikely by @donaldsharp in #17384 lib: Initialize mbefore for route_map_apply_ext() by @ton31337 in #17386 bgpd: Fix for match source-protocol in route-map for redistribute cmd by @raja-rajasekar in #17362 bgpd: fix resolvedPrefix in show nexthop json output by @krishna-samy in #17409 bgpd: Reset BGP session only if it was a real BFD DOWN event by @ton31337 in #17344 isisd: fix crash when switching P2P after shutdowning LAN circuit by @baozhen-H3C in #17366 Add two RFCs for BGP to the list by @ton31337 in #17374 BGP BFD session things by @ton31337 in #17410 tests: clarify bgp_vpnv4_asbr by @louis-6wind in #17368 zebra, lib: use internal rbtree for per-NS tree of ifps by @mjstapp in #17297 debian: Add missing libprotobuf-dev to grpc profile by @piotrjurkiewicz in #17205 tests: add support for ospf instances with unified configs by @Jafaral in #17331 bgpd: Show neighbor advertised paths including addpath by @ton31337 in #17423 zebra: fix unguarded debug in evpn code by @mjstapp in #17426 bgpd: Fix color extended community parsing by @ton31337 in #17422 bgpd: Drop unsupported commands by @ton31337 in #17429 Zebra debug assert by @donaldsharp in #17433 bgpd: Fix color extended community parsing by @ton31337 in #17434 bgpd : backpressure - Fix to pop items off zebra_announce FIFO for few EVPN triggers by @raja-rajasekar in #17432 pim6d: support embedded-rp by @rzalamena in #16937 bgpd: Validate both nexthop information (NEXTHOP and NLRI) by @ton31337 in #17435 bgpd: Add more details to ebgp requires policy warning by @ton31337 in #17427 accords: guidelines/terms for FRRouting trademarks by @eqvinox in #17193 sharpd: Fix a few typos in CLI help messages by @cscarpitta in #17444 sharpd: Convert numeric 128 into IPV6_MAX_BITLEN for prefixlen by @cscarpitta in #17445 bgpd: Optimize the outbound path if RFC8212 is applied by @ton31337 in #17451 packaging: Use PCRE2 for .deb/.rpm builds by @ton31337 in #17375 bgpd: Optimize the way parsing communities if no community alias exists by @ton31337 in #17457 Lua casting by @ton31337 in #17456 pim6d: fix coverity scan warning by @rzalamena in #17455 tools: Fix syntax raw parsing for make-foobar helper by @ton31337 in #17453 isisd: properly display srv6 algorithm by @dmytroshytyi-6WIND in #17414 *: remove remaining strncpy() users by @eqvinox in #17156 bfdd: retain remote dplane client socket by @mjstapp in #17464 pimd: two small improvements by @rzalamena in #17468 ospfd: OSPF multi-instance default origination fixes by @aceelindem in #17436 Support bundle isis by @donaldsharp in #17476 pimd: MSDP logging improvements by @rzalamena in #17469 PIMD: Implement AutoRP mapping-agent by @nabahr in #17340 Bgp bfd and its ilk by @donaldsharp in #17473 tests: Ensure connected routes are installed before continuing by @donaldsharp in #17477 tools: Add pim show commands to support bundle by @csiltala in #17484 bgpd: Do not reset peers on suppress-fib toggling by @ton31337 in #17487 lib, zebra: Do not have duplicate memory type problems by @donaldsharp in #17492 tools: Add missing keywords in frr-reload by @cscarpitta in #17493 bgpd: Disable sending ROV extended community by default by @ton31337 in #17459 ospfd: Correct invalid SR-MPLS output label by @odd22 in #17495 tools: Add missing keyword encapsulation in frr-reload by @cscarpitta in #17498 tests: add bgp_vpnv4_route_leak_basic by @louis-6wind in #17369 Fix docker image for topotests by @ton31337 in #17509 bgpd: fix version attribute is an int, not a string by @pguibert6WIND in #17506 zebra: avoid a race during FPM dplane plugin shutdown by @mjstapp in #17504 bfdd: disable echo socket when not using it by @rzalamena in #16987 isisd: When the ISIS types of the routers do not match on a P2P link, the neighbor status remains UP by @zhou-run in #17219 two test cleanups by @donaldsharp in #14367 bgpd: Fix Graceful-Restart for peer-groups by @ton31337 in #17501 zebra: fix EVPN check vxlan oper up in vlan mapping by @chiragshah6 in #17483 bgpd: fix use single whitespace when displaying flowspec entries by @pguibert6WIND in #17510 Add some test cases, and some ability to see what is going on in zebra by @donaldsharp in #16878 More found connection conversion issues by @donaldsharp in #17385 zebra: EVPN fix code style in vlan vni map debugs by @chiragshah6 in #17519 doc:Fix bgp doc warning by @guoguojia2021 in #17527 bgpd: fix use real SID in BGP nexthop tracking by @pguibert6WIND in #15542 Docker: Add the ability to override the FRR UID during docker creation by @mikemallin in #17520 Bgp evpn rt5 routemap by @pguibert6WIND in #17491 nhrpd: fix show ip nhrp output by @louis-6wind in #16700 topotests: Allow runing under both docker and podman by @famfo in #17525 BMP test rework by @pguibert6WIND in #17306 Some cleanups by @donaldsharp in #17547 bgpd: Use peer group's member for BGP notify instead of the peer-group by @ton31337 in #17528 bgpd: Fix remote-as with peer-group by @ton31337 in #17542 zebra: separate zebra ZAPI server open and accept by @mjstapp in #17313 pimd: Fix access-list memory leak in pimd by @csiltala in #17518 lib: Fix session re-establishment by @donaldsharp in #17558 Fix bsd sockopt problem by @donaldsharp in #17571 lib: Print the reason why the route-map and/or the index parsing is done by @ton31337 in #17556 pimd: igmp proxy joins should not be written as part of config by @btrent98 in #17569 pimd: Prevent crash of pim when auto-rp's socket is not initialized by @donaldsharp in #17578 pimd: implement MSDP shutdown command by @rzalamena in #17502 lib: Speed up reconnection attempts for zapi by @donaldsharp in #17585 bgpd: fix unconfigure asdot neighbor by @pguibert6WIND in #17582 pimd: free igmp proxy joins on interface deletion by @btrent98 in #17570 Bfd shared network by @donaldsharp in #17600 Timer connect bgp vrf netns by @donaldsharp in #17579 bgpd: fix peer up message for loc-rib not sent by @pguibert6WIND in #17545 bgpd: Check if as_type is not specified when peer is a peer-group member by @ton31337 in #17603 doc: remove no-op "netns NAMESPACE" command from the docs by @idryzhov in #17538 zebra: use macro for one check by @anlancs in #17589 pimd: Extend multicast boundary/ACL functionality by @csiltala in #17461 bgpd: Import allowed routes with self AS if desired by @ton31337 in #17608 bgpd: Show which route-map is used when the prefix is filtered by route-map by @ton31337 in #17575 pimd: MSDP per peer SA limit by @rzalamena in #17521 bgpd: Fix bgp core with a possible Intf delete by @raja-rajasekar in #17624 BMP Peer Distinguisher support by @pguibert6WIND in #17555 Upstream some internal code by @donaldsharp in #17605 bgpd: Show which prefix is suppressed if debug out is enabled by @ton31337 in #17637 zebra: Remove tests for allocation failure by @donaldsharp in #17638 pimd: clean up MSDP code by @rzalamena in #17636 pimd: MSDP originador ID configuration by @rzalamena in #17622 bgpd: When calling bgp_process, prevent infinite loop by @donaldsharp in #17641 doc: Update the next release dates by @ton31337 in #17640 pim6d: fix crash on clear ipv6 mroute by @rzalamena in #17635 pimd,pim6d: optimize multicast prefix generation and fix coverity scan defect by @rzalamena in #17642 zebra: Give a bit more data about zclient connection on errors by @donaldsharp in #17646 tools: Add rip support bundle commands by @donaldsharp in #17645 Fix PIMD RPF lookup mode and nexthop tracking by @nabahr in #17252 bgpd: fix missing addpath withdrawal race condition by @louis-6wind in #16830 EVPN L2VNI/L3VNI Optimize inline Global walk for remote route installations by @raja-rajasekar in #17526 zebra: fix wrong nexthop status for kernel routes by @anlancs in #17544 lib: Take ge/le into consideration when checking the prefix with the prefix-list by @ton31337 in #17615 bgpd: Fix evpn bestpath calculation when path is not established by @donaldsharp in #17613 vlan-subif isis neigbor by @JosiahMg in #16488 bgpd: remove unneeded printfrr reg for pRN by @mjstapp in #17654 bgpd: Connect retry timer backoff by @ton31337 in #17599 tests: add a test case for static route propagation by @Jafaral in #17671 bgpd: Fix memory leak when creating BMP connection with a source interface by @ton31337 in #17675 bgpd: Validate only affected RPKI prefixes instead of a full RIB by @ton31337 in #17586 bgpd: add rpki json attributes to bgp path by @pguibert6WIND in #17670 pim: handle return code to fix a couple of coverity issues by @Jafaral in #17673 bgpd: fix memory leak when reconfiguring a route distinguisher by @pguibert6WIND in #17669 Fix 2 darr (dynamic-array) bugs by @choppsv1 in #17648 test: fix label ordering on error diff report by @choppsv1 in #17676 babel: Clean babel config on babel daemon stop by @ykholod in #17685 bgpd: add meta queue in bgp by @donaldsharp in #17619 lib: Fix to optimize the time taken while batching huge configs by @raja-rajasekar in #17672 bgpd: Fix show neighbor X advertised-routes detail by @ton31337 in #17674 mgmtd: fix compile error by @anlancs in #17704 doc: Fix SRv6 locator documentation by @cscarpitta in #17703 bgpd: Fix enforce-first-as per peer-group removal by @ton31337 in #17705 bgpd: Convert 16 to IPV6_MAX_BYTELEN by @cscarpitta in #17706 bgpd, lib: Use frrstr_time() when using ctime_r() by @ton31337 in #17684 zebra: Remove tests for srv6_locator_alloc failure by @cscarpitta in #17711 BGP Labelpool : Releasing the label in labelpool when VPN session gets removed by @varuntumbe in #17580 tests: enable test failure detection and fix resulting failures by @choppsv1 in #17647 tests: Fix markers in srv6_static_route topotest by @cscarpitta in #17718 isisd: fix srv6 exit statements by @jvoss in #17720 bgpd: Show prefix-related stats per neighbor by @ton31337 in #17734 tools: Add missing formats keyword to segment-routing in frr-reload by @jvoss in #17719 zebra: Fix resetting valid flags for NHG dependents by @raja-rajasekar in #17731 bgpd: add rpki current state by @dmytroshytyi-6WIND in #17728 bgpd: Clean address-family config on daemon restart by @ykholod in #17716 staticd: Reduce the frequency of adding routes by @guoguojia2021 in #17726 zebra:check DAD freeze action before notifying bgp by @chiragshah6 in #17737 isisd: Show correct level information for show isis interface detail json by @ton31337 in #17732 ospfd: Correct one word by @anlancs in #17762 babel: Clean babel related config on daemon stop by @ykholod in #17715 tools: Add missing rpki keyword to vrf in frr-reload by @jvoss in #17750 zebra: fix dpdk compilation error by @raja-rajasekar in #17752 bgpd: Use unique value for BGP_NEXTHOP_EVPN_INCOMPLETE flag by @ton31337 in #17770 bgpd: fix a bug in peer_allowas_in_set() by @enkechen-panw in #17780 bgpd: show json output changes to optimize various show commands by @krishna-samy in #17431 zebra: Fix ip protocol route-map issue. by @sougata-github-nvidia in #17474 bgpd: Withdraw routes without waiting for the coalescing timer to expire by @ton31337 in #17667 ospfd: fix wrong check for two commands by @anlancs in #17779 doc: fix building for alpine package path by @famfo in #17774 tests: improve test reliability by @choppsv1 in #17773 bgpd: Show ifindex for every BGP nexthop cache entry by @ton31337 in #17771 BMP handling of BGP configuration changes by @pguibert6WIND in #17733 ospfclient: fix crash due to streamwriter garbage collect by @Andrew-Dickinson in #17700 bgpd: Respect bgp bestpath missing-as-worst for table-map as well by @ton31337 in #17723 isisd: Allow full no form for domain-password and area-password by @ton31337 in #17725 Add new oper state get callback by @choppsv1 in #17783 New YANG notify msg fmt by @choppsv1 in #17782 fix xpath query on keyless list with positional predicate by @choppsv1 in #17781 improve error handling of operational state walk callback by @choppsv1 in #17772 tests: cleanup ospf6 ecmp inter area by @gromit1811 in #17707 bgpd: add a debug command for route aggregation by @enkechen-panw in #17778 lib: Fix privs syscaps (pset_t) allocation by @gromit1811 in #17795 libs: remove deprecated 'clear thread' cli by @mjstapp in #17798 lib: remove interface dead code by @louis-6wind in #17808 bgpd: fix crash in displaying json orf prefix-list by @louis-6wind in #17807 bgpd: apply route-map for aggregate before attribute comparison by @enkechen-panw in #17801 zebra: Fix leaked nhe by @donaldsharp in #17809 2 test fixes by @donaldsharp in #17805 ospf6d: guard a couple of debugs by @Jafaral in #17831 bgpd: fix memory leak in bgp_aggregate_install() by @enkechen-panw in #17811 bgpd: Fix showing default timers bgp x y by @ton31337 in #17830 bgpd: use igpmetric in bgp_aigp_metric_total() by @enkechen-panw in #17813 tests: avoid nondeterministic route by @Jafaral in #17829 tests: update munet to 0.15.3 by @choppsv1 in #17844 zebra: Optimize invoking nhg compare func by @raja-rajasekar in #17839 Add Ubuntu 24.04 docker image and developer build doc by @choppsv1 in #17843 tools: fix frr-reload for nbr deletion of no form cmds by @chiragshah6 in #17847 tests: remove unnecessary wildcard fields from pim acl test by @Jafaral in #17840 Ability to import BMP information from a separate BGP instance by @pguibert6WIND in #17639 doc: fix LaTex warnings, add documentation to build docs by @Jafaral in #17846 bgpd: remove unused safi in bgp_aggregate structure by @enkechen-panw in #17842 bgpd: fix churn of aggregate routes from duplicate config by @enkechen-panw in #17837 Lua 5.4 support by @ton31337 in #17806 ospfd: avoid the redundant timers by @anlancs in #17803 bgpd: Respect allowas-in value from the source VRF's peer by @ton31337 in #17800 pimd: fix BSR RPs timing out by @Jafaral in #17841 pimd: always write cand-rp group config even when rp is inactive by @Jafaral in #17850 zebra: avoid race between FPM pthread and zebra main pthread in netlink encode/decode by @mjstapp in #17581 operational-state (datastore) change notifications by @choppsv1 in #17796 bgpd: move bgp_aggregate_increment() after bgp_path_info_add() by @enkechen-panw in #17858 Active routes are active by @donaldsharp in #17859 bgpd: remove unused BATTR_REFLECTED for rmap_change_flags by @enkechen-panw in #17854 PIMD: RPF lookup mode per-group, per-source by @nabahr in #17776 mgmtd backend yang model (depends on #17796) by @choppsv1 in #17799 bgpd: Handle ENHE capability via dynamic capability by @ton31337 in #17855 Bgp connect refactor by @donaldsharp in #17810 topotests: improve test reliability by @rzalamena in #17838 ldp snmp/grpc test fix by @choppsv1 in #17862 lib: introduce global -w option for VRF netns backend by @idryzhov in #17727 limit community list count by @pguibert6WIND in #17836 zebra: Uninstall NHG in some situations by @donaldsharp in #17814 tests: ci: add ARM to docker based CI test by @choppsv1 in #17880 Handle datastore notifications correctly in backend clients (daemons) by @choppsv1 in #17876 lib: fix dnode_create to use correct libyang function. by @choppsv1 in #17884 staticd: Add support for SRv6 Static SIDs by @Yubin-Li in #16894 tools: fix regression in gen_northbound_callback tool by @choppsv1 in #17885 Bgp unnumbered interface json by @pguibert6WIND in #17874 small mgmtd-dev doc update and yanglint cleanup by @choppsv1 in #17882 tests: Fix test_bgp_dynamic_capability_enhe topotest by @ton31337 in #17883 tools: fix reload interface deletion by @jklaiber in #16723 bgpd: Fix for local interface MAC cache issue in 'bgp mac hash' table by @krishna-samy in #17888 Fix Rocky 8 RPMs, add options to build without rpki and docs (default is to include) by @louberger in #17793 lib: fix coverity use after free issue: CID 1620101 by @choppsv1 in #17895 bgpd: fix do not send twice peer up/down messages by @pguibert6WIND in #17894 tests: remove table version check in bgp rpki topo1 by @louis-6wind in #17889 bgpd: fix evpn path info get api by @chiragshah6 in #17899 bgpd: fix bfd with update-source in peer-group by @louis-6wind in #17904 bgpd, tests: bgp_evpn_rt5, add test with match evpn vni command by @pguibert6WIND in #17652 zebra: Return error if v6 prefix is passed to show ip route by @Pdoijode in #17898 bgpd: Fix bgp peer solo option by @askorichenko in #17911 redhat: Specify minimum libyang version requirement by @mwinter-osr in #17912 isisd: fix duplicate rfc8919 defines by @pguibert6WIND in #17917 Revert "bgpd: Handle Addpath capability using dynamic capabilities" by @ton31337 in #17926 Bgp suppressed attribute by @pguibert6WIND in #17919 Advertised routes incorrect json by @pguibert6WIND in #17905 bgpd,lib,zebra: permit table-direct on VRFs by @rzalamena in #17736 bgpd: Check if the peer really exists before sending dynamic capability by @ton31337 in #17863 bgpd: last reset SNAFU by @ton31337 in #17881 bgpd: Optimize evaluate paths for a peer going down by @donaldsharp in #17924 Isis srv6 topo1 ping by @pguibert6WIND in #17848 ospfd: Prune duplicate next-hop when installing into zebra route table. by @aceelindem in #17906 bgpd: fix table-map option by @askorichenko in #17802 static: fix botched staticd YANG conversion for dst-src by @eqvinox in #17941 tools: Fix frr-reload for ebgp-multihop TTL reconfiguration. by @bobuhiro11 in #17946 zebra: include resolving nexthops in nhg hash by @mjstapp in #17935 pimd: Close AutoRP socket when not needed by @nabahr in #17934 isisd: fix erroneous srv6 information in database by @pguibert6WIND in #17956 bgpd: With suppress-fib-pending ensure withdrawal is sent by @donaldsharp in #17971 bgpd: add config default for "route-reflector allow-outbound-policy" by @enkechen-panw in #17972 Fix SRv6 SID Manager by @cscarpitta in #17964 bgpd: Do not ignore auto generated VRF instances when deleting by @ton31337 in #17947 staticd: Fix NULL pointer dereference when receiving ZAPI_SRV6_SID_RELEASED notification by @cscarpitta in #17979 bgpd: Release SID on router deletion by @Sokolmish in #17913 libs: return from change_caps if no caps by @mjstapp in #17970 staticd: Fix wrong xpath in no sid X:X::X:X/M by @cscarpitta in #17989 bgpd: add config default for "bgp bestpath aigp" by @enkechen-panw in #17990 implement SBFD by @forrestchu in #17336 lib: fix use after free in clear event cpu by @eqvinox in #17943 zebra: fix evpn svd hash avoid double free by @chiragshah6 in #17991 bgpd: fix route-distinguisher in vrf leak json cmd by @chiragshah6 in #17992 zebra: Ensure dplane does not send work back to master at wrong time by @donaldsharp in #17969 bgpd: Do not start BGP session if BGP identifier is not set (backport #17959) by @mergify in #18006 bgpd: Fix up memory leak in processing eoiu marker (backport #18000) by @mergify in #18019 pimd: fix memory leak and assign allocation type (backport #18038) by @mergify in #18043 Coverity 2024 new hotness (backport #17865) by @mergify in #18042 pimd: Fix for FHR mroute taking longer to age out (backport #14105) by @mergify in #18053 bgpd: fix bgp vrf instance creation from implicit (backport #18081) by @mergify in #18099 bgpd: Request SRv6 locator after zebra connection (backport #18069) by @mergify in #18115 nhrpd: fix dont consider incomplete L2 entry (backport #18078) by @mergify in #18112 lib: crash handlers must be allowed on threads (backport #18060) by @mergify in #18101 lib: actually hash all 16 bytes of IPv6 addresses, not just 4 (backport #17901) by @mergify in #18083 pimd: fix DR election race on startup (backport #18048) by @mergify in #18056 bgpd: fix incorrect JSON in bgp_show_table_rd (backport #18120) by @mergify in #18133 Cid 1636504 (backport) by @ton31337 in #18132 Bfd fixups (backport #18026) by @mergify in #18129 bgpd: release manual vpn label on instance deletion (backport #18121) by @mergify in #18154 staticd: Fix SRv6 SID installation and deletion (backport #18064) by @mergify in #18151 lib: fix false context information for SRv6 route (backport #18023) by @mergify in #18146 bgpd: fix vty output of evpn route-target AS4 (backport #18109) by @mergify in #18183 isisd: Request SRv6 locator after zebra connection (backport #18178) by @mergify in #18179 bgpd: When removing the prefix list drop the pointer (backport #18160) by @mergify in #18166 bgpd: Fix crash in bgp_labelpool (backport #18079) by @mergify in #18143 lib: nb: call child destroy CBs when YANG container is deleted (backport #18082) by @mergify in #18191 bgpd: fix default instance when leaving the hidden state (backport 10.3) by @louis-6wind in #18162 pimd: Fix for data packet loss when FHR is LHR and RP (backport #14227) by @mergify in #18203 pimd: Fix PIM VRF support (send register/register stop in VRF) (backport #18216) by @mergify in #18248 pim: Fix vrf binding of autorp and mroute socket (backport #18226) by @mergify in #18246 pim: Fix autorp group joins (backport #18225) by @mergify in #18244 Fix oper-state queries that involve choice/case nodes (backport #18231) by @mergify in #18232 bgpd: remove dmed check not required in bestpath selection (backport #18210) by @mergify in #18227 Revert "bgpd: fix default instance when leaving the hidden state (backport 10.3)" #18162 by @Jafaral in #18255 pimd: During prefix-list update, behave as PIM_UPSTREAM_NOTJOINED sta… (backport #17666) by @mergify in #18207 bgpd: fix default instance when leaving the hidden state. (backport #18119) by @louis-6wind in #18272 mgmtd: Prevent use after free (backport #18264) by @mergify in #18279 staticd: Add no form for static-sids command (backport #18263) by @mergify in #18284 ospf6d: Fix use after free of router in OSPFv3 ABR route calculation. (backport #18254) by @mergify in #18265 staticd: Fix no srv6 command (backport #18289) by @mergify in #18292 isisd: Correct edge insertion into TED (backport #18294) by @mergify in #18296 tools: Fix frr-reload.py error related to static-sids (backport #18290) by @mergify in #18291 Bring in 2 northbound bug-fixes from master to 10.3 by @choppsv1 in #18302 pimd: Fix PIM6 MLD VRF support (use recvmsg() pktinfo) (backport #18315) by @mergify in #18332 zebra: Bring up 514 BGP neighbor sessions (backport #18214) by @mergify in #18331 Documentation typesafe (backport #18338) by @mergify in #18352 Topotest startup order (backport #18348) by @mergify in #18353 10.2.3 Bug Fixes babeld Check valid babel port Fix incorrect type assignment in parse_request_subtlv bgpd Do not call evpn_overlay_free no matter what Fix set evpn gateway-ip ipv[46] route-map Fix holdtime not working properly when busy Fixed crash upon bgp network import-check command In bgp_update() for mac addrs ensure we are dealing with evpn Prevent crash when issuing a show rpki connections Retain the routes if we do a clear with n-bit set for graceful-restart Treat the peer as not active due to bfd down only if established Fix incorrect bestpath reasoning in some situations Fix show bgp vpn rd json Fix to show exist/non-exist-map in 'show run' properly Add total path count for bgp net in json output bfdd On shutdown prefix/access list memory was being leaked isisd Fix srv6_sid memory leak lib Create vrf if needed Return duplicate ipv6 prefix-list entry test Return duplicate prefix-list entry test ldpd Free up leaked prefix-list memory on shutdown nhrpd Add hop count validation before forwarding in nhrp_peer_recv() ospf6d Disable and delete ospfv3 areas that no longer have interfaces or configuration. Fix lsa memory leaks related to graceful restart ospfd Prune duplicate next-hops when installing into zebra Fix crash when ospf client connects before doing 'router ospf' pimd Fix for crash during networking restart Fix memory leak on shutdown Initialize gm proxy to false zebra Do not flush an existing vni configuration trying to remove wrong vni Ensure proper return for failure for sid allocation Prevent vrf table 254 being used by non-default vrf Fixes allowing srv6 func-bits length 0 10.2.2 Bug Fixes bgpd Allow bfd to work if peer known but interface address not yet Apply route-map for aggregate before attribute comparison Do not ignore auto generated vrf instances when deleting Do not start bgp session if bgp identifier is not set Do not try to uninstall bfd session if the peer is not established Don't reuse nexthop variable in loop/switch Fix a bug in peer_allowas_in_set() Fix add label support to evpn ad routes Fix bfd with update-source in peer-group Fix bgp label evpn cid 1636504 Fix bgp orf prefix-list json prefix Fix bgp peer solo option Fix bgp vrf instance creation from implicit Fix crash in bgp_labelpool Fix crash in displaying json orf prefix-list Fix deadlock in bgp_keepalive and master pthreads Fix duplicate bgp instance created with unified config Fix for local interface mac cache issue in 'bgp mac hash' table Fix import vrf creates multiple bgp instances Fix incorrect json in bgp_show_table_rd Fix memory leak in bgp_aggregate_install() Fix route-distinguisher in vrf leak json cmd Fix static analyzer issues around bgp pointer Fix table-map option Fix vty output of evpn route-target as4 Fix wrong pthread event cancelling Remove dmed check not required in bestpath selection Request srv6 locator after zebra connection Reset bgp session only if it was a real bfd down event Respect allowas-in value from the source vrf's peer Simplify bgp_evpn_process_rt1 with label Update source address for bfd session Use igpmetric in bgp_aigp_metric_total() When bgp notices a change to shared_network inform bfd of it When removing the prefix list drop the pointer With suppress-fib-pending ensure withdrawal is sent Revert: Handle addpath capability using dynamic capabilities" Revert: Reinstall aggregated routes if using route-maps and it was changed" isisd Add helper function to request srv6 locator information Allow full no form for domain-password and area-password Correct edge insertion into ted Request srv6 locator after zebra connection Show correct level information for show isis interface detail json lib Clean up nexthop hashing mess Crash handlers must be allowed on threads Fix false context information for srv6 route Guard against padding garbage in zapi read Nb: call child destroy cbs when yang container is deleted mgmtd Prevent use after free nhrpd Fix dont consider incomplete l2 entry ospf6d Fix use after free of router in ospfv3 abr route calculation. pbrd Initialize structs used in hash_lookup pimd Always write cand-rp group config even when rp is inactive Close autorp socket when not needed During prefix-list update, behave as pim_upstream_notjoined state (conformance issue) Explicitly ensure the rp src is bsr Fix autorp group joins Fix bsr rps timing out Fix dr election race on startup Fix for data packet loss when fhr is lhr and rp Fix for fhr mroute taking longer to age out Fix memory leak and assign allocation type Fix pim vrf support (send register/register stop in vrf) Fix pim6 mld vrf support (use recvmsg() pktinfo) Fix vrf binding of autorp and mroute socket tests Add a test that shows the v6 recursive nexthop problem Bgp_srv6_sid_reachability should give more time Bgp_srv6l3vpn_to_bgp_vrf3 needs more time Check if allow as-in works when importing between local vrfs tools Add missing formats keyword to segment-routing in frr-reload Add missing rpki keyword to vrf in frr-reload Fix frr-reload for ebgp-multihop ttl reconfiguration. zebra Ensure dplane does not send work back to master at wrong time Evpn svd hash avoid double free Fix leaked nhe Fix resetting valid flags for nhg dependents Guard against junk in nexthop->rmap_src Include resolving nexthops in nhg hash Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ebf288c87b1a544b3978c59380c1cd2a841cf2c5 Author: Michael Tremer Date: Mon Jun 23 10:38:23 2025 +0000 core196: Ship setup Signed-off-by: Michael Tremer commit a21bc6e7ee0aab5b134e5058855eb634e9c892f1 Author: Adolf Belka Date: Thu Jun 19 18:04:18 2025 +0200 setup: v2 Fixes bug10245 - removal of so called non-local network stop - In the setup menu if the OK button is pressed when it asks if you want to change any of the interfaces then the red, blue and orange interfaces are stopped. However if none of the interfaces are changed then the network restart code does not get used. - This results in the system ending up with only the green interfrace being UP and connected. - This patch removes the command that stops the red, blue & orange interfaces but leaves the green one running. It seems to not bhe needed and if the OK button is pressed on the Drivers and card assignments window but no change made then the IPFire system is left with only the green interface connected. - This command has been present since at least Core Update 30 and the bug was originally raised in 2012. - I tested out this v2 code on my vm testbed and everything worked fine and if any change was made then when leaving the Networking section the Network and Unbound were restarted. Fixes: bug10245 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit dba199447f129f67a7ff0c36d25511643810222c Author: Adolf Belka Date: Mon Jun 23 10:02:31 2025 +0200 iniparser: New package as required dependency for netatalk Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 93ceb9159dc02550a80054f8b9bd038ab45d5ab4 Author: Adolf Belka Date: Mon Jun 23 10:02:30 2025 +0200 netatalk: Update to version 4.2.4 - Update from version 3.2.8 to 4.2.4 - Patch for removal of prefix for sysconfdir and localstatedir has been removed as there is an alternative way to define the required paths using meson options. - The -Dwith-embedded-ssl option is no longer needed as the embedded WolfSSL has been removed from netatalk - Update of rootfile - netatalk now requires the iniparser package as their own hacked version has been removed. So iniparser has been added in another patch in this patch set. - Changelog 4.2.4 * FIX: uams: Check for const pam_message member of pam_conv, GitHub #2196 Makes it possible to build on Solaris 11.4.81 CBE * FIX: meson: Avoid build error in incomplete Homebrew env, GitHub #2190 * UPD: meson: Build with Homebrew libraries is now opt-in, GitHub #2194 To opt in to build against Homebrew, use -Dwith-homebrew=true * UPD: docs: Improve afpd and macipgw man pages, GitHub #2155 4.2.3 * FIX: Properly read from afp.conf file passed with -F parameter, GitHub #2150 * FIX: Read the appletalk option only when built with DDP, GitHub #2149 * UPD: Consistently return exit code 0 after daemon version info, GitHub #2151 * UPD: libatalk: MySQL query error log level is dropped to debug, GitHub #2143 * UPD: initscripts: Improvements to netatalk OpenRC init script, GitHub #2148 * FIX: meson: enhance iconv detection when cross compiling, GitHub #1921 * UPD: docs: Cross-platform friendly docs for CNID statedir, GitHub #2146 4.2.2 * NEW: cnid: Create MySQL database automatically if needed, GitHub #2119 * UPD: meson: Use pandoc to build documentation when available, GitHub #2127 * UPD: meson: Generate the html manual with plain cmark, GitHub #2134 * NEW: docker: Support for the mysql CNID backend in container, GitHub #2116 * NEW: docker: Containerized netatalk webmin module, GitHub #1463 * NEW: docker: Introduce option to enable extension mapping, GitHub #2125 * NEW: docker: Introduce option for disabling Spotlight, GitHub #2128 * NEW: webmin: UI for editing of the extmap.conf file, GitHub #2129 * NEW: webmin: Introduce option for hiding service controls, GitHub #2133 * FIX: webmin: Correct handling of volume and preset names, GitHub #2130 * FIX: webmin: Treat uams_randnum.so as a standard UAM, GitHub #2131 * FIX: docs: More portable man page markdown source syntax, GitHub #2114 * FIX: docs: Properly build the localized html manual, GitHub #2136 * FIX: docs: Overhauled markdown styles of whole manual, GitHub #2138 4.2.1 * NEW: meson: Introduce option to control state dir creation, GitHub #2070 Introduces the with-statedir-creation boolean option, true by default * NEW: meson: Option for controlling CUPS backend installation, GitHub #2071 Introduces with-cups-pap-backend (boolean, default false) and with-cups-libdir-path (string) * FIX: meson: Generate Unicode lookup table sources before use, GitHub #2072 * FIX: libatalk: Work around DSIWrite() bug in AppleShare Client 3.7.x, GitHub #2085 * FIX: libatalk: Restore cnid mysql pw option that had fallen off which makes the mysql backend usable again, GitHub #2112 * FIX: afpd: Don't lose extension mapping on macOS hosts, GitHub #2092 * FIX: afpd: Fall back to ea = none rather than ea = ad when the filesystem EA support check fails, GitHub #2103 * UPD: webmin: Print volume name + section name in volumes list, GitHub #2073 * FIX: webmin: Sort lists of index page items in alphabetical order, GitHub #2074 * FIX: webmin: Return to the correct index tab from other actions, GitHub #2075 * UPD: testsuite: Print a detailed test summary after spectest run, GitHub #2095 * UPD: testsuite: Break out separate FPGetExtAttr test module, GitHub #2104 * UPD: testsuite: Print usage helptext when running test binaries without params, GitHub #2111 * UPD: docs: Major additions to the afptest man page, GitHub #2100 * NEW: docs: bstring README with redistribution notes and LICENSE, GitHub #2077 * FIX: docs: Improve verbiage in signature and UUID man pages, GitHub #2084 * UPD: docs: Transition Compilation from manual chapter to readme, GitHub #2106 * UPD: docs: Reduce overlap between install chapter and install readme, GitHub #2107 4.2.0 * NEW: Link with shared iniparser library instead of vendored one, GitHub #1948 - Makes iniparser a mandatory dependency - Our own hacked iniparser is now removed, which has a few side effects - Volume section names are now case insensitive, forced to lower case - The include directive is no longer supported (for now) * NEW: afpd: Introduce apf.conf 'volume name' Volume option, GitHub #1976 * NEW: afpd: Introduce 'server name' Global option in afp.conf, GitHub #1974 * NEW: docs: Convert documentation from XML to Markdown format, introducing cmark dependency instead of docbook-xsl, GitHub #1905 * NEW: docs: Generate local html manual with only core pages, GitHub #1969 * NEW: docker: Introduce dropbox mode option for guest access, GitHub #1981 * NEW: docker: New and improved env variable options including debug mode, GitHub #1977, #1979 * UPD: Control metadata settings with 'ea' solely, removing 'appledouble' option, GitHub #1983 * UPD: afpd: Use servername for ASP connections with hostname fallback, GitHub #1978 * UPD: afpd: Refactor FCE file skip logic, make comma the standard delineator, GitHub #1997 * UPD: libatalk: Use getaddrinfo() instead of deprecated gethostbyname(), GitHub #1934 * UPD: meson: Introduce with-unicode-data option to build case tables, GitHub #1928 * UPD: meson: Clean up obsoleted compatibility macros, GitHub #2035 * UPD: meson: Cross-platform crypt library detection, GitHub #2036 * UPD: Improve and harden the FCE listener app, rename it to fce_listen and install with Meson, GitHub #2063 * FIX: afpd: Register FCE file creation event when copying files, GitHub #2027 * FIX: afpd: Use getpwnam_shadow() for basic auth on OpenBSD, GitHub #2040 * FIX: libatalk: Use unspecified network stack by default on OpenBSD, GitHub #2044 * FIX: uams: Support for OpenBSD flavor crypt_checkpass() for password validation, GitHub #2037 * FIX: Fix ad cp loss of FinderInfo, GitHub #2058 * FIX: Fix for CNID error with ad mv utility, GitHub #2060 * FIX: Apply additional hardening to the Netatalk Metadata EA handling, GitHub #2059 * FIX: Avoid TOCTOU race conditions in libatalk code, GitHub #1938, #1936 * FIX: Fix high severity memory safety bugs, GitHub #1966 * FIX: Protect against memory leaks and out of bounds array access, GitHub #1989 * FIX: bstrlib: Protect against buffer overflow, null pointer dereference, GitHub #1987 * FIX: libatalk: Refactor vfs write_ea() to avoid TOCTOU race condition, GitHub #1965 * FIX: libatalk: Refactor vfs ea_open() to avoid TOCTOU race condition, GitHub #1964 * FIX: uams: Check account validity after calling pam_authenticate(), GitHub #1935 * FIX: uams: Validate PAM account after root auth in DHX2 UAM, GitHub #1937 * FIX: uams: Return properly when ClearTxt shadow password has expired, GitHub #2041 * FIX: getzones: do not attempt to bind to the address we're also sending to, GitHub #2051 * FIX: libatalk: Improved logging when charset conversion fails, GitHub #1952 * FIX: webmin: Add RandNum UAM option to Global config, GitHub #2047 * REM: Remove traces of unsupported LDAP SASL auth, GitHub #1925 * REM: Remove standards.h with macros that are defined by the build system, GitHub #1988 * REM: Eliminate obsoleted NO_REAL_USER_NAME capability flag macro, GitHub #2018 * REM: meson: Remove legacy IRIX XFS extended attributes API, GitHub #2052 4.1.2 * UPD: meson: Look for shared Berkeley DB library in versioned subdir too, to detect the library in the MacPorts build system, GitHub #1909 * FIX: webmin: Redirect back to the originating module index tab when returning from actions, GitHub #1915 * FIX: webmin: Fix '-router' switch in Webmin atalkd module, GitHub #1943 * FIX: webmin: Fix a default value helptext string, GitHub #1946 * UPD: Add GPL v2 license grant to mysql CNID backend code, GitHub #1874 4.1.1 * NEW: meson: Introduce with-bdb-include-path override option, GitHub #1908 * FIX: meson: Restore prioritized Berkeley DB detection, GitHub #1877 Fixes a regression when building on Arch Linux. * FIX: meson: Detect file command dynamically for NixOS, GitHub #1907 * FIX: meson: Remove libquota check that breaks NetBSD, GitHub #1900 * FIX: docs: Consolidate redundant CNID and encoding info, GitHub #1880 * FIX: afpd: Log an error when directory has invalid did, GitHub #1893 * FIX: macipgw: Don't crash when config file is missing, GitHub #1891 * FIX: macipgw: Disable default options in macipgw.conf, GitHub #1876 * UPD: macipgw: Print usage notes for the -f option, GitHub #1898 * FIX: Prevent a number of illegal null pointer calls, GitHub #1894 4.1.0 * NEW: afpd: Add native metadata storage for macOS hosts, GitHub #1813 * FIX: afpd: Do not report old AFP versions when AppleTalk support is disabled, GitHub #1846 * REM: Remove 'start tracker' and 'start dbus' afp.conf options, GitHub #1848 * REM: Remove the running of AFP commands with root privileges, GitHub #1849 * FIX: libatalk: Loosen AppleDouble checks for macOS, GitHub #1829 * FIX: libatalk: Protect Netatalk metadata EA from tampering, GitHub #1855 * FIX: Refactor retreival of native FinderInfo EA on macOS hosts, GitHub #1858 * NEW: macipgw: Introduce a configuration file, GitHub #1852 * UPD: macipgw: Default port value for zip/ddp service, GitHub #1836 This should get the gateway working on musl systems (OpenWrt) * FIX: afppasswd: Safe password string handling, GitHub #1845 * NEW: meson: Introduce with-kerberos-path option for custom dependency path, which can be used for Heimdal compatibility, GitHub #1822 * UPD: meson: Define lockfiles through the Meson build system, GitHub #1850 Meson's with-lockfile-path now points to the lockfile root * UPD: meson: Detect lib paths within Homebrew build system, GitHub #1833 * FIX: meson: Correctly detect bundled iconv on OpenWrt, GitHub #1857 * UPD: meson: Link papd with cups only when cups is enabled, GitHub #1862 * UPD: initscripts: Disable fork safety workaround for macOS, GitHub #1810 * UPD: initscripts: Start in non-forking mode with launchd, GitHub #1859 * UPD: docs: Correct atalkd.conf documentation, GitHub #1818 * FIX: docs: Fixes for spelling and grammar, GitHub #1856 * UPD: docs: Clarify the behavior of the -d option for daemons, GitHub #1861 * NEW: testsuite: Introduce -X option for running on big-endian systems, specifically s309x, GitHub #1817 * FIX: testsuite: Cross-platform compatible file ID tests, GitHub #1826 * FIX: testsuite: Don't attempt unauthorized file renaming in Error tests, GitHub #1828 * FIX: testsuite: Clean up after execution of encoding test, GitHub #1832 * FIX: testsuite: Free memory after running tests, GitHub #1866 * FIX: testsuite: Improve memory management in lantest, GitHub #1868 * UPD: Rename apple_dump script to addump, GitHub #1811 * UPD: webmin: Restructure index page into three tabs, GitHub #1785 * UPD: docker: Bump base image to Alpine 3.21, GitHub #1842 4.0.8 * UPD: Set resource max limit to 10240 on macOS, GitHub #1793 Compatibility with older macOS hosts such as 10.15 Catalina. * UPD: meson: Allow building papd without CUPS, GitHub #1774 Activate the override with: -Dwith-cups=false * UPD: meson: Favor openldap when building on macOS, GitHub #1792 Avoids linking with macOS LDAP.Framework by default. * UPD: meson: Improved libquota detection on FreeBSD and NetBSD, GitHub #1805 * FIX: meson: DocBook detection stops at first hit, GitHub #1800 Detect xsl-stylesheets-nons with higher priority than xsl-stylesheets; -Dwith-docbook-path is now a hard override * UPD: docs: Clarify D-Bus and GLib dependencies in the Install chapter, GitHub #1798 GitHub #1799 * FIX: docs: Document that DocBook XSL has to be non-namespaced, GitHub #1800 * FIX: testsuite: Retry logic for final cleanup step in test358, GitHub #1795 4.0.7 * FIX: Remove bitrotted code in the bstring library, GitHub #1769 This was a regression between netatalk 3.2 and 4.0. * FIX: meson: Check for SunRPC function quota_open(), GitHub #1225 This should enable build with quota on *BSDs. * FIX: meson: *BSD compatible libwrap check, GitHub #1770 * NEW: meson: Add option with-manual=man_only which compiles and installs only troff pages, GitHub #1766 * NEW: meson: Option to specify path to perl runtime, GitHub #1776 * UPD: meson: Flip order of Berkeley DB version detection, GitHub #1771 A more recent version of dbd is now prioritized over older ones. * FIX: meson: Don't attempt to detect shadow passwords on *BSD and macOS, GitHub #1777 * FIX: meson: Configure dbus paths and config files only if dbus exists, GitHub #1773 * FIX: meson: Don't define spooldir when building without papd, GitHub #1786 * UPD: meson: Generate appendix XML sources via with-manual=www and allow custom manual install path with with-manual-install-path, GitHub #1781 (This is useful primarily for project maintainers.) * UPD: docs: Only compile and install appletalk documentation when with-appletalk=true, GitHub #1753 * UPD: docs: Overhaul of man page Synopsis sections, GitHub #1765 * UPD: docs: Refer to CONTRIBUTORS hosted on netatalk.io in man pages, GitHub #1767 4.0.6 * FIX: Workaround for bug in AppleShare Client 3.7.4, GitHub #1749 Only report support of AFP 2.2 and later to DSI (TCP) clients which shaves several bytes off the server response and lowers the chance of >512 byte FPGetSrvrInfo response. * UPD: All AppleTalk daemons now take -v to print version info, GitHub #1745 * FIX: `ad find' can take any kind of string, not just lowercase, GitHub #1751 * UPD: meson: Default to no init scripts if service management command not found, GitHub #1743 * FIX: Include config.h by relative path consistently (cleanup) GitHub #1746 * FIX: Remove duplicate header includes in MySQL CNID backend, GitHub #1748 * FIX: docs: Fix formatting of afppasswd man page, GitHub #1750 * FIX: webmin: Properly install netatalk-lib.pl, GitHub #1752 4.0.5 * UPD: Distribute pre-generated Unicode table sources, GitHub #1724 This reverts the previous change in v4.0.0 removing these sources. We retain the ability to regenerate them on the fly, if Unicode character database is found by the build system. Built with UnicodeData.txt version 16.0. This also removes hard Perl and Unicode dependencies. * NEW: afpd: Fallback to new DSI icon when no icon defined, GitHub #1729 * FIX: atalkd: Don't send NBP Reply packets from the loopback interface, addressing side effect in Linux kernel 6.9+ GitHub #1734 * FIX: docs: Strip out linebreak escapes in Compile appendix, GitHub #1733 * FIX: docs: Remove straggler afp_encodingtest.1 man page alias, GitHub #1728 * FIX: macipgw: On MACIP_ASSIGN, prepopulate the newly-assigned IP address into the arp cache to avoid warning on Linux, GitHub #1727 * NEW: macipgw: Add command-line option to drop root privileges after the server has been started, GitHub #1727 * FIX: macipgw: Fix argument handling in main() for aarch64 compatibility, GitHub #1735 * FIX: webmin: Revert default dir detection to address critical regression bug, GitHub #1736 * FIX: testsuite: Exit tests with the Exclude flag early, GitHub #1737 * FIX: testsuite: Longer sleep time after file operation in test358, GitHub #1739 * FIX: testsuite: Make Utf8 tests big-endian safe, GitHub #1740 4.0.4 * FIX: Fix loss of FinderInfo on resource fork creation with AppleDouble EA backend, GitHub #1702 * FIX: Remove remnants of obsoleted DEBUG compile time flag, GitHub #1696 - Fixes compile time error on MUSL systems when building with AppleTalk - When building debug builds, the EBUG flag is now activated - Print build type in the Meson summary * FIX: meson: Detect rresvport() function in system libraries, GitHub #1697 - Local rresvport() code was previoulsy behind a broken MUSL flag - Enables building with AppleTalk on OpenWrt * FIX: meson: Fix build fail with -Dwith-spotlight=false, GitHub #1715 * FIX: docker: Explicitly launch the cupsd daemon on startup, GitHub #1707 * NEW: docs: Create manual page for `afptest' (testsuite) tools, GitHub #1695 * UPD: docs: Bring CONTRIBUTORS up to date, GitHub #1722 * UPD: testsuite: Consolidate afp_ls as a command in afparg, GitHub #1705 - Add `FPEnumerate dir' as an afparg command - Remove `afp_ls' as a separate executable * UPD: testsuite: Merge encoding test into spectest, GitHub #1716 - Add `Encoding' as a testset in the spectest - Rewrite the `western' test to use Unicode for the same characters - Remove `afp_encodingtest' as a separate executable * UPD: testsuite: Collapse spectest into a single suite, GitHub #1713 The testsuite grouping have been removed, and all spectests are in a single suite. The tier 2 tests are enabled with the -c option. The sleep and readonly tests can be run with the -f option. * UPD: testsuite: Enable Color terminal output by default, and flip the -C option, GitHub #1708 * UPD: testsuite: Print a test summary for the spectest, GitHub #1708 * UPD: testsuite: Treat `Not Tested' as a failure again, GitHub #1709 * FIX: testsuite: Use AFPopenLogin() for FPopenLoginExt() as bug workaround to enable testing of AFP 3.x connections, GitHub #1709 * UPD: testsuite: Install test data for test431 into the datadir, GitHub #1712 * FIX: testsuite: Workarounds for MUSL system calls default permissions, which enables the testsuite to run on Alpine Linux, GitHub #1682 * UPD: testsuite: Break down login testsuite into atomic tests, GitHub #1717 * UPD: testsuite: Use AFP 3.4 by default (previously: AFP 2.1), GitHub #1718 * UPD: testsuite: Use the Exclude flag to skip test that require setup, previously used to skip known buggy tests, GitHub #1720 * FIX: testsuite: Improvements to test setup, cleanup, and early failure 4.0.3 * FIX: afpd: Limit FPGetSrvrInfo packet for AppleTalk clients, GitHub #1661 This prevents errors with very old clients when many AFP options are enabled. * FIX: Fix EOF error reporting in dsi_stream_read(), GitHub #1631 This should prevent warnings such as: `dsi_stream_read: len:0, unexpected EOF' * FIX: Fix regression when accessing the afpd UUID, GitHub #1679 Resolves an error when running the `ad' utilities. * FIX: meson: Fix indexer path detection on meson 1.6, GitHub #1672 * FIX: meson: Fix PAM config directory detection, GitHub #1678 * FIX: meson: Shore up Unicode char table script error handling and detection, GitHub #1692 * FIX: initscripts: Remove redundant nbpunrgstr cleanup in atalkd systemd config, GitHub #1660 * NEW: docker: Containerized testsuite, GitHub #1649 * UPD: docker: Register the conventional NBP entities when starting up, GitHub #1653 * UPD: docker: Remove file/dir perm settings that were causing problems * FIX: testsuite: Treat NOT TESTED spectest result as non-failure, GitHub #1663 * FIX: testsuite: Don't treat initial spectest.sh run as a failure, GitHub #1664 * UPD: testsuite: Reduce default log verbosity for better test reports, introducing two verbosity levels (-v, -V), GitHub #1665 * UPD: testsuite: Reposition the Exclude option (-x) to flag known failures with Netatalk 4.0 * UPD: testsuite: Install all test runners and utils, GitHub #1675 * FIX: testsuite: Link test executables with -rdynamic to allow sole test case runs with -f, GitHub #1690 * UPD: testsuite: Consolidate spectest into a single binary, GitHub #1693 4.0.2 * NEW: Bring back Classic Mac OS `legacy icon' option, GitHub #1622 * UPD: Spotlight: Support TinySPARQL/LocalSearch, GitHub #1078 * FIX: ad: Fix volume check for the AppleDouble toolsuite, GitHub #1605 Check was failing if the `ea = ad' option was set. * FIX: meson: Refactor Berkley DB detection for robustness, GitHub #1604 * UPD: meson: Add localstatedir override option, GitHub #1608 * UPD: meson: Make the print spool dir FHS compliant, GitHub #1608 * UPD: docs: Improve Upgrade chapter, GitHub #1609 * UPD: docker: Use multistage build to optimize image size, GitHub #1620 * FIX: afpd: Cleanup unused, broken AFP over ASP code #1612 * FIX: papd: Correct PAPStatus string copy buffer length, GitHub #1576 * UPD: Make last CNID backend writable when built for tests, GitHub #1623 This unblocks the integration tests that concern writing. * NEW: Bundle and improve the afptest test suite, GitHub #1633 Build with the new `-Dwith-testsuite' option. * FIX: webmin: Make AppleTalk service control functional, GitHub #1636 4.0.1 * UPD: Update license grant to reflect the retroactive rescission of U.C Berkeley clause 3, GitHub #1567 * FIX: meson: Don't always build AppleTalk utils with RPATH, GitHub #1568 * FIX: docs: Build the macipgw html manual page, GitHub #1569 * FIX: Explicitly import headers to appease gcc on Debian Sid, GitHub #1571 * UPD: docs: Install static redirect man pages for nbp tools, GitHub #1575 * FIX: meson: Missing xsltproc and docbook-xsl treated as non-fatal error, GitHub #1581 * UPD: docker: Build with optimizations, without debug symbols, GitHub #1584 * UPD: meson: In summary, list Webmin module under a new Add-ons section, GitHub #1586 * UPD: initscripts: Use launchctl bootstrap and enable directives for installing on macOS, GitHub #1583 * REM: Remove obsoleted netatalk-config script, GitHub #1587 * FIX: Change u_char data types to the portable uint8_t, GitHub #1590 * FIX: meson: Detect native Avahi before mDNS, GitHub #1591 * UPD: initscripts: Remove the redundant systemd Also directive, GitHub #1593 * UPD: docs: Flesh out the compile appendix and break down start steps, GitHub #1595 * FIX: Fix seg fault in ad set utility when not in a netatalk volume, GitHub #1597 * UPD: Update ad manual page to cover 'ad set' utility, GitHub #1599 4.0.0 * NEW: Reintroduce AppleTalk / DDP support, GitHub #220 Controlled with the new build system option `-Dwith-appletalk'. Revived daemons: atalkd, papd, timelord, a2boot Revived config files: atalkd.conf, papd.conf Revived utilities: aecho, getzones, nbplkup, nbprgstr, nbpunrgstr, pap, papstatus * NEW: Bundle macipgw, the MacIP Gateway daemon by Stefan Bethke, GitHub #1204 * UPD: uams: All encrypted UAMs depend on Libgcrypt now, GitHub #1488, #1506 This means we remove the bundled wolfSSL library. A big thanks to the wolfSSL team for all their support! * FIX: uams: Remove unhelpful Libgcrypt version check, GitHub #1550 * REM: Remove the obsoleted PGP UAM, GitHub #1507 * NEW: Bundle, configure and install the Webmin module, GitHub #518 Controlled with the new build system option `-Dwith-webmin'. * UPD: Migrate afpstats from dbus-glib to GDBus, GitHub #666 Special thanks to Simon McVittie for his help! * BREAKING: Remove canned troff man pages from distribution, GitHub #460 The build system now generates them on the fly. Introduces a build time dependency on DocBook XSL and xsltproc. * BREAKING: Remove generated Unicode conversion tables, GitHub #1220 Introduces a build time dependency on the UnicodeData.txt database. * UPD: Detect host OS home dir and configure afp.conf on the fly, GitHub #1274 * UPD: meson: Autodetect init style for host OS, #1124 * UPD: meson: Allow building with multiple init styles, GitHub #1291 * NEW: meson: Introduce `-Dwith-readmes' option for installing additional docs. GitHub #1310 * REM: Remove the Autotools build system. Meson is now the only choice. GitHub #1213 3.2.10 * BREAKING: Install netatalk-dbus.conf into datadir by default, GitHub #1533 Previously: sysconfdir. This can be overridden by the build system. * FIX: uams: Correct shadow password length check for ClearTxt, GitHub #1528 * FIX: cnid_dbd: Set explicit max length of db_params to prevent potential buffer overflow, GitHub #694 * FIX: meson: Debugging was enabled by default causing tickles to not be sent out, GitHub #1514 * FIX: meson: Format afpd help text output to match autotools, GitHub #1499 * FIX: meson: Throw missing cracklib dictionary warning, GitHub #1495 * FIX: meson: Use a valid code sample for the TCP Wrappers check, GitHub #1491 3.2.9 * UPD: Use the recommended command to import Solaris init manifest, GitHub #1451 * FIX: uams: Make sure the DHX2 client nonce is aligned appropriately, GitHub #1456 * FIX: uams: Fix DHCAST128 key alignment problem, GitHub #1464 * FIX: wolfssl: OpenSSL coexistence tweaks, GitHub #1469 * FIX: docs: Remove straggler path substitution in afp.conf, GitHub #1480 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ed4e0718dbc7dc6448d50a81845ce9308b665058 Author: Adolf Belka Date: Sun Jun 22 20:21:53 2025 +0200 core196: Ship sudo Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d741cf944e3127d31fb4adcdccf7d4ac18596682 Author: Adolf Belka Date: Sun Jun 22 20:21:41 2025 +0200 sudo: Update to version 1.9.17 - Update from version 1.9.16p2 to 1.9.17 - Removed --with-ignore-dot as the setting is now on bt default. The --with-ignore-dot configure option has been deprecated so will eventually be removed. Therefore good to remove it now in preparation for the future. - Update of rootfile - Changelog 1.9.17 Sudo now uses the NODEV macro consistently. Bug #1074. Fixed a bug where the ALL command in a sudoers rule would override a previous NOSETENV tag. Command tags are inherited from previous Cmnds in a Cmnd_Spec_List. There is a special case for the SETENV tag with the ALL command, where SETENV is implied if no explicit SETENV or NOSETENV tag is specified. This special case did not take into account that a NOSETENV tag that was inherited should override this behavior. If sudo is run via ssh without a terminal and a password is required, it now suggest using ssh’s -t option. Fixed the display of timeout values in the sudo -V output on systems without a C99-compliant snprintf() function. Quieted a number of minor Coverity warnings. Fixed a problem running sudo from a serial console on Linux when the command is run in a pseudo-terminal (the default). Fixed a crash in sudo which could occur if there was a fatal error after the user was validated but before the command was actually run. Fixed a number of man page style warnings. The “lint” make target in the docs directory will now run groff with warnings enabled if it is available. Bug #1075. The ignore_dot sudoers setting is now on by default. There is now a --disable-ignore-dot configure option to disable it. The --with-ignore-dot configure option has been deprecated. Fixed a problem with the pwfeedback option where an initial backspace would reduce the maximum length allowed for the password. GitHub issue #439. Fixed minor grammar and spelling problems in the man pages. Fixed a bug where a user could avoid entering a password for sudo -l command if they specified their own user or group name via the -u or -g options. Avoid potential password guessing based on timing attacks on the strcmp() function on systems without PAM or a crypt() function where plaintext passwords are stored in the shadow password file. Fixed a potential information leak where sudo -l command could be used to determine whether an executable exists in a directory that they do not have search access to. Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once again. A long time ago sudo changed from using TCSAFLUSH to TCSADRAIN due to some systems having bugs related to TCSAFLUSH. That should no longer be a concern. Using TCSAFLUSH ensures that password input that has been received by the kernel, but not yet read by sudo, will be discarded and not echoed. Added the SUDO_TTY environment variable if the user has a terminal. This can be used to find the user’s original tty device when sudo runs the command in its own pseudo-terminal. GitHub issue #447. New Cantonese translation for sudo. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ea70c5fee2f248c2fe999c5fdd3559bc221b81ab Author: Adolf Belka Date: Sun Jun 22 14:28:01 2025 +0200 pixman: Update to version 0.46.2 - Update from version 0.46.0 to 0.46.2 - Update of rootfile - Changelog 0.46.2 region: add translatef function for fractional regions region: add contains_pointf function for fractional regions ci: Disable OpenMP for Windows targets Revert "ci: Allow failures in windows-amd64 jobs" Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9fa89ee6fbd4935b43d921766bce6e085c558677 Author: Adolf Belka Date: Sun Jun 22 14:28:00 2025 +0200 libxml2: Update to version 2.14.4 - Update from 2,14.3 to 2.14.4 - Update of rootfile - Changelog 2.14.4 Regressions - parser: Fix parsing of PublicIds and VersionNums - parser: Fix custom SAX parsers without cdataBlock handler - error: Fix initGenericErrorDefaultFunc compatibility macro again - io: Make xmlOutputBufferCreate* not free encoder on error - reader: Fix null deref on malloc failure - Revert "meson: Install libxml2.py" Security - tree: Fix integer overflow in xmlBuildQName Improvements - parser: Use parser context as default in resource loader - parser: Only validate EnumerationTypes when requested - parser: Undeprecate some parser context members Build systems - cmake: Avoid overlinking with non-CMake libxml2-config.cmake - cmake: Make iconv a private dependency Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b9a324bf067450f3cd4d4d9a291f80ee55f33c26 Author: Adolf Belka Date: Sun Jun 22 14:27:59 2025 +0200 git: Update to version 2.50.0 - Update from version 2.49.0 to 2.50.0 - Update of rootfile - Changelog 2.50.0 UI, Workflows & Features * A post-processing filter for "diff --raw" output has been introduced. * "git repack" learned "--combine-cruft-below-size" option that controls how cruft-packs are combined. * TCP keepalive behaviour on http transports can now be configured by calling cURL library. * Incrementally updating multi-pack index files. * "git reflog" learns "drop" subcommand, that discards the entire reflog data for a ref. * A new userdiff driver for ".ini" format configuration files has been added. * The job to coalesce loose objects into packfiles in "git maintenance" now has configurable batch size. * "git clone" still gave the message about the default branch name; this message has been turned into an advice message that can be turned off. * "git rev-list" learns machine-parsable output format that delimits each field with NUL. * "git maintenance" learns a new task to expire reflog entries. * Auth-related (and unrelated) error handling in send-email has been made more robust. * Updating multiple references have only been possible in an all-or-nothing fashion with transactions, but it can be more efficient to batch multiple updates even when some of them are allowed to fail in a best-effort manner. A new "best effort batches of updates" mode has been introduced. * "git help --build-options" reports SHA-1 and SHA-256 backends used in the build. * "git cat-file --batch" and friends learned to allow "--filter=" to omit certain objects, just like the transport layer does. * "git blame --porcelain" mode now talks about unblamable lines and lines that are blamed to an ignored commit. * The build procedure installs bash (but not zsh) completion script. * send-email has been updated to work better with Outlook's SMTP server. * "git diff --minimal" used to give non-minimal output when its optimization kicked in, which has been disabled. * "git index-pack --fix-thin" used to abort to prevent a cycle in delta chains from forming in a corner case even when there is no such cycle. * Make repository clean-up tasks that "gc" can do available to "git maintenance" front-end. * Bundle-URI feature did not use refs recorded in the bundle other than normal branches as anchoring points to optimize the follow-up fetch during "git clone"; now it is told to utilize all. * The `send-email` documentation has been updated with OAuth2.0 related examples. * Two of the "scalar" subcommands that add a repository that hasn't been under "scalar"'s control are taught an option not to enable the scheduled maintenance on it. * The userdiff pattern for shell scripts has been updated to cope with more bash-isms. * "git merge-tree" learned an option to see if it resolves cleanly without actually creating a result. * The commit title in the "rebase -i" todo file are now prefixed with '#', just like a merge commit being replayed. * "git receive-pack" optionally learns not to care about connectivity check, which can be useful when the repository arranges to ensure connectivity by some other means. * "git notes --help" documentation updates. Performance, Internal Implementation, Development Support etc. * A handful of built-in command implementations have been rewritten to use the repository instance supplied by git.c:run_builtin(), its caller. * "git fsck" becomes more careful when checking the refs. * "git fast-export | git fast-import" learns to deal with commit and tag objects with embedded signatures a bit better. This is highly experimental and the format of the data stream may change in the future without compatibility guarantees. * The code paths to check whether a refname X is available (by seeing if another ref X/Y exists, etc.) have been optimized. * First step of deprecating and removing merge-recursive. * In protocol v2 where the refs advertisement is constrained, we try to tell the server side not to limit the advertisement when there is no specific need to, which has been the source of confusion and recent bugs. Revamp the logic to simplify. * Update meson based build procedure for breaking changes support. * Enable -Wunreachable-code for developer builds. * Ensure what we write in assert() does not have side effects, and introduce ASSERT() macro to mark those that cannot be mechanically checked for lack of side effects. * Give more meaningful error return values from block writer layer of the reftable ref-API backend. * Make the code in reftable library less reliant on the service routines it used to borrow from Git proper, to make it easier to use by external users of the library. * CI update. * The object layer has been updated to take an explicit repository instance as a parameter in more code paths. * Some warnings from "-Wsign-compare" for builtin/rm.c have been squelched. * A few traditional unit tests have been rewritten to use the clar framework. * Some warnings from "-Wsign-compare" for pathspec.c have been squelched. * "make test" used to have a hard dependency on (basic) Perl; tests have been rewritten help environment with NO_PERL test the build as much as possible. * Remove remnants of the recursive merge strategy backend, which was superseded by the ort merge strategy. * Optimize the code to dedup references recorded in a bundle file. * Update parse-options API to catch mistakes to pass address of an integral variable of a wrong type/size. * Since a call to repo_config() can be called with repo set to NULL these days, a command that is marked as RUN_SETUP in the builtin command table does not have to check repo with NULL before making the call. * Overhaul of the reftable API. * Reduce requirement for Perl in our documentation build and a few scripts. * The build procedure based on Meson learned to drive the benchmarking tests. * Code clean-up for meson-based build infrastructure. * Add an equivalent to "make hdr-check" target to meson based builds. * Further code clean-up in the object-store layer. * Build performance fix. * Teach "git send-email" to also consult `hostname -f` for mail domain to compute the identity given to SMTP servers. * The dependency on the_repository variable has been reduced from the code paths in "git replay". * Support to create a loose object file with unknown object type has been dropped. * The code path to access the "packed-refs" file while "fsck" is taught to mmap the file, instead of reading the whole file into memory. * Assorted fixes for issues found with CodeQL. * Remove the leftover hints to the test framework to mark tests that do not pass the leak checker tests, as they should no longer be needed. * When a stale .midx file refers to .pack files that no longer exist, we ended up checking for these non-existent files repeatedly, which has been optimized by memoizing the non-existence. * Build settings have been improved for BSD based systems. * Newer version of libcURL detected curl_easy_setopt() calls we made with platform-natural "int" when we should have used "long", which all have been corrected. * Tests that compare $HOME and $(pwd), which should be the same directory unless the tests chdir's around, would fail when the user enters the test directory via symbolic links, which has been corrected. Bugfixes * The refname exclusion logic in the packed-ref backend has been broken for some time, which confused upload-pack to advertise different set of refs. This has been corrected. (merge 10e8a9352b tb/refs-exclude-fixes later to maint). * The merge-recursive and merge-ort machinery crashed in corner cases when certain renames are involved. (merge 3adba40858 en/merge-process-renames-crash-fix later to maint). * Certain "cruft" objects would have never been refreshed when there are multiple cruft packs in the repository, which has been corrected. (merge 08f612ba70 tb/multi-cruft-pack-refresh-fix later to maint). * The xdiff code on 32-bit platform misbehaved when an insanely large context size is given, which has been corrected. (merge d39e28e68c rs/xdiff-context-length-fix later to maint). * GitHub Actions CI switched on a CI/CD variable that does not exist when choosing what packages to install etc., which has been corrected. (merge ee89f7c79d kn/ci-meson-check-build-docs-fix later to maint). * Using "git name-rev --stdin" as an example, improve the framework to prepare tests to pretend to be in the future where the breaking changes have already happened. (merge de3dec1187 jc/name-rev-stdin later to maint). * An earlier code refactoring of the hash machinery missed a few required calls to init_fn. (merge d39f04b638 jh/hash-init-fixes later to maint). * A documentation page was left out from formatting and installation, which has been corrected. (merge ae85116f18 pw/build-breaking-changes-doc later to maint). * The bash command line completion script (in contrib/) has been updated to cope with remote repository nicknames with slashes in them. (merge 778d2f1760 dm/completion-remote-names-fix later to maint). * "Dubious ownership" checks on Windows has been tightened up. (merge 5bb88e89ef js/mingw-admins-are-special later to maint). * Layout configuration in vimdiff backend didn't work as advertised, which has been corrected. (merge 93bab2d04b fr/vimdiff-layout-fixes later to maint). * Fix our use of zlib corner cases. (merge 1cb2f293f5 jk/zlib-inflate-fixes later to maint). * Fix lockfile contention in reftable code on Windows. (merge 0a3dceabf1 ps/mingw-creat-excl-fix later to maint). * "git-merge-file" documentation source, which has lines that look like conflict markers, lacked custom conflict marker size defined, which has been corrected.. (merge d3b5832381 pw/custom-conflict-marker-size-for-merge-related-docs later to maint). * Squelch false-positive from sparse. (merge da87b58014 dd/sparse-glibc-workaround later to maint). * Adjust to the deprecation of use of Ubuntu 20.04 GitHub Actions CI. (merge 832d9f6d0b js/ci-github-update-ubuntu later to maint). * Work around CI breakage due to fedora base image getting updated. (merge 8a471a663b js/ci-fedora-gawk later to maint). * A ref transaction corner case fix. (merge b9fadeead7 jt/ref-transaction-abort-fix later to maint). * Random build fixes. (merge 85e1d6819f ps/misc-build-fixes later to maint). * "git fetch []" with only the configured fetch refspec should be the only thing to update refs/remotes//HEAD, but the code was overly eager to do so in other cases. * Incorrect sorting of refs with bytes with high-bit set on platforms with signed char led to a BUG, which has been corrected. * "make perf" fixes. (merge 1665f12fa0 pb/perf-test-fixes later to maint). * Doc mark-up updates. (merge 5a5565ec44 ja/doc-reset-mv-rm-markup-updates later to maint). * Work around false positive from CodeQL checker. (merge 0f558141ed js/range-check-codeql-workaround later to maint). * "git log --{left,right}-only A...B", when A and B does not share any common ancestor, now behaves as expected. (merge e7ef4be7c2 mh/left-right-limited later to maint). * Document the convention to disable hooks altogether by setting the hooksPath configuration variable to /dev/null. (merge 1b2eee94f1 ds/doc-disable-hooks later to maint). * Make sure outage of third-party sites that supply P4, Git-LFS, and JGit we use for testing would not prevent our CI jobs from running at all. * Various build tweaks, including CSPRNG selection on some platforms. (merge cdda67de03 rj/build-tweaks later to maint). * Developer support fix.. (merge 32b74b9809 js/git-perf-env-override later to maint). * Fix for scheduled maintenance tasks on platforms using launchctl. (merge eb2d7beb0e jh/gc-launchctl-schedule-fix later to maint). * Update to arm64 Windows port (part of which had been reverted as it broke builds for existing platforms, which may need to be redone in future releases). * hashmap API clean-up to ensure hashmap_clear() leaves a cleared map in a reusable state. (merge 9481877de3 en/hashmap-clear-fix later to maint). * "git mv a a/b dst" would ask to move the directory 'a' itself, as well as its contents, in a single destination directory, which is a contradicting request that is impossible to satisfy. This case is now detected and the command errors out. (merge 974f0d4664 ps/mv-contradiction-fix later to maint). * Further refinement on CI messages when an optional external software is unavailable (e.g. due to third-party service outage). (merge 956acbefbd jc/ci-skip-unavailable-external-software later to maint). * Test result aggregation did not work in Meson based CI jobs. (merge bd38ed5be1 ps/ci-test-aggreg-fix-for-meson later to maint). * Code clean-up around stale CI elements and building with Visual Studio. (merge a7b060f67f js/ci-buildsystems-cleanup later to maint). * "git add 'f?o'" did not add 'foo' if 'f?o', an unusual pathname, also existed on the working tree, which has been corrected. (merge ec727e189c kj/glob-path-with-special-char later to maint). * The fallback implementation of open_nofollow() depended on open("symlink", O_NOFOLLOW) to set errno to ELOOP, but a few BSD derived systems use different errno, which has been worked around. (merge f47bcc3413 cf/wrapper-bsd-eloop later to maint). * Use-after-free fix in the sequencer. (merge 5dbaec628d pw/sequencer-reflog-use-after-free later to maint). * win+Meson CI pipeline, unlike other pipelines for Windows, used to build artifacts in developer mode, which has been changed to build them in release mode for consistency. (merge 184abdcf05 js/ci-build-win-in-release-mode later to maint). * CI settings at GitLab has been updated to run MSVC based Meson job automatically (as opposed to be done only upon manual request). (merge 6389579b2f ps/ci-gitlab-enable-msvc-meson-job later to maint). * "git apply" and "git add -i/-p" code paths no longer unnecessarily expand sparse-index while working. (merge ecf9ba20e3 ds/sparse-apply-add-p later to maint). * Avoid adding directory path to a sparse-index tree entries to the name-hash, since they would bloat the hashtable without anybody querying for them. This was done already for a single threaded part of the code, but now the multi-threaded code also does the same. (merge 2e60aabc75 am/sparse-index-name-hash-fix later to maint). * Recent versions of Perl started warning against "! A =~ /pattern/" which does not negate the result of the matching. As it turns out that the problematic function is not even called, it was removed. (merge 67cae845d2 op/cvsserver-perl-warning later to maint). * "git apply --index/--cached" when applying a deletion patch in reverse failed to give the mode bits of the path "removed" by the patch to the file it creates, which has been corrected. * "git verify-refs" errored out in a repository in which linked worktrees were prepared with Git 2.43 or lower. (merge d5b3c38b8a sj/ref-contents-check-fix later to maint). * Update total_ram() function on BSD variants. * Update online_cpus() function on BSD variants. * Revert a botched bswap.h change that broke ntohll() functions on big-endian systems with __builtin_bswap32/64(). * Fixes for GitHub Actions Coverity job. (merge 3cc4fc1ebd js/github-ci-win-coverity-fix later to maint). * Other code cleanup, docfix, build fix, etc. (merge 227c4f33a0 ja/doc-block-delimiter-markup-fix later to maint). (merge 2bfd3b3685 ab/decorate-code-cleanup later to maint). (merge 5337daddc7 am/dir-dedup-decl-of-repository later to maint). (merge 554051d691 en/diff-rename-follow-fix later to maint). (merge a18c18b470 en/random-cleanups later to maint). (merge 5af21c9acb hj/doc-rev-list-ancestry-fix later to maint). (merge 26d76ca284 aj/doc-restore-p-update later to maint). (merge 2c0dcb9754 cc/lop-remote later to maint). (merge 7b399322a2 ja/doc-branch-markup later to maint). (merge ee434e1807 pw/doc-pack-refs-markup-fix later to maint). (merge c000918eb7 tb/bitamp-typofix later to maint). (merge fa8cd29676 js/imap-send-peer-cert-verify later to maint). (merge 98b423bc1c rs/clear-commit-marks-simplify later to maint). (merge 133d065dd6 ta/bulk-checkin-signed-compare-false-warning-fix later to maint). (merge d2827dc31e es/meson-build-skip-coccinelle later to maint). (merge ee8edb7156 dk/vimdiff-doc-fix later to maint). (merge 107d889303 md/t1403-path-is-file later to maint). (merge abd4192b07 js/comma-semicolon-confusion later to maint). (merge 27b7264206 ab/environment-clean-header later to maint). (merge ff4a749354 as/typofix-in-env-h-header later to maint). (merge 86eef3541e az/tighten-string-array-constness later to maint). (merge 25292c301d lo/remove-log-reencode-from-rev-info later to maint). (merge 1aa50636fd jk/p5332-testfix later to maint). (merge 42cf4ac552 ps/ci-resurrect-p4-on-github later to maint). (merge 104add8368 js/diff-codeql-false-positive-workaround later to maint). (merge f62977b93c en/get-tree-entry-doc later to maint). (merge e5dd0a05ed ly/am-split-stgit-leakfix later to maint). (merge bac220e154 rc/t1001-test-path-is-file later to maint). (merge 91db6c735d ly/reftable-writer-leakfix later to maint). (merge 20e4e9ad0b jc/doc-synopsis-option-markup later to maint). (merge cddcee7f64 es/meson-configure-build-options-fix later to maint). (merge cea9f55f00 wk/sparse-checkout-doc-fix later to maint). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer