commit efeb1d3bda767bbea062da70105fcbda59cbc594 Author: Adolf Belka Date: Fri Jul 4 12:14:29 2025 +0200 core197: Ship util linux Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit de8887e60c6cd4be8fd1b877c00544c53d64f79e Author: Adolf Belka Date: Fri Jul 4 12:14:46 2025 +0200 util-linux: Update to version 2.41.1 - Update from version 2.41 to 2.41.1 - Update of rootfile not required - Changelog 2.41.1 autotools: - don't use wide-character ncurses if --disable-widechar (by Karel Zak) cfdisk: - fix memory leak and possible NULL dereference [gcc-analyzer] (by Karel Zak) column: - fix compiler warning for non-widechar compilation (by Karel Zak) fdformat: - use size_t and ssize_t (by Karel Zak) fdisk: - fix possible memory leak (by Karel Zak) fdisk,partx: - avoid strcasecmp() for ASCII-only strings (by Karel Zak) findmnt: - fix -k option parsing regression (by Karel Zak) hardlink: - define more function as inline (by Karel Zak) - fix performance regression (inefficient signal evaluation) (by Karel Zak) - Use macro for verbose output (by Karel Zak) include/cctype: - fix string comparison (by Karel Zak) include/mount-api-utils: - include linux/unistd.h (by Thomas Weißschuh) libblkid: - Fix crash while parsing config with libeconf (by Stanislav Brabec) - befs fix underflow (by Milan Broz) - avoid strcasecmp() for ASCII-only strings (by Karel Zak) libblkid/src/topology/dm: - fix fscanf return value check to match expected number of parsed items (by Mingjie Shen) libfdisk: - avoid strcasecmp() for ASCII-only strings (by Karel Zak) libmount: - (subdir) restrict for real mounts only (by Karel Zak) - (subdir) remove unused code (by Karel Zak) - avoid calling memset() unnecessarily (by Karel Zak) - avoid strcasecmp() for ASCII-only strings (by Karel Zak) - fix --no-canonicalize regression (by Karel Zak) libuuid: - fix uuid_time on macOS without attribute((alias)) (by Eugene Gershnik) lsblk: - use ID_PART_ENTRY_SCHEME as fallback for PTTYPE (by Karel Zak) - avoid strcasecmp() for ASCII-only strings (by Karel Zak) lscpu: - fix possible buffer overflow in cpuinfo parser (by Karel Zak) - Fix loongarch op-mode output with recent kernel (by Xi Ruoyao) lsfd: - (bug fix) scan the protocol field of /proc/net/packet as a hex number (by Masatake YAMATO) - fix the description for PACKET.PROTOCOL column (by Masatake YAMATO) lsns: - enhance compilation without USE_NS_GET_API (by Karel Zak) - fix undefined reference to add_namespace_for_nsfd #3483 (by Thomas Devoogdt) meson: - add feature for translated documentation (by Thomas Weißschuh) - remove tinfo dependency from 'more' (by Thomas Weißschuh) - fix manadocs for libsmartcols and libblkid (by Karel Zak) - fix po-man installation (by Karel Zak) misc: - never include wchar.h (by Karel Zak) more: - fix broken ':!command' command key (by cgoesche) - fix implicit previous shell_line execution #3508 (by cgoesche) mount: - (man) add missing word (by Jakub Wilk) namespace.h: - fix compilation on Linux < 4.10 (by Thomas Devoogdt) po: - update uk.po (from translationproject.org) (by Yuri Chornoivan) - update sr.po (from translationproject.org) (by Мирослав Николић) - update ro.po (from translationproject.org) (by Remus-Gabriel Chelu) - update pt.po (from translationproject.org) (by Pedro Albuquerque) - update pl.po (from translationproject.org) (by Jakub Bogusz) - update nl.po (from translationproject.org) (by Benno Schulenberg) - update ja.po (from translationproject.org) (by YOSHIDA Hideki) - update hr.po (from translationproject.org) (by Božidar Putanec) - update fr.po (from translationproject.org) (by Frédéric Marchal) - update es.po (from translationproject.org) (by Antonio Ceballos Roa) - update de.po (from translationproject.org) (by Mario Blättermann) - update cs.po (from translationproject.org) (by Petr Písař) po-man: - merge changes (by Karel Zak) - update sr.po (from translationproject.org) (by Мирослав Николић) - update de.po (from translationproject.org) (by Mario Blättermann) tests: - (test_mkfds::mapped-packet-socket) add a new parameter, protocol (by Masatake YAMATO) treewide: - add ul_ to parse_timestamp() function name (by Karel Zak) - add ul_ to parse_switch() function name (by Stanislav Brabec) - add ul_ to parse_size() function name (by Karel Zak) - add ul_ to parse_range() function name (by Karel Zak) - fix optional arguments usage (by Karel Zak) - avoid strcasecmp() for ASCII-only strings (by Karel Zak) Wipefs: - improve --all descriptions for whole-disks (by Karel Zak) Misc: - Do not call exit() on code ending in shared libraries (by Cristian Rodríguez) - remove two leftover license lines from colors.{c,h} (by Benno Schulenberg) - remove "Copyright (C) ...." notes from files that claim no copyright (by Benno Schulenberg) - correct the full name of the GPL in various files (by Benno Schulenberg) - Make scols_column_set_data_func docs visible (by FeRD (Frank Dana)) - Do not use strerror on shared libraries (by Cristian Rodríguez) - Fix typo in blkdiscard docs (by pls-no-hack) - lib/fileeq.c Fix a typo in message. (by Masanari Iida) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5bed1c20b7277f4c5c780f1673cfeaea8b7239bc Author: Adolf Belka Date: Fri Jul 4 12:14:45 2025 +0200 taglib: Update to version 2.1.1 - Update from version 2.0.2 to 2.1.1 - Update of rootfile - Changelog 2.1.1 * Map ID3v2.3 IPLS frames to both ID3v2.4 TIPL and TMCL to have a consistent behavior when using MusicBrainz tags with the property map interface. * Fix missing include for `wchar_t` when using C bindings with MinGW. 2.1 * Support for Shorten (SHN) files. * Compile time configuration of supported formats: WITH_APE, WITH_ASF, ... * Compile time configuration of data and temporary directories for unit tests: TESTS_DIR and TESTS_TMPDIR. * C bindings: Added taglib_file_new_wchar() and taglib_file_new_type_wchar(). * Preserve unicode encoding when downgrading to ID3v2.3. * Do not store FLAC metadata blocks which are too large. * Fix segfaults with String and ByteVector nullptr arguments. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f667298748b566a55d62799538d24f3157b31966 Author: Adolf Belka Date: Fri Jul 4 12:14:28 2025 +0200 core197: Ship sqlite Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 730a88544fee7a78ae884bdba736acd10e510472 Author: Adolf Belka Date: Fri Jul 4 12:14:44 2025 +0200 sqlite: Update to version 3500200 - Update from version 3500100 to 3500200 - Update of rootfile - Changelog 3500200 Fix the concat_ws() SQL function so that it includes empty strings in the concatenation. Forum post 52503ac21d. Fix the file-io extension (used by the CLI) so that it can be built using the MinGW compiler chain. Avoid writing frames with no checksums into the wal file if a savepoint is rolled back after dirty pages have already been spilled into the wal file. Forum post b490f726db. Fix the Bitvec object to avoid stack overflow when the database is within 60 pages of its maximum size. Fix a problem with UPDATEs on fts5 tables that contain BLOB values. Fix an issue with transitive IS constraints on a RIGHT JOIN. Raise an error early if the number of aggregate terms in a query exceeds the maximum number of columns, to avoid downstream assertion faults. Ensure that sqlite3_setlk_timeout() holds the database mutex. Fix typos in API documentation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4823cfa893a8748c697e50968749ae0cbb70756d Author: Adolf Belka Date: Fri Jul 4 12:14:27 2025 +0200 core197: Ship shadow Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e5699c55106631b61915843b81b930370b0eaa67 Author: Adolf Belka Date: Fri Jul 4 12:14:43 2025 +0200 shadow: Update to version 4.18.0 - Update from version 4.17.4 to 4.18.0 - Update of rootfile not required - Changelog 4.18.0 CI: purge man-db by @ikerexxe in #1241 passwd: document exit code when PAM has errored by @hallyn in #1244 Man patches by @zeha in #1175 Quick fix: define E_PAM_ERR in lib/pam_pass.c by @hallyn in #1245 Accept /usr/sbin/nologin as an alternate to /sbin/nologin by @zeha in #1246 Add LOGIN_ENV_SAFELIST to FOREIGNDEFS by @stanislav-brabec in #1248 ci: add gawk as a fedora dependency by @ikerexxe in #1252 man/useradd.8.xml: fix the CREATE_HOME description by @hallyn in #1251 lib/getdate.y: Restrict the date formats that we support by @alejandro-colomar in #1238 newuidmap: better error logging on failure by @matthewhughes934 in #1254 Extend basic test cases to check shadow and gshadow entries by @ikerexxe in #1237 lib/sizeof.h: Make sure STRLEN() only accepts string literals by @alejandro-colomar in #1260 Add strprefix(), and use it instead of its pattern by @alejandro-colomar in #1152 src/: Simplify, using strpbrk(3) by @alejandro-colomar in #1167 lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) by @alejandro-colomar in #1189 Remove dead beef by @alejandro-colomar in #1230 lib/atoi/a2i/: Simplify these macros by calling a2i() by @alejandro-colomar in #1137 strtolower(): Add API, and use it instead of its pattern by @alejandro-colomar in #1211 lib/: sget*ent(): Simplify by calling strdup(3) by @alejandro-colomar in #1146 fields by @alejandro-colomar in #1150 yacc(1) is a dead language; bury it deep in the ground by @alejandro-colomar in #1217 Test expiration date by @ikerexxe in #1233 [scp] Add strcaseprefix(), and use it instead of its pattern by @alejandro-colomar in #1262 valid_field(): Improve readability by @alejandro-colomar in #1208 lib/, src/, tests/: Use the standard countof() instead of our NITEMS() by @alejandro-colomar in #1259 lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under lib/fs/mkstemp/, and split into mkomstemp() by @alejandro-colomar in #1139 [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) by @alejandro-colomar in #1168 lib/get_pid.c: pid_t is a signed integer by @alejandro-colomar in #1264 src/newusers.c: Fix off-by-one benign bug in array declaration by @alejandro-colomar in #1266 Add some wrappers for usual loops around strsep(3) by @alejandro-colomar in #1155 lib/fs/readlink/areadlink.h: areadlink(): Avoid inconditionally using PATH_MAX by @sthibaul in #1222 configure: Fix typo by @sthibaul in #1268 Pre-release 4.18.0-rc1 by @hallyn in #1270 Update man pages for chage, shadow, passwd by @domiborges in #1243 contrib/: Burn it all by @alejandro-colomar in #1274 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1aee27fec8827ac21187b8a9ccbf3325a66535ac Author: Adolf Belka Date: Fri Jul 4 12:14:26 2025 +0200 core197: Ship pciutils Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a2a73331107678fda4e973db21e4b45b8e061f0f Author: Adolf Belka Date: Fri Jul 4 12:14:42 2025 +0200 pciutils: Update to version 3.14.0 - Update from version 3.13.0 to 3.14.0 - Update of rootfile - Changelog 3.14.0 * New capabilities are decoded: VirtIO SharedMemory, Physical Layer 16 to 64 GT/s, Flit Mode, Device 3, Intel vendor-specific. * ECAM now works on Windows and DJGPP. * The GNU/Hurd back-end works on 64-bit systems. * Added a new back-end for RT-Thread Smart OS. * got definitions of new classes and capabilities from PCI Code and ID Assignment rev 1.18. * can be included from C++ programs. * Updated pci.ids. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 110fc9fecb72c5b27eb957ba03d03b0e9d278a1a Author: Adolf Belka Date: Fri Jul 4 12:14:25 2025 +0200 core197: Ship pango Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5ebef2176469d56cb323a02f03a6e217bfb30150 Author: Adolf Belka Date: Fri Jul 4 12:14:41 2025 +0200 pango: Update to version 1.56.4 - Update from version 1.56.3 to 1.56.4 - Update of rootfile - Changelog 1.56.4 - fontconfig: Improve the add_font_file implementation - fontconfig: Combine font features and style variants - fontconfig: Make sure font faces stay alive - win32: Drop some caching - win32: Make sure font faces stay alive - win32: Modernize and simplify the code - win32: Stop synthesizing fonts - win32: Implement list models - coretext: Support synthetic small caps - layout: Avoid assertions in line breaking - build: Require GLib 2.82 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f2c5412eb25fe4f42dc9dc40c1ed48f44ec34492 Author: Adolf Belka Date: Fri Jul 4 12:14:24 2025 +0200 core197: Ship openssl Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c0a07f2df9aa9548d06a0e9558a462558871d19f Author: Adolf Belka Date: Fri Jul 4 12:14:40 2025 +0200 openssl: Update to version 3.5.1 - Update from version 3.5.0 to 3.5.1 - Update of rootfile not required - Changelog 3.5.1 OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this release is Low. This release incorporates the following bug fixes and mitigations: * Fix x509 application adds trusted use instead of rejected use. ([CVE-2025-4575]) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fe7ff845e43228bbf121f1367c890b233f469483 Author: Adolf Belka Date: Fri Jul 4 12:14:23 2025 +0200 core197: Ship nettle Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f0fc4e07db5be29f684d98eef55900c1f7fb936e Author: Adolf Belka Date: Fri Jul 4 12:14:39 2025 +0200 nettle: Update to version 3.10.2 - Update from version 3.10.1 to 3.10.2 - Update of rootfile - Changelog 3.10.2 * Fix missing prototypes in getopt.h and getopt.c, affecting non-glibc systems, and causing compile errors with C23 compilers that require prototypes, e.g., gcc-15. * For powerpc64, avoid using v9 (ISA v3.0) instructions lxvb16x, lxv and stxv in powerpc64/p8/ files. * For powerpc64, add configure check for __VSX__, and disable use of assembly if not defined. Nettle's powerpc64 assembly requires at least v7 (ISA v2.06). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 90dab2bef6b16b2a437d8ed6dd689bbfa9ac9e71 Author: Adolf Belka Date: Fri Jul 4 12:14:38 2025 +0200 ncdu: Update to version 1.22 - Update from version 1.20 to 1.22 - Update of rootfile not required - Changelog 1.22 - Add support for @-prefixed lines to ignore errors in config file (from 2.8) - List all supported options in `--help` (from 2.8) - Use `kB` instead of `KB` in `--si` mode (from 2.8) - Add `--graph-style` option (from 2.1) - Fix supported range of uid/gid numbers 1.21 - Perform tilde expansion on paths in the config file (from 2.7) - Fix JSON import of escaped UTF-16 surrogate pairs (from 2.7) - Fix displaying and exporting zero values when extended info is not available (from 2.6) - Fix JSON export and import of the “other filesystem” flag (from 2.5) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0a111abfc7e498908697239e919f9dd5877d745e Author: Adolf Belka Date: Fri Jul 4 12:14:22 2025 +0200 core197: Ship lvm2 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e8f33d48be66b79fcd5bb766a34fc862a5f7d075 Author: Adolf Belka Date: Fri Jul 4 12:14:37 2025 +0200 lvm2: Update to version 2.03.33 - Update from version 2.03.32 to 2.03.33 - Update of rootfile not required - Changelog 2.03.33 Various spelling, grammar, formatting, test, and build script improvements. Override LC_NUMERIC locale if unsuitable for json_std report format. Repair raid arrays with transiently lost devices. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee2a9d3975120989fe0a76227f333c8a0bd9119a Author: Adolf Belka Date: Fri Jul 4 12:14:21 2025 +0200 core197: Ship libssh Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f31ba2c5ee9bd8414471f36ca1918ca769eb5a80 Author: Adolf Belka Date: Fri Jul 4 12:14:36 2025 +0200 libssh: Update to version 0.11.2 - Update from version 0.11.1 to 0.11.2 - Update of rootfile - Changelog 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 42e94a858f407b49c6f40f5c65d96a853c83177a Author: Adolf Belka Date: Fri Jul 4 12:18:12 2025 +0200 core197: Ship libpng Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0544285c74c33983ae65ae18884b009cb7a70a03 Author: Adolf Belka Date: Fri Jul 4 12:14:35 2025 +0200 libpng: Update to version 1.6.50 - Update from version 1.6.48 to 1.6.50 - Update of rootfile - Changelog 1.6.50 Improved the detection of the RVV Extension on the RISC-V platform. (Contributed by Filip Wasil) Replaced inline ASM with C intrinsics in the RVV code. (Contributed by Filip Wasil) Fixed a decoder defect in which unknown chunks trailing IDAT, set to go through the unknown chunk handler, incorrectly triggered out-of-place IEND errors. (Contributed by John Bowler) Fixed the CMake file for cross-platform builds that require `libm`. 1.6.49 Added SIMD-optimized code for the RISC-V Vector Extension (RVV). (Contributed by Manfred Schlaegl, Dragos Tiselice and Filip Wasil) Added various fixes and improvements to the build scripts and to the sample code. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b29cd91c961a5eeb1aa42bc679dad5b06b3446d2 Author: Adolf Belka Date: Fri Jul 4 12:14:20 2025 +0200 core197: Ship libjpeg Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b0dd16dd4135bbaa3fea9393b68080469573cfa3 Author: Adolf Belka Date: Fri Jul 4 12:14:34 2025 +0200 libjpeg: Update to version 3.1.1 - Update from version 3.0.4 to 3.1.1 - Update of rootfile - Changelog 3.1.1 Hardened the libjpeg API against hypothetical calling applications that may erroneously change the value of the `data_precision` field in `jpeg_compress_struct` or `jpeg_decompress_struct` after calling `jpeg_start_compress()` or `jpeg_start_decompress()`. 3.1.0 Fixed an issue in the TurboJPEG API whereby, when generating a lossless JPEG image with more than 8 bits per sample, specifying a point transform value greater than 7 resulted in an error ("Parameter value out of range") unless `TJPARAM_PRECISION`/`TJ.PARAM_PRECISION` was specified before `TJPARAM_LOSSLESSPT`/`TJ.PARAM_LOSSLESSPT`. Fixed a regression introduced by 1.4 beta1[3] that prevented `jpeg_set_defaults()` from resetting the Huffman tables to default (baseline) values if Huffman table optimization or progressive mode was previously enabled in the same libjpeg instance. Fixed an issue whereby lossless JPEG compression could not be disabled if it was previously enabled in a libjpeg or TurboJPEG instance. `jpeg_set_defaults()` now disables lossless JPEG compression in a libjpeg instance, and setting `TJPARAM_LOSSLESS`/`TJ.PARAM_LOSSLESS` to `0` now disables lossless JPEG compression in a TurboJPEG instance. 3.1 beta1 The libjpeg-turbo source tree has been reorganized to make it easier to find the README files, license information, and build instructions. The documentation for the libjpeg API library and associated programs has been moved into the **doc/** subdirectory, all C source code and headers have been moved into a new **src/** subdirectory, and test scripts have been moved into a new **test/** subdirectory. cjpeg no longer allows GIF input files to be converted into 12-bit-per-sample JPEG files. That was never a useful feature, since GIF images have at most 256 colors referenced from a palette of 8-bit-per-component RGB values. Added support for lossless JPEG images with 2 to 15 bits per sample to the libjpeg and TurboJPEG APIs. When creating or decompressing a lossless JPEG image and when loading or saving a PBMPLUS image, functions/methods specific to 8-bit samples now handle 8-bit samples with 2 to 8 bits of data precision (specified using the `data_precision` field in `jpeg_compress_struct` or `jpeg_decompress_struct` or using `TJPARAM_PRECISION`/`TJ.PARAM_PRECISION`), functions/methods specific to 12-bit samples now handle 12-bit samples with 9 to 12 bits of data precision, and functions/methods specific to 16-bit samples now handle 16-bit samples with 13 to 16 bits of data precision. Refer to [libjpeg.txt](doc/libjpeg.txt), [usage.txt](doc/usage.txt), and the TurboJPEG API documentation for more details. All deprecated constants and methods in the TurboJPEG Java API have been removed. TJBench command-line arguments are now more consistent with those of cjpeg, djpeg, and jpegtran. More specifically: - `-copynone` has been replaced with `-copy none`. - `-fastdct` has been replaced with `-dct fast`. - `-fastupsample` has been replaced with `-nosmooth`. - `-hflip` and `-vflip` have been replaced with `-flip {horizontal|vertical}`. - `-limitscans` has been replaced with `-maxscans`, which allows the scan limit to be specified. - `-rgb`, `-bgr`, `-rgbx`, `-bgrx`, `-xbgr`, `-xrgb`, and `-cmyk` have been replaced with `-pixelformat {rgb|bgr|rgbx|bgrx|xbgr|xrgb|cmyk}`. - `-rot90`, `-rot180`, and `-rot270` have been replaced with `-rotate {90|180|270}`. - `-stoponwarning` has been replaced with `-strict`. - British spellings for `gray` (`grey`) and `optimize` (`optimise`) are now allowed. The old command-line arguments are deprecated and will be removed in a future release. TJBench command-line arguments can now be abbreviated as well. (Where possible, the abbreviations are the same as those supported by cjpeg, djpeg, and jpegtran.) Added a new TJBench option (`-pixelformat gray`) that can be used to test the performance of compressing/decompressing a grayscale JPEG image from/to a packed-pixel grayscale image. Fixed an issue whereby, if `TJPARAM_NOREALLOC` was set, TurboJPEG compression and lossless transformation functions ignored the JPEG buffer size(s) passed to them and assumed that the JPEG buffer(s) had been allocated to a worst-case size returned by `tj3JPEGBufSize()`. This behavior was never documented, although the documentation was unclear regarding whether the JPEG buffer size should be specified if a JPEG buffer is pre-allocated to a worst-case size. The TurboJPEG C and Java APIs have been improved in the following ways: - New image I/O methods (`TJCompressor.loadSourceImage()` and `TJDecompressor.saveImage()`) have been added to the Java API. These methods work similarly to the `tj3LoadImage*()` and `tj3SaveImage*()` functions in the C API. - The TurboJPEG lossless transformation function and methods now add restart markers to all destination images if `TJPARAM_RESTARTBLOCKS`/`TJ.PARAM_RESTARTBLOCKS` or `TJPARAM_RESTARTROWS`/`TJ.PARAM_RESTARTROWS` is set. - New functions/methods (`tj3SetICCProfile()` / `TJCompressor.setICCProfile()` / `TJTransformer.setICCProfile()` and `tj3GetICCProfile()` / `TJDecompressor.getICCProfile()`) can be used to embed and retrieve ICC profiles. - A new parameter (`TJPARAM_SAVEMARKERS`/`TJ.PARAM_SAVEMARKERS`) can be used to specify the types of markers that will be copied from the source image to the destination image during lossless transformation if `TJXOPT_COPYNONE`/`TJTransform.OPT_COPYNONE` is not specified. - A new convenience function/method (`tj3TransformBufSize()` / `TJTransformer.bufSize()`) can be used to compute the worst-case destination buffer size for a given lossless transform, taking into account cropping, transposition of the width and height, grayscale conversion, and the embedded or extracted ICC profile. TJExample has been replaced with three programs (TJComp, TJDecomp, and TJTran) that demonstrate how to approximate the functionality of cjpeg, djpeg, and jpegtran using the TurboJPEG C and Java APIs. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 823a4174b1317290ee11221c2eadcfb7c1970643 Author: Adolf Belka Date: Fri Jul 4 12:14:19 2025 +0200 core197: Ship jq Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 70cf028910ebfbe335febedaff0a68737fd91687 Author: Adolf Belka Date: Fri Jul 4 12:14:33 2025 +0200 jq: Update to version 1.8.1 - Update from version 1.7.1 to 1.8.1 - Update of rootfile not required - CVE fix in 1.8.1 & 1.8.0 - Changelog 1.8.1 Security fixes - CVE-2025-49014: Fix heap use after free in `f_strftime`, `f_strflocaltime`. @wader 499c91bca9d4d027833bc62787d1bb075c03680e - GHSA-f946-j5j2-4w5m: Fix stack overflow in `node_min_byte_len` of oniguruma. @wader 5e159b34b179417e3e0404108190a2ac7d65611c CLI changes - Fix assertion failure when syntax error happens at the end of the query. @itchyny #3350 Changes to existing functions - Fix portability of `strptime/1` especially for Windows. @itchyny #3342 Language changes - Revert the change of `reduce`/`foreach` state variable in 1.8.0 (#3205). This change was reverted due to serious performance regression. @itchyny #3349 Documentation changes - Add LICENSE notice of NetBSD's `strptime()` to COPYING. @itchyny #3344 Build improvements - Fix build on old Mac with old sed. @qianbinbin #3336 1.8.0 Releasing - Change the version number pattern to `1.X.Y` (`1.8.0` instead of `1.8`). @itchyny #2999 - Generate provenance attestations for release artifacts and docker image. @lectrical #3225 ```sh gh attestation verify --repo jqlang/jq jq-linux-amd64 gh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0 ``` Security fixes - CVE-2024-23337: Fix signed integer overflow in `jvp_array_write` and `jvp_object_rehash`. @itchyny de21386681c0df0104a99d9d09db23a9b2a78b1e - The fix for this issue now limits the maximum size of arrays and objects to 536870912 (`2^29`) elements. - CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4dfd55e6c24d04b35062ccfe4509748b1dd3 - The fix for this issue now drops support for NaN with payload in JSON (like `NaN123`). Other JSON extensions like `NaN` and `Infinity` are still supported. - CVE-2025-48060: Fix heap buffer overflow in `jv_string_vfmt`. @itchyny c6e041699d8cd31b97375a2596217aff2cfca85b - Fix use of uninitialized value in `check_literal`. @itchyny #3324 - Fix segmentation fault on `strftime/1`, `strflocaltime/1`. @itchyny #3271 - Fix unhandled overflow in `@base64d`. @emanuele6 #3080 CLI changes - Fix `--indent 0` implicitly enabling `--compact-output`. @amarshall @gbrlmarn @itchyny #3232 ```sh $ jq --indent 0 . <<< '{ "foo": ["hello", "world"] }' { "foo": [ "hello", "world" ] } # Previously, this implied --compact-output, but now outputs with new lines. ``` - Improve error messages to show problematic position in the filter. @itchyny #3292 ```sh $ jq -n '1 + $foo + 2' jq: error: $foo is not defined at , line 1, column 5: 1 + $foo + 2 ^^^^ jq: 1 compile error ``` - Include column number in parser and compiler error messages. @liviubobocu #3257 - Fix error message for string literal beginning with single quote. @mattmeyers #2964 ```sh $ jq .foo <<< "{'foo':'bar'}" jq: parse error: Invalid string literal; expected ", but got ' at line 1, column 7 # Previously, the error message was Invalid numeric literal at line 1, column 7. ``` - Improve `JQ_COLORS` environment variable to support larger escapes like truecolor. @SArpnt #3282 ```sh JQ_COLORS="38;2;255;173;173:38;2;255;214;165:38;2;253;255;182:38;2;202;255;191:38;2;155;246;255:38;2;160;196;255:38;2;189;178;255:38;2;255;198;255" jq -nc '[null,false,true,42,{"a":"bc"}]' ``` - Add `--library-path` long option for `-L`. @thaliaarchi #3194 - Fix `--slurp --stream` when input has no trailing newline character. @itchyny #3279 - Fix `--indent` option to error for malformed values. @thaliaarchi #3195 - Fix option parsing of `--binary` on non-Windows platforms. @calestyo #3131 - Fix issue with `~/.jq` on Windows where `$HOME` is not set. @kirkoman #3114 - Fix broken non-Latin output in the command help on Windows. @itchyny #3299 - Increase the maximum parsing depth for JSON to 10000. @itchyny #3328 - Parse short options in order given. @thaliaarchi #3194 - Consistently reset color formatting. @thaliaarchi #3034 New functions - Add `trim/0`, `ltrim/0` and `rtrim/0` to trim leading and trailing white spaces. @wader #3056 ```sh $ jq -n '" hello " | trim, ltrim, rtrim' "hello" "hello " " hello" ``` - Add `trimstr/1` to trim string from both ends. @gbrlmarn #3319 ```sh $ jq -n '"foobarfoo" | trimstr("foo")' "bar" ``` - Add `add/1`. Generator variant of `add/0`. @myaaaaaaaaa #3144 ```sh $ jq -c '.sum = add(.xs[])' <<< '{"xs":[1,2,3]}' {"xs":[1,2,3],"sum":6} ``` - Add `skip/2` as the counterpart to `limit/2`. @itchyny #3181 ```sh $ jq -nc '[1,2,3,4,5] | [skip(2; .[])]' [3,4,5] ``` - Add `toboolean/0` to convert strings to booleans. @brahmlower @itchyny #2098 ```sh $ jq -n '"true", "false" | toboolean' true false ``` - Add `@urid` format. Reverse of `@uri`. @fmgornick #3161 ```sh $ jq -Rr '@urid' <<< '%6a%71' jq ``` Changes to existing functions - Use code point index for `indices/1`, `index/1` and `rindex/1`. @wader #3065 - This is a breaking change. Use `utf8bytelength/0` to get byte index. - Improve `tonumber/0` performance and rejects numbers with leading or trailing white spaces. @itchyny @thaliaarchi #3055 #3195 - This is a breaking change. Use `trim/0` to remove leading and trailing white spaces. - Populate timezone data when formatting time. This fixes timezone name in `strftime/1`, `strflocaltime/1` for DST. @marcin-serwin @sihde #3203 #3264 #3323 - Preserve numerical precision on unary negation, `abs/0`, `length/0`. @itchyny #3242 #3275 - Make `last(empty)` yield no output values like `first(empty)`. @itchyny #3179 - Make `ltrimstr/1` and `rtrimstr/1` error for non-string inputs. @emanuele6 #2969 - Make `limit/2` error for negative count. @itchyny #3181 - Fix `mktime/0` overflow and allow fewer elements in date-time representation array. @emanuele6 #3070 #3162 - Fix non-matched optional capture group. @wader #3238 - Provide `strptime/1` on all systems. @george-hopkins @fdellwing #3008 #3094 - Fix `_WIN32` port of `strptime`. @emanuele6 #3071 - Improve `bsearch/1` performance by implementing in C. @eloycoto #2945 - Improve `unique/0` and `unique_by/1` performance. @itchyny @emanuele6 #3254 #3304 - Fix error messages including long string literal not to break Unicode characters. @itchyny #3249 - Remove `pow10/0` as it has been deprecated in glibc 2.27. Use `exp10/0` instead. @itchyny #3059 - Remove private (and undocumented) `_nwise` filter. @itchyny #3260 Language changes - Fix precedence of binding syntax against unary and binary operators. Also, allow some expressions as object values. @itchyny #3053 #3326 - This is a breaking change that may change the output of filters with binding syntax as follows. ```sh $ jq -nc '[-1 as $x | 1,$x]' [1,-1] # previously, [-1,-1] $ jq -nc '1 | . + 2 as $x | -$x' -3 # previously, -1 $ jq -nc '{x: 1 + 2, y: false or true, z: null // 3}' {"x":3,"y":true,"z":3} # previously, syntax error ``` - Support Tcl-style multiline comments. @emanuele6 #2989 ```sh #!/bin/sh -- # Can be use to do shebang scripts. # Next line will be seen as a comment be of the trailing backslash. \ exec jq ... # this jq expression will result in [1] [ 1, # \ 2 ] ``` - Fix `foreach` not to break init backtracking with `DUPN`. @kanwren #3266 ```sh $ jq -n '[1, 2] | foreach .[] as $x (0, 1; . + $x)' 1 3 2 4 ``` - Fix `reduce`/`foreach` state variable should not be reset each iteration. @itchyny #3205 ```sh $ jq -n 'reduce range(5) as $x (0; .+$x | select($x!=2))' 8 $ jq -nc '[foreach range(5) as $x (0; .+$x | select($x!=2); [$x,.])]' [[0,0],[1,1],[3,4],[4,8]] ``` - Support CRLF line breaks in filters. @itchyny #3274 - Improve performance of repeating strings. @itchyny #3272 Documentation changes - Switch the homepage to custom domain [jqlang.org](https://jqlang.org). @itchyny @owenthereal #3243 - Make latest release instead of development version the default manual. @wader #3130 - Add opengraph meta tags. @wader #3247 - Replace jqplay.org with play.jqlang.org @owenthereal #3265 - Add missing line from decNumber's licence to `COPYING`. @emanuele6 #3106 - Various document improvements. @tsibley #3322, @itchyny #3240, @jhcarl0814 #3239, @01mf02 #3184, @thaliaarchi #3199, @NathanBaulch #3173, @cjlarose #3164, @sheepster1 #3105, #3103, @kishoreinvits #3042, @jbrains #3035, @thalman #3033, @SOF3 #3017, @wader #3015, @wllm-rbnt #3002 Build improvements - Fix build with GCC 15 (C23). @emanuele6 #3209 - Fix build with `-Woverlength-strings` @emanuele6 #3019 - Fix compiler warning `type-limits` in `found_string`. @itchyny #3263 - Fix compiler error in `jv_dtoa.c` and `builtin.c`. @UlrichEckhardt #3036 - Fix warning: a function definition without a prototype is deprecated. @itchyny #3259 - Define `_BSD_SOURCE` in `builtin.c` for OpenBSD support. @itchyny #3278 - Define empty `JV_{,V}PRINTF_LIKE` macros if `__GNUC__` is not defined. @emanuele6 #3160 - Avoid `ctype.h` abuse: cast `char` to `unsigned char` first. @riastradh #3152 - Remove multiple calls to free when successively calling `jq_reset`. @Sameesunkaria #3134 - Enable IBM z/OS support. @sachintu47 #3277 - Fix insecure `RUNPATH`. @orbea #3212 - Avoid zero-length `calloc`. @itchyny #3280 - Move oniguruma and decNumber to vendor directory. @itchyny #3234 Test improvements - Run tests in C locale. @emanuele6 #3039 - Improve reliability of `NO_COLOR` tests. @dag-erling #3188 - Improve `shtest` not to fail if `JQ_COLORS` and `NO_COLOR` are already set. @SArpnt #3283 - Refactor constant folding tests. @itchyny #3233 - Make tests pass when `--disable-decnum`. @nicowilliams 6d02d53f515bf1314d644eee93ba30b0d11c7d2b - Disable Valgrind by default during testing. @itchyny #3269 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c19684c30ac6d7d0e6a1a63e8ba3857461780aa1 Author: Adolf Belka Date: Fri Jul 4 12:14:32 2025 +0200 haproxy: Update to version 3.2.2 - Update from version 3.1.2 to 3.2.2 - Update of rootfile not required - Changelog is too large to include here. Details can be found from the CHANGELOF file from the source tarball. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 60797312ac5a16e9e55d214dbd686d2574da2d7e Author: Adolf Belka Date: Fri Jul 4 12:14:31 2025 +0200 freeradius: Update to version 3.2.7 - Update from version 3.2.6 to 3.2.7 - Update of rootfile - Changelog 3.2.7 Feature Improvements Print MD5 hash of the configuration files in debug mode This helps people track configuration changes. Add support for IPv6 to "abinary" type. The fields are the same as for "ip", but use "ipv6", and IPv6 formatted addresses. Update radclient to make it clear that Message-Authenticator is added to all Access-Request packets, even if the input file does not contain it. Add support for Subject AltName URI. Closes #5450. Add python_path_mode option to python3 module. Relax checks on OpenSSL minor versions for OpenSSL 3.x. Add API for deleting dynamic home servers. set SO_KEEPALIVE on outbound sockets, so firewalls are less likly to close TCP connections. Allow querying of statistics when home_server has src_ipaddr set. See FreeRADIUS-Stats-Server-Src-IP-Address Fixes #5483. Update dictionary "man" page. Fixes #4346. Change jlibtool to use --show-config, to avoid conflicts with clang --config. Fixes #5442. RADIUS/TLS clients now support a "tls' subsection. For connections from this client, this section is used in preference to the "listen" TLS settings. This allows a server to easily present different identities to different clients. RADIUS/TLS has been updated for TLS-PSK and TLS 1.3. Tested with radsecproxy. Bug Fixes For EAP-TLS, send TLS start without a length field Some clients refuse to do EAP-TLS when this field exists. Avoid blocking TLS sockets on corner cases during session setup. Update home server stats. Correct error message about untrusted certs. Fixes #5466. Use PyEval_RestoreThread to swap to main thread Fixes #5111. Don't run Python detach function on config check. Fix a number of issues with TLS connections and "check_client_connections = yes". Be more careful about managing the incoming queue when databases block the server. The server will still be unable to make progress, but it should crash less. Whether or not this is a good thing is unknown. Better handler single-character expansions. Fixes #2216. Correct calculation of EAP length in pre-proxy. Fixes #5486. Don't segfault when using detail listeners. Fixes #5485. Add check for Couchbase v2, rlm_couchbase won't build on v3. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 61ed7a4670e57f1e66bbdb02c53a2227eff14f6d Author: Adolf Belka Date: Fri Jul 4 12:14:18 2025 +0200 core197: Ship fontconfig Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c58b8098864462d4d270bb3f049bd2b2504d459b Author: Adolf Belka Date: Fri Jul 4 12:14:30 2025 +0200 fontconfig: Update to version 2.17.1 - Update from version 2.16.2 to 2.17.1 - Update of rootfile - Changelog 2.17.1 Fix a heap buffer overflow meson: Add 'noinstall' to default-hinting, default-sub-pixel-rendering, bitmap-conf build options Bump the libtool version 2.17 ci: Add a subproject test case for meson test: Set sys-root to WINEPATH for MinGW ci: Correct reference to not trigger fetching a branch for main ci: clean up and add changelog to the release note through changelog API meson: don't try to call run_command for gperf on --wrap-mode=forcefallback Make sure that the debugging facilities are initialized at loading config phase Add FcConfigPerferAppFont() to allow changing the order of application fonts conf.d/65-nonlatin.conf: Rename Lohit Oriya to Lohit Odia ci: disable meson static fontations build tentatively conf.d/65-nonlatin.conf: drop the leading extra white spaces ci: quote pip's requirement specifier in the build script ci: Add -O option to the build script for convenience ci: add installation test Add a test case for FcPtrList Improve performance of FcPtrListIterInitAtLast test: make sure we have fcstdint.h before building test programs Drop FcDefaultFini() from FcFini() to fix memory leaks test: do not free FcFontSet From FcConfigGetFonts Drop the configuration path migration code Drop FcObjectFini() from FcFini() to fix memory leaks Free the mutex object only when all cache objects isn't referenced Free the mutex object only when there are no references to the default FcConfig instance Increase a reference count for default FcConfig instance with FcInit() conf.d: Add a conf to guess a generic-family for substitution test: add a pattern test test: add a test scenario for 48-guessfamily.conf test-crbug1004254: hold FcConfig during running a test in a thread Simplify FcConfigFini() Revert "test-crbug1004254: hold FcConfig during running a test in a thread" Call FcMutexUnlock only when valid instance is available Fix a memory leak in default_langs Avoid possibly invalid access on MT Add bitmap-conf build option to choose default bitmap conf doc: rewrite check-missing-doc in Python Do not hardcode a cache version Add default font paths for Android in configure script meson: Fix additional-fonts-dirs build option that not taking effect meson: rename meson_options.txt to meson.options Allow dotfiles to scan for caching Trim trailing newline in string in cache Fix a crash with broken cache ci: cleanup builddir Do not fallback decoding with UTF-16BE if no iconv support Fix padding with "und" in pattern elements ci: fix pipeline fail of subproject build on forked project ci: add some usage text to build script Bump libtool version for autotools build Fix release script Avoid conflict between dgettext macro and declaration in fcint.h fix: Skip empty entries in XDG_DATA_DIRS parsing [Fontations] Factor out fcpat.c - add Fontations dependencies Add FcPatternObjectGet* impl for CharSet and LangSet [Fontations] Improve resolution of Rust crate features [Fontations] Roll Skrifa, Read-Fonts, Font-Types [Fontations] Pattern Bindings for CharSet and LangSet [Fontations] Container and local download of testfiles Add Pytest status to Meson Summary Add Roboto Flex to font downloading script Migrate pytest testcase 431 to pre-downloaded fonts [Fontations] Enable fc-query indexing through Fontations Revert "ci: disable meson static fontations build tentatively" [Fontations] Fix Rust edition, do not require extern crate [Fontations] Add support for "foundry" pattern element [Fontations] Add support for "version" pattern element [Fontations] Clippy fix for foundries mapping [Fontations] Add attributes weight, width, slant to Pattern Cargo build improvements [Fontations] Iterate over TrueType collections and named instances Amend license headers [Fontations] Process and append font capabilities to Pattern Speculative fix for uninitialised value used in FcFontSort [Fontations] Add charset pattern element [Fontations] Add langset pattern element [Fontations] Add fontwrapper, filename and symbol elements to pattern [Fontations] Add woff wrapper and filename if file is woff or woff2 [Fontations] Roll Fontations, Skrifa to 0.31.3 [Fontations] Match name id append order to FreeType indexer Sort test pattern elements [Fontations] Add pixel size information [Fontations] Fix size element and enable more element tests [Fontations] Add spacing property [Fontations] No style element for variable instance [Fontations] Remove pattern filter from tests Parse foundry from OS/2 for table version 0 [Fontations] Assorted fixes to match FreeType indexing [Fontations] Do not combine bindings into one crate Make "retry:" label conditional on ICONV [Fontations] Clarify import of FcLangSet Rename FcFreeTypeLangSet to FcLangSetFromCharset [Fontations] Fix downstream build of indexing with Fontations fccharset.c Avoid use-after-free warning fccharset.c Avoid use-after-free warning configure.ac: drop -fno-strict-aliasing Fix heap buffer underflow in FcConfigXdgDataDirs Fix use-after-free in FcConfigGetPrgname meson: don't force installation of a static library Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c03fb49f5ba1828ae3f99c3f817255fabc9ba823 Author: Michael Tremer Date: Thu Jul 3 15:02:14 2025 +0000 langs: Sort Chinese translations alphabetically Signed-off-by: Michael Tremer commit 207e59c1a4aa96d823a97fe94673fd1337f54d07 Author: Michael Tremer Date: Thu Jul 3 15:01:58 2025 +0000 make.sh: Add Chinese translations to automatic language checks Signed-off-by: Michael Tremer commit 500b01a0ce22d1e4e227a2498af8dcdea497e08a Author: Michael Tremer Date: Thu Jul 3 14:59:28 2025 +0000 core197: Ship the list of supported languages Signed-off-by: Michael Tremer commit c80c2ef15e61feed8978694b7c830d03e7aeb740 Author: Michael Tremer Date: Thu Jul 3 14:58:24 2025 +0000 core197: Ship changed menu files Signed-off-by: Michael Tremer commit 117570ace6dfcb49a6ea4b9418567a0941e4e7ca Author: Michael Tremer Date: Thu Jul 3 14:56:15 2025 +0000 Start Core Update 197 Signed-off-by: Michael Tremer commit f4d511e09a778e798683fc49c4081c118e463276 Author: Michael Tremer Date: Thu Jul 3 14:52:15 2025 +0000 make.sh: Update missing translations Signed-off-by: Michael Tremer commit b188f482fa43e9d4983a0f3055e0725bae57bc01 Author: Michael Tremer Date: Thu Jul 3 14:51:54 2025 +0000 langs: Remove foreign URL from Chinese translations Signed-off-by: Michael Tremer commit 60abeef8b92f68e400610bbda5906e44b28b8b73 Author: Adolf Belka Date: Wed Jul 2 14:01:11 2025 +0200 en.pl: Add "quality of service" and "mdstat" values into en lang file - The extrahd is already in the file but this change ensures that the lang additions to the 20-status and 40-services menu files are included in the en.pl file. Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3a9042e8ec246cb92dcf6ab8e6e5c46fd78eab6f Author: Adolf Belka Date: Wed Jul 2 14:01:10 2025 +0200 40-services.menu: Use lang files for caption and title - The "quality of service" and "extrahd" values are in the two Chinese language files Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9e209e08e258160663f6e85e17e1cabc736b00fe Author: Adolf Belka Date: Wed Jul 2 14:01:09 2025 +0200 20-status.menu: Use lang files for caption and title - the mdstat values are in the two Chinese language files Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 232d4bbed8477ef15da8887beda82558aa5c79ed Author: Adolf Belka Date: Wed Jul 2 14:01:08 2025 +0200 langs: Addition of Chinese language files - from ipfire github pull request - These langauage files have been provided by GitHub user Opnwall as a pull request - Tested out the result of these two patches on my vm testbed. As long as I made sure I had a font set installed that dealt with these types of character codes then it worked fine for me. I had to install noto-fonts-cjk on my archlinux system for the characters to be properly transcribed. - The associated patch is where a few menu items that had no language translation have been changed to use the language files, presumably so that those menu names are shown in the Chinese characters. Suggested-by: Opnwall Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4a12f983c1eba12a337bd0cfcc592181ff6a174b Author: Arne Fitzenreiter Date: Thu Jul 3 14:22:06 2025 +0200 vulnerabilities.cgi add indirect target selection Signed-off-by: Arne Fitzenreiter commit d329f1c2a51a59ade209f1a900c5b0d8f7c70409 Author: Michael Tremer Date: Thu Jul 3 07:33:41 2025 +0000 freeradius: Bump release Fixes: #13590 - Freeradius not starting: libssl version mismatch Signed-off-by: Michael Tremer commit ef9c801966e4b14fd53997adc256669a0d813480 Author: Michael Tremer Date: Wed Jul 2 10:45:50 2025 +0000 Revert "libusb: Add comment to update nut when libusb is updated" This reverts commit 80b5bcd5ed1c3dbad515e0835806999cdbe71e61. This change is no longer needed. Signed-off-by: Michael Tremer commit 1f28c8ad6e575c5663f3a4577d24b34a34670c88 Author: Adolf Belka Date: Wed Jul 2 13:00:55 2025 +0200 sudo: Update to version 1.9.17p1 - Update from version 1.9.17 to 1.9.17p1 - Update of rootfile not required - Changelog 1.9.17p1 * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the user to run commands on a different host. * Fixed CVE-2025-32463. An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. The chroot support has been deprecated an will be removed entirely in a future release. Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 80b5bcd5ed1c3dbad515e0835806999cdbe71e61 Author: Adolf Belka Date: Mon Jun 30 18:12:02 2025 +0200 libusb: Add comment to update nut when libusb is updated - libusb is a run time requirement for nut Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 830a6725ead4285b2c8ae50ea184c14aed732977 Author: Adolf Belka Date: Tue Jul 1 15:44:35 2025 +0200 core196: Revert ship of customservices from fwhosts - Shipping the customservices file replaced the existing file on all users systems, which resulted in any modificationjs they had made being wiped out. - Having thought about it further what I shouldn have done is just added the additional custom service of "DNS over TLS" to the end of the customservices file during the update process using update.sh but that is also not so easy because what number to use for the "DNS over TLS" entry will depend on how many custom services the user has created. - At the least the shipping of the customservices file needs to be reverted. I and others can then think about alternative ways to provide that entry to existing files. - Alternatively we could leave it without doing anything. A fresh install will have the "DNS over TLS" entry and upgrades will just leave the existing customservices file alone. - Users can of course recover the file by doing a restore from the backup they have created but it is not good to overwrite those sorts of files. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4b8c437bbc2c45e7623ac56197036f6af103b8b7 Merge: baa22ec7a 99a3c58f2 Author: Michael Tremer Date: Mon Jun 30 08:53:10 2025 +0000 Merge branch 'next' commit 99a3c58f2f6cd18515e6baa3c0da70dd23c69f1d Author: Michael Tremer Date: Mon Jun 30 08:49:42 2025 +0000 make.sh: Update contributors Signed-off-by: Michael Tremer commit e119ed0c2dc49e398e41a6c5eff85fe934cc4054 Author: Arne Fitzenreiter Date: Mon Jun 30 08:50:02 2025 +0200 grub/installer: add console=tty1 to default entry this is needed because some arm systems try to set more than one console output via firmware/dtb and this is incompatible with the old initsystem that ipfire use. Signed-off-by: Arne Fitzenreiter