commit 8de5c299f9674cbeb6eff05eaaf696fd03915ce1 Author: Adolf Belka Date: Fri Aug 29 21:26:00 2025 +0200 tshark: Update to version 4.4.9 - Update from version 4.4.8 to 4.4.9 - Update of rootfile - Changelog 4.4.9 Bug Fixes wnpa-sec-2025-03 SSH dissector crash. Issue 20642. RDM Product Detail List ID Disect incorrect. Issue 20612. SCCP LUDT segmentation decoding fails. Issue 20647. Ciscodump fails to start capture on Cisco IOS. Issue 20655. [BACnet] WritePropertyMultiple closing context tag 1 not showing. Issue 20665. Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. Issue 20671. New and Updated Features New Protocol Support There are no new protocols in this release. Updated Protocol Support BACapp, LIN, MySQL, RDM, SABP, SCCP, sFlow, and SSH New and Updated Capture File Support There is no new or updated capture file support in this release. Updated File Format Decoding Support There is no updated file format support in this release. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 65843241968c7c60935f6d177da69f21a964d8c2 Author: Michael Tremer Date: Fri Aug 29 21:01:04 2025 +0000 core198: Ship meson Signed-off-by: Michael Tremer commit 536f30dd11423f171f4cc5a94c09adfd1c2f915b Author: Adolf Belka Date: Fri Aug 29 21:25:59 2025 +0200 meson: Update to version 1.9.0 - Update from version 1.8.0 to 1.9.0 - Update of rootfile - Changelog 1.9.0 Array .flatten() method Arrays now have a .flatten() method, which turns nested arrays into a single flat array. This provides the same effect that Meson often does to arrays internally, such as when passed to most function arguments. clang-tidy's auto-generated targets correctly select source files In previous versions, the target would run clang-tidy on every C-like source files (.c, .h, .cpp, .hpp). It did not work correctly because some files, especially headers, are not intended to be consumed as is. It will now run only on source files participating in targets. Added Qualcomm's embedded linker, eld Qualcomm recently open-sourced their embedded linker. https://github.com/qualcomm/eld Meson users can now use this linker. Added suffix function to the FS module The basename and stem were already available. For completeness, expose also the suffix. Support response files for custom targets When using the Ninja backend, Meson can now pass arguments to supported tools through response files. In this release it's enabled only for the Gnome module, fixing calling gnome.mkenums() with a large set of files on Windows (requires Glib 2.59 or higher). meson format now has a --source-file-path argument when reading from stdin This argument is mandatory to mix stdin reading with the use of editor config. It allows to know where to look for the .editorconfig, and to use the right section of .editorconfig based on the parsed file name. Added license keyword to pkgconfig.generate When specified, it will add a License: attribute to the generated .pc file. New experimental option rust_dynamic_std A new option rust_dynamic_std can be used to link Rust programs so that they use a dynamic library for the Rust libstd. Right now, staticlib crates cannot be produced if rust_dynamic_std is true, but this may change in the future. Rust and non-Rust sources in the same target Meson now supports creating a single target with Rust and non Rust sources mixed together. In this case, if specified, link_language must be set to rust. Explicitly setting Swift module name is now supported It is now possible to set the Swift module name for a target via the swift_module_name target kwarg, overriding the default inferred from the target name. lib = library('foo', 'foo.swift', swift_module_name: 'Foo') Top-level statement handling in Swift libraries The Swift compiler normally treats modules with a single source file (and files named main.swift) to run top-level code at program start. This emits a main symbol which is usually undesirable in a library target. Meson now automatically passes the -parse-as-library flag to the Swift compiler in case of single-file library targets to disable this behavior unless the source file is called main.swift. Swift compiler receives select C family compiler options Meson now passes select few C family (C/C++/Obj-C/Obj-C++) compiler options to the Swift compiler, notably -std=, in order to improve the compatibility of C code as interpreted by the C compiler and the Swift compiler. NB: This does not include any of the options set in the target's c_flags. Swift/C++ interoperability is now supported It is now possible to create Swift executables that can link to C++ or Objective-C++ libraries. To enable this feature, set the target kwarg swift_interoperability_mode to 'cpp'. To import C++ code, specify a bridging header in the Swift target's sources, or use another way such as adding a directory containing a Clang module map to its include path. Note: Enabling C++ interoperability in a library target is a breaking change. Swift libraries that enable it need their consumers to enable it as well, as per the Swift documentation. Swift 5.9 is required to use this feature. Xcode 15 is required if the Xcode backend is used. lib = static_library('mylib', 'mylib.cpp') exe = executable('prog', 'main.swift', 'mylib.h', link_with: lib, swift_interoperability_mode: 'cpp') Support for MASM in Visual Studio backends Previously, assembling .masm files with Microsoft's Macro Assembler is only available on the Ninja backend. This now also works on Visual Studio backends. Note that building ARM64EC code using ml64.exe is currently unimplemented in both of the backends. If you need mixing x64 and Arm64 in your project, please file an issue on GitHub. Limited support for WrapDB v1 WrapDB v1 has been discontinued for several years, Meson will now print a deprecation warning if a v1 URL is still being used. Wraps can be updated to latest version using meson wrap update command. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5d6afcbb21a172b410db34bdd0a1ae4aad39dd9f Author: Michael Tremer Date: Fri Aug 29 21:00:32 2025 +0000 core198: Ship abseil-cpp Signed-off-by: Michael Tremer commit 34bb02eb181ea35e7452404cd148484a886045e5 Author: Adolf Belka Date: Fri Aug 29 21:25:58 2025 +0200 abseil-cpp: Update to version 20250814.0 - Update from version 20250127.0 to 20250814.0 - Update of rootfile - Changelog 20250814.0 What's New: absl::Mutex now contains lower-case method names like lock() and shared_lock() to align with standard C++ mutex methods. This allows absl::Mutex to be used with std::scoped_lock and friends. The old names are still present but may be removed in a future release. The RAII Mutex-locker types like absl::MutexLock, absl::ReaderMutexLock, and friends now accept references to absl::Mutex. The pointer-accepting constructors are now deprecated, and may be removed in a future release. Breaking Changes: Nullability template types, which were deprecated in the May 2025 release, have been removed. absl::string_view(nullptr), which is undefined behavior according to the C++ standard, now triggers an assert failure. Note that unless you changed absl/base/options.h, absl::string_view is an alias for std::string_view, so by default you will be inheriting the behavior of your standard library instead of using the Abseil implementation. Abseil's hash tables now require a hash function that has a return type with size >= sizeof(size_t). Known Issues CHECK_ is failing to compile on older versions of GCC when one of the arguments is a C-style string. This is fixed by ba9a180 and will be included in a future patch release. 20250512.1 What's New: The polyfill types absl::any, absl::optional, and absl::variant are now aliases for std::any, std::optional, and std::variant in all builds. (Note that the polyfill implementation absl::string_view remains at the present time, but it defaults to being an alias std::string_view in all builds.) Added absl::FastTypeId(), which evaluates at compile-time to a unique id for the passed-in type. Added absl::endian and absl::byteswap polyfills (25bce12). Breaking Changes: Abseil now requires at least C++17 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. Nullability template types are deprecated and will be removed in a future release. The macro-style annotations (absl_nonnull, absl_nullable) should be used instead (caf854d). Known Issues None known at this time. 20250512.0 What's New: The polyfill types absl::any, absl::optional, and absl::variant are now aliases for std::any, std::optional, and std::variant in all builds. (Note that the polyfill implementation absl::string_view remains at the present time, but it defaults to being an alias std::string_view in all builds.) Added absl::FastTypeId(), which evaluates at compile-time to a unique id for the passed-in type. Added absl::endian and absl::byteswap polyfills (25bce12). Breaking Changes: Abseil now requires at least C++17 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. Nullability template types are deprecated and will be removed in a future release. The macro-style annotations (absl_nonnull, absl_nullable) should be used instead (caf854d). Known Issues This release fails to compile with GCC7 and GCC8. This is fixed in 20250512.1. 20250127.1 What's New: Added support for Bazel 8.0 Added support for Bazel Platforms for better portability Added ABSL_ATTRIBUTE_VIEW and ABSL_ATTRIBUTE_OWNER for diagnosing certain lifetime issues Many performance improvements A security issue in hash container create/resize has been fixed. Note that the latest patch releases for previous LTS versions also address this issue. Breaking Changes: Bazel BUILD files now reference repositories by their canonical names from the Bazel Central Registry. For example, Abseil is now @abseil-cpp instead of @com_google_absl, and GoogleTest is now @googletest instead of @com_google_googletest. Users still using the old WORKSPACE system may need to use repo_mapping on repositories that still use the old names. See 90a7ba6 for an example. Other: This will be the last release to support C++14. Future releases will require at least C++17. Known Issues None known at this time. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2547832f2623dd01279114f16e12285da7e0629e Author: Adolf Belka Date: Fri Aug 29 13:36:44 2025 +0200 samba: Update to version 4.22.4 - Update from version 4.22.3 to 4.22.4 - Update of rootfile not required for any of the architectures - Changelog 4.22.4 * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. * BUG 15844: getpwuid does not shift to new DC when current DC is down. * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName- * BUG 15881: Unresponsive second DC can cause idmapping failure when using idmap_ad- * BUG 15840: kinit command is failing with Missing cache Error. * BUG 15891: Figuring out the DC name from IP address fails and breaks fork_domain_child(). * BUG 15816: vfs_streams_depot fstatat broken. * BUG 15892: Delayed leader broadcast can block ctdb forever. * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. * BUG 15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine). * BUG 15877: Fix handling of empty GPO link. * BUG 15880: SMB ACL inheritance doesn't work for files created. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e2336a9e06b7a91b86cdc91002b0d281dbdf0849 Author: Adolf Belka Date: Tue Aug 26 20:48:51 2025 +0200 core198: Ship whois Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 49cde8f359a93925f2ab1283fdc82a6ef5404edf Author: Adolf Belka Date: Tue Aug 26 20:49:03 2025 +0200 whois: Update to version 5.6.4 - Update from version 5.6.1 to 5.6.4 - Update of rootfile not required - Changelog 5.6.4 * Updated the .cm and .to TLD servers. 5.6.3 * Added the .sr and .мон (.xn--l1acc, Mongolia) TLD servers. * Use readpassphrase(3) on OpenBSD and FreeBSD. 5.6.2 * Updated the .post and .in (and related IDN TLDs) TLD servers. * Removed 1 new gTLDs which is no longer active. * Build-Depend on libcrypt-dev. (Closes: #1106977) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2a037e9d0dd839724f4607606e18fe71e8c21264 Author: Adolf Belka Date: Tue Aug 26 20:48:50 2025 +0200 core198: Ship sudo Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 433c140ddd46d7073aeb275bf6f6e2aba1251a4d Author: Adolf Belka Date: Tue Aug 26 20:49:02 2025 +0200 sudo: Update to version 1.9.17p2 - Update from version 1.9.17p1 to 1.9.17p2 - Update of rootfile not required - Changelog 1.9.17p2 * Fixed a bug introduced in sudo 1.9.16 that could result in sudo sending SIGHUP to all processes on the system in certain rare cases. The bug could manifest if sudo is running a command in a pseudo-terminal, sudo terminates the command due to an internal error, and the user's terminal is revoked. GitHub issue #458. * Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort when the "intercept" and "intercept_verify" options are enabled in sudoers and either the command line arguments or the environment contains a string larger than the page size (usually 4096). This only Linux affects systems that support the ptrace_readv_string() function. GitHub issue #453. * Fixed a bug in sudo's configure script introduced in sudo 1.9.17 that prevented mdoc-format man pages from being used on systems without the mandoc utility. Bug #1077. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 6d1f9a710819c3370fe2f7a23ea15c7f74d73ad2 Author: Adolf Belka Date: Tue Aug 26 20:49:01 2025 +0200 rpcbind: Update to version 1.2.8 - Update from version 1.2.7 to 1.2.8 - Update of rootfile not required - Changelog 1.2.8 rpcinfo: Removed a number of "old-style function definition" warnings rpcbind: Add -v flag to print version and config This helps to see compiled time options, e.g. remote calls enablement. $ ./rpcbind -v rpcbind 1.2.7 debug: no, libset debug: no, libwrap: no, nss modules: files, remote calls: no, statedir: /run/rpcbind, systemd: yes, user: root, warm start: no man/rpcbind: Update list of options -L was removed in 718ab7e, -w added in 9b1aaa6, -f added in eb36cf1. Fixes: 718ab7e ("Removed the documentation about the non-existent '-L' flag") Fixes: 9b1aaa6 ("Allow the warms start code to be enabled at compile time...") Fixes: eb36cf1 ("rpcbind: add no-fork mode") Comment out ListenStream=@/run/rpcbind.sock [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc() Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2173869 Move rpbind's default configuration to /run verses /var/run Move rpcbind.lock to /run Most of the distros have /var/run as symlink to /run. Because /var may be a separate partition, and could even be mounted via NFS, having to look directly to /run help to avoid issues rpcbind startup early in boot when /var might not be available. systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] where /var/run/rpcbind.lock cannot be created due missing /var/run/ directory. But the suggestion to add RequiresMountFor=... was implemented in ee569be ("Fix boot dependency in systemd service file"). But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind 1.2.6: rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system Adding systemd-tmpfiles-setup.service fixes it. NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but systemd-tmpfiles-setup.service looks to me more specific). openSUSE uses only After=sysinit.target as a result of #1117217 [3] (also works). [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 systemd/rpcbind.service.in: Add various hardenings options We've been running rpcbind 1.2.6 with it in openSUSE since 2021. NOTE: In systemd < 244 (released Nov 2019) some of these options are unknown and will produce warnings, see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort man/rpcbind: Add Files section to manpage Previous commit added 3 non-default files, mention them in man page. systemd/rpcbind.service.in: Add few default EnvironmentFile Add some defaults so that distros can drop patches to configure it. * openSUSE and Fedora use /etc/sysconfig/rpcbind https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1 https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch * Debian uses /etc/rpcbind.conf and /etc/default/rpcbind https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads Add all these 3 in order: * /etc/rpcbind.conf * /etc/default/rpcbind * /etc/sysconfig/rpcbind Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d41e8f9b691b84deccd4480227432b7f46f60af9 Author: Adolf Belka Date: Tue Aug 26 20:48:49 2025 +0200 core198: Ship nano Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3f808c5133d97f95f388f9752ff06c65bff26a4d Author: Adolf Belka Date: Tue Aug 26 20:48:59 2025 +0200 nano: Update to version 8.6 - Update from version 8.5 to 8.6 - Update of rootfile not required - Changelog 8.6 • The GotoLine menu accepts the prefixes ++ and -- for jumping a number of lines forward or backward. • Anchors are not forgotten when a line number is given on the command line. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit dbf605803ce8dc93013e042aebd7642470d30c4f Author: Adolf Belka Date: Tue Aug 26 20:48:48 2025 +0200 core198: Ship lsof Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit eb7934977177d6b196d3656eddc20cd8da151deb Author: Adolf Belka Date: Tue Aug 26 20:48:58 2025 +0200 lsof: Update to version 4.99.5 - Update from version 4.99.4 to 4.99.5 - Update of rootfile not required - Changelog 4.99.5 [linux] fix legacy linux kernel compatibility due to missing /proc/self/ns (#329) [linux] fix potential null pointer deference, reported by @mono-trip (#332) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2e4002ec3bb27c8f8884c4157030aaffea97a1f4 Author: Adolf Belka Date: Tue Aug 26 20:48:47 2025 +0200 core198: Ship libinih Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b0dc0b6eb2198395bc650f80ac2b582331ec3c02 Author: Adolf Belka Date: Tue Aug 26 20:48:57 2025 +0200 libinih: Update to version 61 - Update from version 58 to 61 - Update of rootfile not required - Changelog 61 add option to disable the test suite by @sage-etcher in #195 add ini_parse_string_length() that avoids internal strlen(), and ease… by @lihuiba in #196 Fix bug where name only options are not processed after an error has occurred by @msquire in #197 Optimise ini_rstrip() by @msquire in #198 60 test long lines by @isidroas in #190 Require C++ only for the host machine; bump project version to 59 by @bgilbert in #191 meson: fix tests under Windows by @neheb in #192 59 INIReader: change variable visibility from private to protected by @meiyasan in #165 Add meson test driver by @matoro in #170 Swap rstrip() and lskip() to reduce execution time of strlen() by @isidroas in #177 Add preprocessor exclusions when INI_ALLOW_MULTILINE=0 by @isidroas in #178 tests: define only once the compiler and flag by @isidroas in #179 Test that long sections are truncated by @isidroas in #180 Add INIReader Sections and Keys methods by @Ishan09811 in #186 If a line is longer than INI_MAX_LINE, consume input up to next newline by @benhoyt in #188 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f6f1eccb1d4e59560ce0a11cd4bdf435404bb01f Author: Adolf Belka Date: Tue Aug 26 20:48:46 2025 +0200 core198: Ship hwdata Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f5c652fe1911568ecdc1b6bfdf9108ad68c9d843 Author: Adolf Belka Date: Tue Aug 26 20:48:56 2025 +0200 hwdata: Update to version 0.398 - Update from version 0.396 to 0.398 - Update of rootfile not required - Changelog 0.398 Update usb and vendor ids 0.397 Update usb and vendor ids Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e44bdbb157a5fe819ffeafbd0c7580bdf9c0c783 Author: Adolf Belka Date: Tue Aug 26 20:48:45 2025 +0200 core198: Ship harfbuzz Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 40f19c5a1f86804f1d24bb7a909e5f2cb8a24530 Author: Adolf Belka Date: Tue Aug 26 20:48:55 2025 +0200 harfbuzz: Update to version 11.4.3 - Update from version 11.2.1 to 11.4.3 - Update of rootfile - Changelog 11.4.3 - Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). - Fix undefined behaviour introduced in 11.4.2. - Fix detection of the “Cambria Math” font when fonts are scaled, so the workaround for the bad `MATH` table constant is applied. 11.4.2 - Various performance and memory usage improvements. - The `hb-shape` command line tool can now be built with the amalgamated `harfbuzz.cc` source. - Fix regression in handling version 2 of `avar` table. - Increase various buffer length limits for better handling of fonts that generate huge number of glyphs per codepoint (e.g. Noto Sans Duployan) - Improvements to the harfrust shaper for more accurate testing. 11.4.1 - Fix clang compiler warnings. 11.4.0 - General shaping and subsetting speedups. - Fix in Graphite shaping backend when glyph advances became negative. - Subsetting improvements, pruning empty mark-attachment lookups. - Don't use the macro name `_S`, which is reserved by system liberaries. - Build fixes and speedup. - Add a `kbts` shaping backend that calls into the `kb_text_shape` single-header shaping library. This is purely for testing and performance evaluation and we do NOT recommend using it for any other purposes. 11.3.3 - Fix but in vertical shaping of fonts without the vmtx table. 11.3.2 - Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. 11.3.1 - Fix crasher in the glyph_v_origin function introduced in 11.3.0. 11.3.0 - Speed up handling fonts with very large number of variations: - Drawing by up to 40%. - Calculating glyph extents by up to 15%. - Getting horizontal glyph advances by up to 45%. - Speed up getting horizontal and vertical glyph advances by up to 24%. - Significantly speed up vertical text shaping. - Various documentation improvements. - Various build improvements. - Various subsetting improvements. - Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). - Rename harfruzz option and shaper to harfrust following upstream rename. - Implement hb_face_reference_blob() for DirectWrite font functions. - New API: +hb_font_get_glyph_origins_func_t +hb_font_get_glyph_h_origins_func_t +hb_font_get_glyph_v_origins_func_t +hb_font_funcs_set_glyph_h_origins_func() +hb_font_funcs_set_glyph_v_origins_func() +hb_font_get_glyph_h_origins() +hb_font_get_glyph_v_origins() Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 49e379e59bc0993cfe6c2c9c589ed2ecfd75ec3a Author: Adolf Belka Date: Tue Aug 26 20:48:44 2025 +0200 core198: Ship gdbm Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b524a408e26a6b274a4ed7ae77bbb66e02612cd3 Author: Adolf Belka Date: Tue Aug 26 20:48:53 2025 +0200 gdbm: Update to version 1.26 - Update from version 1.25 to 1.26 - Update of rootfile not required - Changelog 1.26 * Fixed build on musl libc * Fixed build on MacOS * Improved testsuite Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 163bb0bc5f932fca92d84e99c46334a958f063b8 Author: Adolf Belka Date: Tue Aug 26 20:48:43 2025 +0200 core198: Ship btrfs-progs Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 257f15b70f9316d85369c32edb8dc044b463abaa Author: Adolf Belka Date: Tue Aug 26 20:48:42 2025 +0200 btrfs-progs: Update to version 6.16 - Update from version 6.15 to 6.16 - Update of rootfile not required - Changelog 6.16 * mkfs: * print label of existing filesystem if attempting to overwrite * remove note about changed defaults in 6.15 * discard support detection uses the ioctl and not sysfs, this should work for all types of block devices * device usage: fix printing units of partition sizes, used to be in 512B sectors * defrag: new option --nocomp to request no compression (kernel 6.17) * check: detect missing orphan items for deleted subvolumes * subvol delete: don't print warning if filesystem is mounted with user_subvol_rm_allowed * build: add build support for Android * other: * cleanups and refactoring * sync sources with kernel * documentation updates * CI and test updates Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 83efd1e49930705a1fcb48e0574ed466b67d36cf Author: Michael Tremer Date: Wed Aug 27 10:34:19 2025 +0000 core198: Ship BIND Signed-off-by: Michael Tremer commit a202d2122ca8f9e90f67158e81c85664889ec09a Author: Matthias Fischer Date: Tue Aug 26 17:55:14 2025 +0200 bind: Update to 9.20.12 For details see: https://downloads.isc.org/isc/bind9/9.20.12/doc/arm/html/notes.html#notes-for-bind-9-20-12 "Notes for BIND 9.20.12 New Features Support for parsing DSYNC records has been added. These records are used for discovering the receiver endpoint for DNS notification messages. For more information, see draft-ietf-dnsop-generalized-notify-09. [GL #5440] Feature Changes Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest type 1. RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated by the IETF and should no longer be used for DNSSEC. DS digest type 1 (SHA1) has also been deprecated in BIND 9. Validators are now expected to treat these algorithms and digest as unknown, resulting in some zones being treated as insecure when they were previously treated as secure. Warnings have been added to named and tools when these algorithms and this digest are being used for signing. Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a different DNSKEY algorithm. Zones with DS or CDS records with digest type 1 (SHA1) should be updated to use a different digest type (e.g. SHA256) and the digest type 1 records should be removed. [GL #5358] Bug Fixes Stale RRsets in a CNAME chain were not always refreshed. Previously, with serve-stale enabled and a CNAME chain that contained a stale RRset, the refresh query didn’t always properly refresh the stale RRsets. This has been fixed. [GL #5243] Add RPZ extended DNS error for zones with a CNAME override policy configured. Previously, when the zone was configured with a CNAME override policy, or the response policy zone contained a wildcard CNAME, the extended DNS error code was not added. This has been fixed. [GL #5342] Fix dig issues. When used with the +keepopen option, dig could terminate unexpectedly in rare situations. Additionally, dig could hang and fail to shutdown properly when interrupted during a query. These have been fixed. [GL #5381] Log dropped or slipped responses in the query-errors category. Responses which were dropped or slipped because of Response Rate Limiting (RRL) were logged in the rate-limit category instead of the query-errors category, as documented in the ARM. This has been fixed. [GL #5388] synth-from-dnssec was not working in some scenarios. Aggressive use of DNSSEC-Validated cache with NSEC was not working in scenarios when no parent NSEC was in cache. This has been fixed. [GL #5422] Clean enough memory when adding new ADB names/entries under memory pressure. The ADB memory cleaning is opportunistic even when BIND is under memory pressure (in the overmem condition). named now ensures that the assigned memory limit is not exceeded by releasing twice the amount of memory allocated for each new ADB name/entry when under memory pressure. [GL !10637] Prevent spurious validation failures. Under rare circumstances, validation could fail if multiple clients simultaneously iterated the same set of DNSSEC signatures. This has been fixed. [GL #3014]" Signed-off-by: Matthias Fischer Reviewed-by: Adolf Belka Signed-off-by: Michael Tremer commit 31c6b2f429482eec73c791dbdd79f6c3e6111dbb Author: Adolf Belka Date: Tue Aug 26 20:49:04 2025 +0200 wsdd: Update to version 0.9 - Update from version 0.8 to 0.9 - Update of rootfile not required - Changelog 0.9 Added - Add command line argument to set source port for multicast message for better firewall interoperability (#216) - Add initial support for SunOS (#223), without dynamic address/interface monitoring. Thanks to Carsten Grzemba. - Add Socket-activated systemd service (#218). Thanks to Alessandro Astone. Changed - Devices are now recorded based on their URI provided in the endpoint reference address, which is not neccessarily a UUID. This also affects API (see #226). - make `/etc/default/wsdd` optional for systemd (see #212) - Remove support for Python 3.7 and 3.8 in Github workflows. Fixed - Clean conection turn-down for Python pre-3.13. Thanks to Alessandro Astone - Handle TimeoutError in metadata exchange. - Proper handling of endpoint addresses as URIs, not UUIDs, see #226. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ac2a8ba7be1559b25ab9b99f9d9f539450903b86 Author: Adolf Belka Date: Tue Aug 26 20:49:00 2025 +0200 postfix: Update to version 3.10.4 - Update from version 3.10.2 to 3.10.4 - Update of rootfile not required - Changelog 3.10.4 Fixes for postscreen(8): Bugfix (defect introduced: postfix-2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert. Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert. Fixes for tlsproxy(8): Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni. Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe. Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing. Portability: deleted an build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it. Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications. Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni. 3.10.3 This release fixes defects that were introduced in Postfix 3.10. These were fixed first in the Postfix 3.11 unstable release. The defects exist only with the default configuration "tls_required_enable = yes". Bugfix (defect introduced: Postfix-3.10, date 20250117): include the current TLS security level in the SMTP connection cache lookup key for lookups by next-hop destination, to avoid reusing the same SMTP connection when sending messages with and without a "TLS-Required: no" header. Likewise, include the current TLS security level in the TLS session lookup key, to avoid reusing the same TLS session info when sending messages with and without a "TLS-Required: no" header. Bugfix (defect introduced: Postfix-3.10, date 20250117): the Postfix SMTP client attempted to look up TLSA records even with "TLS-Required: no". This could result in unnecessary failures. Fix by Viktor Dukhovni & Wietse. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e7b6394f7e9f643f7417aefb526b2b580db31a39 Author: Adolf Belka Date: Tue Aug 26 20:48:54 2025 +0200 git: Update to version 2.51.0 - Update from version 2.50.1 to 2.51.0 - Update of rootfile not required - Changelog 2.51.0 UI, Workflows & Features * Userdiff patterns for the R language have been added. * Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. * "git cat-file --batch" learns to understand %(objectmode) atom to allow the caller to tell missing objects (due to repository corruption) and submodules (whose commit objects are OK to be missing) apart. * "git diff --no-index dirA dirB" can limit the comparison with pathspec at the end of the command line, just like normal "git diff". * "git subtree" (in contrib/) learned to grok GPG signing its commits. * "git whatchanged" that is longer to type than "git log --raw" which is its modern rough equivalent has outlived its usefulness more than 10 years ago. Plan to deprecate and remove it. * An interchange format for stash entries is defined, and subcommand of "git stash" to import/export has been added. * "git merge/pull" has been taught the "--compact-summary" option to use the compact-summary format, intead of diffstat, when showing the summary of the incoming changes. * "git imap-send" has been broken for a long time, which has been resurrected and then taught to talk OAuth2.0 etc. * Some error messages from "git imap-send" has been updated. * When "git daemon" sees a signal while attempting to accept() a new client, instead of retrying, it skipped it by mistake, which has been corrected. * The reftable ref backend has matured enough; Git 3.0 will make it the default format in a newly created repositories by default. * "netrc" credential helper has been improved to understand textual service names (like smtp) in addition to the numeric port numbers (like 25). * Lift the limitation to use changed-path filter in "git log" so that it can be used for a pathspec with multiple literal paths. * Clean up the way how signature on commit objects are exported to and imported from fast-import stream. * Remove unsupported, unused, and unsupportable old option from "git log". * Document recently added "git imap-send --list" with an example. * "git pull" learned to pay attention to pull.autostash configuration variable, which overrides rebase/merge.autostash. * "git for-each-ref" learns "--start-after" option to help applications that want to page its output. * "git switch" and "git restore" are declared to be no longer experimental. * "git -c alias.foo=bar foo -h baz" reported "'foo' is aliased to 'bar'" and then went on to run "git foo -h baz", which was unexpected. Tighten the rule so that alias expansion is reported only when "-h" is the sole option. Performance, Internal Implementation, Development Support etc. * "git pack-objects" learned to find delta bases from blobs at the same path, using the --path-walk API. * CodingGuidelines update. * Add settings for Solaris 10 & 11. * Meson-based build/test framework now understands TAP output generated by our tests. * "Do not explicitly initialize to zero" rule has been clarified in the CodingGuidelines document. * A test helper "test_seq" function learned the "-f " option, which allowed us to simplify a lot of test scripts. * A lot of stale stuff has been removed from the contrib/ hierarchy. * "git push" and "git fetch" are taught to update refs in batches to gain performance. * Some code paths in "git prune" used to ignore the passed-in repository object and used the `the_repository` singleton instance instead, which has been corrected. * Update ".clang-format" and ".editorconfig" to match our style guide a bit better. * "make coccicheck" succeeds even when spatch made suggestions, which has been updated to fail in such a case. * Code clean-up around object access API. * Define .precision to more canned parse-options type to avoid bugs coming from using a variable with a wrong type to capture the parsed values. * Flipping the default hash function to SHA-256 at Git 3.0 boundary is planned. * Declare weather-balloon we raised for "bool" type 18 months ago a success and officially allow using the type in our codebase. * GIT_TEST_INSTALLED was not honored in the recent topic related to SHA256 hashes, which has been corrected. * The pop_most_recent_commit() function can have quite expensive worst case performance characteristics, which has been optimized by using prio-queue data structure. * Move structure definition from unrelated header file to where it belongs. * To help our developers, document what C99 language features are being considered for adoption, in addition to what past experiments have already decided. * The reftable unit tests are now ported to the "clar" unit testing framework. * Redefine where the multi-pack-index sits in the object subsystem, which recently was restructured to allow multiple backends that support a single object source that belongs to one repository. A MIDX does span multiple "object sources". * Reduce implicit assumption and dependence on the_repository in the object-file subsystem. Bug Fixes * A memory-leak in an error code path has been plugged. (merge 7082da85cb ly/commit-graph-graph-write-leakfix later to maint). * A memory-leak in an error code path has been plugged. (merge aedebdb6b9 ly/fetch-pack-leakfix later to maint). * Some leftover references to documentation source files that no longer exist, due to recent ".txt" -> ".adoc" renaming, have been corrected. (merge 3717a5775a jw/doc-txt-to-adoc-refs later to maint). * "git stash -p " improvements. (merge 468817bab2 pw/stash-p-pathspec-fixes later to maint). * "git send-email" incremented its internal message counter when a message was edited, which made logic that treats the first message specially misbehave, which has been corrected. (merge 2cc27b3501 ag/send-email-edit-threading-fix later to maint). * "git stash" recorded a wrong branch name when submodules are present in the current checkout, which has been corrected. (merge ffb36c64f2 kj/stash-onbranch-submodule-fix later to maint). * When asking to apply mailmap to both author and committer field while showing a commit object, the field that appears later was not correctly parsed and replaced, which has been corrected. (merge abf94a283f sa/multi-mailmap-fix later to maint). * "git maintenance" lacked the care "git gc" had to avoid holding onto the repository lock for too long during packing refs, which has been remedied. (merge 1b5074e614 ps/maintenance-ref-lock later to maint). * Avoid regexp_constraint and instead use comparison_constraint when listing functions to exclude from application of coccinelle rules, as spatch can be built with different regexp engine X-<. (merge f2ad545813 jc/cocci-avoid-regexp-constraint later to maint). * Updating submodules from the upstream did not work well when submodule's HEAD is detached, which has been improved. (merge ca62f524c1 jk/submodule-remote-lookup-cleanup later to maint). * Remove unnecessary check from "git daemon" code. (merge 0c856224d2 cb/daemon-fd-check-fix later to maint). * Use of sysctl() system call to learn the total RAM size used on BSDs has been corrected. (merge 781c1cf571 cb/total-ram-bsd-fix later to maint). * Drop FreeBSD 4 support and declare that we support only FreeBSD 12 or later, which has memmem() supported. (merge 0392f976a7 bs/config-mak-freebsd later to maint). * A diff-filter with negative-only specification like "git log --diff-filter=d" did not trigger correctly, which has been fixed. (merge 375ac087c5 jk/all-negative-diff-filter-fix later to maint). * A failure to open the index file for writing due to conflicting access did not state what went wrong, which has been corrected. (merge 9455397a5c hy/read-cache-lock-error-fix later to maint). * Tempfile removal fix in the codepath to sign commits with SSH keys. (merge 4498127b04 re/ssh-sign-buffer-fix later to maint). * Code and test clean-up around string-list API. (merge 6e5b26c3ff sj/string-list later to maint). * "git apply -N" should start from the current index and register only new files, but it instead started from an empty index, which has been corrected. (merge 2b49d97fcb rp/apply-intent-to-add-fix later to maint). * Leakfix with a new and a bit invasive test on pack-bitmap files. (merge bfd5522e98 ly/load-bitmap-leakfix later to maint). * "git fetch --prune" used to be O(n^2) expensive when there are many refs, which has been corrected. (merge 87d8d8c5d0 ph/fetch-prune-optim later to maint). * When a ref creation at refs/heads/foo/bar fails, the files backend now removes refs/heads/foo/ if the directory is otherwise not used. (merge a3a7f20516 ps/refs-files-remove-empty-parent later to maint). * "pack-objects" has been taught to avoid pointing into objects in cruft packs from midx. * "git remote" now detects remote names that overlap with each other (e.g., remote nickname "outer" and "outer/inner" are used at the same time), as it will lead to overlapping remote-tracking branches. (merge a5a727c448 jk/remote-avoid-overlapping-names later to maint). * The gpg.program configuration variable, which names a pathname to the (custom) GPG compatible program, can now be spelled with ~tilde expansion. (merge 7d275cd5c0 jb/gpg-program-variable-is-a-pathname later to maint). * Our header file relied on that the system-supplied header is not later included, which would override our macro definitions, but "amazon linux" broke this assumption. Fix this by preemptively including near the beginning of ourselves. (merge 9d3b33125f ps/sane-ctype-workaround later to maint). * Clean-up compat/bswap.h mess. (merge f4ac32c03a ss/compat-bswap-revamp later to maint). * Meson-based build did not handle libexecdir setting correctly, which has been corrected. (merge 056dbe8612 rj/meson-libexecdir-fix later to maint). * Document that we do not require "real" name when signing your patches off. (merge 1f0fed312a bc/contribution-under-non-real-names later to maint). * "git commit" that concludes a conflicted merge failed to notice and remove existing comment added automatically (like "# Conflicts:") when the core.commentstring is set to 'auto'. (merge 92b7c7c9f5 ac/auto-comment-char-fix later to maint). * "git rebase -i" with bogus rebase.instructionFormat configuration failed to produce the todo file after recording the state files, leading to confused "git status"; this has been corrected. (merge ade14bffd7 ow/rebase-verify-insn-fmt-before-initializing-state later to maint). * A few file descriptors left unclosed upon program completion in a few test helper programs are now closed. (merge 0f1b33815b hl/test-helper-fd-close later to maint). * Interactive prompt code did not correctly strip CRLF from the end of line on Windows. (merge 711a20827b js/prompt-crlf-fix later to maint). * The config API had a set of convenience wrapper functions that implicitly use the_repository instance; they have been removed and inlined at the calling sites. * "git add/etc -p" now honor the diff.context configuration variable, and also they learn to honor the -U command-line option. (merge 2b3ae04011 lm/add-p-context later to maint). * The case where a new submodule takes a path where there used to be a completely different subproject is now dealt with a bit better than before. (merge 5ed8c5b465 kj/renamed-submodule later to maint). * The deflate codepath in "git archive --format=zip" had a longstanding bug coming from misuse of zlib API, which has been corrected. * Other code cleanup, docfix, build fix, etc. (merge b257adb571 lo/my-first-ow-doc-update later to maint). (merge 8b34b6a220 ly/sequencer-update-squash-is-fixup-only later to maint). (merge 5dceb8bd05 ly/do-not-localize-bug-messages later to maint). (merge 61372dd613 ly/commit-buffer-reencode-leakfix later to maint). (merge 81cd1eef7d ly/pack-bitmap-root-leakfix later to maint). (merge bfc9f9cc64 ly/submodule-update-failure-leakfix later to maint). (merge 65dff89c6b ma/doc-diff-cc-headers later to maint). (merge efb61591ee jm/bundle-uri-debug-output-to-fp later to maint). (merge a3d278bb64 ly/prepare-show-merge-leakfix later to maint). (merge 1fde1c5daf ac/preload-index-wo-the-repository later to maint). (merge 855cfc65ae rm/t2400-modernize later to maint). (merge 2939494284 ly/run-builtin-use-passed-in-repo later to maint). (merge ff73f375bb jg/mailinfo-leakfix later to maint). (merge 996f14c02b jj/doc-branch-markup-fix later to maint). (merge 1e77de1864 cb/ci-freebsd-update-to-14.3 later to maint). (merge b0e9d25865 jk/fix-leak-send-pack later to maint). (merge f3a9558c8c bs/remote-helpers-doc-markup-fix later to maint). (merge c4e9775c60 kh/doc-config-subcommands later to maint). (merge de404249ab ps/perlless-test-fixes later to maint). (merge 953049eed8 ts/merge-orig-head-doc-fix later to maint). (merge 0c83bbc704 rj/freebsd-sysinfo-build-fix later to maint). (merge ad7780b38f ps/doc-pack-refs-auto-with-files-backend-fix later to maint). (merge f4fa8a3687 rh/doc-glob-pathspec-fix later to maint). (merge b27be108c8 ja/doc-git-log-markup later to maint). (merge 14d7583beb pw/config-kvi-remove-path later to maint). (merge f31abb421d jc/do-not-scan-argv-without-parsing later to maint). (merge 26552cb62a jk/unleak-reflog-expire-entry later to maint). (merge 339d95fda9 jc/ci-print-test-failures-fix later to maint). (merge 8c3add51a8 cb/meson-avoid-broken-macos-pcre2 later to maint). (merge 5247da07b8 ps/meson-clar-decls-fix later to maint). (merge f3ef347bb2 ch/t7450-recursive-clone-test-fix later to maint). (merge 4ac3302a1a jc/doc-release-vs-clear later to maint). (merge 3bdd897413 ms/meson-with-ancient-git-wo-ls-files-dedup later to maint). (merge cca758d324 kh/doc-fast-import-historical later to maint). (merge 9b0781196a jc/test-hashmap-is-still-here later to maint). (merge 1bad05bacc jk/revert-squelch-compiler-warning later to maint). (merge 3a7e783d9c dl/squelch-maybe-uninitialized later to maint). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7b668f5474e17d0c8ccb6d1b3318fb9ce9b3366d Author: Adolf Belka Date: Tue Aug 26 20:48:52 2025 +0200 fping: Update to version 5.4 - Update from version 5.3 to 5.4 - Update of rootfile not required - Changelog 5.4 Bugfixes - Memory allocation safety checks for event storage (thanks David.A for bug report) - Fix off-by-one boundary check in seqmap code (thanks David.A for bug report) - The minimum value for the period (-p flag) is now 0.001 milliseconds, since it probably never makes sense to use a smaller value, and to avoid doing a very large memory allocation for event storage. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 10149ca776262592ee20e68768fb108e1500bead Merge: a0bd69576 198025111 Author: Michael Tremer Date: Tue Aug 26 14:08:32 2025 +0000 Merge branch 'master' into next commit 198025111e37a80944dbab9ddd57967945e27949 Author: Adolf Belka Date: Mon Aug 25 11:19:14 2025 +0200 update.sh: Ensure ncp-disable is removed from config and DATACIPHERS added - This is doing the same thing as the other patch of this series dealing with backup.pl Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7245ddf773b78be5fd0675d2e260b3da7855ac2c Author: Adolf Belka Date: Mon Aug 25 11:19:13 2025 +0200 backup.pl: Ensure ncp-disable is removed from old backups and DATACIPHERS added - With commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e04f5376ba18767a6a9eccf104c472295a75340b then the settings file which is hashed into %vpnsettings already exists and so none of the defaults are set. Running the ovpnmain.cgi code resolves this for most of the settings but not for ncp-disable being present in server.conf and no DATACIPHERS entry in the settings file. ncp-disable then causes the openvpn server to fail to start as it is no longer recognised in OpenVPN-2.6 - This patch checks if ncp-disable is in the server.conf file from the restored backup and if it is it is then removed and the default values for DATACIPHERS is added into the settings file. - Tested out in my vm testbed and successfully worked. The previously found issue after the above patch was added in has been resolved. - Associated patch in this set is to do a similar thing for the update.sh file for CU197 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a0bd69576464141375f89c2003c7c5962292e7fe Merge: fe2761684 97469fbdd Author: Michael Tremer Date: Sat Aug 23 14:57:15 2025 +0000 Merge branch 'master' into next commit 97469fbdd20c7c47b9d1f2df6b57f60ccda16560 Author: Adolf Belka Date: Sat Aug 23 15:46:09 2025 +0200 backup.pl: Restart openvpn daemons after restore. - As the daemons are running when the restore is done then if the daemons are not restarted the running daemon stays with the previous config and not with the restored version. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fe276168418d6a42b82cac69915ed404d4de892f Author: Michael Tremer Date: Sat Aug 23 14:56:11 2025 +0000 core198: Ship a couple more things because of the GCC update Signed-off-by: Michael Tremer commit 0d2b1746c40d6a52737918ce852633c5ea464b54 Author: Michael Tremer Date: Sat Aug 23 14:53:27 2025 +0000 core198: Ship GCC & glibc Signed-off-by: Michael Tremer commit e70f4ae6e6ad6123fe6aa395bd6d318b72fd6c58 Author: Michael Tremer Date: Thu Aug 14 13:35:47 2025 +0000 make.sh: Bump the toolchain version Signed-off-by: Michael Tremer commit 4246a76a3401be5a0c4b1261e21e3208fdbef07e Author: Michael Tremer Date: Thu Aug 14 13:33:26 2025 +0000 glibc: Update to 2.42 This release adds support for SFrames (https://www.phoronix.com/news/SFrame-Merged-Glibc-2.42) and explicitely enables SSP (which was always on before, but just in case). Signed-off-by: Michael Tremer commit 709971b9fccd1a4aa9c9a29a4732b52a03bc1f8f Author: Michael Tremer Date: Thu Aug 14 09:42:53 2025 +0000 gcc: Update to 15.2.0 Signed-off-by: Michael Tremer commit c293ac4b282da94f2d4b7449738c4be2a590c86e Author: Adolf Belka Date: Wed Aug 20 18:51:47 2025 +0200 ovpnmain.cgi: Fixes bug13869 - shows values from vpnsettings in advanced server page - In the previous version the cgiparams hash was filled from the ovpn/settings file. However with the new version of this file that is no longer done. For the values of protocol, redirect_gw, mssfix, dataciphers, route_push the hash file was changed from %cgiparams to %vpnsettings. This was not done for the values of dciphers, dauth or tlsauth. These values still got their entries from the %cgiparams hash but this hash is empty as it has not been filled. - This patch replaces the use of $cgiparams with $vpnsettings. - Tested this out on my vm testbed and confirmed that the saved values are now shown on the advanced settings wui page. Fixes: bug13869 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e04f5376ba18767a6a9eccf104c472295a75340b Author: Stefan Schantl Date: Tue Aug 19 20:39:16 2025 +0200 ovpnmain.cgi: Apply default settings when neccessary Only apply the default settings in case nothing has been configured yet, otherwise existing settings may get overwritten. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 922c244692d7792ad3c57f3cf3a26aecc3398899 Author: Adolf Belka Date: Wed Aug 20 18:51:47 2025 +0200 ovpnmain.cgi: Fixes bug13869 - shows values from vpnsettings in advanced server page - In the previous version the cgiparams hash was filled from the ovpn/settings file. However with the new version of this file that is no longer done. For the values of protocol, redirect_gw, mssfix, dataciphers, route_push the hash file was changed from %cgiparams to %vpnsettings. This was not done for the values of dciphers, dauth or tlsauth. These values still got their entries from the %cgiparams hash but this hash is empty as it has not been filled. - This patch replaces the use of $cgiparams with $vpnsettings. - Tested this out on my vm testbed and confirmed that the saved values are now shown on the advanced settings wui page. Fixes: bug13869 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 77f1c6dc3999d2174079bf57f1a6078c5e74f7ab Author: Stefan Schantl Date: Tue Aug 19 20:39:16 2025 +0200 ovpnmain.cgi: Apply default settings when neccessary Only apply the default settings in case nothing has been configured yet, otherwise existing settings may get overwritten. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 750377a96a2a380449d6612ddc2661cb782215ab Merge: eefffac97 8d611ffd0 Author: Michael Tremer Date: Thu Aug 14 10:06:01 2025 +0000 Merge branch 'master' into next commit 8d611ffd0424ba20aac45f63f5bdaa398b4cb557 Author: Michael Tremer Date: Thu Aug 14 11:03:04 2025 +0100 core197: Rewrite the entire OpenVPN server configuration This also updates all CCD configuration files. Signed-off-by: Michael Tremer commit 3e82d9990cbdd4b0f022e16aecec164008926717 Author: Michael Tremer Date: Thu Aug 14 11:01:23 2025 +0100 ovpnmain.cgi: Add option to rewrite all configuration files Signed-off-by: Michael Tremer commit 4c0b4194ff24e4ddeb8a1311facfec71d2101a39 Author: Michael Tremer Date: Thu Aug 14 11:01:10 2025 +0100 ovpnmain.cgi: Disable logging warnings Signed-off-by: Michael Tremer commit eefffac970c071a6626fbfb431e29387b14a1b46 Author: Michael Tremer Date: Thu Aug 14 09:57:49 2025 +0000 core198: Restart fcron Signed-off-by: Michael Tremer