commit cb010e23da05a5acd966265fd2daca9736db734b Merge: 630920eb3 9887048ac Author: Michael Tremer Date: Sat Sep 13 11:02:02 2025 +0000 Merge branch 'master' into next commit 630920eb33860ee1172b40527b152053460f6932 Author: Adolf Belka Date: Sat Sep 13 12:38:03 2025 +0200 tcl: Add note in lfs about tcl9 incompatibilities Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9887048ac4cd5c52a27420ba936952a183129ddf Author: Adolf Belka Date: Fri Sep 12 22:29:34 2025 +0200 core197: Ship wio.cgi & wiovpn.pl files Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 762a6e27010f9e60ddbc7e0c64b2c1c50044abf4 Author: Adolf Belka Date: Fri Sep 12 22:29:33 2025 +0200 wiovpn.pl: Update openvpn rw log filename Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 134c5656e2650ebd49606e3cf637ebe8448e74ab Author: Adolf Belka Date: Fri Sep 12 22:29:32 2025 +0200 wio.cgi: Update openvpn rw log filename Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ec7e2a750b815a85bec7f01ae192c0cd18a4f123 Author: Adolf Belka Date: Fri Sep 12 22:10:18 2025 +0200 lynis: Update to version 3.1.5 - Update from version 3.1.3 to 3.1.5 - Update of rootfile - Changelog 3.1.5 Added - Support for OpenWrt - Bitdefender detection on Linux - Detection of openSUSE Tumbleweed-Slowroll Changed - Corrected detection of service manager SMF - Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt - Check modules also under /usr/lib/modules.d 3.1.4 Changed - Update of translations: Portuguese - Add macOS Sequoia - Update of EOL database - Bugfix for using slashes in parameters (SafeInput function) - Simplified copyright line and meta data in files - Support for powerpc64le in authentication section - Don't show error "kadmin.local: unable to get default realm" Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e4a850a05a96a67f8cfc8a729baea7ff8686b8cc Author: Adolf Belka Date: Fri Sep 12 22:08:14 2025 +0200 strace: Update to version 6.16 - Update from 6.12 to 6.16 - Update of rootfile not required - Changelog 6.16 * Improvements * Added -N/--arg-names option for printing syscall argument names. * Implemented setting of system call information using PTRACE_SET_SYSCALL_INFO ptrace API introduced in Linux 6.16. * Implemented decoding of SO_RCVPRIORITY and SO_PASSRIGHTS socket options. * Implemented decoding of RTA_NH_ID and RTA_FLOWLABEL netlink attributes. * Updated decoding of statx syscall. * Updated lists of BR_*, CRYPTOCFGA_*, FUTEX2_*, IORING_*, IPSET_*, KVM_*, MDB_*, NETDEV_*, PR_*, RXRPC_*, SW_*, THERMAL_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.16. 6.15 * Improvements * Implemented decoding of open_tree_attr syscall. * Implemented decoding of AF_TIPC socket addresses and socket options. * Updated decoding of statmount syscall. * Updated lists of AUDIT_*, BPF_*, BTRFS_*, COUNTER_*, FAN_*, FRA_*, IFLA_*, IORING_*, KVM_*, LANDLOCK_*, PKEY_*, RTPROT_*, TCP_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.15. 6.14 * Improvements * Added -e namespace=new option for printing the namespaces entered by the tracee. * Implemented decoding of FRA_FLOWLABEL and FRA_FLOWLABEL_MASK netlink attributes of RTM_{NEW,DEL,GET}RULE NETLINK_ROUTE messages. * Implemented decoding of RTM_{NEW,DEL}MULTICAST and RTM_{NEW,DEL}ANYCAST NETLINK_ROUTE messages. * Updated decoding of statx syscall. * Updated lists of AT_*, AUDIT_*, ETHTOOL_*, FAN_*, IORING_*, IPPROTO_*, KEY_*, NL80211_*, RWF_*, and SECBIT_* constants. * Updated lists of ioctl commands from Linux 6.14. 6.13 * Improvements * Implemented decoding of getxattrat, setxattrat, listxattrat, and removexattrat syscalls. * Updated decoding of struct io_uring_clone_buffers, struct io_uring_napi, and struct perf_event_attr. * Updated decoding of crypto_user_alg netlink attributes of NETLINK_CRYPTO. * Implemented decoding of IFLA_MCTP_PHYS_BINDING netlink attribute. * Updated lists of AT_*, BPF_*, FAN_*, IORING_*, MADV_*, NT_*, and SCM_* constants. * Updated lists of ioctl commands from Linux 6.13. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 459c83435673c8b3e730e1037b9a2366fdfc1832 Author: Adolf Belka Date: Fri Sep 12 22:08:13 2025 +0200 nginx: Update to version 1.29.1 - Update from version 1.26.2 to 1.29.1 - Update of rootfile not required - One CVE fix in 1.27.4, one CVE fix in 1.27.1, four CVE fixes in 1.27.0 - Changelog 1.29.1 *) Change: now TLSv1.3 certificate compression is disabled by default. *) Feature: the "ssl_certificate_compression" directive. *) Feature: support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer. *) Bugfix: the 103 response might be buffered when using HTTP/2 and the "early_hints" directive. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: nginx could not be built on NetBSD 10.0. *) Bugfix: in the "none" parameter of the "smtp_auth" directive. 1.29.0 *) Feature: support for response code 103 from proxy and gRPC backends; the "early_hints" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL provider. *) Feature: support for the "so_keepalive" parameter of the "listen" directive on macOS. *) Change: the logging level of SSL errors in a QUIC handshake has been changed from "error" to "crit" for critical errors, and to "info" for the rest; the logging level of unsupported QUIC transport parameters has been lowered from "info" to "debug". *) Change: the native nginx/Windows binary release is now built using Windows SDK 10. *) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or ngx_http_v3_module modules were used. *) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto optimization if ngx_http_v3_module was used. *) Bugfixes and improvements in HTTP/3. 1.27.5 *) Feature: CUBIC congestion control in QUIC connections. *) Change: the maximum size limit for SSL sessions cached in shared memory has been raised to 8192. *) Bugfix: in the "grpc_ssl_password_file", "proxy_ssl_password_file", and "uwsgi_ssl_password_file" directives when loading SSL certificates and encrypted keys from variables; the bug had appeared in 1.23.1. *) Bugfix: in the $ssl_curve and $ssl_curves variables when using pluggable curves in OpenSSL. *) Bugfix: nginx could not be built with musl libc. Thanks to Piotr Sikora. *) Performance improvements and bugfixes in HTTP/3. 1.27.4 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Feature: the "ssl_object_cache_inheritable", "ssl_certificate_cache", "proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and "uwsgi_ssl_certificate_cache" directives. *) Feature: the "keepalive_min_timeout" directive. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: QUIC connection might not be established when using 0-RTT; the bug had appeared in 1.27.1. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. 1.27.3 *) Feature: the "server" directive in the "upstream" block supports the "resolve" parameter. *) Feature: the "resolver" and "resolver_timeout" directives in the "upstream" block. *) Feature: SmarterMail specific mode support for IMAP LOGIN with untagged CAPABILITY response in the mail proxy module. *) Change: now TLSv1 and TLSv1.1 protocols are disabled by default. *) Change: an IPv6 address in square brackets and no port can be specified in the "proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as client address in ngx_http_realip_module. *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Bugfix: the "so_keepalive" parameter of the "listen" directive might be handled incorrectly on DragonFly BSD. *) Bugfix: in the "proxy_store" directive. 1.27.2 *) Feature: SSL certificates, secret keys, and CRLs are now cached on start or during reconfiguration. *) Feature: client certificate validation with OCSP in the stream module. *) Feature: OCSP stapling support in the stream module. *) Feature: the "proxy_pass_trailers" directive in the ngx_http_proxy_module. *) Feature: the "ssl_client_certificate" directive now supports certificates with auxiliary information. *) Change: now the "ssl_client_certificate" directive is not required for client SSL certificates verification. 1.27.1 *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars. *) Change: now the stream module handler is not mandatory. *) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old worker processes. Thanks to Kasei Wang. *) Bugfixes in HTTP/3. 1.27.0 *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161). Thanks to Nils Bars of CISPA. *) Feature: variables support in the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Bugfix: reduced memory consumption for long-lived requests if "gzip", "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used. *) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic option was used. Thanks to Edgar Bonet. *) Bugfixes in HTTP/3. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5f46ad85918fd552529270504ad0941cc6a7a153 Author: Adolf Belka Date: Fri Sep 12 22:08:12 2025 +0200 mympd: Update to version 22.0.4 - Update from version 21.0.1 to 22.0.4 - Update of rootfile not required - Changelog 22.0.4 - Upd: Restrict sticker names (forbid equal sign) - Fix: Really shuffle the playlist #1455 - Fix: Relax search expression validation #1455 - Fix: Alpine packaging - Fix: Detection of local playback features #1452 22.0.3 - Upd: Create cache und workdir in init script - Upd: Feature detection for local playback output selection #1452 22.0.2 - Fix: MYMPD_API_JUKEBOX_RESTART requires MPD connection #1448 22.0.1 - Fix: Respect backgroundImage setting #1446 - Fix: Alpine packaging 22.0.0 Notes - This release enables certificate checking for outgoing https connections. The system CA cert store should be autodetected, open an issue if it fails. - The startup process of myMPD was reworked. myMPD no longer drops privileges, the included startup scripts are using now the init system to do this. - The default listening ports are now 8080 for HTTP and 8443 for HTTPS. API changes - MYMPD_API_SCRIPT_VERIFY_SIG: new - MYMPD_API_HOME_WIDGET_IFRAME_SAVE: new - MYMPD_API_HOME_WIDGET_SCRIPT_SAVE: new - MYMPD_API_HOME_WIDGET_SAVE: removed Scripting changes - Feat: `mympd.tblvalue_in_list()` - Checks a Lua table of tags against a comma separated list. - Upd: Executing external scripts is now disabled by default. Changelog - Feat: iFrames for home screen #1429 - Feat: Feat: Add custom css and js #1428 - Feat: Use system provided ca store for ssl certificate checking #1427 - Feat: Sign and verify scripts from mympd-scripts repository #1426 - Feat: Add trigger `mympd_playlistart`, `mympd_folderart` - Feat: Sort list of timers and triggers #1425 - Feat: Allow changing output device with local playback #1434 - Upd: Improve "Edit Script"-Layout - Upd: Bootstrap v5.3.7 - Upd: Mongoose 7.18 - Upd: libmympdclient 1.0.34 (libmpdclient 2.24.0) - Upd: Incbin - Upd: Replaced mjson with mongoose implementation - Fix: Improve MPD search expression validation #1435 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 78c7800d13de161e9ddd852a4759696d0d960d1d Author: Adolf Belka Date: Fri Sep 12 22:08:11 2025 +0200 mtr: Update to version 0.96 - Update from version 0.95 to 0.96 - Update of rootfile not required - Changelog 0.96 Merge branch 'traviscross:master' into master Change UDP and ICMP sockets binding to accept a source IP from the -a CLI option Adjust MIN_PORT to match other implementations Handle EHOSTDOWN and refine error handling better granularity add braille graph support with --displaymode 3 fix legend for braille display fix documentation/comment for ENABLE_BRAILLE use addrs for static host ordering in curses add --max-display-paths option Add a compact mode in curses mtr.8.in: spell --mark argument type properly Fix tiny typo in target Implement ASN lookups in well-known nat64 prefix net: implement addrcmp for AF_UNSPEC Initialize lines to empty string in split mode Add error code ETIMEOUT(110) handle logic fixed the sizes passed into snprintf Allow signed integers in the utils function Split the strtonum function into two parts to create a better structure Remove redundant code Fix https://github.com/traviscross/mtr/issues/475 xml report: remove leading spaces Set UTF-8 encoding for XML reports Update Cygwin ICMP service thread for asynchronous pipes Prevent icmp_socket leak on error Markus pointed out useless statement. merged Merge branch 'master' of github.com:traviscross/mtr Fixed typo noted by @szczot3k Changed how conflicitng first/max TTL works. Increased max probes Added protection against use of MTR_PACKET under special circumstances Merge branch 'master' of github.com:traviscross/mtr Added Arad Cohen to NEWS Set SO_BINDTODEVICE for -I Check if SO_BINDTODEVICE is defined ui: make interactive and non-interactive exit code the same Add WSL method to Windows Install Add Ubuntu as specific distribution Update section title Github actions added to perform lint and compile configure.ac: fix broken cap check Add option to use custom ipinfo provider Fix Capability Management, Retain CAP_NET_ADMIN Fix interface binding by retaining CAP_NET_RAW Linux-Only Interface, Marking, and IP Unit Tests Annotate `set_privileged_socket_opt` with UNUSED Drop capabilities when `setsockopt` errors Fix flake8 linting Change B101->S101 to reflect flake8 Use a uint32 for the type of a Linux mark Use Packet Marking for IP Address Selection Support Hexadecimal Arguments for Packet Marking ipv6 udp checksums like ipv4 but with ipv6 pseudoheader fix typo Merge branch 'master' into compact-layout Add help info for option -E Brought an unlikely privilege escalation scenario to my attention. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 8729e18bcd673bc167cac12a48ac55787389cfc3 Author: Adolf Belka Date: Fri Sep 12 22:08:10 2025 +0200 libogg: Update to version 1.3.6 - Update from version 1.3.5 to 1.3.6 - Update of rootfile - Changelog 1.3.6 * Update minimum cmake version to 3.6 This fixes incompatibility with cmake >= 4.0 * Fix UBsan issues * Improve allocation failure handling * Fix various compiler warnings * Fix various autotool warnings * Improve continuous integration testing scripts Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 15b209f4cae7ad2951f296486ccb902d4001013b Author: Adolf Belka Date: Fri Sep 12 22:08:09 2025 +0200 frr: Update to version 10.4.1 - Update from version 10.3.1 to 10.4.1 - Update of rootfile - Changelog 10.4.1 bgpd: initialize local variable (backport #19233) ospfd: Use after free cleanup of lsa (backport #19224) vtysh: copy config from file should actually apply (backport #19242) Revert PR #18358: BGP evpn testing and bug fixes related to non default EVPN backbone (backport #19241) topotests: improve embedded RP test reliability (backport #19240) lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp (backport #18947) bgpd: LL next-hop capabilty fixes (backport #19261) eigrp: validate hello packets and tlvs better (backport #19251) bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp (backport #19266) bgpd: Ensure addpath does not withdraw selected route in some situations (backport #19210) bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val (#19282) bgpd: LL next-hop capabilty fixes (round 2) (backport #19277) lib: compute link-state zapi message size (backport #19290) zebra: Fix buffer overflows found by fuzzing. (backport #19303) 10.4.0 New Features Highlight BGP BFD Strict-Mode neighbor PEER bfd strict [hold-time N] BGP Link-Local Next Hop Capability (draft-ietf-idr-linklocal-capability) neighbor PEER capability link-local BGP Transparent mode neighbor PEER ip-transparent BGP Next Hop Dependent Characteristics Attribute (draft-ietf-idr-entropy-label) neighbor PEER send-nexthop-characteristics IGMP and MLD group/source limits ip igmp max-groups ip igmp max-sources ipv6 mld max-groups ipv6 mld max-sources PIM dense and sparse-dense mode support (RFC3973) new interface mode: dense ip pim dm new interface mode: sparse-dense ip pim sm-dm IGMPv2/MLDv1 immediate leave v4-via-v6 nexthop support for static routes Timeout for vtysh exec-timeout Discover PREF64 in Router Advertisements (RFC8781) ipv6 nd nat64 What's Changed bgpd: Do not start BGP session if BGP identifier is not set by @ton31337 in #17959 bgpd: fix add label support to EVPN AD routes by @pguibert6WIND in #17985 isisd: 'tiebreaker' command line funtionality is inconsistent with its implementation by @baozhen-H3C in #16593 bgpd: Send non-transitive extended communities from/to OAD peers by @ton31337 in #17896 Add bgpevpn route type-2 route map filter tests by @lsang6WIND in #17918 lib: Remove System routes from ip protocol route map choices by @donaldsharp in #17953 staticd: Add CLI to support steering of IPv4 traffic over SRv6 SID list by @cscarpitta in #17988 Fpm problems by @donaldsharp in #17962 bgpd: Fix up memory leak in processing eoiu marker by @donaldsharp in #18000 doc: fix sbfd.rst doc warnings by @forrestchu in #18018 Nexthop leak by @donaldsharp in #18014 lib: actually hash all 16 bytes of IPv6 addresses, not just 4 by @eqvinox in #17901 bgpd: add L2 attr community support as per RFC8214 by @pguibert6WIND in #17987 tests: Remove improper pymark by @donaldsharp in #18025 tools: Add some more support bundle commands by @donaldsharp in #18029 Coverity 2024 new hotness by @donaldsharp in #17865 pimd: fix memory leak and assign allocation type by @rzalamena in #18038 isisd: Do not leak a linked list in the circuit by @donaldsharp in #18033 pimd: Fix for FHR mroute taking longer to age out by @routingrocks in #14105 pimd: fix DR election race on startup by @rzalamena in #18048 bgpd: rfapi: fix mem leak when killed by @gpziemba in #18045 bgpd: Implement Link-Local Next Hop capability by @ton31337 in #17871 Fix journald logging via "log stdout" by @gromit1811 in #17775 babeld: Improve code clarity and maintainability by @y-bharath14 in #18077 bgpd: fix for the validity and the presence of prefixes in the BGP VPN table. by @louis-6wind in #17370 bgpd: Show internal data for BGP routes by @ton31337 in #17870 isisd: Remove unneeded modify functions by @donaldsharp in #18034 bgpd: fix bgp vrf instance creation from implicit by @chiragshah6 in #18081 lib: crash handlers must be allowed on threads by @eqvinox in #18060 Bmp bgp open router id and as val by @pguibert6WIND in #18037 nhrpd: fix dont consider incomplete L2 entry by @pguibert6WIND in #18078 bgpd: Request SRv6 locator after zebra connection by @cscarpitta in #18069 zebra: Allow fpm_listener to continue to try to read by @donaldsharp in #18049 lib (+bfd): improve late timer warnings by @eqvinox in #18094 bgpd: Do not check for capability length for Link-Local Next Hop capability by @ton31337 in #18068 Cid 1636504 by @pguibert6WIND in #18062 Bfd fixups by @donaldsharp in #18026 tests: clear -Wcalloc-transposed-args warnings by @ariel-anieli in #17649 bfdd: 0 is a valid fd. by @donaldsharp in #18125 yang: Reorder the revision statements by @y-bharath14 in #18118 bgpd: fix incorrect JSON in bgp_show_table_rd by @louis-6wind in #18120 pimd,pim6d: implement GMP group / source limits by @rzalamena in #18032 ospfd: Replace LSDB callbacks with LSA Update/Delete hooks. by @aceelindem in #18046 bgpd: Fix crash in bgp_labelpool by @donaldsharp in #18079 lib: fix false context information for SRv6 route by @pguibert6WIND in #18023 staticd: Fix SRv6 SID installation and deletion by @cscarpitta in #18064 Vrf tableid debugs by @donaldsharp in #18142 bgpd: Some fixes/improvements for Link-Local Next Hop capability by @ton31337 in #18080 bgpd: release manual vpn label on instance deletion by @louis-6wind in #18121 watchfrr: Allow -w option to be ignored by @donaldsharp in #18127 bgpd: factorize bgp_table_cleanup() by @louis-6wind in #18122 bgpd: When removing the prefix list drop the pointer by @donaldsharp in #18160 sharpd: add crashme commands by @eqvinox in #18163 isisd: Request SRv6 locator after zebra connection by @cscarpitta in #18178 bgpd: fix vty output of evpn route-target AS4 by @mjstapp in #18109 tests: Fix intermittent failures in srv6_encap_src_addr topotest by @cscarpitta in #18187 yang: Default value for a key leaf to be ignored by @y-bharath14 in #18139 tools: add logfmt option for frr-reload.py by @gtataranni in #16796 lib: nb: call child destroy CBs when YANG container is deleted by @choppsv1 in #18082 isisd, lib: add some codepoints usually shared with other vendors by @pguibert6WIND in #17957 Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default by @davischw in #18095 doc: correct ip rip split-horizon command in the documentation by @Shbinging in #18189 staticd: Failed to register nexthop after networking restart by @Pdoijode in #18164 pimd,pim6d: support IGMPv2/MLDv1 immediate leave by @rzalamena in #18111 zebra: Do not flush an existing vni configuration trying to remove wrong vni by @ton31337 in #18108 pimd: filter neighbors by address by @rzalamena in #17914 tests: Remove warning about passive command by @donaldsharp in #18197 bgpd: Fix another crash in orf by @donaldsharp in #18194 pimd: Fix for data packet loss when FHR is LHR and RP by @routingrocks in #14227 pimd: During prefix-list update, behave as PIM_UPSTREAM_NOTJOINED sta… by @routingrocks in #17666 *: Remove unneeded IPV6_JOIN|LEAVE_GROUP by @donaldsharp in #18213 yang: Corrected Pyang errors or warnings by @y-bharath14 in #18218 doc: update mgmtd list of converted by @choppsv1 in #18223 tests: add docstrings to frontend mgmtd client by @choppsv1 in #18224 bgpd: remove dmed check not required in bestpath selection by @donaldsharp in #18210 Fix oper-state queries that involve choice/case nodes by @choppsv1 in #18231 zebra: Add operational retrieval of Multipath Number by @donaldsharp in #18236 pim: Fix autorp group joins by @nabahr in #18225 pim: Fix vrf binding of autorp and mroute socket by @nabahr in #18226 pimd: Fix PIM VRF support (send register/register stop in VRF) by @gromit1811 in #18216 Drop unused code by @dksharp5 in #18243 bgpd: fix default instance when leaving the hidden state. by @louis-6wind in #18119 ripd: fix no ip rip split-horizon poisoned-reverse command by @Shbinging in #18256 staticd: Fix crash because registering unknown vrf by @donaldsharp in #18235 staticd: Add support for SRv6 uA behavior by @cscarpitta in #18198 fabricd: add option to treat dummy interfaces as loopback interfaces by @kaffarell in #18242 support pre-built oper state in libyang tree by @choppsv1 in #18237 tests: Fixed input dict at create_router_bgp by @y-bharath14 in #18261 ospf6d: Fix use after free of router in OSPFv3 ABR route calculation. by @aceelindem in #18254 staticd: Do not log uninitialized nexthop variable by @cscarpitta in #18271 lib: Prevent crash in getting label chunk by @donaldsharp in #18270 mgmtd: Prevent use after free by @donaldsharp in #18264 Bgp ecommlist count by @pguibert6WIND in #18159 staticd: Add no form for static-sids command by @cscarpitta in #18263 pimd: fix null memory access on IGMP source limit by @rzalamena in #18285 tools: Fix frr-reload.py error related to static-sids by @cscarpitta in #18290 staticd: Fix no srv6 command by @cscarpitta in #18289 isisd: Correct edge insertion into TED by @odd22 in #18294 zebra: reduce memory usage by streams when redistributing routes by @fdumontet6WIND in #18030 bgpd: Do not advertise aggregate routes to contributing ASes by @ton31337 in #17961 Allow retrieval of v4/v6 forwarding state via NB by @dksharp5 in #18253 Vpn prefix aggregate export and accept by @pguibert6WIND in #18301 bfdd: Add "log-session-changes" command to BFD configuration and operational state via YANG Northbound API. by @aceelindem in #18306 yang: Imported modules are not in use by @y-bharath14 in #18293 lib: Correct handling of /frr-vrf:lib/vrf/state/active by @donaldsharp in #18268 configure.ac: fix sed failure on FreeBSD by @rzalamena in #18310 More connection cleanup by @donaldsharp in #18195 doc: don't override automake builtin targets by @qlyoung in #18319 lib: Document --command-log-always in help by @donaldsharp in #18313 zebra: Bring up 514 BGP neighbor sessions by @soumyar-roy in #18214 pimd: Fix PIM6 MLD VRF support (use recvmsg() pktinfo) by @gromit1811 in #18315 bgpd: Fix dead code in bgp_route.c #1637664 by @donaldsharp in #18327 Revert "bgpd: Make keepalive pthread be connection based." by @donaldsharp in #18337 Documentation typesafe by @donaldsharp in #18338 tests: bgp_evpn_route_map_match fix invalid escape sequence by @donaldsharp in #18344 lib: use memcpy in bf_copy by @karthikeyav in #18335 Topotest startup order by @donaldsharp in #18348 ospfd: minor change for style by @anlancs in #18342 Clean up some code and bad assumptions in zebra by @donaldsharp in #18346 tests: Fixed NameError at bmpserver.py by @y-bharath14 in #18362 zebra: fix table heap-after-free crash by @louis-6wind in #16614 zebra: Fix neigh delete causing heap-use-after-free error by @routingrocks in #18336 Revert "bgpd: upon if event, evaluate bnc with matching nexthop" by @donaldsharp in #18368 staticd: Install known nexthops upon connection with zebra by @donaldsharp in #18367 Add Testing for community and Extended community match limit zero by @pguibert6WIND in #18366 bgpd: Show bgp shouldn't display peers in groups by @donaldsharp in #18380 yang: Fixed pyang errors at frr-bgp-common.yang by @y-bharath14 in #18388 isisd: fix bit flag collision in options field by @kaffarell in #18377 Fix bug with oper-state queries including list node by @choppsv1 in #18383 zebra: ensure proper return for failure for Sid allocation by @raja-rajasekar in #18360 ospf6d: Disable and delete OSPFv3 areas that no longer have interfaces or configuration. by @aceelindem in #18393 bgpd: Remove unnecessary stream_new/stream_copies in bgp_open_make by @donaldsharp in #18395 zebra: add ability to specify output file with fpm_listener by @donaldsharp in #18394 bgpd: Fixed crash upon bgp network import-check command by @Manpreet-k0 in #18387 lib: suppress libyang logs during expected error result by @choppsv1 in #18384 2 unit-test fixes by @choppsv1 in #18399 bgpd: Do not keep stale paths in Adj-RIB-Out if not addpath aware by @ton31337 in #18275 bgpd, zebra, tests: disable rtadv when bgp instance unconfiguration. by @dmytroshytyi-6WIND in #18364 fix(vrrp): display vrrp version by default by @echkenluo in #18407 bgpd: Print the real reason why the peer is not accepted (incoming) by @ton31337 in #18410 tests: Corrected input dict at pim.py by @y-bharath14 in #18414 More yang state by @donaldsharp in #18349 babled: reset wired/wireless internal only when wired/wireless status changed by @Shbinging in #18413 doc: Modify typesafe documentation by @donaldsharp in #18419 ripngd: Access and Prefix lists are being leaked on shutdown by @donaldsharp in #18418 zebra: Fix reinstalling nexthops in NHGs upon interface flaps by @raja-rajasekar in #18374 RedHat: Fixing for PR17793 - Allow RPM build without docs and/or rpki by @mwinter-osr in #18426 lib: Create VRF if needed by @nabahr in #18430 bgpd: fix "delete in progress" flag on default instance by @lsang6WIND in #18412 Fix topotest to wait for zebra connection by @donaldsharp in #18432 bgpd: Fix leaked memory when showing some bgp routes by @donaldsharp in #18435 Fpm listener reject by @donaldsharp in #18431 topotests: Add EVPN RT5 multipath flap test by @chdxD1 in #18325 Typesafe zclient by @donaldsharp in #18409 pimd: Skip RPF check for SA message from mesh group peer by @usrivastava-nvidia in #18330 tests: Catch specific exceptions by @y-bharath14 in #18277 lib: fix static analysis error by @dmytroshytyi-6WIND in #17986 zebra: zebra crash for zapi stream by @soumyar-roy in #18359 yang: Code inline with RFC 8407 rules by @y-bharath14 in #18442 tests: Change up start order of bmp tests by @donaldsharp in #18452 tests: add bfd_static_vrf by @louis-6wind in #18446 tests: Corrected typo at path_attributes.py by @y-bharath14 in #18339 bgpd: fix set evpn gateway-ip ipv[46] route-map by @Tuetuopay in #18378 tests: add another directory to search path for pylint by @choppsv1 in #18475 tests: high_ecmp creates 2 update groups by @donaldsharp in #18469 staticd: Fix a crash that occurs when modifying an SRv6 SID by @cscarpitta in #18467 babeld: Missing Validation for AE=0 and Plen!=0 by @zmw12306 in #18473 Bgp clear batch by @donaldsharp in #18447 bgpd: fix handling of configured route-targets for l2vni, l3vni by @mjstapp in #18484 bgpd: Fix holdtime not working properly when busy by @donaldsharp in #18483 babeld: add check incorrect AE value for NH TLV. by @zmw12306 in #18471 isisd:IS-IS hello packets not sent with configured hello timer by @Z-Yivon in #18311 isisd: Fix the issue where redistributed routes do not change when th… by @huchaogithup in #18369 babeld: Hop Count must not be 0. by @zmw12306 in #18474 lib: Return duplicate prefix-list entry test by @ton31337 in #18494 bgpd: fix SA warning in bgp clearing code by @mjstapp in #18496 tests: Handling potential errors gracefully by @y-bharath14 in #18476 babeld: fix hello packets not sent with configured hello timer by @Shbinging in #18448 Eigrp typesafe by @donaldsharp in #18482 ospf6d: Fix LSA memory leaks related to graceful restart by @gromit1811 in #18503 tests: Add ripng aggregate address testing by @donaldsharp in #18506 yang: Fixed pyang errors at frr-isisd.yang by @y-bharath14 in #18500 bgpd: Set the label for MP_UNREACH_NLRI 0x800000 instead of 0x000000 by @ton31337 in #18502 tests: Modify simple_snmp_test to use frr.conf by @donaldsharp in #18508 bgpd: Retain the routes if we do a clear with N-bit set for Graceful-Restart by @ton31337 in #18498 lib: show route-map should not print (null) by @donaldsharp in #18515 tests: Fix potential issues at send_bsr_packet.py by @y-bharath14 in #18520 tests: Irrelevant code in lutil.py by @y-bharath14 in #18532 tools: Add option to frr-reload to specify alternate logfile by @mwinter-osr in #15471 Memory leaks all over by @donaldsharp in #18544 Bgp packet reads conversion to a FIFO by @donaldsharp in #18450 babeld: Add next hop initialization by @zmw12306 in #18470 yang: Limit eigrp to just 1 instance per vrf by @donaldsharp in #18524 yang: Corrected pyang errors in frr-zebra.yang by @y-bharath14 in #18543 bgpd: optimize attrhash_cmp calls by @louis-6wind in #18097 lib: Return duplicate ipv6 prefix-list entry test by @ton31337 in #18561 eigrpd: Fix possible use after free in nbr deletion by @donaldsharp in #18525 bgpd: Skip EVPN MAC processing for non-EVPN peers by @routingrocks in #18564 tests: Resource leaks in test_all_protocol_startup by @y-bharath14 in #18553 Add BGP redistribution in SRv6 BGP by @pguibert6WIND in #18396 bgpd: rfapi: track outstanding rib and import timers, free mem at exit by @gpziemba in #18546 tests: Fix typo when configuring delayopen timer by @ton31337 in #18572 pimd: Initialize gm proxy to false by @nabahr in #18567 bgpd: Treat the peer as not active due to BFD down only if established by @ton31337 in #18562 bgpd: flowspec: remove sizelimit check applied to the wrong length field (issue 18557) by @spoignant-proton in #18558 staticd: Avoid requesting SRv6 sid from zebra when loc and sid block dont match by @raja-rajasekar in #18580 babeld: Hop Count must not be 0. by @zmw12306 in #18547 babeld: Request forwarding does not prioritize feasible routes by @zmw12306 in #18581 babeld: Fix starvation handling on route loss per RFC 8966 §3.8.2.1 by @zmw12306 in #18582 babeld: Add a check to prevent all-ones case by @zmw12306 in #18584 babel: fix incorrect check in known_ae() by @zmw12306 in #18585 doc: add a diagram for config datastore cleanup on file reads by @choppsv1 in #18602 pimd: Fix memory leak on shutdown by @donaldsharp in #18526 nhrpd: Add Hop Count Validation Before Forwarding in nhrp_peer_recv() by @zmw12306 in #18598 babeld: check valid babel port by @zmw12306 in #18583 bgpd: On shutdown free up memory leak found by topotest by @donaldsharp in #18614 *: expose and fix variable shadowing warnings by @mjstapp in #17915 yang: Pyang errors in frr-bfdd.yang by @y-bharath14 in #18604 mgmtd: remove bogus "hedge" code which corrupted active candidate DS by @choppsv1 in #18601 zebra: Fix shadow warning in irdp_packet.c by @donaldsharp in #18627 bgpd: On shutdown free up table for static routes by @donaldsharp in #18625 bgpd: Paths not deleted received from shutdown peer by @soumyar-roy in #18594 bgpd: remove useless calls to afi2family by @louis-6wind in #18624 bfdd: Fix demultiplexing to rely solely on Your Discriminator by @zmw12306 in #18586 babeld: fix incorrect type assignment in parse_request_subtlv by @zmw12306 in #18548 babeld: Add input validation for update TLV. by @zmw12306 in #18472 bgpd: add usid behavior for bgp srv6 instructions by @pguibert6WIND in #18611 bgpd: fix add prefix sent in 'show bgp neighbor' by @pguibert6WIND in #18376 tools: Add pathspace option to generate_support_bundle by @mwinter-osr in #18635 tests: Fix potential issues in mcast-tester.py by @y-bharath14 in #18633 babeld: Add MBZ and Reserved field checking by @zmw12306 in #16735 isisd: fix asla memory leak by @louis-6wind in #18642 lib, staticd, isisd: add B6.ENCAPS codepoint extensions by @pguibert6WIND in #18597 zebra: modify fpm_listener to display data about nhgs by @donaldsharp in #18640 tools: fix reload script for SRv6 locators and formats by @raja-rajasekar in #18628 tests: Shadowing the built-in function by @y-bharath14 in #18574 zebra: fix pbr_iptable memory leak by @louis-6wind in #18645 Rpki testing and bug fix by @donaldsharp in #18649 pim6d: fix missing 'use-source' interface command by @ak503 in #18578 zebra: Add ability to dump routes received from fpm_listener by @donaldsharp in #18641 Add v4-via-v6 nexthop support to staticd by @chdxD1 in #18654 lib,bgpd: clean up clang warnings by @mjstapp in #18655 bgpd: fix pbr memory leaks by @louis-6wind in #18653 fix yang commands that don't have yang attr by @lsang6WIND in #18610 lib: nb: add list_entry_done() callback to free resources by @choppsv1 in #18540 bfdd: Set bfd.LocalDiag when transitioning to AdminDown by @zmw12306 in #18592 tests: Fix northbound endian use in a unit-test by @mjstapp in #18662 isisd: fix srv6_sid memory leak by @louis-6wind in #18667 zebra: change fpm_read to batch the messages by @krishna-samy in #18579 zebra: show command to display metaq info by @krishna-samy in #18497 yang: Corrected pyang errors in frr-pathd.yang by @y-bharath14 in #18665 bgpd: fix misused rfapi conditional by @eqvinox in #18669 pimd: Only create and bind the autorp socket when really needed by @nabahr in #18538 tests: Resource leak in common_config.py by @y-bharath14 in #18658 lib,pimd,bgpd,bfdd: Fix clang 18 warnings by @mjstapp in #18675 zebra: Save event pointer for rib sweeping by @donaldsharp in #18692 bgpd: ensure that bgp_generate_updgrp_packets shares nicely by @donaldsharp in #18689 Implement RFC8781 (NAT64 prefix in RA's) by @donaldsharp in #18626 zebra: implement RFC8781 (NAT64 prefix in RAs) by @eqvinox in #11224 Update EVPN prefix routes properly instead of withdraw/install by @chdxD1 in #18158 bgpd: fix vty's version of show advertised-routes by @askorichenko in #18695 Improve notification selectors (sort, eliminate dups) by @choppsv1 in #18683 tests: Shadowing the built-in function by @y-bharath14 in #18698 bgpd: Fix deref after free in bgp_vrf_unlink by @petrvaganoff in #18694 doc: line vty was not documented by @donaldsharp in #18703 bgpd: Clean extended communities for VRF routes imported from EVPN by @leonshaw in #18656 zebra: Add CLI to display SRv6 SIDs allocated by @cscarpitta in #16836 zebra: add vtep_ip to rmac nh_list in all cases by @chdxD1 in #18677 doc: state correct default behaviour of VTYSH_PAGER env if unset (vtysh manpage) by @valentinbinotto in #18691 pimd: Fix for crash during networking restart by @usrivastava-nvidia in #18672 yang: Fix pyang errors in frr-interface.yang by @y-bharath14 in #18716 Fix Pim ssmpingd by @donaldsharp in #18652 change to 18652 to test by @choppsv1 in #18713 topotests: clarify bgp evpn rt5 by @louis-6wind in #18708 zebra: Display nhg's afi as No Afi by @donaldsharp in #18709 *: enable the missing-noreturn compiler warning by @mjstapp in #18720 *: Fix MULTIPATH_NUM check in nhg encode by @karthikeyav in #18690 zebra: Cancel new client accept events after zsock is closed by @Pdoijode in #18704 tests: Proper handling of resource allocation by @y-bharath14 in #18730 *: Allow returns to work with --enable-undefined-behavior by @donaldsharp in #18731 zebra: use nexthop instead of route vrf_id for EVPN by @chdxD1 in #18309 bgpd: fix bmp heap use after free on non connected session by @pguibert6WIND in #18700 ldpd: Option for disabled LDP hello message during TCP by @AndriiFullroot in #18417 Add sharp support for seg6local routes with uSID flavor by @pguibert6WIND in #18605 doc: add commit message guidelines to the dev guide by @Jafaral in #18657 tests: Unidiomatic-typecheck in bgp.py by @y-bharath14 in #18738 *: Remove deprecated EVENT_OFF macro by @mjstapp in #18739 Isis run level issue by @donaldsharp in #18734 staticd: Add support for other SRv6 Headend Behaviors by @cscarpitta in #18623 zebra: Fixes allowing SRv6 func-bits length 0 by @raja-rajasekar in #18737 add total path count for bgp net in json output by @soumyar-roy in #18740 show ipv6 route [json] displays seg6local flavors by @pguibert6WIND in #18563 ospf6d: Remove dead code by @donaldsharp in #18752 yang: Fix pyang errors in frr-ospfd.yang by @y-bharath14 in #18756 Remove dead code found by @donaldsharp in #18757 yang: Correct unidiomatic-typecheck in pim.py by @y-bharath14 in #18764 zebra: show nexthops count in nexthop-group command by @krishna-samy in #18762 Move where nhe_installed_id is set in zebra by @donaldsharp in #18749 staticd: Fix an issue where SRv6 SIDs may not be allocated on heavily loaded systems by @cscarpitta in #18317 Allow using reserved ranges in RIP by @ton31337 in #18768 Remove unused functions as well as cleanup a header file by @donaldsharp in #18766 build: fail on docstring problems by @eqvinox in #18765 Fix spelling error in bgp as well as clean up bgp documentation by @donaldsharp in #18770 tests: Unreachable code in ospf.py by @y-bharath14 in #18767 docker: Build with 256 way ecmp by @donaldsharp in #18779 eigrpd: Clean up comment to reflect reality by @donaldsharp in #18780 zebra: Allow show ip route table X A.B.C.D/M to work by @donaldsharp in #18776 bgpd: restart R-bit startup timer on no shutdown by @ton31337 in #18773 Add initial state dump on frontend datastore notify subscribe by @choppsv1 in #18778 Gather vtysh return codes up to report to operator by @donaldsharp in #18783 BGP should stay in Idle if BFD profile is in admin shutdown state by @ton31337 in #18763 bfdd: Adding my discriminator id in show bfd peers counters json by @sougata-github-nvidia in #18772 mgmtd: need to set default notify_format for protobuf message too by @choppsv1 in #18788 zebra: Allow nhg's to be reused when multiple interfaces are going amuck by @donaldsharp in #18723 Replace use of __ as identifier prefix by @choppsv1 in #18790 lib/clippy: pointer offsets are signed by @eqvinox in #18792 zebra: Prevent vrf table 254 being used by non-default vrf by @donaldsharp in #18702 *: some gcc warnings clean up by @rzalamena in #18794 bgpd: Remove linklist.h inclusion in bgp_mpath.c by @donaldsharp in #18800 bgpd: fix second router-id of loc-rib peer-up message set to 0.0.0.0 by @pguibert6WIND in #18799 bgpd: Not advertised to any peer in peer-group by @soumyar-roy in #18587 bgpd: Add support for BGP to use SRv6 SID in an explicit way by @GaladrielZhao in #18519 bgpd: fix show bgp vpn rd json by @louis-6wind in #18802 bgpd: Fix flag issue in delete_vrf_tovpn_sid_per_vrf by @GaladrielZhao in #18808 ripd, ripngd: Timer values by @ton31337 in #18805 zebra: guard against use of zapi client data during close by @mjstapp in #18721 docker: install correct python protobuf in ubuntu docker images by @choppsv1 in #18816 tests: Fix unreachable code in pim.py by @y-bharath14 in #18817 tests: bgp_evpn_rt5 add route-reflector by @louis-6wind in #18733 bgpd: Rename bgp_path_info_delete to bgp_path_info_mark_for_delete by @donaldsharp in #18818 isid, lib: Fix gcc 15 warnings by @mjstapp in #18820 Fix bestpath reason being incorrectly set in some cases by @donaldsharp in #18819 tests: Remove version (BGP version) from JSON by @ton31337 in #18831 ci: harden wget from github servers by @vjardin in #18833 doc: topotest add missing media type MIB by @vjardin in #18832 Ipforwarding modify by @donaldsharp in #18316 Prefix list leak bfdd ldpd by @donaldsharp in #18830 Bgp encaps reduced by @pguibert6WIND in #18803 End psp flavor by @pguibert6WIND in #18647 Fix up from a bunch of ubsan issues found. by @donaldsharp in #16074 Add PIC support in the srv6 VPN scenario. by @zice312963205 in #16879 bgpd: Implement BGP Next Hop Dependent Characteristics Attribute (NNHN only) by @ton31337 in #18729 bgpd: fix view deletion and main socket deletion by @rzalamena in #18758 SRv6: Allow configuring node-len 0 by @raja-rajasekar in #18774 bgpd: fix to show exist/non-exist-map in 'show run' properly by @krishna-samy in #18828 zebra: finish moving ip[v6] forwarding to NB/mgmtd by @choppsv1 in #18845 mgmtd top level root query by @choppsv1 in #18835 Clang-19 cleanup and removal of scheduled functionality by @donaldsharp in #18821 pimd: add support for group range prefix-list filter for v6 by @rzalamena in #18260 pimd,pim6d: require router alert configuration by @rzalamena in #18202 zebra: V6 RA not sent anymore after interface up-down-up by @soumyar-roy in #18451 redhat: Add Workaround for inet_ntop replacement which breaks rpms by @mwinter-osr in #18864 staticd, bgp: fix srv6 encap-value displayed with _ instead of . by @pguibert6WIND in #18858 bgpd: fix PEER_FLAG_CONFIG_DAMPENING to be ULL by @vjardin in #18869 Revert 16879 by @ton31337 in #18856 build: the great war against config.h, issue 0 of ∞ by @eqvinox in #18860 yang: Fix pyang errors in frr-staticd.yang by @y-bharath14 in #18857 Keep the original NHE associated with a re around by @donaldsharp in #18751 build: the war against config.h continues, 1 of ∞ by @eqvinox in #18874 bgpd: fix import all adj-rib-in and loc-rib after bmp connects by @pguibert6WIND in #18843 lib: fix mis-done endian check by @eqvinox in #18875 Eliminate protobuf from mgmtd backend (daemon) messaging by @choppsv1 in #18878 *: SPDX license spring cleaning by @eqvinox in #18883 build: the war on config.h is a war of attrition, 2 of ∞ by @eqvinox in #18877 bgpd: two minor fixes for command by @anlancs in #18882 bfdd: Only apply increased transmission interval after Poll Sequence by @zmw12306 in #18589 bfdd: Check for passive mode with zero discriminator by @zmw12306 in #18591 ospfd: Fix crash when ospf client connects before configuring an OSPF instance by @Jafaral in #18785 lib: fix copying of resolved addresses by @kunkku in #18871 *: oh no, config.h is mobilizing its forces! - 3 of ∞ by @eqvinox in #18884 doc/developer: update instructions for NetBSD by @eqvinox in #18879 yang: Correct pyang errors in frr-bgp-route-map.yang by @y-bharath14 in #18781 nhrpd: ignore non-host addresses on NHRP interfaces by @kunkku in #18873 staticd: fix deref of NULL pointer in srv6 code by @mjstapp in #18890 vtysh,doc: add an idle timeout for vtysh by @mjstapp in #18711 pimd: add support for PIM dense and sparse-dense modes by @Jafaral in #18648 doc: add a note about dplane API version to the release docs by @mjstapp in #18896 zebra: bump the dplane api version for FRR 10.4 by @mjstapp in #18893 lib: fix coverity defect CID 1643927 by @choppsv1 in #18892 bgpd: add neighbor ip-transparent by @vjardin in #18789 pimd, yang: move bsr xpath to be consistent with other rp implementations by @Jafaral in #18898 lib: fix build failure in darr by @eqvinox in #18863 github: Do not cache docker foobar by @ton31337 in #18909 bgpd: Drop deprecated JSON field gracefulRestartCapability by @ton31337 in #18900 pimd: fix a coverity issue with state refresh by @Jafaral in #18902 pbrd: Fix memory leak when destroying an interface by @ton31337 in #18906 zebra: [SRv6] persist func-len 0 across frr restart by @raja-rajasekar in #18847 bgpd: correct no form commands by @anlancs in #18911 mgmtd simplify frontend CLI config path by @choppsv1 in #18888 build: check for libunwind.h, not unwind.h by @eqvinox in #18912 mgmtd: remove unused and unneeded code. by @choppsv1 in #18927 zebra: Add some more debugging when netlink read fails for a route by @donaldsharp in #18914 build: autoconf cleanup pass by @eqvinox in #18913 Revert "tools: ignore spaces only in macro empty line." by @donaldsharp in #18934 tests: Address resource leaks in bmpserver.py by @y-bharath14 in #18935 bgpd: do not accept a host route that matches a local address by @enkechen-panw in #17976 bgpd: Add Hold Time(r) for BFD strict mode by @ton31337 in #18901 tools: ignore spaces only in macro empty line. by @choppsv1 in #18937 redhat: make FRR RPM build to work on RedHat 10 by @mwinter-osr in #18920 tools: Fix VRF static routes deletion on config reload instead of update by @dendergunov in #18908 Handle VRF blackhole routes in SRv6 L3VPN setup with static routes by @pguibert6WIND in #18931 bgpd: use AS4B format for BGP loc-rib messages. by @pguibert6WIND in #18936 BGP evpn testing and bug fixes related to non default EVPN backbone by @pguibert6WIND in #18358 bgpd: Supporting Graceful Shutdown feature for Peer-Group by @Manpreet-k0 in #18659 *: fix a bunch of header file / #include loops by @eqvinox in #18953 Fix up dplane handling of some edge cases by @donaldsharp in #18919 pimd, tests: Fix dense mode flooding/grafting, expand dense/mixed mode testing by @nabahr in #18903 lib: use forward-refs to remove bgp header from lib header by @mjstapp in #18960 zebra: Do not show SRv6 locator params when they are set to default by @cscarpitta in #18961 tools: Ensure that checkpatch.sh checks return code of checkpatch.pl by @donaldsharp in #18938 bgpd: Force adj-rib-out updates if MRAI is kicked in by @ton31337 in #18959 zebra: add ability to dump fpm listener nhg by @donaldsharp in #18676 Replace lock and commit protobuf messages with native variants by @choppsv1 in #18928 bgpd: Unset TOVPN_SID_EXPLICIT flag to ensure BGP can release SRv6 SIDs by @cscarpitta in #18969 Remove last bits of protobuf from MGMTD by @choppsv1 in #18948 zebra: Provide SID value when sending SRv6 SID release notify message by @cscarpitta in #18971 lib: fix coverity "free address-of" issues by @choppsv1 in #18968 zebra: Allow routes that could be considered connected to exist by @donaldsharp in #18967 pimd: fix coverity issues by @Jafaral in #18985 bgpd: Free up leaked memory in case where routemap is not used by @donaldsharp in #18529 bgpd: Don't send notification if IPv6 Link-Local is not assigned on the interface by @ton31337 in #18930 zebra: Cleanup SRv6 output of show running-config by @cscarpitta in #18970 bgpd: Set atomic aggregate attribute if we drop AS_SETs by @ton31337 in #18983 bgpd: Add new CLI to show the counters of each attribute by @ton31337 in #18984 yang: Fix pyang errors in frr-pim-rp.yang by @y-bharath14 in #18992 pimd: use the correct vrf with recv prune and state refresh by @Jafaral in #18986 bgpd: Clean up evpn mac hash on shutdown. (backport #18996) by @mergify[bot] in #18998 bgpd: Do not reuse the same adj->adv when flushing fifo (attributes too long) (backport #18993) by @mergify[bot] in #18999 pimd: add boundary checks when parsing join/graft source lists (coverity) (backport #18989) by @mergify[bot] in #19006 bgpd: Fix crash when fetching statistics for bgp instance (backport #19003) by @mergify[bot] in #19004 tests: add new /run/netns tmpfs to each topotest router namespace (backport #19007) by @mergify[bot] in #19012 Fix some coverity issues (backport #18897) by @mergify[bot] in #19021 Add frr-host yang module - fix bug with reserved IP range config (backport #19019) by @mergify[bot] in #19026 static: [SRv6] Fixing uninstall and reinstall uA Sids upon Intf flaps (backport #19027) by @mergify[bot] in #19032 nhrpd: fix crash when accessing invalid memory zone (backport #18994) by @mergify[bot] in #19035 bgpd: [TOPOTEST] stabilize bgp_peergroup_gshut test case (backport #18991) by @mergify[bot] in #19046 pathd: fix compare function overflow (backport #19050) by @mergify[bot] in #19053 Nhrp redundancy ping (backport #19048) by @mergify[bot] in #19052 zebra: Initialize RB tree for router tables (backport #19049) by @mergify[bot] in #19055 tests: Fix bgp_srv6_sid_explicit test failures (backport #19068) by @mergify[bot] in #19075 debian, redhat: add missing info to changelog by @Jafaral in #19072 zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del (backport #19054) by @mergify[bot] in #19081 zebra: fix stale NHG in kernel (backport #18899) by @mergify[bot] in #19085 Doc and test update (backport #19070) by @mergify[bot] in #19084 bgpd: Fix incorrect stripping of transitive extended communities due … (backport #19065) by @mergify[bot] in #19093 lib: Fix no on-match goto NUM command (backport #19108) by @mergify[bot] in #19112 bgpd: fix missing BGP_ROUTE_AGGREGATE for announcing to zebra (backport #19105) by @mergify[bot] in #19130 bgpd: Fix extended community check for IP non-transitive type (backport #19097) by @mergify[bot] in #19133 bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet (backport #19126) by @mergify[bot] in #19142 zebra: zebra core with v6 RA (backport #19000) by @mergify[bot] in #19152 lib: revert addition of vtysh_flush() call in vty_out() (backport #19109) by @mergify[bot] in #19153 bgpd: free json objects in error paths (backport #19158) by @mergify[bot] in #19163 bgpd: Extract link bandwidth value from extcommunity before using for WCMP (backport #19165) by @mergify[bot] in #19169 lib,bgpd,ospf6d,zebra: Free json objects in error paths (backport #19182) by @mergify[bot] in #19184 zebra: clean up a json object leak (backport #19192) by @mergify[bot] in #19195 bgpd: Do not try to reuse freed route-maps (backport #19191) by @mergify[bot] in #19200 10.3.2 What's Changed bgpd: correct no form commands (backport #18911) bgpd: fix to show exist/non-exist-map in 'show run' properly redhat: make FRR RPM build to work on RedHat 10 (backport #18920) build: check for libunwind.h, not unwind.h (backport #18912) bgpd: use AS4B format for BGP loc-rib messages. (backport #18936) bgpd: fix for the validity and the presence of prefixes in the BGP VPN table. (backport #17370) bgpd: Force adj-rib-out updates if MRAI is kicked in (backport #18959) github: Do not cache docker foobar (backport #18909) zebra: Provide SID value when sending SRv6 SID release notify message (backport #18971) bgpd: Fix crash when fetching statistics for bgp instance (backport #19003) tests: add new /run/netns tmpfs to each topotest router namespace (backport #19007) nhrpd: fix crash when accessing invalid memory zone (backport #18994) zebra: Initialize RB tree for router tables (backport #19049) zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del (backport #19054) zebra: fix stale NHG in kernel (backport #18899) bgpd: Fix incorrect stripping of transitive extended communities (backport #19065) lib: Fix no on-match goto NUM command (backport #19108) bgpd: Fix extended community check for IP non-transitive type (backport #19097) bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet (backport #19126) lib: revert addition of vtysh_flush() call in vty_out() (backport #19109) bgpd: Extract link bandwidth value from extcommunity before using for WCMP (backport #19165) Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default (backport #18095) bfdd: Set bfd.LocalDiag when transitioning to AdminDown (backport #18592) zebra: clean up a json object leak (backport #19192) bgpd: Do not try to reuse freed route-maps (backport #19191) lib: fix routemap crash (backport #19127) bgpd: initialize local variable (backport #19233) ospfd: Use after free cleanup of lsa (backport #19224) vtysh: copy config from file should actually apply (backport #19242) bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp (backport #19266) bgpd: Ensure addpath does not withdraw selected route in some situations (backport #19210) lib, zebra: mark singleton nexthops inactive/active on link state changes for wecmp (backport #18947) eigrp: validate hello packets and tlvs better (backport #19251) bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val (#19283) zebra: Fix buffer overflows found by fuzzing. (backport #19303) lib: compute link-state zapi message size (backport #19290) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b93cc8669262bab4dd6cfa8bb635c2142a769346 Author: Adolf Belka Date: Fri Sep 12 22:08:08 2025 +0200 dehydrated: Update to version 0.7.2 - Update from version 0.7.1 to 0.7.2 - Update of rootfile not required - Changelog 0.7.2 Added - Implemented support for certificate profile selection - Added a configuration parameter to allow for timeouts during order processing (`ORDER_TIMEOUT`, defaults to 0 = no timeout) - Allowed for automatic deletion of old files (`AUTO_CLEANUP_DELETE`, disabled by default) Changed - Renew certificates with 32 days remaining (instead of 30) to avoid issues with monthly cronjobs (`RENEW_DAYS=32`) Fixed - Changed behaviour of `openssl req` stdin handling to fix compatibility with OpenSSL version 3.2+ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e12534743b8e1c135c0698176a283da94cad8cc2 Author: Adolf Belka Date: Fri Sep 12 21:54:47 2025 +0200 ncat: Update to version 7.98 - Update from version 7.95 to 7.98 - Update of rootfile not required - Changelog as for the nmap update Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9fa166f93ee5898823012be5e0ef3328ca07965f Author: Adolf Belka Date: Fri Sep 12 21:54:46 2025 +0200 nmap: Update to version 7.98 - Update from version 7.95 to 7.98 - Update of rootfile - Changelog 7.98 o Updated liblua to 5.4.8 o Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds. [Tyler Zars] o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out. [Daniel Miller] o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys: "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller] o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)" [Daniel Miller] o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed." when reading from an SSL connection. [Daniel Miller] o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases. [Daniel Miller] o [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will now use keyboard-interactive auth if password auth is not offered. [Daniel Miller, CrowdStrike] o Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found up instead of just skipping them for reverse DNS. o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since Nmap 7.96. [Daniel Miller] o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites. o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address. [Daniel Miller] o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module. [Daniel Miller] o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover latest strings. o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being installed. [Daniel Miller] o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file" when Nmap crashes or fails. [Daniel Miller] o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser. [Daniel Miller] o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with "urn:". [nnposter] 7.97 o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that use non-latin character sets. Also changed Nmap to print the time zone as an offset from UTC instead of as a localized string. [Daniel Miller] o Fixed an issue with the parallel forward DNS resolver: it had not been consulting /etc/hosts, nor did it correctly handle the 'localhost' name. [Daniel Miller] o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in the example output of http-malware-host [nnposter] 7.96 o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1, libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0 o [Windows] Upgraded the included version of Npcap from version 1.79 to the latest version 1.82, bringing faster packet injection, VLAN header capture, and support for SR-IOV adapters, along with many other bug fixes and feature enhancements described at https://npcap.com/changelog o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same engine that has been reliably performing reverse-DNS lookups for nearly a decade. Scanning large lists of hostnames is now enormously faster and avoids the unresponsive wait for blocking system calls, so progress stats can be shown. In testing, resolving 1 million website names to both IPv4 and IPv6 took just over an hour. The previous system took 49 hours for the same data set! [Daniel Miller] o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to the same release version as Nmap. o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or window::dark_mode in zenmap.conf. [Daniel Miller] o [NSE] Added 3 new scripts, for a total of 612 NSE scripts: + [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin service to get the RouterOS version. New service probes were also added for this service. [deauther890, Daniel Miller] + mikrotik-routeros-username-brute brute-forces WinBox usernames for the router using CVE-2024-54772. [deauther890] + targets-ipv6-eui64 generates target IPv6 addresses from a user-provided file of MAC addresses, using the EUI-64 method. [Daniel Miller] o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from correctly uninstalling Nmap OEM. o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6. [Daniel Miller] o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show 'filtered' instead of 'closed', due to differences in understanding timeouts. o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255. [nnposter] o Nmap will now allow targets to be specified both on the command line and in an input file with -iL. Previously, if targets were provided in both places, only the targets in the input file would be scanned, and no notice was given that the command-line targets were ignored. [Daniel Miller] o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with error. o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes throughout Zenmap. o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was not in the PATH. The issue primarily affected macOS users. [Daniel Miller] o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the -iR option. o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of redis. o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller] o [Nping] Bind raw socket to device when possible. This was already done for IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS] o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP connections. This makes it more compatible with other netcats. The -k option will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188 [Daniel Miller] o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL layer's buffer could not be read until more data arrived on the socket, which could lead to deadlock. [Daniel Miller] o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the same as traditional netcat's -q option. [Daniel Miller] o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and EOF conditions that had not been being delivered to the child process. o [Ncat][Windows] All Nsock engines now work correctly. The default is still 'select', but others can be set with --nsock-engine=iocp or --nsock-engine=poll [Daniel Miller] o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by the libssh2 Lua binding, providing useful output instead of a backtrace. [Joshua Rogers, Daniel Miller] o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed libssh2.channel_read_stderr, which was reading stdout instead; add binding for libssh2_userauth_publickey_frommemory; allow open_channel to avoid allocating a pty; o [Nsock] Improvements for platforms without selectable pcap handles (e.g. Windows). Interleaved pcap and socket events were favoring pcap reads, possibly resulting in timeouts of the socket events. [Daniel Miller] o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller] o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing errors like "could not find 1 of the purportedly pending events on that IOD." [Daniel Miller] o When Nmap is used with --disable-arp-ping, a local IP that cannot be ARP-resolved will use the "no-route" reason instead of the "unknown-response" reason, since no response was received. o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE library. [johnjaylward, nnposter] o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for a given username caused heap corruption. [Julijan Nedic, nnposter] o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys. from a file. [nnposter] o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE module did not work correctly when the IV started with a null byte. [nnposter] o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now supported. Script smb-protocols now reports SMB dialects correctly. [nnposter] o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee580f7fb0be4034b863cd8f3b61dd4f724bc40f Author: Adolf Belka Date: Fri Sep 12 18:45:02 2025 +0200 python3-msgpack: Update to version 1.1.0 - Update from version 1.0.8 to 1.1.0 - Update of rootfile - borgbackup requires python3-msgpack and has updated the version to be up to 1.1.0 - Changelog 1.1.0 use PyLong_* instead of PyInt_* for compatibility with future Cython. (#620) 1.1.0rc2 Update Cython to 3.0.11 for better Python 3.13 support. Update cibuildwheel to 2.20.0 to build Python 3.13 wheels 1.1.0rc1 Update Cython to 3.0.10 to reduce C warnings and future support for Python 3.13. Stop using C++ mode in Cython to reduce compile error on some compilers. Packer() has buf_size option to specify initial size of internal buffer to reduce reallocation. The default internal buffer size of Packer() is reduced from 1MiB to 256KiB to optimize for common use cases. Use buf_size if you are packing large data. Timestamp.to_datetime() and Timestamp.from_datetime() become more accurate by avoiding floating point calculations. (#591) The Cython code for Unpacker has been slightly rewritten for maintainability. The fallback implementation of Packer() and Unpacker() now uses keyword-only arguments to improve compatibility with the Cython implementation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 91f144a0ad143bf4c44123b28ff9785b0e2f3798 Author: Adolf Belka Date: Fri Sep 12 18:45:01 2025 +0200 borgbackup: Update to version 1.4.1 - Update from version 1.4.0 to 1.4.1 - Update of rootfile - Changelog 1.4.1 New features: - prune: add 13weekly and 3monthly quarterly pruning strategies, #8337 - add BORG_USE_CHUNKS_ARCHIVE env var as a cleaner way to control whether borg shall use chunks.archive.d/ cache directory. the previous "hack" to create a non-directory file at that place is still supported. - compact: support --dry-run (do nothing) to simplify scripting, #8300 - add {unixtime} placeholder, #8522 - macOS: retrieve birthtime in nanosecond precision via system call, #8724 - implement padme chunk size obfuscation (SPEC 250), #8705 Fixes: - borg exits when assertions are disabled with Python optimizations, #8649 - fix remote repository exception handling / modern exit codes, #8631 - config: fix acceptance of storage_quota 0, #8499 - config: reject additional_free_space < 10M (but accept 0), #6066 - check: more consistent messaging considering --repair, #8533 - yes: deal with UnicodeDecodeError in input(), #6984 - fix WORKAROUNDS=authenticated_no_key support for archive TAM authentication, #8400 - diff: do not assert on diff if hard link sources are not found due to exclusions, #8344 - diff: - suppress modified changes for files which weren't actually modified in JSON output, #8334 - ensure that 0B changes are hidden from text diffs, too. - remove 0-added,0-removed modified entries from JSON output. - try to rebuild cache if an exception is raised, #5213 - freebsd: fix nfs4 acl processing, #8756. This issue only affected borg extract --numeric-ids when processing NFS4 ACLs, it didn't affect POSIX ACL processing. Other changes: - support and test on Python 3.13 - use Cython 3.0.12 - filter LibreSSL related warnings on OpenBSD - docs: - update install docs, nothing bundled anymore, #8342 - clarify excluded and included flags for dry-run, #8556 - small changes regarding compression, #8542 - clean up entries regarding SSH settings, link to recommended ones, #8542 - borg/borgfs detects internally under which name it was invoked, #8207 - binary: using the directory build is faster, #8008 - add readme of the binaries - mount: document on-demand loading, perf tips, #7173 - better link modern return codes, #8370 - update repository URLs in docs to use new syntax, #8361 - align /etc/backups path references in automated backups deployment guide - mount docs: apply jdchristensen's suggestion, better phrasing. - FAQ: Why is backing up an unmodified FAT filesystem slow on Linux? - FAQ: Why are backups slow on a Linux server that is a member of a windows domain? - FAQ: add entry about pure-python msgpack warning, #8323 - modify docs for automated backup to append to SYSTEMD_WANTS rather than overwrite, #8641 - fix udev rule priority in automated-local.rst, #8639 - clarify requirements when using command line options with special characters within a shell, #8628 - work around sudden failure of sphinx ini lexer - readthedocs theme fixes - bring back highlighted content preview in search results. - fix erroneous warning about missing javascript support. - tests: - github CI: windows msys2 build: broken, disable it for now, #8264 - improve borg check --repair healing tests, #8302 - fix hourly prune test failure due to local timezone - ignore `com.apple.provenance` xattr (macOS specific) - vagrant: - pyenv: only use Python 3.11.12, use this for binary build - macos: give more memory - install rust on BSD - add FreeBSD 13 box, for #8266 - fix OpenBSD box, #8506 - use a bento/ubuntu-24.04 box for now Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 268d8d631983806482da9c03f5015f393c2e1d4d Author: Adolf Belka Date: Fri Sep 12 12:10:44 2025 +0200 qemu-ga: Update to version 10.1.0 - Update from version 10.0.2 to 10.1.0 in tandem with qemu - Update of rootfile not required - Changelog as for qemu update Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f8026c6ae0c87a131be73e030434412ff9356441 Author: Adolf Belka Date: Fri Sep 12 12:10:45 2025 +0200 qemu: Update to version 10.1.0 - Update from version 10.0.2 to 10.1.0 - Update of rootfile - Changelog for 10.1 can be found at https://wiki.qemu.org/ChangeLog/10.1 - Changelog for 10.0 can be found at https://wiki.qemu.org/ChangeLog/10.0 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 6c474f0f044ca188173f96119e49622ceb6f67ad Author: Adolf Belka Date: Fri Sep 12 12:10:43 2025 +0200 opus: Update to version 1.5.2 - Update from version 1.5.1 to 1.5.2 - Update of rootfile - Changelog 1.5.2 fixes several build issues that were discovered since the 1.5 release. It also fixes a misalignment issue in the AVX2 code that could cause crashes under Windows. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 906d5f6c3ded525e8347e4ca5cb9641efddfeaed Author: Adolf Belka Date: Fri Sep 12 12:10:42 2025 +0200 nagios_nrpe: Update to version 4.1.3 - Update from version 4.1.0 to 4.1.3 - Update of rootfile not required - Changelog 4.1.3 **FIXES** - Change of ssl.c and ssl.h to nrpe-ssl.c and nrpe-ssl.h 4.1.2 **FIXES** - Fixed printing of incorrect packet version to just logging the error - Fixed and updated SSL 4.1.1 **FIXES** - Use correct HUP signal for Solaris Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b32dfb7750cb3184e4e74ea22bb83cf97369e0bd Author: Adolf Belka Date: Fri Sep 12 12:10:41 2025 +0200 libusbredir: Update to version 0.15.0 - Update from version 0.13.0 to 0.15.0 - Update of rootfile not required - Changelog 0.15.0 - !74 usbredirect: Fix crash with multiple connections - !73 usbredirect: Fix win32 cross-compile warning - usbredirtestclient: Fix memory leak 0.14.0 - !67 usbredirect: Fix redirecting identical devices - !64 usbredirect: Fix CPU tight loop when run as TCP server - !68 usbredirect: Fix some minor memory leaks - !65 usbredirect: Add documentation about bus-device option - !70 usbredirtestclient: Fix build on MacOS 10.5 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 858dcffd9f3170bdf2ddb572cecb413799119681 Author: Adolf Belka Date: Fri Sep 12 12:10:40 2025 +0200 libslirp: Update to version 4.9.1 - Update from version 4.7.0 to 4.9.1 - Update of rootfile not required - 2 security fixes in version 4.8.0 - Changelog 4.9.1 Fixed - meson: use boolean defaults for boolean options !149 - meson: specify that C++ is only used for host binaries !149 - meson: add dependency override for libslirp !150 - Do not link tests with libslirp.map #84 - apple: Fix getting IPv4 DNS server address when IPv4 and IPv4 are interleaved #85 - Windows: Fix ICMP generation #87 #88 - tcp: Fix starting the linger2 timer on socket shutdown #86 Changed - tcp: on input, reset TCPT_KEEP to TCPTV_KEEP_IDLE rather than TCPTV_KEEPINTVL - tcp: on input during init, reset TCPT_KEEP to TCPTV_KEEP_INIT - tcp: Reduce linger time to two minutes 4.9.0 Added - Add SlirpAddPollSocketCb and {,un}register_poll_socket that can be used from SLIRP_CONFIG_VERSION_MAX 6 to properly support socket handles on win64. Fixed - bootp: Fill siaddr with tftp addr as per RFC2131 !135 - tcp_listen: Fix host forwarding on Windows !137 - tftp: Fix address returned in proxying #82 !147 Changed - Fix build on mold #77 - Fix static linking !134 - slirp_os_socket abstraction for Windows !136 - cksum: Update implementation to include 64-bit computation support !144 - reduce compilation warnings on Windows !143 4.8.0 Security - tcp: Fix testing for last fragment - tftp: Fix use-after-free Added - Add support for Haiku !123 - ncsi: Add manufacturer's ID !122 - ncsi: Add Get Version ID command !122 - ncsi: Add out-of-band ethernet address !125 - ncsi: Add Mellanox Get Mac Address handler !125 - icmp6: Add echo request forwarding support - Add fuzzing infrastructure Fixed - Fix missing cleanups - windows: Build fixes - ipv6: Use target address from Neighbor Advertisement !129 - dns: Reject domain-search when any entry ends with ".." - dns: Use localhost as dns when /etc/resolv.conf empty !130 - icmp: Handle ICMP packets as IPPROTO_IP on BSD !133 - eth: pad ethernet frames to 60 bytes #34 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b3a1d8aa35ddacecab0035e502fd2cc869d9d31f Author: Adolf Belka Date: Fri Sep 12 12:10:39 2025 +0200 iptraf-ng: Update to version 1.2.2 - Update from version 1.2.1 to 1.2.2 - Update of rootfile not required - CVE fix in this version - Changelog 1.2.2 - small cleanups: remove unused code/variable, correct format specifiers - serv.c: fix and validate port/ranges entering/loading/saving - SECURITY FIX: CVE-2024-52949: interface names: limit length to IFNAMSIZ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 17059ff73567bd4d6a6650fd2a79ce479dc3da5d Author: Adolf Belka Date: Fri Sep 12 12:10:38 2025 +0200 iotop: Update to version 1.30 - Update from version 1.26 to 1.30 - Update of rootfile not required - Changelog 1.30 kernel commit 0bf2d83 fixes the problem with struct taskstats, now iotop 1.30 handles only v15 of the struct in a different way, retaining compatibility with both old and new kernels show zero current values for exited processes flush stdout after each batch run 1.29 Fix Linux kernel incompatible struct taskstats 1.28 add option to specify bin directory by @mhlavink in #78 fix batch mode 1.27 src/iotop: correct pg_cb signature by @mikoxyz in #64 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fb73b4911884ed95b94eed40d2ebcffa9e80d409 Author: Adolf Belka Date: Fri Sep 12 12:10:35 2025 +0200 core198: Ship elinks Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b86fce3529da3e950396682a786097b7a880f60e Author: Adolf Belka Date: Fri Sep 12 12:10:37 2025 +0200 elinks: Update to version 0.18.0 - Update from version 0.17.1.1 to 0.18.0 - Update of rootfile not required - Changelog 0.18.0 * redirect also for 308 #343 * ignore HUBBUB_UNKNOWN #344 0.18.0rc1 * drop combining compile time option * bump mozjs dependency to 128 * console.assert (and extension console.exit) * test option for testing js code * added document.scripting_sleep_on_error option #319 * skip hidden elements #341 * fix linking -lexecinfo #337 * Serbian translation update * Polish translation update * detect if gettext has _nl_msg_cat_cntr #325 * added reopen-last-closed-tab action #309 * added options for memory limits of Spidermonkey and QuickJS * gemini input #121 * compilation fixes Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7b70deb80d6f8d382102aa5642ccfbcb08812ede Author: Adolf Belka Date: Fri Sep 12 12:10:34 2025 +0200 core 198: Ship dtc Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 52f6843cd2971942efeea516a18f4a17400e1597 Author: Adolf Belka Date: Fri Sep 12 12:10:36 2025 +0200 dtc: Update to version 1.7.2 - Update from version 1.7.1 to 1.7.2 - Update of rootfile - Changelog 1.7.2 Build - Fix automatic dependency handling for paths with spaces in them - Fix to allow compilation with swig 4.3.0 - Disable pointless warnings on swig generated code fdtoverlay - Improve error message with missing /__symbols__ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4099da996a41219b0519170eb9849cf435696b30 Author: Michael Tremer Date: Fri Sep 12 15:47:22 2025 +0000 core198: Ship xfsprogs Signed-off-by: Michael Tremer commit 4cb80898b6b0223a69ddfb1a1828472b2bbcf7a5 Author: Adolf Belka Date: Tue Sep 9 18:51:37 2025 +0200 xfsprogs: Update to version 6.16.0 - Update from version 6.14.0 to 6.16.0 - Update of rootfile not required - Changelog 6.16.0 Document current limitation of shrinking fs (Xavier Claude) mkfs: require reflink for max_atomic_write option (John Garry) xfs_scrub: remove EXPERIMENTAL warnings (Darrick J. Wong) mkfs: allow users to configure the desired maximum atomic write size (Darrick J. Wong) mkfs: try to align AG size based on atomic write capabilities (Darrick J. Wong) mkfs: autodetect log stripe unit for external log devices (Darrick J. Wong) mkfs: don't complain about overly large auto-detected log stripe units (Darrick J. Wong) xfs_io: dump new atomic_write_unit_max_opt statx field (Darrick J. Wong) xfs_db: create an untorn_max subcommand (Darrick J. Wong) 6.15.0 xfs_mdrestore: don't allow restoring onto zoned block devices (Christoph Hellwig) man: adjust description of the statx manpage (Darrick J. Wong) xfs_protofile: fix permission octet when suid/guid is set (Luca Di Maio) xfs_repair: fix libxfs abstraction mess (Darrick J. Wong) xfs_growfs: support internal RT devices (Christoph Hellwig) xfs_mdrestore: support internal RT devices (Christoph Hellwig) xfs_scrub: support internal RT device (Christoph Hellwig) xfs_spaceman: handle internal RT devices (Christoph Hellwig) xfs_io: handle internal RT devices in fsmap output (Christoph Hellwig) xfs_io: don't re-query fs_path information in fsmap_f (Christoph Hellwig) xfs_io: correctly report RGs with internal rt dev in bmap output (Christoph Hellwig) man: document XFS_FSOP_GEOM_FLAGS_ZONED (Christoph Hellwig) xfs_mkfs: document the new zoned options in the man page (Christoph Hellwig) xfs_mkfs: reflink conflicts with zoned file systems for now (Christoph Hellwig) xfs_mkfs: default to rtinherit=1 for zoned file systems (Christoph Hellwig) xfs_mkfs: calculate zone overprovisioning when specifying size (Christoph Hellwig) xfs_mkfs: support creating file system with zoned RT devices (Christoph Hellwig) xfs_mkfs: factor out a validate_rtgroup_geometry helper (Christoph Hellwig) xfs_repair: validate rt groups vs reported hardware zones (Christoph Hellwig) xfs_repair: fix the RT device check in process_dinode_int (Christoph Hellwig) xfs_repair: support repairing zoned file systems (Christoph Hellwig) libfrog: report the zoned geometry (Christoph Hellwig) xfs_repair: phase6: scan longform entries before header check (Bill O'Donnell) xfs_repair: Bump link count if longform_dir2_rebuild yields shortform dir (Eric Sandeen) mkfs: fix the issue of maxpct set to 0 not taking effect (liuh) mkfs: fix blkid probe API violations causing weird output (Darrick J. Wong) xfs_io: make statx mask parsing more generally useful (Darrick J. Wong) xfs_io: redefine what statx -m all does (Darrick J. Wong) xfs_io: catch statx fields up to 6.15 (Darrick J. Wong) man: fix missing cachestat manpage (Darrick J. Wong) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 87069e7462ade9b1d29cc595bd6ed2195746e6cf Author: Michael Tremer Date: Fri Sep 12 15:42:23 2025 +0000 core198: Ship ruby Signed-off-by: Michael Tremer commit fa6dd38f634b22ad62f147dd360b1b06f2cd1a25 Author: Adolf Belka Date: Tue Sep 9 18:51:35 2025 +0200 ruby: Update to version 3.4.5 - Update from version 3.4.4 to 3.4.5 - Update of rootfile - Changelog 3.4.5 Bug #21340: Bump autoconf version to properly handle C23 bool/stdbool defines - Ruby - Ruby Issue Tracking System Sync lockfile from rubygems/rubygems by deivid-rodriguez · Pull Request #13472 Bug #21438: use-after-free when resizing exivars - Ruby - Ruby Issue Tracking System Ensure that memory is not freed before calling free_fast_fallback_getaddrinfo_* by shioimm · Pull Request #12661 Fix heap-use-after-free in free_fast_fallback_getaddrinfo_entry by shioimm · Pull Request #13231 Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time - Ruby - Ruby Issue Tracking System Bug #21255: Can't build Ruby with Windows SDK 10.0.26100 - Ruby - Ruby Issue Tracking System Backport GH-13617 for s390x by hsbt · Pull Request #13757 Bump up resolv-0.6.2 for Ruby 3.4 by hsbt · Pull Request #13818 Bug #21197: Prism does not accept newline after defined? keyword - Ruby - Ruby Issue Tracking System Bug #21333: heap-use-after-free caused by rehash during update - Ruby - Ruby Issue Tracking System Bug #21357: Crash in Hash#merge! with ruby-dev in rubocop-rspec test suite - Ruby - Ruby Issue Tracking System Bug #21383: Prism leaks memory with invalid yield - Ruby - Ruby Issue Tracking System Bug #21394: Memory leak in Prism's RubyVM::InstructionSequence.new - Ruby - Ruby Issue Tracking System Bug #21099: TestGc#test_gc_stress_at_startup assertion failure - Ruby - Ruby Issue Tracking System Bug #21395: Please backport caa6ba1a46afa1bc696adc5fe91ee992f9570c89 - Ruby - Ruby Issue Tracking System Bug #21439: Crash with PM_SPLAT_NODE compiler error (Prism) - Ruby - Ruby Issue Tracking System Bug #21354: Symbol#to_proc is not ractor safe - Ruby - Ruby Issue Tracking System Bug #20009: Marshal.load raises exception when load dumped class include non-ASCII - Ruby - Ruby Issue Tracking System Bug #21380: Use-After-Free in String#split with In-Block String Modification - Ruby - Ruby Issue Tracking System Bug #21447: Fix handling of PM_CONSTANT_PATH_NODE node in keyword arguments with ARGS_SPLAT - Ruby - Ruby Issue Tracking System Bug #21448: Random.urandom may fail to fall back to reading /dev/urandom on Linux < 3.17 - Ruby - Ruby Issue Tracking System Bug #21440: Cannot create instances of frozen Data subclasses - Ruby - Ruby Issue Tracking System Bug #21437: Date#hash may return different values for equal dates with large years - Ruby - Ruby Issue Tracking System Bug #21497: building issue when using gcc15, because C23 is default - Ruby - Ruby Issue Tracking System Bug #21500: Backport gcc 15 support - Ruby - Ruby Issue Tracking System Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 6578b94a7f4418edf78b308172818f1c46f85f32 Author: Michael Tremer Date: Fri Sep 12 15:41:55 2025 +0000 core198: Ship libconfig Signed-off-by: Michael Tremer commit c825cbfb1cdb548fe3b20df1c4a25c6872ed92d1 Author: Adolf Belka Date: Tue Sep 9 18:51:34 2025 +0200 libconfig: Update to version 1.8.1 - Update from version 1.8 to 1.8.1 - Update of rootfile - sobump but find-dependencies did not flag anu issues up. - Changelog 1.8.1 Various bugfixes, portability fixes, and documentation updates. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 769c643866f16ba906e1ea39e4571eb610e98660 Author: Michael Tremer Date: Fri Sep 12 15:41:24 2025 +0000 core198: Ship libarchive Signed-off-by: Michael Tremer commit 0df37ca6dd0d9afb604bb23edce3a68c6fcb97ec Author: Adolf Belka Date: Tue Sep 9 18:51:33 2025 +0200 libarchive: Update to version 3.8.1 - Update from version 3.8.0 to 3.8.1 - Update of rootfile - Changelog 3.8.1 Notable bugfixes: libarchive: fix FILE_skip regression (#2642) compress: Prevent call stack overflow (#2649) iso9660: always check archive_string_ensure return value (#2651) tar: Support negative time values with pax (#2634) tar: Reset accumulated header state after reading macOS metadata blob (#2636) tar: Keep block alignment after pax error (#2637) tar: Handle extra bytes after sparse entries (#2643) windows: check archive_wstring_ensure return value (#2652) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2319d04c8466fe625744d1a8a686e4858f1e5c60 Author: Michael Tremer Date: Fri Sep 12 15:41:03 2025 +0000 core198: Ship iproute2 Signed-off-by: Michael Tremer commit a57e4ec951295f048566fa4777219deeae4f2d0a Author: Adolf Belka Date: Tue Sep 9 18:51:32 2025 +0200 iproute2: Update to version 6.16.0 - Update from version 6.15.0 to 6.16.0 - Update of rootfile not required - Changelog is not provided. Details of changes can be found from the git commit changes https://git.kernel.org/pub/scm/network/iproute2/iproute2.git Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 1b0bc21ecf998665a8cc5b9d77fbccb22f69eb21 Author: Michael Tremer Date: Fri Sep 12 15:40:38 2025 +0000 core198: Ship cmake Signed-off-by: Michael Tremer commit 6138664111c1be203d4dc626ea96804bfa5663bf Author: Adolf Belka Date: Tue Sep 9 18:51:31 2025 +0200 cmake: Update to version 4.1.1 - Update from version 4.0.2 to 4.1.1 - Update of rootfile - Changelog 4.1.1 This version made no changes to documented features or interfaces. Some implementation updates were made to support ecosystem changes and/or fix regressions. 4.1.0 File-Based API The cmake-file-api(7) v1 now writes partial replies when buildsystem generation fails with an error. See the v1 Reply Error Index. Generators Makefile Generators and Ninja Generators gained support for adding a linker launcher with Fortran, CUDA, and HIP. See the CMAKE__LINKER_LAUNCHER variable and _LINKER_LAUNCHER target property for details. Command-Line The cmake --build command-line tool, when used with the Xcode generator, now detects when a third-party tool has wrapped the generated .xcodeproj in a .xcworkspace, and drives the build through the workspace instead. Configure Log The cmake-configure-log(7) now reports events from find_package() (in CONFIG mode), find_path(), find_file(), find_library(), and find_program() commands when first invoked, when their results transition between "not found" and "found", or when enabled explicitly by the --debug-find command-line option. See Event Kind find and Event Kind find_package. Logging may also be controlled by the CMAKE_FIND_DEBUG_MODE and CMAKE_FIND_DEBUG_MODE_NO_IMPLICIT_CONFIGURE_LOG variables. Compilers Diab compilers from Wind River Systems, versions 5.9.x+, are now supported with compiler id Diab for languages ASM, C, and CXX. Renesas Compilers are now supported with compiler id Renesas for languages ASM and C. Commands The add_dependencies() command may be called with no dependencies. The cmake_pkg_config() command now supports the IMPORT and POPULATE subcommands for interfacing CMake targets with pkg-config based dependencies. The project() command now has experimental support for the COMPAT_VERSION keyword, gated by CMAKE_EXPERIMENTAL_EXPORT_PACKAGE_INFO. Variables The CMAKE_FIND_REQUIRED variable was added to tell find_package(), find_path(), find_file(), find_library(), and find_program() to be REQUIRED by default. The commands also gained an OPTIONAL keyword to ignore the variable for a specific call. The CMAKE__COMPILER_ARCHITECTURE_ID variable is now populated for most compilers, and documented for public use. The CMAKE__ICSTAT variable and corresponding _ICSTAT target property were added to tell the Makefile Generators and the Ninja Generators to run the IAR icstat tool along with the compiler for C and CXX languages. Environment Variables The CMAKE__IMPLICIT_LINK_LIBRARIES_EXCLUDE environment variable was added to optionally exclude specific libraries from the detected set of CMAKE__IMPLICIT_LINK_LIBRARIES. Properties The AUTOMOC_INCLUDE_DIRECTORIES target property and associated CMAKE_AUTOMOC_INCLUDE_DIRECTORIES variable were added to override the automatic discovery of moc includes from a target's transitive include directories. The MACOSX_PACKAGE_LOCATION source file property now works when set on a source directory, and copies its entire tree into the bundle. The PDB_NAME and COMPILE_PDB_NAME target properties now support generator expressions. Modules The FindASPELL module now provides a version variable, imported targets, and components to optionally select the Aspell library and executable separately. The FindBLAS and FindLAPACK modules now support the NVIDIA Performance Libraries (NVPL). The FindProtobuf module's protobuf_generate(DEPENDENCIES) command argument now accepts multiple values. The FindProtobuf module's protobuf_generate_cpp() and protobuf_generate_python() commands, together with their Protobuf_IMPORT_DIRS and PROTOBUF_GENERATE_CPP_APPEND_PATH hint variables, are now deprecated in favor of the protobuf_generate() command. Regular Expressions The string(REGEX MATCHALL), string(REGEX REPLACE), and list(TRANSFORM REPLACE) commands now match the regular expression ^ anchor at most once in repeated searches, at the start of the input. See policy CMP0186. The string(REGEX REPLACE) command now allows references to unmatched groups. They are replaced with empty strings. The string(REGEX MATCH), string(REGEX MATCHALL), and string(REGEX REPLACE) commands now allow zero-length matches. CTest ctest(1) gained a --schedule-random-seed option to specify a numeric random seed to make ctest --schedule-random deterministic for reproduction. CPack The CPack NuGet Generator gained option CPACK_NUGET_SYMBOL_PACKAGE to generate NuGet symbol packages containing PDB files. The CPack RPM Generator gained CPACK_RPM_PACKAGE_ENHANCES, CPACK_RPM_PACKAGE_RECOMMENDS, and CPACK_RPM_PACKAGE_SUPPLEMENTS variables to specify the corresponding RPM spec fields. Deprecated and Removed Features The FindGTest module's result variables GTEST_INCLUDE_DIRS, GTEST_LIBRARIES, GTEST_MAIN_LIBRARIES, and GTEST_BOTH_LIBRARIES are now deprecated in favor of using GTest::gtest and GTest::gtest_main imported targets. The FindGCCXML module has been deprecated via policy CMP0188. Port projects to CastXML instead. The FindCABLE module has been deprecated via policy CMP0191. The CMakeDetermineVSServicePack module has been deprecated via policy CMP0196. Port projects to the CMAKE__COMPILER_VERSION variable instead. Other Changes The ExternalProject module no longer checks the URL archive file extension. Any archive type that cmake -E tar can extract is now allowed. Modules FindPython3, FindPython2 and FindPython now enforce consistency of artifacts in cross-compiling mode. This prevents mixing host and target artifacts. See policy CMP0190. The GNUInstallDirs module now prefers to default SYSCONFDIR, LOCALSTATEDIR, and RUNSTATEDIR to absolute paths when installing to special prefixes. See policy CMP0192. The GNUInstallDirs module now caches CMAKE_INSTALL_* variables with their leading usr/ for install prefix /. See policy CMP0193. The install(TARGETS) command no longer ignores file sets which haven't been defined at the point it is called. The ordering of target_sources(FILE_SET) and install(TARGETS) is no longer semantically relevant. Enabling ASM no longer accidentally succeeds using MSVC's cl C compiler as an assembler. See policy CMP0194. The MSVC link -machine: flag is no longer added to the CMAKE_*_LINKER_FLAGS variables. See policy CMP0197. The TARGET_PROPERTY generator expression now evaluates the LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES target properties transitively. See policy CMP0189. 4.0.4 This version made no changes to documented features or interfaces. Some implementation updates were made to support ecosystem changes and/or fix regressions. 4.0.3 This version made no changes to documented features or interfaces. Some implementation updates were made to support ecosystem changes and/or fix regressions. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 3ee333ba1fc2c52ffcf580eb1c1a66a8b50d1cd1 Author: Adolf Belka Date: Thu Sep 4 10:01:36 2025 +0200 createfiles: Update to new openvpn rw log file name Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit be36f48113b98196e845936836217e57db1f5d43 Author: Adolf Belka Date: Thu Sep 4 10:01:35 2025 +0200 core197: Ship createfiles Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0cbb9835fe27b6d99663a1b9e9d19414537ba388 Author: Michael Tremer Date: Wed Sep 3 18:00:02 2025 +0000 suricata-reporter: Update to 0.2 Signed-off-by: Michael Tremer commit 48c401ea406d7508f85316be6433625e12cb09a6 Author: Michael Tremer Date: Wed Sep 3 17:57:48 2025 +0000 core198: Ship Suricata changes Signed-off-by: Michael Tremer commit 06b8a198a1df9dfb760f531be7ebef28407f9afd Author: Michael Tremer Date: Tue Sep 2 13:00:28 2025 +0000 web-user-interface: Create the fonts directory Signed-off-by: Michael Tremer commit 757937c728ea7c4092aa52fdd639e197134cf544 Author: Michael Tremer Date: Mon Sep 1 15:34:08 2025 +0000 suricata: Remove the bundled reporter Signed-off-by: Michael Tremer commit 518d05d9929433767c53cffe4600912228e0344f Author: Michael Tremer Date: Mon Sep 1 15:32:02 2025 +0000 suricata-reporter: Move the configuration from suricata Signed-off-by: Michael Tremer commit 620eaa5e2219ee714d0e8b2568e7296f866124ba Author: Michael Tremer Date: Mon Sep 1 15:24:36 2025 +0000 suricata-reporter: Import package This is now being packaged and distributed externally. Signed-off-by: Michael Tremer commit 40a1dc20172e374c33bbdbbd5fae0675d7f8bfe5 Author: Michael Tremer Date: Sun Aug 31 14:47:12 2025 +0000 web-user-interface: Use the fonts from the separate package We should not ship anything binary in the sources anyways. Signed-off-by: Michael Tremer