commit d339ee27bacbafdf43fae94d4d035aa3a8ec914b Author: Michael Tremer Date: Mon Apr 13 09:13:31 2026 +0000 core202: Restart OpenVPN on update Signed-off-by: Michael Tremer commit 5c2c41e236b5cfc8dc4ad1c74718178451afb7a0 Author: Adolf Belka Date: Sat Apr 11 13:45:32 2026 +0200 ovpnmain.cgi: Update status extraction for Connection Status - The format of the connection status has changed and this change ensures that the status is correctly shown in the Connection Status and Control table Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f3f3bdc112f4433a16bb89b5464dadade59be9c0 Author: Adolf Belka Date: Sat Apr 11 13:45:31 2026 +0200 ovpnmain.cgi: remove persist-key as this is now default - The persist-key option has been enabled by default. All the keys will be kept in memory across restart. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f825523e32b44196ebb39f79ae2bd417f8d0f7a8 Author: Adolf Belka Date: Sat Apr 11 13:45:30 2026 +0200 ovpnmain.cgi: Change status extraction for RW connection statistics page - The format of the status file has changed in 2.7.0 - This patch changes the regex to extract requyired status to maintain the same status output Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 94844ad71a7c25b056b0e1ac262247fcff86a35a Author: Adolf Belka Date: Sat Apr 11 13:45:29 2026 +0200 ovpnmain.cgi: Display only IP for Real Address in Connection Statistics Page - In the Connection Statistics page under Real Address it was showing the IP:Port instead of just the IP. - The IP was being split out in $address but this variable was not then used to display the Real Address. - This patch fixes that so that only the IP is shown for the Real Address. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d79478ff42ca0374f3a40c21bd1bde1d479b1b8d Author: Adolf Belka Date: Sat Apr 11 13:45:28 2026 +0200 core202: Ship ovpnmain.cgi Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d1df625386f6908ead8f4cff9c4b52d430844a48 Author: Adolf Belka Date: Sat Apr 11 13:45:27 2026 +0200 core202: Ship openvpn Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 94c6581be72931c0f136305d4b3d4c161a7306a0 Author: Adolf Belka Date: Sat Apr 11 13:45:26 2026 +0200 openvpn: Update to version 2.7.1 - Update from version 2.6.19 to 2.7.1 - Update of rootfile - Changelog 2.7.1 Bugfixes Fix usage of --lport inside a block - this got broken with the multi-socket patchset (GH #995) Do not try to run auto-pam unit test when cross-compiling. Do not break private-key passphrases of length >= 64 (GH #993) Fix obscure ASSERT() crash on TCP connects with TAP and no ip config. Make DCO work on FreeBSD systems that have no IPv4 support in kernel (FreeBSD PR 286263) Make DCO work on Linux on big endian systems (namely, MIPS and PowerPC) (GH OpenVPN/ovpn-dco#96) New features Add a new username-only flag argument to --auth-user-pass which will now make OpenVPN only query for username and send a dummy password to the server. This is only useful if auth schemes are used on the server side that will do some sort of external challenge base on username, and not password authentication. See discussion in GH #501 (starting Jan 30, 2024). Increase default sizing of internal hash maps to 4 * --max-clients. The default used to be 256 with a --max-clients default of 1024 - this is bad for performance, while the memory savings are minimal. On a very memory constrained system, reduce --max-clients. Long-term code maintenance Work on OpenSSL 4.0 API support, reducing use of ASN1_STRING members. Remove obsolete OpenSSL 1.0.x support code from unit tests. Improve documentation of management client versioning, replace magic numbers in the code with an enum type. Fixup responses to management interface version command (for >= 4). Make --enable-async-push work on FreeBSD 15 (which has native inotify support, and consequently no libinotify.pc anymore) Adjust some code parts to new "const" handling on string function returns (ISO C23, as implemented by glibc 2.43 and newer). Remove erroneous usage of M_ERR | M_ERRNO throughout the code. User-visible Changes When compiled with the AWS-LC SSL library, using --tls-cert-profile will now print a run-time warning - the library does not support it, so it would silently do nothing. Systemd unit files: change LimitNPROC to TasksMax and increase limit (GH: #929) Documentation improvements. port-share: log incoming connections at verb 3, not on error level anymore (GH: #976). 2.7.0 New features Multi-socket support for servers OpenVPN servers now can listen on multiple sockets at the same time. Multiple --local statements in the configuration can be used to configure this. This way the same server can e.g. listen for UDP and TCP connections at the same time, or listen on multiple addresses and/or ports. Client implementations for DNS options sent by server for Linux/BSD/macOS Linux, BSD and macOS versions of OpenVPN now ship with a per-platform default --dns-updown script that implements proper handling of DNS configuration sent by the server. The scripts should work on systems that use systemd or resolveconf to manage the DNS setup, as well as raw /etc/resolv.conf files. However, the exact features supported will depend on the configuration method. On Linux and MacOS this should usually make split-DNS configurations supported out-of-the-box now. Note that this new script will not be used by default if a --up script is already in use to reduce problems with backwards compatibility. See documentation for --dns-updown and --dns for more details. New client implementation for DNS options sent by server for Windows The Windows client now uses NRPT (Name Resolution Policy Table) to handle DNS configurations. This adds support for split-DNS and DNSSEC and improves the compatbility with local DNS resolvers. Requires the interactive service. On Windows the block-local flag is now enforced with WFP filters. The block-local flag to --redirect-gateway and --redirect-private is now also enforced via the Windows Firewall, making sure packets can't be sent to the local network. This provides stronger protection against TunnelCrack-style attacks. Windows network adapters are now generated on demand This means that on systems that run multiple OpenVPN connections at the same time the users don't need to manually create enough network adapters anymore (in addition to the ones created by the installer). Windows automatic service now runs as an unpriviledged user All tasks that need privileges are now delegated to the interactive service. NOTE this has the risk of breaking existing setups if the Windows certificate store is used (cryptoapi), and the certificates are not readable for NT SERVICE\OpenVPNService. Support for new version of Linux DCO module OpenVPN DCO module is moving upstream and being merged into the main Linux kernel. For this process some API changes were required. OpenVPN 2.7 will only support the new API. The new module is called ovpn. Out-of-tree builds for older kernels are available. Please see the release announcements for futher information. Support for server mode in win-dco driver On Windows the win-dco driver can now be used in server setups. Support for TLS client floating in DCO implementations The kernel modules will detect clients floating to a new IP address and notify userland so both data packets (kernel) and TLS packets (sent by userland) can reach the new client IP. (Actual support depends on recent-enough kernel implementation) Enforcement of AES-GCM usage limit OpenVPN will now enforce the usage limits on AES-GCM with the same confidentiality margin as TLS 1.3 does. This mean that renegotiation will be triggered after roughly 2^28 to 2^31 packets depending of the packet size. More details about usage limit of AES-GCM can be found here: https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/ Epoch data keys and packet format This introduces the epoch data format for AEAD data channel ciphers in TLS mode ciphers. This new data format has a number of improvements over the standard "DATA_V2" format. AEAD tag at the end of packet which is more hardware implementation friendly Automatic key switchover when cipher usage limits are hit, similar to the epoch data keys in (D)TLS 1.3 64 bit instead of 32 bit packet ids to allow the data channel to be ready for 10 GBit/s without having frequent renegotiation IV constructed with XOR instead of concatenation to not have (parts) of the real IV on the wire Support for Epoch data channel on Windows, using the win-dco driver (2.8.0+) Default ciphers in --data-ciphers Ciphers in --data-ciphers can contain the string DEFAULT that is replaced by the default ciphers used by OpenVPN, making it easier to add an allowed cipher without having to spell out the default ciphers. TLS alerts OpenVPN 2.7 will send out TLS alerts to peers informing them if the TLS session shuts down or when the TLS implementation informs the peer about an error in the TLS session (e.g. mismatching TLS versions). This improves the user experience as the client shows an error instead of running into a timeout when the server just stops responding completely. Support for tun/tap via unix domain socket and lwipovpn support To allow better testing and emulating a full client with a full network stack OpenVPN now allows a program executed to provide a tun/tap device instead of opening a device. The co-developed lwipovpn program based on lwIP stack allows to simulate full IP stack. An OpenVPN client using --dev-node unix:/path/to/lwipovpn can emulate a full client that can be pinged, can serve a website and more without requiring any elevated permission. This can make testing OpenVPN much easier. For more details see lwipovpn on Github. Allow overriding username with --override-username This is intended to allow using --auth-gen-token in scenarios where the clients use certificates and multi-factor authentication. This will also generate a push "auth-token-user newusername" directive in push replies. --port-share now properly supports IPv6 Issues with logging of IPv6 addresses were fixed. The feature now allows IPv6 connections towards the proxy receiver. Support for Haiku OS TLS1.3 support with mbedTLS (requires mbedTLS >= 3.6.4) PUSH_UPDATE client support It is now possible to update parts of the client-side configuration (IP address, routes, MTU, DNS) by sending a new server-to-client control message, PUSH_UPDATE,. See also: https://openvpn.github.io/openvpn-rfc/openvpn-wire-protocol.html NOTE: PUSH_UPDATE client support is currently disabled if DCO is active (on all platforms). PUSH_UPDATE server support (minimal) New management interface commands push-update-broad and push-update-cid to send PUSH_UPDATE option updates to all clients ("there is a new DNS server") or only a specific client ID ("privileges have changed, here's a new IP address"). See doc/management-notes.txt NOTE: PUSH_UPDATE server support is currently disabled if DCO is active (on all platforms). Support for user-defined routing tables on Linux See the --route-table option in the manpage PQE support for WolfSSL Two new environment variables have been introduced to communicate desired default gateway redirection to plugins like Network Manager, route_redirect_gateway_ipv4 and route_redirect_gateway_ipv6. See the "Environmental Variables" section in the man page Improved logging of service events/errors to event log on Windows. "Recursive Routing" check is now more granular, and will only drop packets-in-tunnel if destination IP, protocol and port matches with those needed to reach the VPN server. With that change, you can now use policies that direct "everything that is not OpenVPN" into the tunnel, and have IP packets to the VPN server address arrive as expected (no such policies are currently installed by OpenVPN) (GH: #669). COPYING: license details only relevant to our Windows installers have been updated and moved to the openvpn-build repo Improved BYTECOUNT support - more strictly adhere to timing interval requested, correctly support client and server counters with Linux and Windows DCO offloading. Improve compatibility with OpenSSL 3.6.0 (do not fail t_lpback selftest) New option --tls-crypt-v2-max-age n to check tls-crypt-v2 timestamps (When a client is older than n days or has no timestamp, the server will reject it) mbedTLS 4 support has been added. Note that with mbedTLS 4 algorithms need to be translated to mbedTLS 4 internal IDs by OpenVPN, and some names might be missing. Deprecated features secret support has been removed (by default). static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret. This mode can still be enabled by using --allow-deprecated-insecure-static-crypto but will be removed in OpenVPN 2.8. Support for wintun Windows driver has been removed. OpenVPN 2.6 added support for the new dco-win driver, so it supported three different device drivers: dco-win, wintun, and tap-windows6. OpenVPN 2.7 now drops the support for wintun driver. By default all modern configs should be supported by dco-win driver. In all other cases OpenVPN will fall back automatically to tap-windows6 driver. NTLMv1 authentication support for HTTP proxies has been removed. This is considered an insecure method of authentication that uses obsolete crypto algorithms. NTLMv2 support is still available, but will be removed in a future release. When configured to authenticate with NTLMv1 (ntlm keyword in --http-proxy) OpenVPN will try NTLMv2 instead. persist-key option has been enabled by default. All the keys will be kept in memory across restart. OpenSSL 1.0.2 support has been removed. Support for building with OpenSSL 1.0.2 has been removed. The minimum supported OpenSSL version is now 1.1.0. mbedTLS 2.x support has been removed Support for building with mbedTLS 2.x has been removed (it is out of support since March 2025, and the necessary compatibility code is making maintenance and support for mbedTLS 4.x hard). The minimum supported mbedTLS version is now 3.2.1. Compression on send has been removed. OpenVPN 2.7 will never compress data before sending. Decompression of received data is still supported. --allow-compression yes is now an alias for --allow-compression asym. --memstats feature removed The --memstats option was largely undocumented and there is no known user of this feature. This feature provided very limited statistics (number of users, link bytes read/written) and we do not except any usage because of this. Using --push in a mode that is not --mode server will now print a clear warning that this is an unsupported operation and might cause negotiation failures. --reneg-bytes and --reneg-packets do not work in DCO mode, and will now print an appropriate warning. On-connect resolving of --remote addresses in --tcp-server mode was not working since 2.4, so the code was completely removed. --opt-verify feature removed This option was already deprecated and it is now being converted to a no-op. Using this option will only print a warning. User-visible Changes Default for --topology changed to subnet for --mode server. Previous releases always used net30 as default. This only affects configs with --mode server or --server (the latter implies the former), and --dev tun, and only if IPv4 is enabled. Note that this changes the semantics of --ifconfig, so if you have manual settings for that in your config but not set --topology your config might fail to parse with the new version. Just adding --topology net30 to the config should fix the problem. By default --topology is pushed from server to client. --x509-username-field will no longer automatically convert fieldnames to uppercase. This was deprecated since OpenVPN 2.4, and has now been removed. --dh none is now the default if --dh is not specified. Modern TLS implementations will prefer ECDH and other more modern algorithms anyway. And finite field Diffie Hellman is in the proces of being deprecated (see draft-ietf-tls-deprecate-obsolete-kex) --lport 0 does not imply --bind anymore. --redirect-gateway now works correctly if the VPN remote is not reachable by the default gateway. --show-gateway now supports querying the gateway for IPv4 addresses. --static-challenge option now has a third parameter format that can change how password and challenge response should be combined. --key and --cert now accept URIs implemented in OpenSSL 3 as well as optional OpenSSL 3 providers loaded using --providers option. --cryptoapicert now supports issuer name as well as Windows CA template name or OID as selector string. TLS handshake debugging information contains much more details now when using recent versions of OpenSSL. The IV_PLAT_VER variable sent by Windows clients now contains the full Windows build version to make it possible to determine the Windows 10 or Windows 11 version used. The --windows-driver option to select between various windows drivers will no longer do anything - it's kept so existing configs will not become invalid, but it is ignored with a warning. The default is now ovpn-dco if all options used are compatible with DCO, with a fallback to tap-windows6. To force TAP (for example because a server pushes DCO incompatible options), use the --disable-dco option. Apply more checks to incoming TLS handshake packets before creating new state - namely, verify message ID / acked ID for "valid range for an initial packet". This fixes a problem with clients that float very early but send control channel packet from the pre-float IP (Github: #704). Use of --dh dh2048.pem in all sample configs has been replaced with --dh none. The dh2048.pem file has been removed. The startup delay in t_client.sh has been reduced from 3s to 1s, making a noticeable difference for setups with many tests. Changed from using uncrustify for code formatting and pre-commit checks to clang-format. This reformatted quite a bit of code, and requires that regular committers change their pre-commit checks accordingly. On Linux, on interfaces where applicable, OpenVPN explicitly configures the broadcast address again. This was dropped for 2.6.0 "because computers are smart and can do it themselves", but the kernel netlink interface isn't, and will install "0.0.0.0". This does not normally matter, but for broadcast-based applications that get the address to use from "ifconfig", this change repairs functionality (this has been backported to 2.6.15, but is not in earlier 2.6 versions). max-routes-per-client 0 used to be silently upgraded to 1. This now produces an error. ifconfig and ifconfig-ipv6 values are now stored in pre-connect options cache, and will be restored to pre-connect values on reconnects if the server stops pushing the respective option. tapctl.exe helper binary on Windows has been reworked to improve help texts (making clear that it can not only do TAP-Adapters but Win-DCO as well), add printing of the hwid to all adapter outputs, and change the default adapter type created to ovpn-dco. The default for multihome egress interface handling has changed. 2.7.0 will default to ipi_ifindex=0, that is, leave the decision to the routing/policy setup of the operating system. The pre-2.7 behaviour (force egress = ingress interface) can be achieved with the new --multihome same-interface sub-option. Windows openvpn.exe binary manifest now sets code page UTF8 - which has no direct effect on OpenVPN itself, but this repairs OpenSSL file loading for key/cert files with non-ASCII characters in their file names (GH: #920). The test-crypto option no longer requires a --secret argument and will automatically generate a random key. The configure-time option --enable-x509-alt-username is no longer conditional, and always-on (GH: #917). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e1a7899cff34390395f21d6e8419233834d55e59 Author: Michael Tremer Date: Fri Apr 10 09:35:37 2026 +0000 core202: Remove old versions of boost Signed-off-by: Michael Tremer commit 7e01a6d55ab9fb889340976a8457110c169f3170 Author: Adolf Belka Date: Tue Apr 7 17:10:35 2026 +0200 core202: Ship boost Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 256bfc2bf784d069a81645a169daec47e563802c Author: Adolf Belka Date: Tue Apr 7 17:10:34 2026 +0200 boost: Update to version 1_90_0 - Update from version 1_89_0 to 1_90_0 - Update of rootfiles for all three architectures - Changelog 1_90_0 New Libraries OpenMethod: Open-(multi-)methods in C++17 and above, from Jean-Louis Leroy. Updated Libraries Asio Added the execution::inline_exception_handling property to describe what exception handling guarantees are made when execution occurs inline. Added inline_executor, which always executes the submitted function inline. Changed the default candidate executor for associated_executor from system_executor to inline_executor. Added the inline_or_executor<> adapter and inline_or() helper, which will execute inline if possible and otherwise delegate to another executor. Added overloads of dispatch, post and defer that take a function object to be run on the target executor, and deliver the result to the completion handler. Added the redirect_disposition completion token adapter, as a generic counterpart for redirect_error. Annotated deprecated items with the [[deprecated]] attribute. Added a new configuration parameter "reactor" / "reset_edge_on_partial_read", which determines whether a partial read consumes the edge when using epoll. Added new configuration parameters "reactor" / "use_eventfd" and "reactor" / "use_timerfd" that are used to determine whether the epoll backend uses eventfd and timerfd respectively. Added the missing preprocessor check for BOOST_ASIO_DISABLE_TIMERFD. Implemented a compile-time feature check for std::source_location support, in addition to std::experimental::source_location. Stopped using the deprecated boost::array::c_array() function. Fixed a resource leak in asio::awaitable move assignment. Fixed a memory leak in ssl stream move assignment. Fixed a thread sanitizer issue in kqueue reactor. Fixed handler tracking arguments in io_uring backend. Fixed an unused parameter warning in boost::asio::detail::null_thread. Changed the macro-based coroutine implementation to ensure deterministic case labels when __COUNTER__ is used. Fixed synchronous SSL stream shutdown to remap error::eof as async_shutdown does. Changed stream_file and random_access_file on Windows to treat file paths as UTF-8 encoded strings. Added checks to experimental::parallel_group and experimental::ranged_parallel_group to detect empty operation sets. Removed workaround for _FORTIFY_SOURCE, added address length checking to ip::basic_resolver_results. Fixed experimental::coro to have protection against max as a macro. Updated detection of std::aligned_alloc for newer libc++ versions. Various documentation fixes and improvements. Consult the Revision History for further details. Beast: http::parser rejects non-standard trailer fields by default. http::basic_parser uses a dedicated callback for trailer fields. http::field constants are updated. Fixed allocator move/copy assignment in flat_buffer and multi_buffer. Fixed websocket permessage-deflate error on partial message consumption. http::buffer_body ignores empty chunks. Added http::basic_fields::contains member function. Removed dependency on Boost.Preprocessor and Boost.StaticAssert. Bloom: Added bulk-mode insertion and lookup for increased performance. Made lookup implementation branchless for block, fast_multiblock32 and fast_multiblock64, which results in some performance gains, particularly for mixed successful/unsuccessful queries. Charconv: Fixed quadmath detection in CMake for cross-compilation. Fixed an issue where a sufficiently big buffer would error as not large enough in floating point to_chars. Compat: Added to_underlying.hpp (contributed by Braden Ganetsky.) Container: Reimplemented deque. The original implementation was based on the SGI’s original data structure (similar to libstdc++). Main changes: sizeof(deque) was 10 words, now is 4 words. Probably the lightest implementation around. sizeof(deque::iterator) was 4 words, now is is 2 words (similar to libc++ and MSVC).) Several internal algorithms were reimplemented to speed up the segmented nature of deque. Defaults were slightly changed, 64 bit platforms now use 1024 byte blocks by default instead of classic SGI 512 byte blocks. The new implementation eases further deque-like variations and optimizations in the future. Fixed bugs/issues: GitHub #248: "flat_map slow insertion introduced in boost-1.80.0". GitHub #254: "C++20 std::erase_if". GitHub #293: "UBSAN reports unaligned access error". GitHub #294: "CMake: Add option to use header-only Boost::container". GitHub #300: "Warnings when building with Clang 20". GitHub #304: "Usage of boost::container::small_vector with custom allocator". GitHub #305: "Warnings with -Wstrict-prototypes". GitHub #307: "Fix all instances of MSVC warning C4146 (unsigned negation)". GitHub #309: "Performance regression of boost::container::static_vector introduced in boost v1.86". GitHub #306: "new_allocator.hpp error: '__cpp_sized_deallocation' is not defined, evaluates to 0 [-Werror,-Wundef"]. GitHub #310: "flat_map: Mention correct type in documentation of emplace and emplace_hint". GitHub #312: "flat_map std::allocator::is_always_equal is deprecated". GitHub #317: "Partial revert of changes for Issue #209 - compiler warnings". GitHub #321: "devector does not work with pmr allocators". Conversion: Dropped dependency on Boost.SmartPtr. Core: The implementation of BOOST_TEST_THROWS and BOOST_TEST_NO_THROW macros defined in boost/core/lightweight_test.hpp has been changed to avoid compiler warnings on some compilers, when the macros are used in if/else blocks. As a side effect of this change, the semicolon after the macro is now necessary. (PR#205) boost::data and boost::size are now aliases for std::data and std::size, respectively, when the latter are provided by compiler. This resolves potential ambiguities when both boost:: and std:: alternatives are found by the compiler, e.g. as a result of ADL. (PR#206) DLL: Fixed issues with std::error_code being passed to boost::system::error_code&. Many thanks to Thomas Klausner for the fix (PR#106). Fixed install with CMake. Many thanks to Yury Bura for the fix (PR#103). Fixed size variable shadowing. DynamicBitset: Added C++20 iterators. Allowed choosing the underlying container type. Added constexpr support when compiling as C++20 or later. Made push_back(), pop_back() and lowest_bit() more efficient. Made the constructor from basic_string explicit. Removed several dependencies. Added push_front(), pop_front(), find_first_off(), find_next_off() and constructors from C-style strings and basic_string_view (the latter in C++17 or later). Changed the stream inserter to set badbit if an exception is thrown during output. Made the stream extractor rethrow any exception coming from the underlying vector. Ported the documentation to MrDocs and Antora. Filesystem: Clear passed error_code argument on successful completion of the permissions operation. (PR#338) On Windows, added a workaround for directory_iterator constructor failing with an "Invalid Signature" error for a Samba 3.0.2 share, when SMB signing is required. (#334) Flyweight: Fixed compile errors in Clang 19 and later due to P0522R0 support. Geometry: Major improvements GitHub #1409: "Implement is_valid algorithm for polyhedral surfaces". Improvements GitHub #1413: "Add supported combinations for convert". GitHub #1417: "Improved documentation". GitHub #1423: "Avoid stack overflow in traverse". Solved issues GitHub #1006: "bg::projections::detail::epsg_to_parameters causes excessive compile times". Various fixes of errors and warnings GIL: Improvements GitHub #773: "Improved documentation (histogram and typos). Fixed the build for latest sphinx version.". Solved issues GitHub #778: "Fixed build with Clang". Interprocess: Minor documentation fixes. Fixed bugs: GitHub #245: "Fix UBSan runtime error (load of 'boost::interprocess::mode_t')". GitHub #269: "Minor documentation fixes and template parameter renames". JSON: Removed dependencies on Boost.Align and Boost.StaticAssert. Switched to a faster hashing algorithm. LexicalCast: More tests and fixes for floating-point special value conversions to integers and bool. Fixes compiler warning C4804 when lexical casting from float to bool. Dropped dependency to Boost.TypeTraits. Many thanks to Romain Geissler for implementing the major part of the work (PR#87). Switch from implicit to explicit type conversion to avoid compiler warnings. Many thanks to bmagistro for the PR (PR#85). Fixed mistakes in documentation. Many thanks to ivanpanch for the PR (PR#86). Fixed regression in unsigned short to wstring casting without wchar_t builtin type. Locale: Fixed B2 build files to avoid building dynamic versions of various Boost libraries when only static ones are requested (PR#266). When ISO8859-1 or ISO8859-8 encoding is requested, allow using Windows codepages 1252 or 1255, respectively, instead of using the "C" (classic) locale when the selected Windows locale doesn’t support that ISO8859 encoding. Enabled a workaround for an issue in Cygwins stdlib when converting some long UTF-8 sequences to UTF-16. Log: Fixed a missed optimization in value_ref visitation. Fixed a possible long and useless loop on log file rotation in text_file_backend. If the log file name pattern did not include a file counter and the log file size exceeded the rotation_size limit, then the sink backend would repeatedly try to open a new log file with a different counter value and end up opening the same file every time. (#252) Made file size checks more robust against integer overflows in text_file_backend. Math: Added new sub-library: Reverse-Mode Automatic Differentiation. Added new constant: log_pi. Added proper promotion policy support to logit, logistic_sigmoid, and logistic distributions. Numerous fixes and edge case repairs to the special functions. Mp11: Updated mp_reverse_fold to work on fixed size lists MQTT5: Removed dependency on Boost.Spirit. Auto-reconnection now triggers on any transport-layer error instead of a limited whitelist (#38). Added at_transport_error callback to the Logger interface. MSM: Refurbished and updated the documentation to use Antora. Added a new back-end backmp11 offering heavily reduced compile times, a refactored API and a couple of new features. Requires C++17, more details are available in the documentation. Fixed bug GitHub #87: "boost::any stopped working as Kleene event in 1.86 in boost::msm". Multiprecision: Significant improvements to testing and coverage of newer cpp_double_fp_backend. MySQL: Deprecated support for Clang versions older than 4.0. These compilers might still work, but they won’t be actively tested in CI. Added tests to guarantee compatibility with MySQL 9.x. Added tests to guarantee compatibility with Clang versions up to 20, and GCC versions up to 15. Parser: Fixed ill-formedness when using move-only callables with closures (PR#284) Fix wonky const-incompatibility in GlobalState parser template params (#250). Fix ill-formedness in some cases when using the permutation parser (#268). Fixed an error in sequence parsing that could cause some attributes to be overwritten by later parsers in a sequence (#279). Fix the handling of opt-parsers that could leave a std::optional attribute containing a value even though the parser that produced it failed (#279 and #285). Multiple runtime optimizations (#245, PR#254, PR#255, PR#256). A modest compile-time and code size optimization (#250). Make transform constexpr (PR#275). Move-versus-forward warning mitigation (#272). Correct the documentation for the attribute type of the if_ directive (#278). Correct many, many typos in the docs (PR#271). PFR: Added an implementation based on C++26 destructuring into a pack, that fixes majority of known limitations of the library and avoids excessive template instantinations. The new implementation can be explicitly enabled/disabled by a new BOOST_PFR_USE_CPP26 macro. Many thanks to Jean-Michaël Celerier for the PR (PR#194). Multiple fixes to CMake. Many thanks to Alexander Grund for the PRs! Random: Fix for construction of xoshiro family of generators from SeedSeq. Redis: Important changes to cancellation: Improved the per-operation support in async_exec(), and added support for asio::cancel_after. Requests can now be cancelled at any point, and cancellations don’t interfere with other requests anyhow. Pull requests PR#310 and #226. Deprecated the cancel_on_connection_lost and cancel_if_not_connected flags in request::config. To limit the time span that async_exec might take, use asio::cancel_after, instead. cancel_on_connection_lost default has been changed to false. Pull requests PR#329 and PR#334. Deprecated calling cancel with operation::resolve, connect, ssl_handshake, reconnection and health_check. Users should employ cancel(operation::run), instead. Pull request PR#321. Added support for per-operation cancellation in async_run(). Issue #319. Added support for custom setup requests using config::setup. When setting these fields, users can replace the library-generated HELLO request by any other arbitrary request. Issue #302 and pull request PR#303. Deprecated request::config::hello_with_priority. If you need to execute a request before any other, use config::setup, instead. Pull request PR#305. Valkey long-term support: we guarantee Valkey compatibility starting with this release. Issue #296. Added a request::append() function, to concatenate request objects. Issue #341. The health checker algorithm has been redesigned to avoid false positives under heavy loads. PING commands are now only issued when the connection is idle, instead of periodically. Issue #104. Added config::read_buffer_append_size, which allows to control the expansion of the connection’s read buffer. Pull request PR#283. Added usage::bytes_rotated, which measures data copying when reading and parsing data from the server. Pull request PR#311. Bug fixes: Fixed a bug causing an exception to be thrown when parsing a response that contains an intermediate error into a generic_response. Issue #287. Fixed a number of race conditions in the cancel() function of connection and basic_connection that could cause cancellations to be ignored. Issue #318. Users with an empty password but a non-default username are now correctly authenticated. Issue #298. Fixed a problem that could cause an error during HELLO to make subsequent HELLO attempts during reconnection to fail. Issue #290. Errors during HELLO are now correctly logged. Issue #297. SmartPtr: The functionality enabled by the deprecated macros BOOST_SP_ENABLE_DEBUG_HOOKS, BOOST_SP_USE_STD_ALLOCATOR, and BOOST_SP_USE_QUICK_ALLOCATOR has been removed. The header has been marked deprecated and will be removed in a future release. Configurations that define BOOST_NO_CXX11_HDR_ATOMIC are no longer supported; a conforming C++11 is now required. The deprecated macros BOOST_AC_USE_SPINLOCK, BOOST_AC_USE_PTHREADS, BOOST_SP_USE_SPINLOCK, and BOOST_SP_USE_PTHREADS are no longer functional. Platform-specific implementations of atomic_count, sp_counted_base and spinlock are no longer used and have been removed. Configurations that define BOOST_NO_CXX11_HDR_MUTEX are no longer supported; a conforming C++11 is now required. Some unused headers in boost/smart_ptr/detail/ have been removed. Stacktrace: Fixed missing include. Thanks to Orgad Shaneh for the fix! Fixed URL in libbacktrace_impls.hpp, thanks to Jonathan Wakely. StaticString: Aligned to_static_[w]string() with std::to_[w]string() in C++26. Removed usage of an additional buffer in to_static_[w]string(). Added resize_and_overwrite(). STLInterfaces: Fixed ill-formedness with GCC 14 (PR#80). Fixed ill-formedness when using move-only callables with closures. Test: Fixed a few warnings on Windows Clang. TypeIndex: Dropped dependency on Boost.Core. Run all the tests in CMake too, Many thanks to Alexander Grund for some fixes and help. URL: segments_view and segments_encoded_view gained constant-time iterator-based subview constructors. Added zone-id setters (e.g. for IPv6 link-local addresses). Host setters now accept/propagate zone-id. Fixed: resolve now replicates the reference fragment in all cases (#920). Fixed: encoded_host_address assertions account for zone-id. Refactor: replaced BOOST_STATIC_ASSERT with BOOST_CORE_STATIC_ASSERT (#934). Refactor: preserved absolute semantics for segment subviews (#939). Uuid: string_generator is now constexpr on C++14 and higher. Added header boost/uuid/constants.hpp. Renamed boost/uuid/uuid_generators.hpp to boost/uuid/generators.hpp. The old name is retained for compatibility. Variant2: More functions have been marked as constexpr, including ~variant. This didn’t matter before C++20, but does now. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0b183af5b9b5b8aca2a8a913bd1eb0af8feac1d2 Author: Matthias Fischer Date: Thu Apr 9 21:58:41 2026 +0200 htop: Update to 3.5.0 For details see: https://github.com/htop-dev/htop/blob/main/ChangeLog "What's new in version 3.5.0 * Implement line editor for Search, Filter and (re)naming Screens * Add digits editing for numeric options * Backtrace screen feature (using libunwind-ptrace) * Add CPU SMT label option * MemoryMeter: rework to allow full platform-specific control * Fix CPU virtualization bar color and help text in non-detailed mode * Add --no-meters option to hide meters * Implement explicit NO_COLOR env support * fix: support *-256color in $TERM key detection * Add COLORSCHEME_NORD: Nordic inspired theme * Add Tctl temperature reading * Add SecondsUptimeMeter * Adjust GPUMeter text display * Make Ctrl-U clear the current Filter or Search string while editing it * Make empty --filter= command line arguments invalid * Make Infoscreen also show uppercase FILTER when filtering (F4) is active * Graph meter dynamic scaling and percent graph drawing * Update "total" value for non-percent bar meters * Fix logic bug while iterating processes * Change NetworkIOMeter "packets per second" display * Add NetworkIOMeter description * Rework DiskIOMeter into a combined display of 2 sub-meters * Introduce DiskIORateMeter and DiskIOTimeMeter * DiskIOMeter: Adjust code indent and formatting * DiskIOMeter: Move cache update code to a new function * Add --no-function-bar option to hide functionbar * Fix function bar labels in Screens panel rename mode * Make Meters function bar consistent with the Screens one * Display a FAILED message in the FunctionBar on host scan failure * Cancel pending renaming action for a screen in dtor of ScreensPanel * Move prevSelected from ScreensPanel to Panel * Only issue KEY_RECLICK when the focussed item has not changed * Track oldFocus correctly in ScreensPanel * Add lost focus event, make mouse actions consistent, handle rename and move explicitly across screens / meters / columns * Make Cancel (F2, Esc) remove a newly added screen tab and not only abort the implicit rename * Use default key list for DisplayOptions "Dec/Inc" function bar * Make first click select option line but not toggle it, toggle with next click, handle right click * Make the Panel items actually match what receives a mouse click * No need for "phantom" CPU threads * Simplify offline CPU marking * Make the physicalID default to 0 because old Intel processors only have that * Don't draw Meter caption if width is not enough (bar & graph) * CPUMeter: Fix negative "x" positions of sub-meters * Add sensors logic for Snapdragon 410 * Add sensors logic for Amlogic S905W support * Add foot terminal to terminalSupportsDefinedKeys * No longer write to htoprc file if it's not owned by EUID * Remove initial enforced delay to reduce startup latency * Improve bootup time by caching all getpwuid result * Fix a small file descriptor leak in Settings_write() * Keep track of the biggest PID and scale the column accordingly * Allocate COMMAND (cmdline) and comm buffers dynamically * Improve "comm" string highlighting in Process_makeCommandStr() * Improve process cmdline basename matching with procExe path * Don't make highlights of zero-length cmdline basename * Shadow path prefixes used by NixOS * Improve Generic_unameRelease() related code * Linux: Check for CPU number on s390 * Linux: Handle special cases for CPU frequency data in /proc/cpuinfo * Linux: Added support for OpenRC init system and metrics * Linux: fix detection of NUL argument separator * Linux: Skip loopback and MD (multi-device) driver entries in /proc/diskstats * Darwin: Add GPUMeter code for macOS * Darwin: Rewrite & improve Platform_getOSRelease() code * Darwin: implement macOS version reporting in SysArchMeter * Darwin: Handle legacy references to kIOMainPortDefault * Darwin: Bring back conversion of process CPU time on macOS (#1638) * PCP: Automatically reconnect PCP metrics contexts on disconnect * PCP: Fixes to use units-based scaling in pcp-htop on macOS * PCP: Fix PCPDynamicColumn parsing after a bad section name * FreeBSD: Update the internal priority reference point * NetBSD: Improve process state retrieval code * OpenBSD: Check on AC power value being nonzero * OpenBSD: Document sysctl indices for ACPI battery & AC code * Solaris: Update memory info on every refresh * Add v1.0 of the AI-Assisted Contributions Policy * Add a Code of Conduct document for the project * README: Add Quick Start section * README: update instructions for those who use Arch * Add Japanese support in htop.desktop * Add Armenian support in htop.desktop * docs: fix COLORS bullet list formatting and capitalization in man page * CI: Add Github Action workflow for Coverity checking * CI: Add libiberty and demangling support to backtrace screen build * CI: Update LLVM/Clang versions to 22 * CI: Update FreeBSD to 15.0 * CI: Update to use OpenBSD 7.7 * build: Add packages for OpenSUSE/SLES * build: Fix Autoconf 2.69 compatibility regressions * build: Simplify curses header checking code * build: remove the --with-os-release configure option * build: Fix redundant newlines in configure help strings * build: Allow custom search path for libnl; try pkg-config when needed * build: Use HTOP_PKG_CHECK_MODULES in hwloc and libnl checking * build: Introduce HTOP_PKG_CHECK_MODULES wrapper macro * build: Introduce 'htop_search_header_dir' configure function * build: Add configure check on whether local unwinding works * build: Automatically detect backtrace(3) return type * build: Use pkg-config to detect libnl3 header path * build: Also check libunwind through pkg-config * build: Simplify configure netlink/*.h detection code * build: Fix netlink/*.h detection logic in configure * build: Fix '-ffinite-math-only' configure warning * build: Fix configure '--enable-delayacct' help text * build: Fix a macOS AC_COMPILE_IFELSE misquoting" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e7626474a602486f86d666d9948ed62e4884dd4b Author: Matthias Fischer Date: Thu Apr 9 21:55:48 2026 +0200 nano: Update to 9.0 For details see: https://www.nano-editor.org/news.php "2026 April 8 - GNU nano 9.0 "Le bonheur est dans le pré" When the cursor almost goes offscreen to the right, all lines are now scrolled sideways together, by just the amount needed to keep the cursor in view. Use --solosidescroll or 'set solosidescroll' to get back the old, jerky, single-line horizontal scrolling. The viewport can be scrolled sideways (in steps of one tabsize) with M-< and M->. See `man nanorc` if M-< and M-> should switch between buffers (as they did earlier). M-Left, M-Right, M-Up, and M-Down have become rebindable. Stopping the recording of a macro immediately after starting it cancels the recording and leaves an existing macro in place. Feature toggles no longer break a chain of ^K cuts or M-6 copies, except the M-K cut-from-cursor toggle. With --mouse plus --indicator, one can click in the scrollbar area to roughly navigate within the buffer." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit bc969f6aad7e1c619554db5f5a3df8b94d0086dc Author: Adolf Belka Date: Thu Apr 9 18:50:34 2026 +0200 sqlite: Update to version 3530000 - Update from version 3510300 to 3530000 - Update of rootfile - Changelog 3530000 Fix the WAL-reset database corruption bug. Add the Query Result Formatter (QRF) library for formatting the results of SQL queries for human readability on a fixed-pitch font screen. Add the format method to the TCL Interface so that QRF is accessible from TCL. QRF is used for result formatting in the CLI, resulting in improved display capabilities. New SQL language features: Enhance ALTER TABLE to permit adding and removing NOT NULL and CHECK constraints. The REINDEX EXPRESSIONS statement rebuilds expression indexes. (Useful to repair stale expression indexes.) The body of TEMP triggers may now modify and/or query tables in the main schema. Enhance VACUUM INTO so that if a URI filename is used as the target and that filename has a reserve=N query parameter with N between 0 and 255, then the reserve amount for the generated database copy is set to N. New SQL functions: json_array_insert() jsonb_array_insert() Renovations to the CLI: Major enhancements to the .mode command. Improved result formatting, due to the addition of the QRF extension. For example, numeric values are now right-justified by default in tabular output modes. The default output mode for interactive CLI sessions now uses QRF to display query results in boxes formed using Unicode box-drawing characters, for improved legibility. Batch CLI sessions use the legacy output format for compatibility. Bare (unquoted) semicolons at the end of dot-commands are silently ignored.  ← Potential incompatibility! Fix the .testcase and .check commands so that they actually work, and use those commands in scripts that are part of the standard SQLite test suite included with the source tree. Command-line arguments that match *.sql or *.txt and are the names of non-empty files are read and interpreted as scripts of SQL statements and/or dot-commands. The argument to the ".timer" command can now be "once", to run the timer on only the next SQL statement. The new "--timeout S" option to the ".progress" dot-command causes SQL statements to interrupt after S seconds. The ".indexes" command was changed so that the PATTERN argument matches the name of the index, not the name of the table being indexed (thus making the PATTERN argument actually useful). And, several new options were added to ".indexes". New C-language interfaces: sqlite3_str_truncate() sqlite3_str_free() sqlite3_carray_bind_v2() Add the SQLITE_PREPARE_FROM_DDL option to sqlite3_prepare_v3() which permits virtual table implementations to safely prepare SQL statements that are derived from the database schema. Added the SQLITE_UTF8_ZT constant which can be used as the encoding parameter to sqlite3_result_text64() or sqlite3_bind_text64() to indicate that the value is UTF-8 encoded and zero terminated. The SQLITE_LIMIT_PARSER_DEPTH option is added to sqlite3_limit(). The SQLITE_DBCONFIG_FP_DIGITS option is added to sqlite3_db_config(). See also item 9b below. Query planner improvements: Always use a sort-and-merge algorithm for EXCEPT, INTERSECT, and UNION, since this is almost always faster than using a hash table. Improvements to join order selection in large multi-way joins on a star schema. Enhance the EXISTS-to-JOIN optimization so that the inserted JOIN terms are not required to be on the inner-most loops, as long as all dependencies for the EXISTS-to-JOIN loops are in outer loops. Enhance the omit-noop-join optimization so that it is able to omit a chain of joins that do not affect the output. Allow queries that use "GROUP BY e1 ORDER BY e2" where e1 and e2 are identical apart from ASC/DESC sort-orders to be optimized using a single index. Allow virtual tables to optimize DISTINCT in cases where the result-set of a query does not exactly match the ORDER BY clause. Add new interfaces to the session extension that enable an application to add changes one at a time to the sqlite3_changegroup object: sqlite3changegroup_change_begin() sqlite3changegroup_change_blob() sqlite3changegroup_change_double() sqlite3changegroup_change_int64() sqlite3changegroup_change_null() sqlite3changegroup_change_text() sqlite3changegroup_change_finish() sqlite3changegroup_config() Improvements to floating-point ↔ text conversions. Reimplemented to improve performance. Rounding is now done by default to 17 significant digits, instead of 15, as was the case for all prior versions. The sqlite3_db_config(SQLITE_DBCONFIG_FP_DIGITS) API (item 6g above) can change this, if desired. Added the self-healing index feature to deal with the stale expression index problem. Add the "-p|--port" option to sqlite3_rsync. Discontinue support for Windows RT. JavaScript/WASM Add the "opfs-wl" VFS, functionally identical to the "opfs" VFS but using Web Locks for locking, which can promise fairer lock sharing than the "opfs" bespoke protocol can. "opfs-wl" requires Atomics.waitAsync(), so requires newer browsers than "opfs" does. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 71dd91ede170246c041d3b034234e1f3deabf79b Author: Michael Tremer Date: Thu Apr 9 10:14:47 2026 +0000 core202: Ship DNSBL changes Signed-off-by: Michael Tremer commit bcddbbb1c204821ae15ccf5425f83c0b5fb24188 Merge: 01fad903a d3b061863 Author: Michael Tremer Date: Thu Apr 9 10:14:15 2026 +0000 Merge branch 'master' into next commit d3b06186321fb4a1315bb0fa39645f12b97dfe43 Author: Michael Tremer Date: Thu Apr 9 11:07:28 2026 +0100 dnsbl.cgi: Add note that ACLs are optional Signed-off-by: Michael Tremer commit 4b6370ca43c3df9303ae067bad26a1ee56046004 Author: Michael Tremer Date: Thu Apr 9 11:07:11 2026 +0100 langs: de: Don't capitalize "ZURÜCK" Signed-off-by: Michael Tremer commit e3c11ae3436b578432df0058eee229f262791254 Author: Michael Tremer Date: Thu Apr 9 10:53:59 2026 +0100 unbound: Fix definiting access-control-tag: Multiple lines referring to the same network will overwrite any previous settings. Therefore we have to collect all tags and emit them in the end. Zones that should not have any restrictions won't have any tags assigned whatsoever. Signed-off-by: Michael Tremer commit 01fad903a5a10884112042a3c311e73a4c78a71c Author: Michael Tremer Date: Thu Apr 9 09:10:54 2026 +0000 core202: Ship latest changes Signed-off-by: Michael Tremer commit 4c0767ffc4cffc85c2e4ac43decfa9de85c33d5f Author: Michael Tremer Date: Thu Apr 9 08:57:32 2026 +0000 configroot: Build language cache at build time This should not be done when the system is being installed as there is no reason to. Signed-off-by: Michael Tremer commit ea8f606fc1fa638072584c666725b28279e0eefc Author: Michael Tremer Date: Thu Apr 9 09:51:31 2026 +0100 perl-Net-IPv4Addr: Drop package This is no longer required. Signed-off-by: Michael Tremer commit d75524054e5dd37684134417a119b18ac7f32dd0 Author: Michael Tremer Date: Thu Apr 9 09:49:43 2026 +0100 general-functions.pl: Remove some legacy network functions Signed-off-by: Michael Tremer commit 99c288fa2657746e8c1476027529e632d815f810 Author: Michael Tremer Date: Thu Apr 9 09:49:28 2026 +0100 vpnmain.cgi: Remove using legacy network functions Signed-off-by: Michael Tremer commit b4aecdb390f60c29f1bea6670e6adea01446acf7 Author: Michael Tremer Date: Thu Apr 9 09:49:01 2026 +0100 proxy.cgi: Remove using legacy network functions Signed-off-by: Michael Tremer commit 9193150dfe23aa84c7d519bbc1c205664ca6ca86 Author: Adolf Belka Date: Wed Apr 8 22:23:07 2026 +0200 libsodium: Add patch to enable 1.0.21 to build on aarch64 - The update to 1.0.21 resulted in libsodium not building on aarch64. A fix has b been developed and will ultimately be available with the next release. This uses that patch fix to be applied to 1.0.21 - Build tested on aarch64 and was successfull. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit c4ae15e75de968e684161d9162a1575fc7f69a1f Author: Adolf Belka Date: Wed Apr 8 17:18:53 2026 +0200 tor: Update to version 0.4.9.6 - Update from version 0.4.8.21 to 0.4.9.6 - Version 0.4.8.22 was likely the last update on the 0.4.8 branch. Everything is now focussed on the 0.4.9 branch. - There are some security fixes in some of the update steps. - No change in rootfile - Changelog 0.4.9.6 This is a security release fixing major bugfixes that could possibly lead to remote crashing relays. We strongly recommend upgrading as soon as possible. o Major bugfix (security): - Fix a stack overflow of 11 bytes on malicious CREATED2. This lead to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha. o Major bugfix (security, conflux): - Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem. TROVE-2026-004. Fixes bug 41232; bugfix on 0.4.8.1-alpha. o Minor bugfixes (security): - Fix a series of defense in depth security issues found across the codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha. o Minor bugfixes (portability): - (Hopefully) fix our polyval implementation on big-endian platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha. o Minor features (fallbackdir): - Regenerate fallback directories generated on March 25, 2026. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2026/03/25. 0.4.9.5 This first stable release in the 0.4.9 series introduces a new circuit-level encryption design for better client security, as well as a more scalable way for large relay operators to annotate which relays they run so clients can avoid using too many of them in a single circuit. o Major features (cryptography): - Clients and relays can now negotiate Counter Galois Onion (CGO) relay cryptography, as designed by Jean Paul Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO provides improved resistance to several kinds of tagging attacks, better forward secrecy, and better forgery resistance. Closes ticket 41047. Implements proposal 359. o Major features (path selection): - Clients and relays now support "happy families", a system to simplify relay family operation and improve directory performance. With "happy families", relays in a family share a secret "family key", which they use to prove their membership in the family. Implements proposal 321; closes ticket 41009. Note that until enough clients are upgraded, relay operators will still need to configure MyFamily lists. But once clients no longer depend on those lists, we will be able to remove them entirely, thereby simplifying family operation, and making microdescriptor downloads approximately 80% smaller. For more information, see https://community.torproject.org/relay/setup/post-install/family-ids/ o Major bugfixes (conflux): - Ensure conflux guards obey family and subnet restrictions. Fixes bug 40976; bugfix on 0.4.8.1-alpha. o Major bugfixes (controller events): - Fix spikes occurring in bandwidth cache events on control connection. Fixes bug 31524; bugfix on 0.0.9pre5. o Major bugfixes (sandbox): - Fix sandbox to work on architectures that use Linux's generic syscall interface, extending support for AArch64 (ARM64) and adding support for RISC-V, allowing test_include.sh and the sandbox unit tests to pass on these systems even when building with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix on 0.2.5.1-alpha. o Minor features (client security, reliability): - When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire the circuit based on when it was last in use for any stream, not (as we did before) based on when a stream was last attached to it. Closes ticket 41157. Implements a minimal version of Proposal 368. o Minor features (exit relays): - Implement reevaluating new exit policy against existing connections. This is controlled by new config option ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676. - Implement a token-bucket based rate limiter for stream creation and resolve request. It is configured by the DoSStream* family of configuration options. Closes ticket 40736. - Add Monero ports to the ReducedExitPolicy. Closes ticket 41168. o Minor features (bridges): - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128. o Minor features (client extensibility): - Implement new HTTPTunnelPort features for interoperability with Arti's HTTP CONNECT proxy. This work adds new headers to requests to and replies from the HttpConnectPort, support for OPTIONS requests, tightens the expected syntax for Proxy-Authorization, and increases defense-in-depth against some kinds of cross-site HTTP attacks. Closes ticket 41156. Implements proposal 365. - Detect invalid SOCKS5 username/password combinations according to new extended parameters syntax. (Currently, this rejects any SOCKS5 username beginning with "", except for the username "0". Such usernames are now reserved to communicate additional parameters with other Tor implementations.) Implements proposal 351. o Minor features (sandboxing): - Allow the fstatat64 and statx syscalls on i386 architecture when glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat for stat operations, and statx for time64 support. Without this, SIGHUP configuration reload fails when using sandbox mode with %include directives on i386 with Debian Bookworm or newer. - Allow the lstat64 syscall on i386 architecture. This syscall is used by glob() in glibc 2.36+ when processing %include directives with directory patterns. o Minor features (security): - Increase the size of our finite-field Diffie Hellman TLS group (which we should never actually use!) to 2048 bits. Part of ticket 41067. - Require TLS version 1.2 or later. (Version 1.3 support will be required in the near future.) Part of ticket 41067. - Update TLS 1.2 client cipher list to match current Firefox. Part of ticket 41067. - Verify needle is smaller than haystack before calling memmem. Closes ticket 40854. o Minor features (onion services): - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst from torrc. - Reduce the minimum value of hsdir_interval to match recent tor- spec change. o Minor feature (directory authority): - Introduce MinimalAcceptedServerVersion to allow configuring the minimum accepted relay version without requiring a new tor release. Closes ticket 40817. o Minor features (metrics port): - New metrics on the MetricsPort for the number of BUG() calls that occurred at runtime. Fixes bugs 40839 and 41104; bugfix on 0.4.7.1-alpha. - Handle rephist tracking of ntor and ntor_v3 handshakes individually such that MetricsPort exposes the correct values. Fixes bug 40638; bugfix on 0.4.7.11. - Add new metrics for relays on the MetricsPort namely the count of drop cell, destroy cell and the number of circuit protocol violation seen that lead to a circuit close. Closes ticket 40816. o Minor features (forward-compatibility): - We now correctly parse microdescriptors and router descriptors that do not include TAP onion keys. (For backward compatibility, authorities continue to require these keys.) Implements part of proposal 350. o Minor features (portability, android): - Use /data/local/tmp for data storage on Android by default. Closes ticket 40487. Patch from Hans-Christoph Steiner. o Minor features (directory authority): - Export unsigned consensus documents once we have seen a threshold of signatures, as a step toward the consensus transparency experiment. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 12, 2026. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2026/02/12. o Minor features (windows): - Various compilation fixes for our Windows CI. Closes ticket 41214. o Minor bugfixes (exit relays): - Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha. o Minor bugfixes (spec conformance): - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH messages. Previously, it was always set to the maximum value. Fixes bug 41056; bugfix on 0.4.8.1-alpha. - Do not treat "15" as a recognized remote END reason code. Formerly, we treated it as synonymous with a local ENTRYPOLICY, which isn't a valid remote code at all. Fixes bug 41171; bugfix on 0.2.0.8-alpha. o Minor bugfixes (tooling): - Fix a false positive valgrind related to inspecting a bitfield next to another uninitialized bitfield. Fixes bug 41182; bugfix on 0.3.3.2-alpha. - Fix minor warnings from newer versions of shellcheck and clang. Fixes bug 41166; bugfix on 0.4.3.1-alpha and several other versions. - Fix a warning when compiling with GCC 14.2. Closes 41032. o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17. o Minor bugfix (client DNS): - Handle empty DNS reply without sending back an error and instead send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248; bugfix on 0.3.5.1-alpha. o Minor bugfixes (directory authorities): - After we added layer-two vanguards, directory authorities wouldn't think any of their vanguards were suitable for circuits, leading to a "Failed to find node for hop #2 of our path. Discarding this circuit." log message once per second from startup until they made a fresh consensus. Now they look to their existing consensus on startup, letting them build circuits properly from the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha. o Minor bugfixes (tests): - Fix a test failure with OpenSSL builds running at security level 1 or greater, which does not permit SHA-1 certificates. Fixes bug 41021; bugfix on 0.2.8.1-alpha. o Minor bugfixes (bridges): - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc. o Minor bugfixes (conflux, client): - Avoid a non fatal assert caused by data coming in on a conflux set that is being freed during shutdown. Fixes bug 40870; bugfix on 0.4.8.1-alpha. o Minor bugfixes (testing network): - Enabling TestingTorNetwork no longer forces fast hidden service intro point rotation. This reduces noise and errors when using hidden services with TestingTorNetwork enabled. Fixes bug 40922; bugfix on 0.3.2.1-alpha. o Minor bugfixes (relay): - Refuse to overwrite an existing *.secret_family_key when running tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha. o New system requirements: - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. Part of ticket 41059. - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. (We strongly recommend 3.0 or later, but still build with 1.1.1, even though it is not supported by the OpenSSL team, due to its presence in Debian oldstable.) Part of ticket 41059. o Removed features (relays): - Relays no longer support clients that falsely advertise TLS ciphers they don't really support. (Clients have not done this since 0.2.3.17-beta). Part of ticket 41031. - Relays no longer support clients that require obsolete v1 and v2 link handshakes. (The v3 link handshake has been supported since 0.2.3.6-alpha). Part of ticket 41031. - Relays no longer support the obsolete TAP circuit extension protocol. (For backward compatibility, however, relays still continue to include TAP keys in their descriptors.) Implements part of proposal 350. - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" authentication method, which used a dangerously short RSA key, and which required access TLS session internals. The current method ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. Closes ticket 41020. o Removed features (directory authorities): - Directory authorities no longer support consensus methods before method 32. Closes ticket 40835. - We include a new consensus method that removes support for computing "package" lines in consensus documents. This feature was never used, and support for including it in our votes was removed in 0.4.2.1-alpha. Finishes implementation of proposal 301. 0.4.9.4-rc Finally, the release candidate for the 0.4.9.x series. It consists of minor features and several bugfixes. Nothing major has been added since the alpha. If everything goes well, the next version will be the first stable. o Minor features (security, reliability): - When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire the circuit based on when it was last in use for any stream, not (as we did before) based on when a stream was last attached to it. Closes ticket 41157. Implements a minimal version of Proposal 368. o Minor feature (Exit): - Add Monero ports to the ReducedExitPolicy. Closes ticket 41168. o Minor features (HTTPTunnelPort): - Implement new HTTPTunnelPort features for interoperability with Arti's HTTP CONNECT proxy. This work adds new headers to requests to and replies from the HttpConnectPort, support for OPTIONS requests, tightens the expected syntax for Proxy-Authorization, and increases defense-in-depth against some kinds of cross-site HTTP attacks. Closes ticket 41156. Implements proposal 365. o Minor features (linux seccomp2 sandbox): - Allow the fstatat64 and statx syscalls on i386 architecture when glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat for stat operations, and statx for time64 support. Without this, SIGHUP configuration reload fails when using sandbox mode with %include directives on i386 with Debian Bookworm or newer. - Allow the lstat64 syscall on i386 architecture. This syscall is used by glob() in glibc 2.36+ when processing %include directives with directory patterns. o Minor bugfixes (DNS, exit): - Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha. o Minor bugfixes (spec conformance): - Do not treat "15" as a recognized remote END reason code. Formerly, we treated it as synonymous with a local ENTRYPOLICY, which isn't a valid remote code at all. Fixes bug 41171; bugfix on 0.2.0.8-alpha. o Minor bugfixes (tooling): - Fix a false positive valgrind related to inspecting a bitfield next to another uninitialized bitfield. Fixes bug 41182; bugfix on 0.3.3.2-alpha. o Minor bugfixes (warnings): - Fix minor warnings from newer versions of shellcheck and clang. Fixes bug 41166; bugfix on 0.4.3.1-alpha and several other versions. 0.4.9.3-alpha This is the third alpha release and likely the last before going stable. This release contains the new CGO circuit encryption. See proposal 359 for more details. Several TLS minor fixes which will strengthen the link security. o New system requirements: - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. Part of ticket 41059. - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. (We strongly recommend 3.0 or later, but still build with 1.1.1, even though it is not supported by the OpenSSL team, due to its presence in Debian oldstable.) Part of ticket 41059. o Major features (cell format): - Tor now has (unused) internal support to encode and decode relay messages in the new format required by our newer CGO encryption algorithm. Closes ticket 41051. Part of proposal 359. o Major features (cryptography): - Clients and relays can now negotiate Counter Galois Onion (CGO) relay cryptography, as designed by Jean Paul Degabriele, Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO provides improved resistance to several kinds of tagging attacks, better forward secrecy, and better forgery resistance. Closes ticket 41047. Implements proposal 359. o Major bugfixes (onion service directory cache): - Preserve the download counter of an onion service descriptor across descriptor uploads, so that recently updated descriptors don't get pruned if there is memory pressure soon after update. Additionally, create a separate torrc option MaxHSDirCacheBytes that defaults to the former 20% of MaxMemInQueues threshold, but can be controlled by relay operators under DoS. Also enforce this threshold during HSDir uploads. Fixes bug 41006; bugfix on 0.4.8.14. o Minor features (security): - Increase the size of our finite-field Diffie Hellman TLS group (which we should never actually use!) to 2048 bits. Part of ticket 41067. - Require TLS version 1.2 or later. (Version 1.3 support will be required in the near future.) Part of ticket 41067. - Update TLS 1.2 client cipher list to match current Firefox. Part of ticket 41067. o Minor features (security, TLS): - When we are running with OpenSSL 3.5.0 or later, support using the ML-KEM768 for post-quantum key agreement. Closes ticket 41041. o Minor feature (client, TLS): - Set the TLS 1.3 cipher list instead of falling back on the default value. o Minor feature (padding, logging): - Reduce the amount of messages being logged related to channel padding timeout when log level is "notice". o Minor features (bridges): - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128. o Minor features (fallbackdir): - Regenerate fallback directories generated on September 16, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/09/16. o Minor features (hidden services): - Reduce the minimum value of hsdir_interval to match recent tor- spec change. o Minor features (hsdesc POW): - Tolerate multiple PoW schemes in onion service descriptors, for future extensibility. Implements torspec ticket 272. o Minor features (performance TLS): - When running with with OpenSSL 3.0.0 or later, support using X25519 for TLS key agreement. (This should slightly improve performance for TLS session establishment.) o Minor features (portability): - Fix warnings when compiling with GCC 15. Closes ticket 41079. o Minor bugfix (conflux): - Remove the pending nonce if we realize that the nonce of the unlinked circuit is not tracked anymore. Should avoid the non fatal assert triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfixes (bridges, pluggable transport): - Fix a bug causing the initial tor process to hang instead of exiting with RunAsDaemon, when pluggable transports are used. Fixes bug 41088; bugfix on 0.4.9.1-alpha. o Minor bugfixes (circuit handling): - Prevent circuit_mark_for_close() from being called twice on the same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev. - Prevent circuit_mark_for_close() from being called twice on the same circuit. Second fix attempt Fixes bug 41106; bugfix on 0.4.8.17 o Minor bugfixes (compilation): - Fix linking on systems without a working stdatomic.h. Fixes bug 41076; bugfix on 0.4.9.1-alpha. o Minor bugfixes (compiler warnings): - Make sure the two bitfields in the half-closed edge struct are unsigned, as we're using them for boolean values and assign 1 to them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. o Minor bugfixes (logging, metrics port): - Count BUG statements for the MetricsPort only if they are warnings or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch contributed by shadowcoder. o Minor bugfixes (protocol): - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH messages. Previously, it was always set to the maximum value. Fixes bug 41056; bugfix on 0.4.8.1-alpha. o Minor bugfixes (relay): - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes bug 41043; bugfix on 0.4.9.2-alpha. o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17-dev. o Removed features: - Relays no longer support clients that falsely advertise TLS ciphers they don't really support. (Clients have not done this since 0.2.3.17-beta). Part of ticket 41031. - Relays no longer support clients that require obsolete v1 and v2 link handshakes. (The v3 link handshake has been supported since 0.2.3.6-alpha). Part of ticket 41031. 0.4.9.2-alpha This is the second alpha of the 0.4.9.x series. We have several new minor features and a big one, the happy families that was long awaited by relay operators. This release also fixes a number of bugs including major ones. o Major feature (happy families): - Clients and relays now support "happy families", a system to simplify relay family operation and improve directory performance. With "happy families", relays in a family shares a secret "family key", which they use to prove their membership in the family. Implements proposal 321; closes ticket 41009. Note that until enough clients are upgraded, relay operators will still need to configure MyFamily lists. But once clients no longer depend on those lists, we will be able to remove them entirely, thereby simplifying family operation, and making microdescriptor downloads approximately 80% smaller. For more information, see https://community.torproject.org/relay/setup/post-install/family-ids/ o Major features (client): - Clients now respect "happy families" per proposal 321. This feature will eventually allow a much more compact representation for relay families, for a significant savings in directory download size. o Minor feature (onion service, control port): - Add 3 more keywords to the ADD_ONION control command: PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and HiddenServicePoWQueueBurst from torrc. o Minor feature (testing, CI): - Use a fixed version of chutney (be881a1e) instead of its current HEAD. This version should also be preferred when testing locally. o Minor features (compilation): - Fix a warning when compiling with GCC 14.2. Closes 41032. o Minor features (continuous integration): - Upgrade CI runners to use Debian Bookworm instead of Bullseye. Closes ticket 41029. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 05, 2025. - Regenerate fallback directories generated on March 20, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/02/05. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/20. - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/03/24. o Minor features (recommended protocols): - Directory authorities now vote to recommend that clients support certain protocols beyond those that are required. These include improved support for connecting to relays on IPv6, NtorV3, and congestion control. Part of ticket 40836. o Minor features (required protocols): - Directory authorities now vote to require clients to support the authenticated SENDME feature, which was introduced in 0.4.1.1-alpha. Part of ticket 40836. - Directory authorities now vote to require relays to support certain protocols, all of which have been implemented since 0.4.7.4-alpha or earlier. These include improved support for connecting to relays on IPv6, NtorV3, running as a rate-limited introduction point, authenticated SENDMEs, and congestion control. Part of ticket 40836. o Major bugfix (control-events, bw-cache): - Fixes spikes occurring in bandwidth cache on control connection. Fixes bug 31524; bugfix on 0.4.8.12-dev. o Major bugfixes (conflux): - Ensure conflux guards obey family and subnet restrictions. Fixes bug 40976; bugfix on 0.4.8.13. o Major bugfixes (onion service directory cache): - When the OOM killer kicks in, cleanup the descriptor cache of an HSDir by looking at the lowest downloaded count instead of time in cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha. o Minor bugfix (client DNS): - Handle empty DNS reply without sending back an error and instead send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248; bugfix on 0.3.5.1-alpha. o Minor bugfix (conflux): - Avoid a non fatal assert when describing a conflux circuit on the control port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfix (dirauth): - Fix typo in flag assignment approved-routers file. Fixes bug 41035; bugfix on 0.4.8.15 o Minor bugfixes (control port): - Correctly report conflux pair information to controller fields Fixes bug 40872; bugfix on 0.4.8.1-alpha o Minor bugfixes (directory authorities): - After we added layer-two vanguards, directory authorities wouldn't think any of their vanguards were suitable for circuits, leading to a "Failed to find node for hop #2 of our path. Discarding this circuit." log message once per second from startup until they made a fresh consensus. Now they look to their existing consensus on startup, letting them build circuits properly from the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha. o Minor bugfixes (relay flag usage): - Fix client usage of the MiddleOnly flag so that MiddleOnly relays are not used as HS IP or RP by clients or services. Additionally, give dirauths the ability to remove specific flags, as an alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha o Minor bugfixes (sandbox, bwauth): - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on 0.2.2.1-alpha o Minor bugfixes (tests): - Fix a test failure with OpenSSL builds running at security level 1 or greater, which does not permit SHA-1 certificates. (Fixes bug 41021; bugfix on 0.2.8.1-alpha.) o Minor bugfixes (threads, memory): - Improvements in cleanup of resources used by threads. Fixes bug 40991; bugfix on 0.4.8.13-dev. - Rework start and exit of worker threads. o Removed features: - Relays no longer support the obsolete "RSA-SHA256-TLSSecret" authentication method, which used a dangerously short RSA key, and which required access TLS session internals. The current method ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha. Closes ticket 41020. 0.4.9.1-alpha This is the first alpha of the 0.4.9.x series. This release mostly consists of bugfixes including some major ones. There are several minor features in this release but no large new subsystem. o Major bugfixes (sandbox): - Fix sandbox to work on architectures that use Linux's generic syscall interface, extending support for AArch64 (ARM64) and adding support for RISC-V, allowing test_include.sh and the sandbox unit tests to pass on these systems even when building with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix on 0.2.5.1-alpha. o Minor feature (defense in depth): - Verify needle is smaller than haystack before calling memmem. Closes ticket 40854. o Minor feature (directory authority): - Introduce MinimalAcceptedServerVersion to allow modification of minimal accepted version for relays without requiring a new tor release. Closes ticket 40817. o Minor feature (exit policies): - Implement reevaluating new exit policy against existing connections. This is controlled by new config option ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676. o Minor feature (exit relay, DoS resistance): - Implement a token-bucket based rate limiter for stream creation and resolve request. It is configured by the DoSStream* family of configuration options. Closes ticket 40736. o Minor feature (metrics port): - New metrics on the MetricsPort for the number of BUG() that occurred at runtime. Closes MR 760. o Minor feature (metrics port, relay): - Add new metrics for relays on the MetricsPort namely the count of drop cell, destroy cell and the number of circuit protocol violation seen that lead to a circuit close. Closes ticket 40816. o Minor feature (testing): - test-network now unconditionally includes IPv6 instead of trying to detect IPv6 support. o Minor feature (testing, CI): - Use a fixed version of chutney (be881a1e) instead of its current HEAD. This version should also be preferred when testing locally. o Minor features (forward-compatibility): - We now correctly parse microdescriptors and router descriptors that do not include TAP onion keys. (For backward compatibility, authorities continue to require these keys.) Implements part of proposal 350. o Minor features (portability, android): - Use /data/local/tmp for data storage on Android by default. Closes ticket 40487. Patch from Hans-Christoph Steiner. o Minor features (SOCKS): - Detect invalid SOCKS5 username/password combinations according to new extended parameters syntax. (Currently, this rejects any SOCKS5 username beginning with "", except for the username "0". Such usernames are now reserved to communicate additional parameters with other Tor implementations.) Implements proposal 351. o Minor bugfix (MetricsPort, relay): - Handle rephist tracking of ntor and ntor_v3 handshakes individually such that MetricsPort exposes the correct values. Fixes bug 40638; bugfix on 0.4.7.11. o Minor bugfix (process): - Avoid closing all possible FDs when spawning a process (PT). On some systems, this could lead to 3+ minutes hang. Fixes bug 40990; bugfix on 0.3.5.1-alpha. o Minor bugfix (relay, sandbox): - Disable a sandbox unit test that is failing on Debian Sid breaking our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha. o Minor bugfixes (bridge): - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc. o Minor bugfixes (compiler warnings): - Make sure the two bitfields in the half-closed edge struct are unsigned, as we're using them for boolean values and assign 1 to them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. o Minor bugfixes (conflux, client): - Avoid a non fatal assert caused by data coming in on a conflux set that is being freed during shutdown. Fixes bug 40870; bugfix on 0.4.8.1-alpha. o Minor bugfixes (memory): - Fix a pointer free that wasn't set to NULL afterwards which could be reused by calling back in the free all function. Fixes bug 40989; bugfix on 0.4.8.13. o Minor bugfixes (sandbox, bwauth): - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on 0.2.2.1-alpha o Minor bugfixes (testing): - Enabling TestingTorNetwork no longer forces fast hidden service intro point rotation. This reduces noise and errors when using hidden services with TestingTorNetwork enabled. Fixes bug 40922; bugfix on 0.3.2.1-alpha. o Minor bugfixes (tor-resolve): - Create socket with correct family as given by sockshost, fixes IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha. o Removed features: - Directory authorities no longer support consensus methods before method 32. Closes ticket 40835. o Removed features (directory authority): - We include a new consensus method that removes support for computing "package" lines in consensus documents. This feature was never used, and support for including it in our votes was removed in 0.4.2.1-alpha. Finishes implementation of proposal 301. o Removed features (obsolete): - Relays no longer support the obsolete TAP circuit extension protocol. (For backward compatibility, however, relays still continue to include TAP keys in their descriptors.) Implements part of proposal 350. - Removed some vestigial code for selecting the TAP circuit extension protocol. 0.4.8.22 This is likely the very last release of the 0.4.8.x series. Three major bugfixes detailed below including two affecting directory servers (basically all relays). We strongly recommend upgrading as soon as possible. o Major bugfixes (security): - Avoid an out-of-bounds read error that could occur with V1-formatted EXTEND cells. Fixes bug 41180; bugfix on 0.4.8.1-alpha. This is tracked as TROVE-2025-016. o Major bugfixes (directory servers): - Allow old clients to fetch the consensus even if they use version 0 of the SENDME protocol. In mid 2025 we changed the required minimum version of the "FlowCtrl" protocol to 1, meaning directory caches hang up on clients that send a version 0 SENDME cell. Since old clients were no longer able to retrieve the consensus, they couldn't learn about this required minimum version -- meaning we've had many many old clients loading down directory servers for the past months. Fixes bug 41191; bugfix on 0.4.1.1-alpha. - Don't count networkstatus serves until they finish. When we started serving a consensus document but the client didn't receive all of it, we were still counting that as a success in our stats. This mistake, which can be triggered for example by obsolete clients or by DPI-based censorship, led to wildly inflated user counts because we estimate total users in the world based on successful consensus fetches. Fixes bug 41192; bugfix on 0.2.1.1-alpha. o Minor feature (testing, CI): - Bump the CI version of chutney to the current version as of 2026-01-21 (3338f5c). o Minor features (debugging, compression): - Do not check for compression bombs for buffers smaller than 5MB (increased from 64 KB). Fixes ticket 40739; bugfix on 0.2.1.29. o Minor features (directory servers): - Track how many times directory servers begin serving networkstatus documents, so we can compare it to the number of times we finish serving them. Motivated by the fixes in ticket 41192. o Minor features (fallbackdir): - Regenerate fallback directories generated on January 28, 2026. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2026/01/28. o Minor bugfixes (relay): - Downgrade "Error relaying cell across rendezvous" log warn to info as the error condition is possible under normal circumstances. Fixes bug 40951; bugfix on 0.3.5.1-alpha. o Code simplification and refactoring: - Simplify SOCKS4a parsing to avoid the (false) appearance of integer underflows, and to make the logic more obvious. Fixes bug 41190; bugfix on 0.3.5.1-alpha. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 32f417b74395e228527749030be819c48dac56fa Author: Adolf Belka Date: Wed Apr 8 17:18:51 2026 +0200 core202: Ship systemd Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 665ea28e9a27483ed0111021fc6fe58a0c0b88f1 Author: Adolf Belka Date: Wed Apr 8 17:18:52 2026 +0200 systemd: Update to version 260.1 - Update from version 258 to 260.1 - Update of rootfile - Remove FTBFS patch as this has now been included in the tarball. - Remove the sed line for fixing udev linking as this is now part of the tarball. - Changelog entries only related to udev 260.1 * Support for non-system users and groups in udev rules and systemd-networkd configuration has been restored, but is deprecated and discouraged. systemd-udevd will emits warnings if a non-system user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd will warn about User=/Group= settings with a non-system user/group specified in .netdev files for Tun/Tap interfaces. This support will be removed in a future release. Device nodes should not be owned by a non-system user/group. It is recommended to check udev rules files with 'udevadm verify' and/or 'udevadm test' commands. * Permissions for /dev/ptp* are now set to 0664 (previously 0660), allowing unprivileged read-only access. This relies on the kernel fix "ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE." (commit b4e53b15c04e3852949003752f48f7a14ae39e86 in v6.15, backported to LTS releases in v6.12.68, v6.6.122, v6.1.162, v5.15.199, and v5.10.249), which adds missing PTP ioctl permission checks and keeps clock-modifying operations write-restricted. Systems running stable kernel branches should ensure they are updated to patch levels that include the fix. * Persistent network interface naming has bee extended to MCTP devices with the "mc" prefix. * The minimum backlight brightness value used when restoring backlight levels at boot has been lowered from 5% to 1%. This lower value should be sufficient to avoid blacked-out displays, but allows user environments to use a wider range of values (without lower values being reset during reboot). Note that environments may still set very low brightness values at runtime independently of the systemd clamp which only applies during boot. * A new udev property ID_INTEGRATION= is now exposed on devices that have ID_BUS= defined. This variable can be set to 'internal' when the device is integral part of the system or 'external' otherwise. Internal buses like PCI, I2C, SPI... imply 'internal' and external buses like bluetooth imply 'external'. For USB the 'removable' attribute of the port the device is connected to determines the result: 'fixed' implies 'internal' and 'removable' or 'unknown' implies 'external'. * ID_INPUT_JOYSTICK_INTEGRATION= property has been dropped in favour of ID_INTEGRATION= because it was never used and the new variable covers the idea that variable was intended for better. * A new udev builtin "tpm2_id" is now available which will extract vendor/model identification from connected TPM2 devices as they are probed. This is then used to import data from the udev database, possibly containing quirk and other information about specific TPMs. 259 * systemd-udevd rules gained support for OPTIONS="dump-json" to dump the current event status in JSON format. This generates output similar to "udevadm test --json=short". * The net_id builtin for systemd-udevd now can generate predictable interface names for Wifi devices on DeviceTree systems. * systemd-udevd and systemd-repart will now reread partition tables on block devices in a more graceful, incremental fashion. Specifically, they no longer use the kernel BLKRRPART ioctl() which removes all in-memory partition objects loaded into the kernel and then recreates them as new objects. Instead they will use the BLKPG ioctl() to make minimal changes, and individually add, remove, or grow modified partitions, avoiding removal/re-adding where the partitions were left unmodified on disk. This should greatly improve behaviour on systems that make modifications to partition tables on disk while using them. * A new udev property ID_BLOCK_SUBSYSTEM is now exposed on block devices reporting a short identifier for the subsystem a block device belongs to. This only applies to block devices not connected to a regular bus, i.e. virtual block devices such as loopback, DM, MD, or zram. * systemd-udevd will now generate /dev/gpio/by-id/… symlinks for GPIO devices. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a55f760086046bcabb946c867addcd82c2b5b9ea Author: Adolf Belka Date: Wed Apr 8 11:22:41 2026 +0200 core202: Ship util-linux Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 37f8555a366e9471229a665c8e849e499eefa8ce Author: Adolf Belka Date: Wed Apr 8 11:22:42 2026 +0200 util-linux: Update to version 2.42 - Update from version 2.41.2 to 2.42 - Update of rootfiles for all architectures - Changelog 2.42 Two security fixes applied - one for a CVE and the other for a CWE. These were also applied at version 2.41.4 The changelog for 2.42 is way too long to inlcude here (~1700 lines) The details can be found in the tarball in /Documentation/releases/v2.42-ReleaseNotes 2.41.4 Security fixes: CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files. CWE-190 - Integer overflow in libblkid parse_dos_extended(). A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0. Changes: blkid: - Drop const from blkid_partitions_get_name() (by Daan De Meyer) build-sys: - (gcc) ignore -Wunused-but-set-variable for bison (by Christian Goeschel Ndjomouo) disk-utils: - fix typo in fdisk.c (by Christian Kirbach) libblkid: - dos: validate EBR data and links within extended partition (by Karel Zak) libfdisk: - dos: validate EBR link within extended partition bounds (by Karel Zak) loopdev: - add LOOPDEV_FL_NOFOLLOW to prevent symlink attacks (by Karel Zak) tools: - update git-version-next from master (by Karel Zak) 2.41.3 bash-completion: - (mount) add missing options (by Christian Goeschel Ndjomouo) - add lsfd (by Karel Zak) - add blkpr (by Karel Zak) - add bits to dist tarball (by Karel Zak) dmesg: - fix const qualifier warnings in parse_callerid (by Karel Zak) eject: - fix const qualifier warning in read_speed (by Karel Zak) enosys: - fix const qualifier warning in parse_block (by Karel Zak) libblkid: - fix const qualifier warning in blkid_parse_tag_string (by Karel Zak) - use snprintf() instead of sprintf() (by Karel Zak) libfdisk: - (dos) fix off-by-one in maximum last sector calculation (by Karel Zak) liblastlog2: - fix operator precedence in conditional assignments (by Karel Zak) lib, lscpu: - fix const qualifier discarded warnings in bsearch (by Karel Zak) libmount: - fix const qualifier warning in mnt_parse_mountinfo_line (by Karel Zak) - fix const qualifier warnings for C23 (by Karel Zak) logger: - fix const qualifier warnings for C23 (by Karel Zak) login-utils: - fix setpwnam() buffer use [CVE-2025-14104] (by Karel Zak) losetup: - sort 'O' correctly for the mutual-exclusive check to work (by Benno Schulenberg) lscpu: - use maximum CPU speed from DMI, avoid duplicate version string (by Karel Zak) - Add a few missing Arm CPU identifiers (by Jonathan Thackray) lsfd: - fix memory leak related to stat_error_class (by Masatake YAMATO) - (bugfix) use PRIu32 for prining lport of netlink socket (by Masatake YAMATO) - fix const qualifier warning in strnrstr (by Karel Zak) - fix const qualifier warning in new_counter_spec (by Karel Zak) - fix bsearch macro usage with glibc C23 (by Cristian Rodríguez) lsns: - fix const qualifier warnings for C23 (by Karel Zak) namei: - fix const qualifier warning in readlink_to_namei (by Karel Zak) partx: - fix const qualifier warning in get_max_partno (by Karel Zak) po: - update sr.po (from translationproject.org) (by Мирослав Николић) po-man: - merge changes (by Karel Zak) - update sr.po (from translationproject.org) (by Мирослав Николић) umount: - consider helper return status for success message (by Christian Goeschel Ndjomouo) wdctl: - remove -d option leftover (by Munehisa Kamata) whereis: - fix const qualifier warnings for C23 (by Karel Zak) Misc: - Fix memory leak in setpwnam() (by yao zhang) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2798c0adfd663013b1b5abc6b56ec71915b7eb54 Author: Adolf Belka Date: Tue Apr 7 17:10:49 2026 +0200 core202: Ship xz Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d135d565f45c2d4286137ad811b48b0a5d61d599 Author: Adolf Belka Date: Tue Apr 7 17:11:08 2026 +0200 xz: Update to version 5.8.3 - Update from version 5.8.2 to 5.8.3 - Update of rootfile - Fix for a CVE - Changelog 5.8.3 IMPORTANT: This includes a fix for CVE-2026-34743 which affects all XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x releases will be made, but the fix is in the v5.2, v5.4, and v5.6 branches in the xz Git repository. * liblzma: - Fix a buffer overflow in lzma_index_append(): If lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. The lzma_index functions are rarely used by applications directly. In the few applications that do use these functions, the combination of function calls required to trigger this bug are unlikely to exist, because there typically is no reason to append Records to a decoded lzma_index. Thus, it's likely that this bug cannot be triggered in any real-world application. The bug was reported and discovered by Cantina using their AppSec agent, Apex. - Fix the build on Windows ARM64EC. - Add "License: 0BSD" to liblzma.pc. * xz: - Fix invalid memory access in --files and --files0. All of the following must be true to trigger it: 1. A string being read (which supposedly is a filename) is at least SIZE_MAX / 2 bytes long. This size is plausible on 32-bit platforms (2 GiB - 1 B). 2. realloc(ptr, SIZE_MAX / 2 + 1) must succeed. On glibc >= 2.30 it shouldn't because the value exceeds PTRDIFF_MAX. 3. An integer overflow results in a realloc(ptr, 0) call. If it doesn't return NULL, then invalid memory access will occur. - On QNX, don't use fsync() on directories because it fails. * Autotools: Enable 32-bit x86 assembler on Hurd by default. It was already enabled in the CMake-based build. * Translations: Add Arabic man page translations. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 729cb462ce396ba1786141f79514b120eab1399a Author: Adolf Belka Date: Tue Apr 7 17:10:48 2026 +0200 core202: Ship xfsprogs Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ebdac01b564c2709b548c83732cd078d504c23f2 Author: Adolf Belka Date: Tue Apr 7 17:11:07 2026 +0200 xfsprogs: Update to version 6.19.0 - Update from version 6.18.0 to 6.19.0 - No change to rootfile - Changelog 6.19.0 xfs_io: print more realtime subvolume related information in statfs (Christoph Hellwig) xfs_io: fix fsmap help (Christoph Hellwig) mkfs: fix log sunit automatic configuration (Darrick J. Wong) mkfs: fix protofile data corruption when in/out file block sizes don't match (Darrick J. Wong) libxfs: fix data corruption bug in libxfs_file_write (Darrick J. Wong) misc: fix a few memory leaks (Darrick J. Wong) debian: Drop Uploader: Bastian Germann (Bastian Germann) mkfs.xfs fix sunit size on 512e and 4kN disks. (Lukas Herbolt) xfs_scrub_all: fix non-service-mode arguments to xfs_scrub (Darrick J. Wong) mkfs: remove unnecessary return value affectation (Damien Le Moal) xfs: use blkdev_report_zones_cached() (Damien Le Moal) include blkzoned.h in platform_defs.h (Christoph Hellwig) debian: don't explicitly reload systemd from postinst (Darrick J. Wong) xfs_mdrestore: fix restoration on filesystems with 4k sectors (Darrick J. Wong) mkfs: quiet down warning about insufficient write zones (Darrick J. Wong) xfs_logprint: print log data to the screen in host-endian order (Darrick J. Wong) mkfs: set rtstart from user-specified dblocks (Darrick J. Wong) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 608331ffce0e63937a9005ce749b31fbccb93df0 Author: Adolf Belka Date: Tue Apr 7 17:10:47 2026 +0200 core202: Ship vim Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit bf02d6a6f6e77f5d71c11dbdbce575b4dd8bb4ef Author: Adolf Belka Date: Tue Apr 7 17:11:06 2026 +0200 vim: Update to version 9.2.0305 - Update from version 9.2.0089 to 9.2.0305 - Update of rootfile - Changelog is not available. Generally each patch version number update is related to a commit entry in the git repository. The details for all the commit changes can be found at https://github.com/vim/vim/commits/master/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit cd65dae4a3f7d71c4785edc938da6fb52663882a Author: Adolf Belka Date: Tue Apr 7 17:10:46 2026 +0200 core202: Ship tzdata Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e24c8e8e155d8facde0fd5c7b58b3dfe1fa3586c Author: Adolf Belka Date: Tue Apr 7 17:11:05 2026 +0200 tzdata: Update to version 2026a - Update from version 2025c to 2026a - No change to rootfile - Changelog 2026a Briefly: Moldova has used EU transition times since 2022. The "right" TZif files are no longer installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic is no longer limited to 50 leap seconds. Several integer overflow bugs have been fixed. Changes to past and future timestamps Since 2022 Moldova has observed EU transition times, that is, it has sprung forward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00. (Thanks to Heitor David Pinto.) Changes to data Remove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for future timestamps. Changes to build procedure The Makefile no longer by default installs an alternate set of TZif files for system clocks that count leap seconds. Install with 'make REDO=posix_right' to get the old default, which is rarely used in major downstream distributions. If your system clock counts leap seconds (contrary to POSIX), it is better to install with 'make REDO=right_only'. This change does not affect the leapseconds file, which is still installed as before. The Makefile's POSIXRULES option, which was declared obsolete in release 2019b, has been removed. The Makefile's build procedure thus no longer optionally installs the obsolete posixrules file. Changes to code Compiling with the new option -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds. Although this conforms to POSIX, shrinks tzcode's attack surface, and is more efficient, it fails to support Internet RFC 9636's leap seconds. zic now can generate, and localtime.c can now use, TZif files that hold up to 256 bytes of abbreviations, counting trailing NULs. The previous limit was 50 bytes, and some tzdata TZif files were already consuming 40 bytes. zic -v warns if it generates a file that exceeds the old 50-byte limit. zic -L can now generate TZif files with more than 50 leap seconds. This helps test TZif readers not limited to 50 leap seconds, as tzcode's localtime.c is; it has little immediate need for practical timekeeping as there have been only 27 leap seconds and possibly there will be no more, due to planned changes to UTC. zic -v warns if its output exceeds the old 50-second limit. localtime.c no longer accesses the posixrules file generated by zic -p. Hence for obsolete and nonconforming settings like TZ="AST4ADT" it now typically falls back on US DST rules, rather than attempting to override this fallback with the contents of the posixrules file. This removes library support that was declared obsolete in release 2019b, and fixes some undefined behavior. (Undefined behavior reported by GitHub user Naveed8951.) The posix2time, posix2time_z, time2posix, and time2posix_z functions now set errno=EOVERFLOW and return ((time_t) -1) if the result is not representable. Formerly they had undefined behavior that could in practice result in crashing, looping indefinitely, or returning an incorrect result. As before, these functions are defined only when localtime.c is compiled with the -DSTD_INSPIRED option. Some other undefined behavior, triggered by TZif files containing outlandish but conforming UT offsets or leap second corrections, has also been fixed. (Some of these bugs reported by Naveed8951.) localtime.c no longer rejects TZif files that exactly fit in its internal structures, fixing off-by-one typos introduced in 2014g. zic no longer generates a no-op transition when simultaneous Rule and Zone changes cancel each other out. This occurs in tzdata only in Asia/Tbilisi on 1997-03-30. (Thanks to Renchunhui for a test case showing the bug.) zic no longer assumes you can fflush a read-only stream. (Problem reported by Christos Zoulas.) zic no longer generates UT offsets equal to -2**31 and localtime.c no longer accepts them, as they can cause trouble in both localtime.c and its callers. RFC 9636 prohibits such offsets. zic -p now warns that the -p option is obsolete and likely ineffective. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 7d3428bfb9836f0d74376a256799278d274310d6 Author: Adolf Belka Date: Tue Apr 7 17:11:04 2026 +0200 transmission: Update to version 4.1.1 - Update from version 4.0.5 to 4.1.1 - Update of rootfile - Removal of patches that are no longer needed as content is included in tarball. - Previously transmission had been updated to 4.0.6 but then reverted due to a bug that caused transmission to spam tracker announcements. This bug was fixed in 4.1.0 - Changelog 4.1.1 All Platforms Fixed a 4.1.0 bug that failed to report some filesystem errors to RPC clients who were querying the system's free space available. (#8258) Fixed a 4.1.0 bug that kept a a torrent's updated queue position from being shown. (#8298) Fixed a 4.1.0 bug that caused torrents' queuing order to sometimes be lost between sessions. (#8306) Fixed "assertion failed: no timezone" error on OpenSolaris. (#8358) Fixed a 4.0.0 bug that displayed the wrong mime-type icon for mp4 video files. (#8411) Hardened .torrent parsing by exiting sooner if pieces has an invalid size. (#8412) Reverted a 4.1.0 RPC change that broke some 3rd party code by returning floating-point numbers, rather than integers, for speed limit fields. (#8416) Fixed crash that could happen if a user paused a torrent and edited its tracker list at the same time. (#8478) Fixed 4.1.0 crash on arm32 by switching crc32 libraries to Mark Madler's crcany. (#8529) Require UTF-8 filenames in .torrent files, as required by the BitTorrent spec. (#8541) Fixed crash that could occur when parsing a .torrent file with a bad pieces key. (#8542) Fixed potential file descriptor leak when launching scripts on POSIX systems. (#8549) Changed the network traffic algorithm to spread bandwidth more evenly amongst peers. (#8259) Improved laggy user interface when bandwidth usage is high. (#8454) macOS Client Fixed a 4.1.0 crash that occurred if deleting a torrent's files on macOS returned a system error. (#8275) Fixed a crash in the "Rename File ..." dialog when trying to rename a torrent right when the torrent finished downloading. (#8425) Fixed 4.1.0 crash when removing a torrent that was being show in the Inspector. (#8496) Improved performance of internal Torrent lookup code. (#8505) Improved responsiveness when scrolling the torrent list with keyboard navigation. (#8323) Qt Client Fixed a 4.1.0 bug where the RPC error response arguments were not handled. (#8414) Fixed a long-standing bug that wouldn't let file:/// URIs be added from the command line. (#8448) Fixed broken icons in the torrent list on Windows. (#8456) GTK Client Fixed a 4.1.0-beta.5 assertion failure when fetching a blocklist failed on a system compiled with GLIBCXX_ASSERTIONS enabled. (#8273) Fixed a 4.1.0 bug that wouldn't let magnet links be added from the "Add URL" dialog. (#8277) Fixed a 4.1.0 bug that broke keyboard shortcuts when built with GTK3. (#8293) Fixed a crash that could happen when removing some torrents. (#8340) Fixed a 4.1.0 bug that showed the wrong encryption mode being shown in the Preferences dialog. (#8345) Fixed a 4.0.x bug that prevented a handful of strings from being marked for translation. (#8350) Fixed a 4.1.0 packaging error that prevented the Qt and GTK clients from being installed side-by-side on Arch. (#8387) Fixed a 4.1.0 bug that wouldn't let magnet links be added from the command line. (#8415) Web Client Reverted a 4.1.0 change that merged the "Remove torrent" and "Trash torrent" confirmation dialogs into a single dialog. (#8355) Fixed a 4.1.0 bug that showed a "Connection failed" popup when opening the "Open torrent" dialog while the current download directory path was invalid. (#8386) Everything Else Updated documentation. (#8245, #8526) 4.1.0 Highlights Improved µTP download performance. (#6508) Added support for IPv6 and dual-stack UDP trackers. (#6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#7481) New JSON-RPC 2.0-compliant RPC API. (#7269) Added optional sequential downloading. (#4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#7086) All Platforms Improved libtransmission code to use less CPU. (#4876, #5645, #5715, #5734, #5740, #5792, #6103, #6111, #6325, #6549, #6589, #6712, #7027, #7744, #7800) Avoid unnecessary heap memory allocations. (#5519, #5520, #5522, #5527, #5540, #5649, #5666, #5672, #5676, #5720, #5722, #5725, #5726, #5768, #5788, #5830, #6542) Slightly reduced latency when sending protocol messages to peers. (#5394) Added the option preferred_transport to settings.json, so that users can choose their preference between µTP and TCP. (#5939) Return X-Transmission-Rpc-Version header in RPC HTTP 409 response to indicate JSON-RPC support. (#7958) Added an option to verify a torrent immediately after it finishes downloading. (#4178) Feat: add stats for known peers, not just connected ones. (#4900) Added support for using a proxy server for web connections. (#5038, #7486) Added ability to cache IP addresses used in global communications, and use it to fix UDP6 warning log spam. (#5329, #5510) Updated the torrent creator's default piece size to handle very large torrents better. (#5615) Added support for sending an ipv4 parameter during the Extension Protocol handshake. (#5643) Setting "cache-size-mb": 0 in settings.json now disables the disk write cache. (#5668) Improved libtransmission code to use less CPU and RAM. (#5801) The WebUI now does separate port checks for IPv4 and IPv6. (#5953) Transmission now checks if local files exists after setting torrent location. (#5978) Added forced variant of the "Verify Local Data" context menu item to WebUI. (#5981) Improved handling of plaintext and MSE handshakes. (#6025) If a torrent contains empty (zero byte) files, create them when starting the torrent. (#6232) Added optional sequential downloading. (#6450, #6746, #6893, #7047) The Qt and GTK Client now does separate port checks for IPv4 and IPv6. (#6525) Improved DHT performance. (#6569, #6695) Added advanced sleep-per-seconds-during-verify setting to settings.json. (#6572) Improved µTP download performance. (#6586) Added support for IPv6 Local Peer Discovery. (#6700) Allow port forwarding state to automatically recover from error. (#6718) Save upload/download queue order between sessions. (#6753, #7332) Added BEP-21 downloader count to tr_tracker_view and RPC. (#6936) Make client reqq configurable. (#7030) Daemon log timestamps are now in local ISO8601 format. (#7057) Log the reason when the RPC server rejects requests. (#7114) Added peer traffic statistics to torrent-get rpc method. (#7172) Added bytesCompleted field to torrent-get rpc call. (#7173) Deprecate tcp-enabled and udp-enabled in favour of preferred_transports. (#7473) Added raw PeerID to RPC interface. (#7514) IPv4 patterns in the RPC whitelist can now match with IPv4-mapped IPv6 addresses. (#7523) torrent_get.wanted is now an array of booleans in the JSON-RPC API. (#7997) Encryption mode in settings.json and RPC are now serialized to the same set of strings. (#8032) Fixed crash in tr_peerMgrPeerStats(). (#5279) Fixed "no such file or directory" warning when adding a magnet link. (#5426) Fixed bug that caused the wrong decimal separator to be used in some locales. (#5444) Fixed bug in sending torrent metadata to peers. (#5460) Fixed filename collision edge case when renaming files. (#5563) Fixed locale errors that broke number rounding when displaying statistics, e.g. upload / download ratios. (#5587) In RPC responses, change the default sort order of torrents to match Transmission 3.00. (#5604) Improved handling of multiple connections from the same IP address. (#5619) Always use a fixed-length key query in tracker announces. This isn't required by the spec, but some trackers rely on that fixed length because it's common practice by other BitTorrent clients. (#5652) Fixed minor performance bug that caused disk writes to be made in smaller batches than intended. (#5671) Fixed potential Windows crash when getstdhandle() returns NULL. (#5675) Modified LTEP to advertise PEX support more proactively, and added an sanity check for magnet metadata exchange. (#5783) Fixed 4.0.0 bug where the port numbers in LPD announces are sometimes malformed. (#5825) Fixed a bug that prevented editing the query part of a tracker URL. (#5871) Fixed a bug where Transmission may not announce LPD on its listening interface. (#5875) Fixed a bug that prevented editing trackers on magnet links. (#5957) Fixed HTTP tracker announces and scrapes sometimes failing after adding a torrent file by HTTPS URL. (#5969) Fixed blocklist error seen on some Synology devices due to a bug in tr_sys_path_copy(). (#5974) Run peerMgrPeerStats in session thread. (#5992) In some locales, some JSON stirngs were incorrectly escaped. (#6005) If there was some disk error with torrent removal, fail with a user readable error message. (#6055) Fixed 1.60 bug where low priority torrents behaved as if they had a normal priority. (#6079) Fixed 4.0.4 regression that could cause slower downloads when upload speed limits were enabled. (#6082) Fixed 4.0.0 bug where the IP address field in UDP announces were not encoded in network byte order. [BEP-15]. (#6126) Improved parsing HTTP tracker announce response. (#6223) Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6355, #6405) Fixed error when using mbedtls crypto backend: "CTR_DRBG - The requested random buffer length is too big". (#6379) Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434) Fixed a couple of logging issues. (#6463) Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483) Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514) Fixed 4.0.0 bug where secondsDownloading and secondsSeeding will be reset when stopping the torrent. (#6844) Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846) Partial file suffixes will now be updated after torrent verification. (#6871) Limit the number of bad pieces to accept from a webseed before banning it. (#6875) Fixed a 4.0.0 bug where 2.20-3.00 torrent piece timestamps saved in the resume file aren't loaded correctly. (#6896) Fixed a bug that could discard BT messages that immediately followed a handshake. (#6913) Various bug fixes and improvements related to PEX flags. (#6917) Fixed a bug where the turtle icon is active but not effective on starting Transmission. (#6937) Fixed a bug where Transmission does not properly reconnect on handshake error. (#6950) Fixed edge cases where date done and recently-active does not get updated after torrent state change. (#6992) Fixed a 4.0.0 bug where the tracker error is not cleared when the tracker is removed from the torrent. (#7141) Fixed a bug where torrent progress is not properly updated after verifying. (#7143) Disconnect blocklisted peers immediately upon blocklist update. (#7167) New files are assigned a file mode per the process umask defined in settings.json. (#7195) Fixed 1.74 bug where resume files are not saved when shutting down Transmission. (#7216) Fixed 4.0.0 bug where the download rate of webseeds are double-counted. (#7235) Harden the HTTP tracker response parser. (#7326) Fixed an issue where the speed limits are not effective below 16KiB/s. (#7339) Added workaround for crashes related to Curl bug 10936. (#7416) Sanitize torrent filenames depending on current OS. (#3823) Added a workaround for users affected by Curl bug 6312. (#7447) When downloading in sequential mode, flush pieces to disk as soon as they're completed and pass their checksum test. This helps apps that are trying to use the data in realtime, e.g. streaming media. (#7489) Respect the min interval and interval keys from any tracker responses. (#7493) Announce port-forwarded peer port instead of local peer port on DHT. (#7511) Reject incoming BT data if they are not selected for download. (#7866) Fixed intermittent crashes on macOS and GTK app. (#7948) Fixed remote RPC bug where querying recently_active torrents missed some torrents. (#8029) Fixed a bug where the UDP sockets are not rebound after changing the bind addresses. (#8106) Fixed potential use-after-free bug when parsing torrent files on macOS. (#8146) Fixed a bug where disk IO rate is much higher than transfer rate. (#7089) Dropped jsonsl in favour of RapidJSON as our json lexer. (#6138) Easier recovery from temporarily missing data files, no longer needing to remove and re-add torrent. (#6277) Better utilize high Internet bandwidth. (#7029) Renamed setting to cache_size_mib to reflect the correct size units. (#7971) Renamed peer_socket_tos to peer_socket_diffserv. (#8004) Use a consistent unit formatting code between clients. (#5108) Raised minimum OpenSSL version to 1.1.0. (#6047) Refactor: add libtransmission::Values. (#6215) Fixed building with older versions of CMake. (#6418) Support dual stack by manually creating and binding socket on Windows platform. (#6548) Fixed building on macOS 10.14.6, 10.15.7 and 11.7. (#6590) Added torrent priority to completion script environment variables. (#6629) Dropped support for miniupnpc version below 1.7. (#6665) Default initialize sleep callback duration in tr_verify_worker. (#6789) Removed TR_ASSERT(now >= latest). (#7018) Deprecated the RPC field torrent-get.manualAnnounceTime. (#7497) Generate imported targets for MbedTLS. (#7631) Added support for libevent 2.2.1-alpha-dev. (#7765) Deprecated session_get.rpc_version and session_get.rpc_version_minimum in favour of session_get.rpc_version_semver in RPC. (#8022) macOS Client Added "Show Toolbar" toggle. (#4419) Better dark mode support. (#6101, #6959) Feat: support redirects to magnet. (#6012) Render file tree in QuickLook plugin for .torrent files. (#6091) Added an option to set Transmission as the default app for torrent files. (#6099) Support pasting multiple magnets on the same line. (#6465) Support multiple URL objects from pasteboard. (#6467) Feat: clear the badge when quitting app. (#7088) Reimplemented QuickLook previews for torrent files with Quick Look preview extension API on macOS 12+. (#7213) Use modern macOS APIs to prevent idle system sleep and add support for Low Power Mode. (#7543) Fix: apply i18n to percentage values. (#5568) Fixed "Unrecognized colorspace number -1" error message. (#6049) Fix: URL cleanup in BlocklistDownloader on macOS. (#6096) Fixed early truncation of long group names in groups list. (#6104) Use screen.visibleFrame instead of screen.frame. (#6321) Fixed dock bug that prevented resizing. (#7188) Fixed the context menu's appearance in compact mode. (#7350) Fixed missing tooltips for Group rows in Torrent Table View. (#7828) Fixed re-opening the filter bar is showing an incorrect selected filter. (#7844) Fixed Hide Status Bar/Filter Bar never changing to "Show". (#8170) Added alternating row color in QuickLook plugin. (#5216) Updated app icon for Liquid Glass. (#7736) Removing Liquid Glass icons on older Macs. (#7994) Added sort-by-ETA option. (#4169) Support localized punctuation for "Port:". (#4452) Replace mac app default BindPort with a random port. (#5102) Updated code that had been using deprecated API. (#5633) Support macOS Sonoma when building from sources. (#6016) Chore: replace deprecated NSNamePboardType with NSPasteboardTypeName. (#6107) Fixed building on macOS Mojave. (#6180) Improved macOS UI code to use less CPU. (#6452) Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523) Support finding Transmission in Spotlight with keywords "torrent" and "magnet". (#6578) Removed warning "don't cut off end". (#6890) Opt-in to secure coding explicitly. (#7020) Added Afrikaans and Greek translations. (#7477) Fixed crash when opening the messages log. (#8035) Converted TorrentTableView to view based. (#5147) Qt Client Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client) Added ETA to compact view. (#3926) Added the web client's Labels feature. (#6428) Added the ability to use a custom URL path when connecting to remote Transmission servers. (#7561) Added color-coding to progressbars to differentiate torrent states. (#7756) Fixed torrent name rendering when showing magnet links in compact view. (#5491) Fixed bug that broke the "Move torrent file to trash" setting. (#5505) Fixed poor resolution of the app icon. (#5570) Fixed compatibility issue with 4.x clients talking to Transmission 3.x servers. (#6438) Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog were not always up-to-date. (#6516) Use semi-transparent color for inactive torrents. (#6544) Correct "Queue for download" last activity. (#6872) Fixed build script bug that could cause extra instances of Transmission to launch on Windows. (#7841) Fixed a Qt API deprecation warning when building with Qt >= 6.13. (#7940) Fixed "sequence not ordered" assertion error in debug builds. (#8000) Fix: use URL base path. (#8078) Fixed spinbox translation ambiguity. (#5124) Improved Qt client's accessibility. (#6518, #6520) Fix: QT build missing an icon. (#6683) Changed Qt client CLI options parsing to accept Qt options as a separate group. (#7076) Modified the "New Torrent" dialog's piece size range to [16 KiB..256 MiB]. (#6211) Raised the minimum Qt5 version to 5.15. (#7943) GTK Client Use native file chooser dialogs (GTK client). (#6545) Improved GTK client's accessibility. (#7119) Adjust slider limits in GTK. (#7251) Fixed file list text size adjustment based on global settings. (#7096) Fixed missing 'Remove torrent' tooltip. (#5777) Fixed crash when opening torrent file from "Recently used" section in GTK 4. (#6131) Fixed 4.0.0 regression causing GTK client to hang in some cases. (#7097) Setting default behaviour for GTK dialogs to add torrent from url and add tracker. (#7102) Updated progressbar colours to match macOS and Web clients. (#5906) Added developer_name entry to the Flathub build. (#6596) Web Client Added support for adding torrents by drag-and-drop. (#5082) Added high contrast theme. (#5470) Replaced background colors with system color keywords to enable using browser's colors. CSS style adjustments esp. for label and buttons. (#5897) Added percent digits into the progress bar. (#5937) Improved WebUI responsiveness and made quality of life improvements. (#5947) Feat: Only show .torrent files in the web UI. (#6320) Added separate port checks for IPv4 and IPv6. (#6607) Added new options for web client to filter torrents by their privacy or error status. (#6977) The inspector can now be hidden by clicking. (#6863) Implemented a context menu for file list in web app making way to rename or copy name of individual file. (#7389) Added a new alert message of a problem when renaming torrent or file name. (#7394) Added accept torrent files in web. (#7683) Don't show null as a tier name in the inspector's tier list. (#5462) Fixed truncated play / pause icons. (#5771) Fixed overflow when rendering peer lists and made speed indicators honor prefers-color-scheme media queries. (#5814) Made the main menu accessible even on smaller displays. (#5827) Fixed graying out inspector. (#5893) Fixed updating magnet link after selecting same torrent again. (#6028) Added seed progress percentage to compact rows. (#6034) Fixed 4.0.0 bug where the WebUI "Set Location" dialogue does not auto fill the selected torrent's current download location. (#6334) Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6409, #6430) Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly. (#6491) Fix(web): pressing the enter key now submits dialogs. (#7036) Fixed a bug inflating per-torrent rows by long torrent names in compact view. (#7336) Fixed incorrect text entry sensitivity when sessions changed. (#7346) Fixed filtering torrents by tracker after a torrent's tracker list is edited. (#7761) Removed excessive session-set RPC calls related to WebUI preference dialogue. (#5994) Removed modifiers for keyboard shortcuts. (#5331) Improved some UI styling and spacing. (#5466) Updated WebUI progress bar and highlight colours. (#5762) Improved the filterbar for narrowed viewports. (#5828) Unified CSS shadow properties. (#5840) Updated play/pause monochrome icons. (#5868) Improved overflow menu for web client. (#5895) Added display and time in torrent detail. (#5918) Added touchscreen support in the context menu. (#5928) Updated turtle for web app. (#6940) Added waiting 1/4 seconds of typing in the search bar before executing and a new button to clear the search. (#6948) Added checkbox to delete data while removing torrents. (#7000) Fixed truncated hash in inspector page, added name section to inspector page. (#7014) Added column mode for viewport unconstrained browsers. (#7051) Updated gray color for grayed out objects. (#7248) Updated displaying number in new gigabyte per second unit. (#7279) Fixed an issue where Transmission web's custom context menu does not close when clicking on some outside element. (#7296) Implemented a new popup management system for web client to support multiple popups in a hierarchy-like system. (#7297) Updated viewport-sensitive layout and style to uniform across browsers of varying viewport. (#7328) Increased base font sizes, and progress bar size in compact view. (#5340) Use esbuild to build the web client. (#6280) Gave labels to the mainwin buttons for web client. (#6985) Daemon Added optional sequential downloading. (#7048) Added start_paused to settings and daemon. (#6728) More accurate timestamps for daemon logs. (#7009) Fixed minor memory leak. (#5695) Avoid unnecessary heap memory allocations. (#5724) Added documentation key to systemd service file. (#6781) Use Type=notify-reload in the systemd service file. (#7570) Included daemon-specific options in the generated settings.json. (#6499) Updated transmission-daemon.1 to sync with --help. (#6059) Deprecated tcp-enabled and udp-enabled in favour of preferred_transports. (#7988) transmission-remote Added support to download sequentially from a specific piece. This can enable apps to seek within media files for streaming use cases. (#6454, #7808, #7809) Implemented idle seeding limits. (#2947) transmission-remote --blocklist-update now prints blocklist size after update. (#8021) Fixed display bug that failed to show some torrent labels. (#5572) Fixed crash in printTorrentList. (#6819) Improved error logging. (#7034) Added 'months' and 'years' to ETA display for extremely slow torrents. (#5584) Added default sorting by date added when listing torrents. (#5608) Fixed layout bug that caused columns to be misaligned when transfer speed was >= 10MB. (#8019) Exposed the torrent-get.percentDone key in transmission-remote. (#7622) Deprecated --(no-)utp in transmission-remote. (#7990) Everything Else Improved libtransmission code to use less CPU. (#5651) Improved support for building with the NDK on Android. (#6024) Ran all PNG files through lossless compressors to make them smaller. (#5586) Fixed RPC spec that confused torrent-get.wanted with torrent-get.fileStats.wanted. (#6677) Updated documentation. (#5565, #5578, #5688, #5702, #5790, #5831, #6037, #6156, #6196, #6199, #6255, #6367, #6391, #6427, #6676, #6703, #6800, #6814, #7120, #7576, #7826, #7829, #7830, #7836, #7840, #8039) Updated peer-id documentation to account for post-3.00 changes. (#6083) Fixed potential build issue when compiling on macOS with gcc. (#5632) Build with -latomic on platforms that need it. (#6774) Fixed building with mbedtls 3.X. (#6822) Configuring Transmission's CMake project no longer inserts third-party submodules to CMake's user package registry. (#7648) Bumping libdeflate/small/utfcpp to newer versions. (#6709) Bumped fast-float to 6.1.1 and miniupnpc to 2.2.7 and libdeflate to 1.2.0. (#6721) Bumped miniupnpc to 2.2.8. (#6907) Apply Xcode 26.0 recommendations. (#7823) 4.0.6 All Platforms Improved parsing HTTP tracker announce response. (#6223) Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434) Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483) Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514) Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846) macOS Client Fix: Sparkle support for handling beta version updates. (#5263) Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523) Fix: Sparkle Version Comparator. (#6623) Qt Client Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. (#6516) GTK Client Fixed build when compiling with GTKMM 4. (#6393) Added developer name to metainfo files. (#6598) Added the launchable desktop-id to metainfo files. (#6779) Fixed build when compiling on BSD. (#6812) Web Client Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500) Fixed layout issue in speed display. (#6570) General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761) Daemon Fixed a couple of logging issues. (#6463) Everything Else Updated flatpak release metainfo. (#6357) Fixed libtransmission build on very old cmake versions. (#6418) UTP peer connections follow user-defined speed limits better now. (#6551) Only use a single concurrent queue for timeMachineExclude instead of one queue per torrent (#6523). (#6558) Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6563) Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6564) Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6565) Improved parsing HTTP tracker announce response. (#6567) Fixed compatibility with clang-format 18. (#6690) Fixed build when compiling with mbedtls 3.x . (#6823) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 83c98ae983c093f2acf18e82642a09db99d5dddb Author: Adolf Belka Date: Tue Apr 7 17:11:03 2026 +0200 strongswan: Update to version 6.0.5 - Update from version 6.0.4 to 6.0.5 - No change to rootfile - One CVE fix included - Changelog 6.0.5 - Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs that can lead to a resource exhaustion or a crash. This vulnerability has been registered as CVE-2026-25075. - Added support for forwarding certain ICMP errors even if their source address doesn't match the traffic selectors, when running on Linux 6.9+. - The dhcp plugin now tracks leases across make-before-break reauthentications. - charon-cmd support childless IKE SA initiation and IKEv2 PSK authentication. - The kernel-netlink plugin now doesn't default to the peer's address as next hop when installing routes if at least an interface was found. - organizationIdentifier RDNs are supported when parsing ASN.1 DN identities from strings. - Options shared by all commands in the swanctl and pki tools (e.g. --debug) are now parsed even if passed before the command. The log level is now always changed before initializing the libraries and plugins. And due to conflicts, the short options for swanctl's `--version` and `--uninstall` commands were changed to `-V` and `-U`, respectively. Similarly, the short option for pki's `--verify` command is now `-V`. - For distributions that package plugins separately a new configure option is provided to change the log message if a plugin can't be loaded. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b9f8ac240c1ee2801d25b1d088a8186b3b5023c3 Author: Adolf Belka Date: Tue Apr 7 17:10:45 2026 +0200 core202: Ship sqlite Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit caab057ff338f9b19c2245e8cff3723f9c80b84f Author: Adolf Belka Date: Tue Apr 7 17:11:02 2026 +0200 sqlite: Update to version 3510300 - Update from version 3510100 to 3510300 - Update of rootfile - Changelog 3510300 Fix the WAL-reset database corruption bug. Other minor bug fixes. 3510200 Fix an obscure deadlock in the new broken-posix-lock detection logic in item 17 above. Fix multiple problems in the EXISTS-to-JOIN optimization that was added as part of optimization item 6b above. Other minor bug fixes. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 92010ccdeef1282cdf98a5101574c281a5628dac Author: Adolf Belka Date: Tue Apr 7 17:11:01 2026 +0200 postfix: Update to version 3.11.1 - Update from version 3.10.7 to 3.11.1 - Update of rootfile - Changelog 3.11.1 Major changes - database [Incompat 20260220] The alias_maps and alias_database parameter default values have changed from hash:/path/to/aliases (or dbm:/path/to/aliases) to $default_database_type:/path/to/aliases. This simplifies the migration away from Berkeley DB. [Infrastructure 20260219] Support to migrate a Postfix configuration that uses Berkeley DB hash: or btree: tables, to a configuration that uses lmdb: or a combination of cdb: and lmdb:. This is needed for (Linux) OS distributions that have removed Berkeley DB support. See NON_BERKELEYDB_README for manual and automatic migration support. Postfix already supports CDB and LMDB for more than 10 years. It may be a good idea to do the migration before you need to upgrade to an OS distribution that no longer supports Berkeley DB. [Infrastructure 20251226] Tooling to help with the migration away from Berkeley DB. The new parameter default_cache_db_type controls the default database type for address_verify_map, postscreen_cache_map, and smtp_sasl_auth_cache_name, previously hard-coded as 'btree'. [Feature 20250321] Safety: the SQLite client now logs a warning when a query uses double quotes instead of the Postfix-recommended single quotes. Only the recommended form is protected against SQL injection. [Feature 20250509] Support to run all memcache lookup keys through an OpenSSL digest function. This prevents a database access error when lookup keys may exceed the memcache server's key length limit (usually, 250 bytes). [Feature 20250624] Support for a new "debug:" pseudo lookup table. Specify debug:maptype:mapname to encapsulate a maptype:mapname lookup table and log all access. This builds on existing but unused code to log table access. Contributed by Richard Hansen. [Infrastructure 20250626] Overhauled in-memory lookup table life-cycle management; overhauled sharing/isolation for proxied lookup tables. Major changes - deprecation [Feature 20250609] smtp_tls_enforce_peername and lmtp_tls_enforce_peername are now officially deprecated. Postfix will log a warning until the features are deleted. See DEPRECATION_README for a summary of deprecated and deleted features. [Feature 20251027] This adds 12 more deprecation warnings for parameters that have been renamed in the past, and that still provide a backwards-compatible default value for their replacement. The parameters deprecated by this change are: authorized_verp_clients, fallback_relay, lmtp_per_record_deadline, postscreen_blacklist_action, postscreen_dnsbl_ttl, postscreen_dnsbl_whitelist_threshold, postscreen_whitelist_interfaces, smtpd_client_connection_limit_exceptions, smtp_per_record_deadline, tlsproxy_client_level, tlsproxy_client_policy, virtual_maps. [Feature 20251028] Deprecate the smtp_cname_overrides_servername and lmtp_cname_overrides_servername parameters, and delete documentation that has been obsolete since Postfix 2.11. Major changes - logging [Feature 20250910] TLS feature policy status summary in delivery status logging. This shows the desired and actual TLS security level enforcement status and, if a message requests REQUIRETLS, the REQUIRETLS policy enforcement status. For a list of examples see https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status [Feature 20251216] After a delivery failure, the bounce daemon logged ": sender non-delivery notification: " only if the notification was queued successfully. The bounce daemon now always logs this, making Postfix behavior easier to understand. Visible changes for logfile analyzers: - The bounce daemon now logs ": sender non-delivery notification: " BEFORE the cleanup daemon logs activity with "". Previously, the bounce daemon logged the old<=>new queue ID connection later, which made logfile analysis more difficult. - The bounce daemon now logs a logfile record ": sender notification failed to
: " when the notification was not queued. In some cases it will log ": sender notification failed to
" (without the reason). In those cases the failure reason was already logged by lower-level code, but without the queue ID. Major changes - management tool integration [Feature 20251124] Basic JSON output support with "postconf -j|-jM|-jF|-jP", "postalias -jq|-js", "postmap -jq|-js", and "postmulti -jl". No support is planned for JSON input support. Major changes - milter support [Feature 20251208] Improved Milter error handling for messages that arrive over a long-lived SMTP connection, by changing the default milter_default_action from "tempfail" to the new "shutdown" action (i.e. disconnect the remote SMTP client). This avoids a worst-case scenario where after a single Milter error, Postfix would tempfail all messages that the client sends over a long-lived connection, even if the Milter error was only temporary. Major changes - mime support [Feature 20251104] New non_empty_end_of_header_action parameter with the cleanup(8) server action when a primary message header is terminated with a non-empty line: 1) fix_quietly: Insert an empty line before the offending text (the backwards-compatible default), 2) add_header: Insert a MIME-Error: header before inserting an empty line, or 3) reject: Log a "mime-error" and reject the message. Note that the 'empty line' separator is not used for DKIM signature checks. Therefore, adding a missing separator does not break DKIM. Major changes - mta-sts [Feature 20250906] Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS policy plugins. This introduces a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes"). The MTA-STS plugin configuration needs to enable TLSRPT support, so that it forwards STS policy attributes to Postfix. This works even if Postfix TLSRPT support is disabled at build time or at runtime. With the above two configurations, the Postfix SMTP client will connect to an MX host only if its name matches any STS policy MX host pattern, and will match a server certificate against the MX hostname. Otherwise, the old behavior stays in effect: connect to any MX host listed in DNS, and match a server certificate against any STS policy MX host pattern. This code was published first in Postfix 3.11, and later back-ported to Postfix 3.10.5. Major changes - portability [Feature 20241201] Support for the C23 built-in bool type. Older Postfix releases have been updated with a makedefs script that disables C23 built-in bool support. Major changes - postqueue [Feature 20251218] the postqueue (and mailq) command now also lists recipients in bounce logfiles (in JSON output, this uses a new object member 'bounce_reason' instead of the existing 'delay_reason'). Such recipients have already been deleted from the message queue file, but they are still pending the creation of a non-delivery status notification message that will be returned to the sender. Major changes - relocated_maps [Feature 20250608] Specify "relocated_prefix_enable = no" to disable the hard-coded prefix "5.1.6 User has moved to " that is by default prepended to all relocated_maps lookup results. This setting requires that the table contains responses with both custom enhanced status code (X.Y.Z) and text. For details, see "man 5 relocated" or https://www.postfix.org/relocated.5.html . Major changes - requiretls [Feature 20241111] Support for the REQUIRETLS verb in SMTP. This, and everything that was added later through 2025, is described in REQUIRETLS_README. [Feature 20250120] After a certificate check fails, or a remote SMTP server does not announce REQUIRETLS support, the Postfix SMTP client will override the RFC 8689 5.x.x. status and treat it as a soft error, until there are no more alternate MX servers to try. [Feature 20250827] New parameter requiretls_redact_dsn (default: yes) to redact bounce messages as described in RFC 8689 section 5, so that they don't need REQUIRETLS support on every hop in the return path. [Feature 20250827] smtp_requiretls_policy and lmtp_requiretls_policy for responsible REQUIRETLS policy enforcement. REQUIRETLS must be enforced with care, because at this time most domains do not publish DANE or MTA-STS policies, and most MTAs and content filters do not support REQUIRETLS. [Feature 20250916] support for a "Require-TLS-ESMTP: yes" header to propagate an ESMTP REQUIRETLS request through a FILTER_README or SMTPD_PROXY_README style content filter. This header is detected or added by the cleanup daemon and by the before-proxy-filter Postfix SMTP server. This feature is enabled by default with "requiretls_esmtp_header = yes". The Require-TLS-ESMTP header will be visible to local and remote recipients. This feature can safely be disabled when a configuration does not use REQUIRETLS, or does not use FILTER_README or SMTPD_PROXY_README style content filters. Major changes - smtp server [Feature 20250801] smtpd_reject_filter_maps support to selectively replace a reject response from the Postfix SMTP server, or from a program that replies through the Postfix SMTP server. Major changes - smtputf8 [Feature 20250122] New Postfix sendmail command option "-O smtputf8" to request that deliveries over SMTP use the SMTPUTF8 extension. This reuses logic that was introduced for REQUIRETLS. [Feature 20250824] When a message needs to be delivered with SMTPUTF8, but a remote server does not support it, the Postfix SMTP client may now try alternate servers instead of returning the message immediately. This reuses code that was implemented for REQUIRETLS. Major changes - tls support [Feature 20250623] This changes the Postfix SMTP client smtp_tls_security_level default value to "may" if Postfix was built with TLS support, and the compatibility_level is 3.11 or higher. There is no change to the default lmtp_tls_security_level value. It remains empty, because there is no default TLS security level that makes sense for connections over UNIX-domain and loopback TCP and non-loopback TCP sockets. There also is no equivalent change for Postfix SMTP server TLS security levels, because changing smtpd_tls_security_level is not sufficient. Server-side TLS requires that at least one private key and corresponding public-key certificate chain are configured. [Feature 20251029] Debugging: depending on OpenSSL build options, "posttls-finger -L ssl-debug" will decode TLS handshake messages. [Feature 20251102] Post-quantum cryptography support: with OpenSSL 3.5 and later, change the tls_eecdh_auto_curves default value to avoid problems with network infrastructure that mis-handles TLS hello messages larger than one (Ethernet) TCP segment. This problem is more generally known as "protocol ossification". Major changes - tlsrpt [Incompat 20250601] the default smtp_tlsrpt_skip_reused_handshakes setting was changed from "yes" to "no". The new default is enabled with compatibility level >= 3.11. 3.10.8 Major changes - tls [Forward compatibility 20250212] Support for OpenSSL 3.5 post-quantum cryptography. To manage algorithm selection, OpenSSL introduces new TLS group syntax that Postfix will not attempt to imitate. Instead, Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values to have an empty value. When both are set empty, the algorithm selection can be managed through OpenSSL configuration. For more, look for "Post-quantum" in the postconf(5) manpage. [Feature 20250117] Support for the RFC 8689 "TLS-Required: no" message header to request delivery of messages such as TLSRPT summaries even if the preferred TLS security policy cannot be enforced. This limits the Postfix SMTP client to "smtp_tls_security_level = may" which does not authenticate server certificates and which allows falling back to plaintext. Support for the REQUIRETLS SMTP service extension remains future work. [Feature 20240926] Support for the TLSRPT protocol (defined in RFC 8460). With this, a domain can publish a policy in DNS, and request daily summary reports for successful and failed SMTP-over-TLS connections to that domain's MX hosts. Postfix supports TLSRPT summaries for DANE (built-in) and MTA-STS (via an smtp_tls_policy_maps plugin). For details, see TLSRPT_README. Major changes - privacy [Feature 20250205] With "smtpd_hide_client_session = yes", the Postfix SMTP server generates a Received: header without client session info This setting may be used with the MUA submission services (port 465 and 587), but it must not be used with the MTA service (port 25). Depending on the number of recipients, a redacted Received: header has one of the following forms: Received: by mail.example.com (Postfix) id postfix-queue-id for ; Day, dd Mon yyyy hh:mm:ss tz-offset (zone) Received: by mail.example.com (Postfix) id postfix-queue-id Day, dd Mon yyyy hh:mm:ss tz-offset (zone) The redacted form hides that a message was received with SMTP, and therefore it does not need to provide the information required by RFC 5321. It only has to satisfy RFC 5322. Major changes - rfc2047 [Feature 20250105] Support for automatic RFC 2047 encoding of non-ASCII "full name" information in Postfix-generated From: message headers. Encoding non-ASCII full names can avoid the need to use SMTPUTF8, and therefore can avoid incompatibility with sites that do not support SMTPUTF8. The encoded result looks like "=?charset?Q?gibberish?=: for quoted-printable encoding, or "=?charset?B?gibberish?=" for base64 encoding. Postfix uses quoted-printable for a full name that is short or mostly ASCII, and uses base64 otherwise. Background: when a message without a From: header is submitted with the Postfix sendmail(1) command, Postfix may add a From: header and use the sender's full name specified with the Postfix sendmail(1) "-F" option, with the sendmail(1) "NAME" environment variable, or with the GECOS field in the UNIX password database. This introduces a new configuration parameter "full_name_encoding_charset" (default: utf8) which specifies the character set of the full name information in the Postfix sendmail(1) "-F" option or "NAME" environment variable, or in the GECOS field in the UNIX password database. The parameter value becomes part of the encoded full name, and informs a Mail User Agent how to display the decoded gibberish. Major changes - bugfix [Incompat 20241130] The spawn(8) daemon failed to enforce the command time limit. It was sending the SIGKILL signal using the wrong effective UID and GID. The pipe(8) daemon has always done this right. Major changes - database [Feature 20250207] When mysql: or pgsql: configuration specifies a single host, assume that it is a load balancer and reconnect immediately after a single failure, instead of failing all requests for 60s. [Feature 20250114] first/next iterator support for cdb: tables, and other cdb: table code cleanups by Michael Tokarev. [Feature 20241024] In a pgsql: client configuration, the setting "dbname" is required, but ignored when the setting "hosts" contains an URI with a database name. [Feature 20241025] The Postfix pgsql: client configuration now allows any well-formed URI prefix as a pgsql: client connection target (the PostgreSQL URI parser decides what is allowed). The dbname setting is now optional if the hosts setting specifies only URIs. Major changes - internal protocol [Incompat 20250116] Postfix needs "postfix reload" after upgrade, because of a change in the delivery agent protocol. If this step is skipped, Postfix delivery agents will log a warning: unexpected attribute smtputf8 from xxx socket (expecting: sendopts) where xxx is the delivery agent service name. Major changes - milter [Incompat 20250106] The logging of the Milter 'quarantine' action has changed. Instead of logging "milter triggers HOLD action", it logs the reason given by a Milter application, or "default_action" if a Milter application was unavailable and the milter_default_action parameter or per-Milter "default_action" property specifies "quarantine". [Feature 20250106] The Postfix Milter implementation now logs the reason for a 'quarantine' action, instead of "milter triggers HOLD action". - If the quarantine action was requested by a Milter application, Postfix will log the reason given by the application. - If the quarantine action was requested with the "milter_default_action" parameter setting or with a per-Milter "default_action" property, Postfix will log "default_action". Major changes - logging [Feature 20250106] The Postfix Milter implementation now logs the reason for a 'quarantine' action, instead of "milter triggers HOLD action". - If the quarantine action was requested by a Milter application, Postfix will log the reason given by the application. - If the quarantine action was requested with the "milter_default_action" parameter setting or with a per-Milter "default_action" property, Postfix will log "default_action". [Incompat 20250105] The SMTP server now logs the queue ID (or "NOQUEUE") when a connection ends abnormally (timeout, lost connection, or too many errors). [Feature 20250105] The SMTP server now logs the queue ID (or "NOQUEUE") when a connection ends abnormally (timeout, lost connection, or too many errors). [Incompat 20241104] The cleanup server now logs "queueid: canceled" when a message transaction is started but not completed. [Feature 20241104] The cleanup server now logs "queueid: canceled" when a message transaction is started but not completed. This provides a clear signal to logfile collation tools. [Incompat 20241031] the Dovecot SASL client logging for "Invalid authentication mechanism" now includes the name of that mechanism. [Incompat 20241023] Postfix SMTP server 'reject' logging now shows the sasl_method, sasl_username, and sasl_sender if available. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a9f44667877ea10997f70a8028ab76f4f4ed07a3 Author: Adolf Belka Date: Tue Apr 7 17:10:44 2026 +0200 core202: Ship pango Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 035f9cd3d292a54f6c0b7cc157fdada6b602326e Author: Adolf Belka Date: Tue Apr 7 17:11:00 2026 +0200 pango: Update to version 1.57.1 - Update from version 1.57.0 to 1.57.1 - Update of rootfile - Changelog 1.57.1 * Bugs fixed: - #867 Bad font substitution causes application crashes - #869 MacOS: subprojects/cairo/meson.build:1:0: ERROR: Value "gnu11,c11" (of type "string") (sid) - #870 MacOS: subprojects/pango/utils/viewer-cocoa.m:23:10: fatal error: 'cairo/cairo.h' file not found (sid) - #871 gtk4-widget-factory crashes with pango error on macOS when an emoji is entered into a text field - #876 Inconsistency between documentation and code in pango_context_set_font_description (Matthias Clasen) - #882 The hex box characters generated in PDF can not be copied - #885 warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] - !884 Revert "meson: Rework introspection handling" - !890 Update the code to support Unicode 17.0.0 - !892 Include fcfreetype.h where needed - !893 meson: Update freetype2 wrap to fix ci warnings - !894 Respect explicit language attribute when itemizing - !895 Fix some subproject woes - !896 meson: Add support for cross-compiling using Apple subsystems - !897 (break.c) pass sentences to handle_sentences - !898 add support for g_autoptr(PangoScriptIter) - !900 fontmap: Mark get_family as nullable Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a9c5a0a2224c40dcf5015c0535dc1d113f574dcf Author: Adolf Belka Date: Tue Apr 7 17:10:59 2026 +0200 nmap: Update to version 7.99 - Update from version 7.98 to 7.99 - No change to rootfile - Changelog 7.99 o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS fingerprints, as well as dozens of updated service fingerprints. o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47, liblinear 2.50, zlib 1.3.2 o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving several crashes and stability-related issues. See https://npcap.com/changelog o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel (zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be installed on any system with Python 3. [Daniel Miller] o [Ncat][Windows] Limited the number of handles inherited by subprocesses launched with -e, preventing interference between clients when -e and --keep-open are used. Reported by Nimish Verma. o [Ncat] Several fixes for regressions or longstanding failure cases in ncat-test.pl [Daniel Miller]: + [Windows] Fixed handling of socket EOF with --exec + Fixed the -i (idle timeout) option for listen mode, which was broken when adding the -q option in Ncat 7.96 + Fixed HTTP proxy server when SSL is used. + DTLS (SSL over UDP) shutdown connection on stdin EOF. o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual adapters like OpenVPN TAP adapters. [Daniel Miller] o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix for #3130 had caused Nmap to send requests too slowly. [Daniel Miller] o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in incorrect MAC addresses being reported. [Daniel Miller] o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer: "TypeError: format requires a mapping" [Daniel Miller] o [GH#2955] Fix a routing issue with -e and -S related to #2206 causing error "setup_target: failed to determine route" [Daniel Miller] o [GH#3214] Improve compatibility of build process on various platforms and add multiplatform autobuilds in Github workflow. [Jordan Ritter] o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains of a given target hostname by default. In the past, it was reporting any DNS name that included the target hostname as a substring (but not necessarily as a suffix). The old behavior can be enabled by setting script argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter] o [NSE] Function url.parse_query was not interpreting plus signs as spaces. [nnposter] o [NSE] Function url.parse was not properly parsing URLs with query strings but empty paths. [nnposter] o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were not behaving the same when the input table had a custom __pairs metamethod. Both functions now perform a raw copy, ignoring the metamethod. [nnposter] o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables with Boolean keys. [nnposter] o [NSE] IPP print queue job details were not getting populated, having a hard dependency on Apple-specific attributes. [nnposter] o [NSE][GH#3245] Functions connect and close have been removed from the IPP library, as they served no purpose. [nnposter] o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter] o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959, section 4.2. [nnposter] o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter that allows preloading the newly created buffer with data. [nnposter] o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced, including added support for IPv6 and HTTPS and more accurate processing of target responses. [nnposter] o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged port conflicts. [nnposter] o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using an off-by-one range for privileged ports and not handling potential port conflicts. [nnposter] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 85fcca5c8b6b5387f60ec4b7b60327d7f535d5b8 Author: Adolf Belka Date: Tue Apr 7 17:10:58 2026 +0200 nfs: Update to version 2.9.1 - Update from version 2.8.5 to 2.9.1 - No change to rootfile - Changelog is just a list of the commits. The details can be found in the changelog at 2.9.1 https://sourceforge.net/projects/nfs/files/nfs-utils/2.9.1/ 2.8.7 https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.7/ 2.8.6 https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.6/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d0efc9a54e1ef07cf020640328d665eae79b13f7 Author: Adolf Belka Date: Tue Apr 7 17:10:43 2026 +0200 core202: Ship ncat Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit d475761a6c8ea77ef5c46217c16fb238f5898556 Author: Adolf Belka Date: Tue Apr 7 17:10:57 2026 +0200 ncat: Update to version 7.99 - Update from version 7.98 to 7.99 - No change to rootfile - Changelog 7.99 o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS fingerprints, as well as dozens of updated service fingerprints. o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47, liblinear 2.50, zlib 1.3.2 o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving several crashes and stability-related issues. See https://npcap.com/changelog o [Zenmap][GH#3182] Zenmap is now distributed as a universal wheel (zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be installed on any system with Python 3. [Daniel Miller] o [Ncat][Windows] Limited the number of handles inherited by subprocesses launched with -e, preventing interference between clients when -e and --keep-open are used. Reported by Nimish Verma. o [Ncat] Several fixes for regressions or longstanding failure cases in ncat-test.pl [Daniel Miller]: + [Windows] Fixed handling of socket EOF with --exec + Fixed the -i (idle timeout) option for listen mode, which was broken when adding the -q option in Ncat 7.96 + Fixed HTTP proxy server when SSL is used. + DTLS (SSL over UDP) shutdown connection on stdin EOF. o [Windows][GH#2711] Nmap now supports scanning over various VPN virtual adapters like OpenVPN TAP adapters. [Daniel Miller] o [GH#3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix for #3130 had caused Nmap to send requests too slowly. [Daniel Miller] o [macOS][GH#3289] Fixed a configure-time failure in libdnet that resulted in incorrect MAC addresses being reported. [Daniel Miller] o [Zenmap][GH#3189] Fix a crash in Zenmap topology and hosts viewer: "TypeError: format requires a mapping" [Daniel Miller] o [GH#2955] Fix a routing issue with -e and -S related to #2206 causing error "setup_target: failed to determine route" [Daniel Miller] o [GH#3214] Improve compatibility of build process on various platforms and add multiplatform autobuilds in Github workflow. [Jordan Ritter] o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains of a given target hostname by default. In the past, it was reporting any DNS name that included the target hostname as a substring (but not necessarily as a suffix). The old behavior can be enabled by setting script argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter] o [NSE] Function url.parse_query was not interpreting plus signs as spaces. [nnposter] o [NSE] Function url.parse was not properly parsing URLs with query strings but empty paths. [nnposter] o [NSE][GH#3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were not behaving the same when the input table had a custom __pairs metamethod. Both functions now perform a raw copy, ignoring the metamethod. [nnposter] o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables with Boolean keys. [nnposter] o [NSE] IPP print queue job details were not getting populated, having a hard dependency on Apple-specific attributes. [nnposter] o [NSE][GH#3245] Functions connect and close have been removed from the IPP library, as they served no purpose. [nnposter] o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter] o [NSE][GH#3262] FTP banner parsing is now more closely aligned with RFC 959, section 4.2. [nnposter] o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter that allows preloading the newly created buffer with data. [nnposter] o [NSE][GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced, including added support for IPv6 and HTTPS and more accurate processing of target responses. [nnposter] o [NSE][GH#3194] RPC-based scripts were sporadically failing due to privileged port conflicts. [nnposter] o [NSE][GH#3196] Script rlogin-brute was sporadically failing due to using an off-by-one range for privileged ports and not handling potential port conflicts. [nnposter] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer