[PATCH] core199: Ship curl

[PATCH] core199: Ship curl

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/199/filelists/curl | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/199/filelists/curl

diff --git a/config/rootfiles/core/199/filelists/curl b/config/rootfiles/core/199/filelists/curl
new file mode 120000
index 000000000..4b84bef53
--- /dev/null
+++ b/config/rootfiles/core/199/filelists/curl
@@ -0,0 +1 @@
+../../../common/curl
\ No newline at end of file
-- 
2.51.2

[PATCH] core199: Ship libxcrypt

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/199/filelists/libxcrypt | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/199/filelists/libxcrypt

diff --git a/config/rootfiles/core/199/filelists/libxcrypt b/config/rootfiles/core/199/filelists/libxcrypt
new file mode 120000
index 000000000..ad93616b5
--- /dev/null
+++ b/config/rootfiles/core/199/filelists/libxcrypt
@@ -0,0 +1 @@
+../../../common/libxcrypt
\ No newline at end of file
-- 
2.51.2

[PATCH] curl: Update to version 8.17.0

[Adolf Belka]

- Update from version 8.16.0 to 8.17.0
- Update of rootfile
- Changelog
    8.17.0
	 Changes:
	    build: drop Heimdal support
	    build: drop the winbuild build system
	    krb5: drop support for Kerberos FTP
	    libssh2: up the minimum requirement to 1.9.0
	    multi: add notifications API
	    progress: expand to use 6 characters per size
	    ssl: support Apple SecTrust configurations
	    tool_getparam: add --knownhosts
	    vssh: drop support for wolfSSH
	    wcurl: import v2025.11.04
	    write-out: make %header{} able to output *all* occurrences of a header
	Bugfixes:
	    ares: fix leak in tracing
	    asyn-ares: remove wrong comment about the callback argument
	    asyn-ares: use the duped hostname pointer for all calls
	    asyn-thrdd resolver: clear timeout when done
	    asyn-thrdd: drop pthread_cancel
	    autotools: add support for libgsasl auto-detection via pkg-config
	    autotools: capitalize Rustls in the log output
	    autotools: drop detection of ancient OpenSSL libs RSAglue and rsaref
	    autotools: fix duplicate UNIX and BSD flags in buildinfo.txt
	    autotools: fix silly mistake in clang detection for buildinfo.txt
	    autotools: make --enable-code-coverage support llvm/clang
	    autotools: merge `if`s in GnuTLS/OpenSSL feature detection
	    aws-lc: re-enable large read-ahead with v1.61.0 again
	    base64: accept zero length argument to base64_encode
	    build: address some -Weverything warnings, update picky warnings
	    build: avoid overriding system open and stat symbols
	    build: avoid overriding system symbols for fopen functions
	    build: avoid overriding system symbols for socket functions
	    build: show llvm/clang in platform flags and buildinfo.txt
	    c-ares: when resolving failed, persist error
	    cf-h2-proxy: break loop on edge case
	    cf-ip-happy: mention unix domain path, not port number
	    cf-socket: always check Curl_cf_socket_peek() return code
	    cf-socket: check params and remove accept procondition
	    cf-socket: make set_local_ip void, and remove failf()
	    cf-socket: set FD_CLOEXEC on all sockets opened
	    cf-socket: tweak a memcpy() to read better
	    cf-socket: use the right byte order for ports in bindlocal
	    cfilter: unlink and discard
	    cfilters: check return code from Curl_pollset_set_out_only()
	    checksrc: allow disabling warnings on FIXME/TODO comments
	    checksrc: catch banned functions when preceded by (
	    checksrc: fix possible endless loop when detecting BANNEDFUNC
	    checksrc: fix possible endless loops in the banned function logic
	    checksrc: fix to handle ) predecing a banned function
	    checksrc: reduce directory-specific exceptions
	    CI.md: refresh
	    cmake/FindGSS: dedupe pkg-config module strings
	    cmake/FindGSS: drop wrong header check for GNU GSS
	    cmake/FindGSS: fix pkg-config fallback logic for CMake <3.16
	    cmake/FindGSS: simplify/de-dupe lib setup
	    cmake/FindGSS: whitespace/formatting
	    cmake: add and use local FindGnuTLS module
	    cmake: add CURL_CODE_COVERAGE option
	    cmake: build the "all" examples source list dynamically
	    cmake: clang detection tidy-ups
	    cmake: drop exclamation in comment looking like a name
	    cmake: fix `HAVE_GNUTLS_SRP` detection after adding local FindGnuTLS module
	    cmake: fix building docs when the base directory contains .3
	    cmake: fix Linux pre-fill `HAVE_POSIX_STRERROR_R` (when `_CURL_PREFILL=ON`)
	    cmake: fix Linux pre-fills for non-glibc (when `_CURL_PREFILL=ON`)
	    cmake: minor Heimdal flavour detection fix
	    cmake: pre-fill three more type sizes on Windows
	    cmake: say 'absolute path' in option descriptions and docs
	    cmake: support building some complicated examples, build them in CI
	    cmake: use modern alternatives for get_filename_component()
	    cmake: use more COMPILER_OPTIONS, LINK_OPTIONS / LINK_FLAGS
	    cmdline-docs: extended, clarified, refreshed
	    cmdline-opts/_PROGRESS.md: explain the suffixes
	    configure: add "-mt" for pthread support on HP-UX
	    conn: fix hostname move on connection reuse
	    conncache: prevent integer overflow in maxconnects calculation
	    connect: for CONNECT_ONLY, CURLOPT_TIMEOUT does not apply
	    connect: remove redundant condition in shutdown start
	    cookie: avoid saving a cookie file if no transfer was done
	    cookie: only count accepted cookies in Curl_cookie_add
	    cookie: remove the temporary file on (all) errors
	    cpool: make bundle->dest an array; fix UB
	    curl.h: remove incorrect comment about CURLOPT_PINNEDPUBLICKEY
	    curl_easy_getinfo: error code on NULL arg
	    curl_easy_setopt.md: add missing CURLOPT_POSTFIELDS
	    curl_mem_undef.h: limit to CURLDEBUG for non-memalloc overrides
	    curl_ngtcp2: fix `-Wunreachable-code` with H3 !verbose !unity clang
	    curl_osslq: error out properly if BIO_ADDR_rawmake() fails
	    curl_path: make sure just whitespace is illegal
	    Curl_resolv: fix comment. 'entry' argument is not optional
	    curl_slist_append.md: clarify that a NULL pointer is not acceptable
	    curl_threads: delete WinCE fallback branch
	    CURLINFO_FTP_ENTRY_PATH.md: this is for SFTP as well
	    CURLOPT_COOKIEFILE.md: clarify when the cookies are loaded
	    CURLOPT_COPYPOSTFIELDS.md: used with MQTT and RTSP as well
	    CURLOPT_HEADER/WRITEFUNCTION.md: drop '* size' since size is always 1
	    CURLOPT_MAXLIFETIME_CONN: make default 24 hours
	    CURLOPT_POSTFIELDSIZE*: these also work for MQTT and RTSP
	    CURLOPT_SERVER_RESPONSE_TIMEOUT*: add default and see-also
	    CURLOPT_SSL_VERIFYHOST.md: add see-also to two other VERIFYHOST options
	    CURLOPT_TIMECONDITION.md: works for FILE and FTP as well
	    cw-out: fix EAGAIN handling on pause
	    cw-out: unify the error handling pattern in cw_out_do_write
	    digest_sspi: fix two memory leaks in error branches
	    dist: do not distribute CI.md
	    docs/cmdline-opts: drop double quotes from GLOBBING and URL examples
	    docs/libcurl: clarify some timeout option behavior
	    docs/libcurl: remove ancient version references
	    docs/libcurl: use lowercase must
	    docs: expand on quoting rules for file names in SFTP quote
	    docs: fix/tidy code fences
	    doh: cleanup resources on error paths
	    doswin: CloseHandle the thread on shutdown
	    easy_getinfo: check magic, Curl_close safety
	    ECH.md: make OpenSSL branch clone instructions work
	    examples/chkspeed: portable printing when outputting curl_off_t values
	    examples/http2-serverpush: fix file handle leaks
	    examples/sessioninfo: cast printf string mask length to int
	    examples/sessioninfo: do not disable security
	    examples/synctime: fix null termination assumptions
	    examples/synctime: make the sscanf not overflow the local buffer
	    examples/usercertinmem: avoid stripping const
	    examples/websocket: fix use of uninitialized rlen
	    examples: call curl_global_cleanup() where missing
	    examples: check more errors, fix cleanups, scope variables
	    examples: drop unused curl/mprintf.h includes
	    examples: fix build issues in 'complicated' examples
	    examples: fix more potential resource leaks, and more
	    examples: fix two build issues surfaced with WinCE
	    examples: fix two issues found by CodeQL
	    examples: fix two more cases of stat() TOCTOU
	    examples: improve global init, error checks and returning errors
	    examples: replace casts with `curl_off_t` printf masks
	    examples: return curl_easy_perform() results
	    firefox-db2pem.sh: add macOS support, tidy-ups
	    form.md: drop reference to MANUAL
	    ftp: add extra buffer length check
	    ftp: check errors on remote ip for data connection
	    ftp: fix ftp_do_more returning with *completep unset
	    ftp: fix port number range loop for PORT commands
	    ftp: fix the 213 scanner memchr buffer limit argument
	    ftp: improve fragile check for first digit > 3
	    ftp: reduce size of some struct fields
	    ftp: remove 'newhost' and 'newport' from the ftp_conn struct
	    ftp: remove misleading comments
	    ftp: remove the retr_size_saved struct field
	    ftp: remove the state_saved struct field
	    ftp: replace strstr() in ;type= handling
	    ftp: simplify the 150/126 size scanner
	    gnutls: check conversion of peer cert chain
	    gnutls: fix re-handshake comments
	    gssapi: make channel binding conditional on GSS_C_CHANNEL_BOUND_FLAG
	    gtls: avoid potential use of uninitialized variable in trace output
	    gtls: check the return value of gnutls_pubkey_init()
	    header.md: see-also --proxy-header and vice versa
	    hmac: free memory properly on errors
	    hostip: don't store negative resolves due unrelated errors
	    hostip: fix infof() output for non-ipv6 builds using IPv6 address
	    hostip: remove leftover INT_MAX check in Curl_dnscache_prune
	    http2: check push header names by length first
	    http2: cleanup pushed newhandle on fail
	    http2: ingress handling edge cases
	    HTTP3: clarify the status for "old" OpenSSL, not current
	    http: check the return value of strdup
	    http: fix `-Wunreachable-code` in !websockets !unity builds
	    http: fix `-Wunused-variable` in !alt-svc !proxy !ws builds
	    http: handle user-defined connection headers
	    http: look for trailing 'type=' in ftp:// without strstr
	    http: make Content-Length parser more WHATWG
	    http: only accept ';' as a separator for custom headers
	    http: return error for a second Location: header
	    http_aws_sigv4: check the return value of curl_maprintf()
	    http_proxy: fix adding custom proxy headers
	    httpsrr: free old pointers when storing new
	    httpsrr: send HTTPS query to the right target
	    imap: fix custom FETCH commands to handle literal responses
	    imap: parse and use UIDVALIDITY as a number
	    imap: treat capabilities case insensitively
	    INSTALL-CMAKE.md: add manual configuration examples
	    INSTALL-CMAKE.md: document useful build targets
	    INSTALL-CMAKE.md: fix descriptions for LDAP dependency options
	    INSTALL: update the list of known operating systems
	    INTERNALS: drop Winsock 2.2 from the dependency list
	    ip-happy: do not set unnecessary timeout
	    ip-happy: prevent event-based stall on retry
	    kerberos: bump minimum to 1.3 (2003-07-08), drop legacy logic
	    kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions
	    kerberos: stop including gssapi/gssapi_generic.h
	    krb5: fix output_token allocators in the GSS debug stub (Windows)
	    krb5: return appropriate error on send failures
	    krb5_gssapi: fix memory leak on error path
	    krb5_sspi: the chlg argument is NOT optional
	    ldap: avoid null ptr deref on failure
	    ldap: do not base64 encode zero length string
	    ldap: do not pass a \n to failf()
	    ldap: tidy-up types, fix error code confusion
	    lib1514: fix return code mixup
	    lib: delete unused crypto header includes
	    lib: drop unused include and duplicate guards
	    lib: fix build error with verbose strings disabled
	    lib: remove newlines from failf() calls
	    lib: remove personal names from comments
	    lib: SSL connection reuse
	    lib: stop NULL-checking conn->passwd and ->user
	    lib: upgrade/multiplex handling
	    libcurl-multi.md: added curl_multi_get_offt mention
	    libcurl-security.md: mention long-running connections
	    libssh/libssh2: reject quote command lines with too much data
	    libssh/sftp: fix resume corruption by avoiding O_APPEND with rresume
	    libssh2/sftp: fix resume corruption by avoiding O_APPEND with rresume
	    libssh2/sftp_realpath: change state consistently
	    libssh2: avoid risking using an uninitialized local struct field
	    libssh2: bail out on chgrp and chown number parsing errors
	    libssh2: clarify that sshp->path is always at least one byte
	    libssh2: drop two redundant null-terminations
	    libssh2: error check and null-terminate in ssh_state_sftp_readdir_link()
	    libssh2: fix EAGAIN return in ssh_state_auth_agent
	    libssh2: fix return code for EAGAIN
	    libssh2: use sockindex consistently
	    libssh: acknowledge SSH_AGAIN in the SFTP state machine
	    libssh: catch a resume point larger than the size
	    libssh: clarify myssh_block2waitfor
	    libssh: drop two unused assignments
	    libssh: error on bad chgrp number
	    libssh: error on bad chown number and store the value
	    libssh: fix range parsing error handling mistake
	    libssh: make atime and mtime cap the timestamp instead of wrap
	    libssh: react on errors from ssh_scp_read
	    libssh: return out of memory correctly if aprintf fails
	    libssh: return the proper error for readdir problems
	    Makefile.example: bump default example from FTP to HTTPS
	    Makefile.example: fix option order
	    Makefile.example: make default options more likely to work
	    Makefile.example: simplify and make it configurable
	    managen: ignore version mentions < 7.66.0
	    managen: render better manpage references/links
	    managen: strict protocol check
	    managen: verify the options used in example lines
	    mbedtls: add support for 4.0.0
	    mbedtls: check result of setting ALPN
	    mbedtls: fix building with <3.6.1
	    mbedtls: fix building with sha-256 missing from PSA
	    mbedtls: handle WANT_WRITE from mbedtls_ssl_read()
	    md4: drop mbedtls implementation (not available in mbedtls v3+)
	    mdlinkcheck: reject URLs containing quotes
	    memdup0: handle edge case
	    mime: fix unpausing of readers
	    mime: fix use of fseek()
	    multi.h: add CURLMINFO_LASTENTRY
	    multi: check the return value of strdup()
	    multi_ev: remove unnecessary data check that confuses analysers
	    netrc: when the cached file is discarded, unmark it as loaded
	    nghttp3: return NGHTTP3_ERR_CALLBACK_FAILURE from recv_header
	    ngtcp2: add a comment explaining write result handling
	    ngtcp2: adopt ngtcp2_conn_get_stream_user_data if available
	    ngtcp2: check error code on connect failure
	    ngtcp2: close just-opened QUIC stream when submit_request fails
	    ngtcp2: compare idle timeout in ms to avoid overflow
	    ngtcp2: fix early return
	    ngtcp2: fix handling of blocked stream data
	    ngtcp2: fix returns when TLS verify failed
	    ngtcp2: overwrite rate-limits defaults
	    noproxy: fix the IPV6 network mask pattern match
	    NTLM: disable if DES support missing from OpenSSL or mbedTLS
	    ntlm: improved error path on bad incoming NTLM TYPE3 message
	    openldap/ldap; check for binary attribute case insensitively
	    openldap: avoid indexing the result at -1 for blank responses
	    openldap: check ber_sockbuf_add_io() return code
	    openldap: check ldap_get_option() return codes
	    openldap: do not pass newline to infof()
	    openldap: fix memory-leak in error path
	    openldap: fix memory-leak on oldap_do's exit path
	    openldap: limit max incoming size
	    openssl-quic: check results better
	    openssl-quic: handle error in SSL_get_stream_read_error_code
	    openssl-quic: ignore unexpected streams opened by server
	    openssl: better return code checks when logging cert data
	    openssl: call SSL_get_error() with proper error
	    openssl: check CURL_SSLVERSION_MAX_DEFAULT properly
	    openssl: clear retry flag on x509 error
	    openssl: combine all the x509-store flags
	    openssl: fail if more than MAX_ALLOWED_CERT_AMOUNT certs
	    openssl: fail the transfer if ossl_certchain() fails
	    openssl: fix build for v1.0.2
	    openssl: fix peer certificate leak in channel binding
	    openssl: fix resource leak in provider error path
	    openssl: fix unable do typo in failf() calls
	    openssl: free UI_METHOD on exit path
	    openssl: make the asn1_object_dump name null terminated
	    openssl: only try engine/provider if a cert file/name is provided
	    openssl: set io_need always
	    openssl: skip session resumption when verifystatus is set
	    os400: document threads handling in code.
	    OS400: fix a use-after-free/double-free case
	    osslq: set idle timeout to 0
	    pingpong: remove two old leftover debug infof() calls
	    pop3: check for CAPA responses case insensitively
	    pop3: fix CAPA response termination detection
	    pop3: function could get the ->transfer field wrong
	    pytest: skip specific tests for no-verbose builds
	    quic: fix min TLS version handling
	    quic: ignore EMSGSIZE on receive
	    quic: improve UDP GRO receives
	    quic: remove data_idle handling
	    quiche: fix possible leaks on teardown
	    quiche: fix verbose message when ip quadruple cannot be obtained.
	    quiche: handle tls fail correctly
	    quiche: when ingress processing fails, return that error code
	    rtsp: use explicit postfieldsize if specified
	    runtests: tag tests that require curl verbose strings
	    rustls: exit on error
	    rustls: fix clang-tidy warning
	    rustls: fix comment describing cr_recv()
	    rustls: limit snprintf proper in cr_keylog_log_cb()
	    rustls: make read_file_into not reject good files
	    rustls: pass the correct result to rustls_failf
	    rustls: typecast variable for safer trace output
	    rustls: use %zu for size_t in failf() format string
	    sasl: clear canceled mechanism instead of toggling it
	    schannel: assign result before using it
	    schannel: fix memory leak
	    schannel: handle Curl_conn_cf_send() errors better
	    schannel: lower the maximum allowed time to block to 7 seconds
	    schannel: properly close the certfile on error
	    schannel_verify: do not call infof with an appended \n
	    schannel_verify: fix mem-leak in Curl_verify_host
	    schannel_verify: use more human friendly error messages
	    scp/sftp: fix disconnect
	    scripts: pass -- before passing xargs
	    setopt: accept *_SSL_VERIFYHOST set to 2L
	    setopt: allow CURLOPT_DNS_CACHE_TIMEOUT set to -1
	    setopt: fix unused variable warning in minimal build
	    setopt: make CURLOPT_MAXREDIRS accept -1 (again)
	    singleuse.pl: fix string warning
	    smb: adjust buffer size checks
	    smb: transfer debugassert to real check
	    smtp: check EHLO responses case insensitively
	    smtp: fix EOB handling
	    smtp: return value ignored
	    socks: advance iobuf instead of reset
	    socks: avoid UAF risk in error path
	    socks: deny server basic-auth if not configured
	    socks: handle error in verbose trace gracefully
	    socks: handle premature close
	    socks: make Curl_blockread_all return CURLcode
	    socks: properly maintain the status of 'done'
	    socks: rewwork, cleaning up socks state handling
	    socks_gssapi: also reset buffer length after free
	    socks_gssapi: make the gss_context a local variable
	    socks_gssapi: reject too long tokens
	    socks_gssapi: remove superfluous releases of the gss_recv_token
	    socks_gssapi: remove the forced "no protection"
	    socks_gssapi: replace `gss_release_buffer()` with curl free
	    socks_sspi: bail out on too long fields
	    socks_sspi: fix memory cleanup calls
	    socks_sspi: remove the enforced mode clearing
	    socks_sspi: restore non-blocking socket on error paths
	    socks_sspi: use the correct free function
	    socksd: remove --bindonly mention, there is no such option
	    spelling: fix new finds by typos-cli 1.39.0
	    src/var: remove dead code
	    ssl-session-cache: check use on config and availability
	    ssl-sessions.md: mark option experimental
	    strerror: drop workaround for SalfordC win32 header bug
	    sws: fix checking sscanf() return value
	    sws: pass in socket reference to allow function to close it
	    tcp-nodelay.md: expand the documentation
	    telnet: ignore empty suboptions
	    telnet: make bad_option() consider NULL a bad option too
	    telnet: make printsub require another byte input
	    telnet: print DISPlay LOCation in printsub without mutating buffer
	    telnet: refuse IAC codes in content
	    telnet: return error if WSAEventSelect fails
	    telnet: return error on crazy TTYPE or XDISPLOC lengths
	    telnet: send failure logged but not returned
	    telnet: use pointer[0] for "unknown" option instead of pointer[i]
	    test1100: fix missing `<protocol>` section
	    tests/libtest/cli*: fix init/deinit, leaks, and more
	    tests/server: drop pointless memory allocation overrides
	    tests/server: drop unsafe open() override in signal handler (Windows)
	    tftp: check and act on tftp_set_timeouts() returning error
	    tftp: check for trailing ";mode=" in URL without strstr
	    tftp: default timeout per block is now 15 seconds
	    tftp: error requests for blank filenames
	    tftp: handle tftp_multi_statemach() return code
	    tftp: pin the first used address
	    tftp: propagate expired timer from tftp_state_timeout()
	    tftp: return error if it hits an illegal state
	    tftp: return error when sendto() fails
	    thread: errno on thread creation
	    tidy-up: assortment of small fixes
	    tidy-up: avoid using the reserved macro namespace
	    tidy-up: fcntl.h includes
	    tidy-up: update MS links, allow long URLs via checksrc
	    tidy-up: URLs
	    time-cond.md: refer to the singular curl_getdate man page
	    TLS: IP address verification, extend test
	    TODO: fix a typo
	    TODO: remove already implemented or bad items
	    tool: fix exponential retry delay
	    tool_cb_hdr: fix fwrite check in header callback
	    tool_cb_hdr: size is always 1
	    tool_cb_rea: use poll instead of select if available
	    tool_cfgable: remove superfluous free calls
	    tool_doswin: fix to use curl socket functions
	    tool_filetime: cap crazy file times instead of erroring
	    tool_filetime: replace cast with the fitting printf mask (Windows)
	    tool_formparse: rewrite the headers file parser
	    tool_getparam/set_rate: skip the multiplication on overflow
	    tool_getparam: always disable "lib-ids" for tracing
	    tool_getparam: make --fail and --fail-with-body override each other
	    tool_getparam: warn if provided header looks malformed
	    tool_ipfs: check the return value of curl_url_get for gwpath
	    tool_ipfs: simplify the ipfs gateway logic
	    tool_msgs: make errorf() show if --show-error
	    tool_operate: improve wording in retry message
	    tool_operate: keep failed partial download for retry auto-resume
	    tool_operate: keep the progress meter for --out-null
	    tool_operate: move the checks that skip ca cert detection
	    tool_operate: retry on HTTP response codes 522 and 524
	    tool_operate: return error on strdup() failure
	    tool_paramhlp: remove outdated comment in str2tls_max()
	    tool_parsecfg: detect and error on recursive --config use
	    tool_progress: handle possible integer overflows
	    tool_progress: make max5data() use an algorithm
	    transfer: avoid busy loop with tiny speed limit
	    transfer: fix retry for empty downloads on reuse
	    transfer: reset retry count on each request
	    unit1323: sync time types and printf masks, drop casts
	    unit1664: drop casts, expand masks to full values
	    url: make Curl_init_userdefined return void
	    urldata: FILE is not a list-only protocol
	    urldata: make 'retrycount' a single byte
	    urldata: make redirect counter 16 bit
	    vauth/digest: improve the digest parser
	    version: add GSS backend name and version
	    vquic: fix idle-timeout checks (ms<-->ns), 64-bit log & honor 0=no-timeout
	    vquic: fix recvmsg loop for max_pkts
	    vquic: handling of io improvements
	    vquic: sending non-gso packets fix for EAGAIN
	    vtls: alpn setting, check proto parameter
	    vtls: check final cfilter node in find_ssl_filter
	    vtls: drop duplicate `CURL_SHA256_DIGEST_LENGTH` definition
	    vtls: properly handle SSL shutdown timeout
	    vtls: remove call to PKCS12_PBE_add()
	    vtls: unify the error handling in ssl_cf_connect().
	    vtls_int.h: clarify data_pending
	    vtls_scache: fix race condition
	    wcurl: sync to +dev snapshot
	    windows: replace _beginthreadex() with CreateThread()
	    windows: stop passing unused, optional argument for Win9x compatibility
	    windows: use consistent format when showing error codes
	    windows: use native error code types more
	    wolfssl: check BIO read parameters
	    wolfssl: clear variable to avoid uninitialized use
	    wolfssl: fix error check in shutdown
	    wolfssl: fix resource leak in verify_pinned error paths
	    wolfssl: no double get_error() detail
	    ws: clarify an error message
	    ws: fix some edge cases
	    ws: fix type conversion check
	    ws: reject curl_ws_recv called with NULL buffer with a buflen

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/curl | 4 ++++
 lfs/curl                     | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl
index 42ad12a98..9eb01f389 100644
--- a/config/rootfiles/common/curl
+++ b/config/rootfiles/common/curl
@@ -113,6 +113,8 @@ usr/lib/libcurl.so.4.8.0
 #usr/share/man/man3/CURLMOPT_MAX_PIPELINE_LENGTH.3
 #usr/share/man/man3/CURLMOPT_MAX_TOTAL_CONNECTIONS.3
 #usr/share/man/man3/CURLMOPT_NETWORK_CHANGED.3
+#usr/share/man/man3/CURLMOPT_NOTIFYDATA.3
+#usr/share/man/man3/CURLMOPT_NOTIFYFUNCTION.3
 #usr/share/man/man3/CURLMOPT_PIPELINING.3
 #usr/share/man/man3/CURLMOPT_PIPELINING_SERVER_BL.3
 #usr/share/man/man3/CURLMOPT_PIPELINING_SITE_BL.3
@@ -490,6 +492,8 @@ usr/lib/libcurl.so.4.8.0
 #usr/share/man/man3/curl_multi_get_offt.3
 #usr/share/man/man3/curl_multi_info_read.3
 #usr/share/man/man3/curl_multi_init.3
+#usr/share/man/man3/curl_multi_notify_disable.3
+#usr/share/man/man3/curl_multi_notify_enable.3
 #usr/share/man/man3/curl_multi_perform.3
 #usr/share/man/man3/curl_multi_poll.3
 #usr/share/man/man3/curl_multi_remove_handle.3
diff --git a/lfs/curl b/lfs/curl
index e999ed3e6..33f46881a 100644
--- a/lfs/curl
+++ b/lfs/curl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.16.0
+VER        = 8.17.0
 
 THISAPP    = curl-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 573d56779481abf0b7d20225bba4f068cb726f23f69ce10076438e32cc6c16d1229c211aee05fc5e3e9cb9d78bbfdc5da0d8b73e730c0865879000eb90accf6a
+$(DL_FILE)_BLAKE2 = a7a804afe058f323b40177bcb4ffc523decde92da3da0a051f2dc1b566131250a96afe1ebf2bebc071993c893bddeef883ef33ddc0a9bee86d4e54402a546fba
 
 install : $(TARGET)
 
-- 
2.51.2

[PATCH] fetchmail: Update to version 6.6.0

[Adolf Belka]

- Update from version 6.5.7 to 6.6.0
- Fetchmail 6.5 will go out of support at the end of 2025. The 6.6 releases added a
   feature compatibly so there is no reason to support an additional branch.
- No change in rootfile
- Changelog
    6.6.0
      FEATURE:
	* SMTP TLS and STARTTLS support. By default, this works opportunistically,
	  attempting to set up a TLS connection to the smtphost if it understands EHLO
	  and offers STARTTLS, but will not enforce peer certificate validity for
	  compatibility, esp. because "localhost" (the default SMTP host) usually
	  isn't listed in the X.509 certificates.
	    Behavior can be tweaked by adding /notls (cleartext connection), /tls
	  (TLS-wrapped connection, negotiating TLS before conversing otherwise),
	  or /starttls (requiring EHLO to offer STARTTLS, requesting the latter and
	  requiring the server certificate to validate) to the SMTP host's name.
	    Also, you can add /tlsproto=... where ... accepts the same parameters
	  as the --sslproto option, which see.
	  Ports, if not specified, default to 25 for opportunistic and /notls modes,
	  465 for /tls and 587 for /starttls, but can be overridden either by giving,
	  say /25 or /smtp for /starttls.
      TRANSLATIONS were updated by these fine people (randomized order):
	* it:    Luca Vercelli [Italian]
	* pl:    Jakub Bogusz [Polish]
	* fr:    Frédéric Marchal [French]
	* sv:    Göran Uddeborg [Swedish]
	* sq:    Besnik Bleta [Albanian]
	* ro:    Remus-Gabriel Chelu [Romanian]
	* ja:    Takeshi Hamasaki [Japanese]
	* de:    Matthias Andree [German]
	* cs:    Petr Pisar [Czech]
	* eo:    Keith Bowes [Esperanto]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/fetchmail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/fetchmail b/lfs/fetchmail
index 32195ac02..d88907db0 100644
--- a/lfs/fetchmail
+++ b/lfs/fetchmail
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Full-Featured POP and IMAP Mail Retrieval Daemon
 
-VER        = 6.5.7
+VER        = 6.6.0
 
 THISAPP    = fetchmail-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = fetchmail
-PAK_VER    = 23
+PAK_VER    = 24
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2b1f0538cd288b2a8f96fb1ea0b19153f21fad64961c4a5238c3f61b249d5780660a6a5f589f31acad18fd16637bfcadf1f93406593c99dbbdf0821a3738c0d6
+$(DL_FILE)_BLAKE2 = bf308bfd1769b7092585d3af32aaef91206b315d87bd81794c9f04b65980e3cadd6a6c7ff1f5fd2c7ada0620dccecb14c3022224e17c5d075ea21e391408bdb8
 
 install : $(TARGET)
 
-- 
2.51.2

[PATCH] harfbuzz: Update to version 12.2.0

[Adolf Belka]

- Update from version 12.1.0 to 12.2.0
- Update of rootfile
- Changelog
    12.2.0
	- While Windows platform contain the matching of the ChainContext rules to
	  within the syllable for those features that are applied per syllable (in
	  Indic-like and USE shapers), in 2015 we decided that in HarfBuzz we would
	  allow the backtrack / lookahead parts of the rule to match across syllables.
	  However, our implementation had a latent bug, causing the backtrack sequence
	  to be matched within syllable most of the time, and inconsistently so. As
	  such, and after empirical testing, we have decided to match the Windows
	  implementation for this, so now both backtrack and lookahead sequences are
	  contained to within the syllable, just like DirectWrite does.
	- Disable legacy `kern` table for most shapers, enabling it only for default,
	  Arabic, Hangul, and Hebrew shapers.
	- When dropping `STAT` table during subsetting, drop also named IDs that are
	  referenced only by it.
	- Don’t apply synthetic slant to glyph origin, fixing horizontal shift in
	  slanted glyphs.
	- Various build and fuzzing fixes.
	- Documentation fixes.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/harfbuzz | 8 ++++----
 lfs/harfbuzz                     | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz
index b58d64035..279348c85 100644
--- a/config/rootfiles/common/harfbuzz
+++ b/config/rootfiles/common/harfbuzz
@@ -47,16 +47,16 @@ usr/include/harfbuzz/hb-script-list.h
 #usr/lib/cmake/harfbuzz/harfbuzz-config.cmake
 #usr/lib/libharfbuzz-cairo.so
 usr/lib/libharfbuzz-cairo.so.0
-usr/lib/libharfbuzz-cairo.so.0.61210.0
+usr/lib/libharfbuzz-cairo.so.0.61220.0
 #usr/lib/libharfbuzz-gobject.so
 usr/lib/libharfbuzz-gobject.so.0
-usr/lib/libharfbuzz-gobject.so.0.61210.0
+usr/lib/libharfbuzz-gobject.so.0.61220.0
 #usr/lib/libharfbuzz-subset.so
 usr/lib/libharfbuzz-subset.so.0
-usr/lib/libharfbuzz-subset.so.0.61210.0
+usr/lib/libharfbuzz-subset.so.0.61220.0
 #usr/lib/libharfbuzz.so
 usr/lib/libharfbuzz.so.0
-usr/lib/libharfbuzz.so.0.61210.0
+usr/lib/libharfbuzz.so.0.61220.0
 #usr/lib/pkgconfig/harfbuzz-cairo.pc
 #usr/lib/pkgconfig/harfbuzz-gobject.pc
 #usr/lib/pkgconfig/harfbuzz-subset.pc
diff --git a/lfs/harfbuzz b/lfs/harfbuzz
index 8aa54359c..1f9d96bf6 100644
--- a/lfs/harfbuzz
+++ b/lfs/harfbuzz
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 12.1.0
+VER        = 12.2.0
 
 THISAPP    = harfbuzz-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 126fd2f5028a2b99652dfca2948b43bf83f6ff498e067d561adbd686b24b4b496153cb6acc8ede412bd0ac407e08422fb40b0224206a7c45736969c10b62cfaa
+$(DL_FILE)_BLAKE2 = 011ce54ee0f312dbe6fff600ff986309c3ca8935f79dc8e7aa4fa29c61a364b62b097eba1bfafdcb337475a86bd50ea75ad2eb9315c7f188069e7c5370b53434
 
 install : $(TARGET)
 
-- 
2.51.2

[PATCH] hwdata: Update to version 0.401

[Adolf Belka]

- Update from version 0.400 to 0.401
- No change to rootfile
- Changelog
    0.401
	Update usb and vendor ids

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/hwdata | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/hwdata b/lfs/hwdata
index 4f19edccf..a116db268 100644
--- a/lfs/hwdata
+++ b/lfs/hwdata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.400
+VER        = 0.401
 
 THISAPP    = hwdata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 40adc56864974dc68fd407980b3a071d2715d3aac80ec8812ad955bbd5462cef92a7dc4bf156c4e8da0395b53da29430db815f522cc8fcef1098cd33540828e5
+$(DL_FILE)_BLAKE2 = 6bc46ef5d8d87431ff05d29b3afe818b251b7f8a2270684e4d42b3d5ca6237a197bdafa7578df59b0b7cd5c9b740e8962e0ef09c87e08e1f8de565a94afc4df9
 
 install : $(TARGET)
 
-- 
2.51.2

[PATCH] libxcrypt: Update to version 4.5.1

[Adolf Belka]

- Update from version 4.4.38 to 4.5.1
- No change to rootfile
- Changelog
    4.5.1
	* Do not include undefined symbols in version-script. (issue #181, #213).
	* Fix build with clang-20+ on macOS (issue #216).
    4.5.0
	* Implement the sm3crypt ($sm3$) hashing algorithm (issue #188).
	* Implement the sm3-yescrypt ($sm3y$) hashing algorithm (issue #206).
	* Fix the implementation of the crypt(3) functions and the crypt_gensalt(3)
	  functions to not overwrite the output buffer too early. (issue #209).
	* Fix the strcpy_or_abort() function to call abort() in -DNDEBUG builds.
	* Add some more testcases.
	* Several fixes for issues found by Coverity.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/libxcrypt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/libxcrypt b/lfs/libxcrypt
index 2f40385ca..6fdf996bf 100644
--- a/lfs/libxcrypt
+++ b/lfs/libxcrypt
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.4.38
+VER        = 4.5.1
 
 THISAPP    = libxcrypt-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 42d594fe36f61a1b5343d9fda22541b09373fe74c587537db8203f9c92120b6c73edef2e1b3d7febda14ae979845405b5fdaeb31dd2b89eedc423b0924ea7cff
+$(DL_FILE)_BLAKE2 = d21b2ed29b8fdc1ca99e64651e984c859a988064d1ca7e9c87e1c808b451307c56400dd802112bbe732c71f6468b55db5847cc5e4184771baf44f9c5cad0d1dc
 
 install : $(TARGET)
 
-- 
2.51.2