[PATCH] alsa: Update to version 1.2.15.3

[PATCH] alsa: Update to version 1.2.15.3

[Adolf Belka]

- Update from version 1.2.15.1 to 1.2.15.3
- Update of rootfile
- Changelog
    1.2.15.3
	alsa-lib
		Sequencer API
		    seq: return back old snd_seq_drain_output behaviour for -EAGAIN
	alsa-ucm-conf
		Configuration
		    HDA-analog: Fix the phantom jack detection if block
		    HDA-analog: Use phantom jacks to determine the device for single
			output
		    HDA-analog: Add output when only 'Master Playback' control exists
		    sof-hda-dsp: remove some debug lines
		    sof-hda-dsp: Headphone output is optional
		    ucm2: HDA: Fix headphone detection
		    USB-Audio: Add volume controls to Behringer UMCx0xHD direct profiles
		    USB-Audio: Fix UR22C firmware version condition
		    USB-Audio: Add support for UR24C firmware version channel differences
    1.2.15.2
	alsa-lib
		Use Case Manager API
		    ucm: add some traces for the config filenames
		Makefile.am
		    Makefile: remove dist-hook and remove tar option 'follow symlinks'
		Error handler
		    error: fix the "return old snd_lib_error_set_handler() behaviour"
		    error: fix indendation in snd_lib_log_filter()
		    error: return old snd_lib_error_set_handler() behaviour
	alsa-utils
		ALSA Control (alsactl)
		    alsactl: fix sequence to clean card specific config files for UCM
		    alsactl: add missing call to clean card specific config files
		alsaloop
		    alsaloop: only log xrun debug messages when verbose
		aplay/arecord
		    aplay: add support for G.711 A_LAW enconding in AU file format
	alsa-ucm-conf
		Configuration
		    common: remove direct.conf and direct-verb.conf files
		    USB-Audio: update to use new DirectUseCase macro
		    common: introduce DirectUseCase macro
		    USB-Audio: Scarlett 18i20 gen4 - improve channel detection
		    USB-Audio: Add conditional channel count on Scarlett 18i20 version
		    USB-Audio: Steinberg UR22C - fix regex
		    ucm2: HDA: Create microphone devices optionally
		    ucm2: HDA: Headphone output may be optional
		    ucm2: sof-soundwire: cs42l45: Remove outdated DisableSequence
			elements
		    ucm2: sof-soundwire: cs42l43: Remove outdated DisableSequence
			elements

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/alsa |  3 +--
 lfs/alsa                       | 16 ++++++++--------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/config/rootfiles/packages/alsa b/config/rootfiles/packages/alsa
index fba276cd8..ba270bd47 100644
--- a/config/rootfiles/packages/alsa
+++ b/config/rootfiles/packages/alsa
@@ -1014,8 +1014,7 @@ usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/init.conf
 #usr/share/alsa/ucm2/common/ctl
 usr/share/alsa/ucm2/common/ctl/led.conf
 usr/share/alsa/ucm2/common/ctl/remap.conf
-usr/share/alsa/ucm2/common/direct-verb.conf
-usr/share/alsa/ucm2/common/direct.conf
+usr/share/alsa/ucm2/common/directm.conf
 usr/share/alsa/ucm2/common/linked-card.conf
 usr/share/alsa/ucm2/common/linked.conf
 #usr/share/alsa/ucm2/common/pcm
diff --git a/lfs/alsa b/lfs/alsa
index beed09dcb..32cfd8081 100644
--- a/lfs/alsa
+++ b/lfs/alsa
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,16 +26,16 @@ include Config
 
 SUMMARY    = Advanced Linux Sound Architecture
 
-VER        = 1.2.15.1
-UVER       = 1.2.15.1
-CVER       = 1.2.15.1
+VER        = 1.2.15.3
+UVER       = 1.2.15.2
+CVER       = 1.2.15.3
 
 THISAPP    = alsa-lib-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 PROG       = alsa
-PAK_VER    = 25
+PAK_VER    = 26
 
 DEPS       =
 
@@ -54,9 +54,9 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 alsa-utils-$(UVER).tar.bz2 = $(DL_FROM)/alsa-utils-$(UVER).tar.bz2
 alsa-ucm-conf-$(CVER).tar.bz2 = $(DL_FROM)/alsa-ucm-conf-$(CVER).tar.bz2
 
-$(DL_FILE)_BLAKE2 = 96910ecadafdf5bd12d98c765598f06f7dda94cdfb554e972663b77dc19646700962d6984a228a652f0fb3339e8dc44565d3695aa06971e084f5b951793679e1
-alsa-utils-$(UVER).tar.bz2_BLAKE2 = e3bd56822ec092f96386be3f8ae6772ced899884dfdef2341700be877a4822a3168d55a5aa9ba269e8e1b9fc61ae33a027abfa2e1c4f7fc68e0d8ce8780d3586
-alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = c8c0ef9872f6c2bb69f2a43585a7833663e0f559dc51a5f2c0d361f6dd8fad2d6180dfdebbd4c63f094216570f6109097d1f788bf90b75149ca42871d493ef1d
+$(DL_FILE)_BLAKE2 = 13c21ad3686ed5a8dfa48e8fa8e1b6f3f9a138aeaef2ba778838a8c6f9cbe209a5ece0d9953e2dcdd1e5b90ce50409e77b9485010689adfe4aed176cb8774c0e
+alsa-utils-$(UVER).tar.bz2_BLAKE2 = 0688e668241917027b5dd161ebe3ea4ab6f8fede612e148dee74e033ab09f9557c7610a6b506d2507402cca7007a031b85c8c0cb9af80652ae9f3cc5ea157973
+alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = 7b563fa4685988bf509f4accdab1146b49a807eae8d4ebff3d634c1086c70130930a0e09e08af0be0996dd56d4fdbd58e9d7daa37f762106fa493198589ceac4
 
 install : $(TARGET)
 
-- 
2.52.0

[PATCH] core200: Ship curl

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/200/filelists/curl | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/200/filelists/curl

diff --git a/config/rootfiles/core/200/filelists/curl b/config/rootfiles/core/200/filelists/curl
new file mode 120000
index 000000000..4b84bef53
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/curl
@@ -0,0 +1 @@
+../../../common/curl
\ No newline at end of file
-- 
2.52.0

[PATCH] core200: Ship libcap-ng

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/200/filelists/libcap-ng | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/200/filelists/libcap-ng

diff --git a/config/rootfiles/core/200/filelists/libcap-ng b/config/rootfiles/core/200/filelists/libcap-ng
new file mode 120000
index 000000000..f58b21141
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/libcap-ng
@@ -0,0 +1 @@
+../../../common/libcap-ng
\ No newline at end of file
-- 
2.52.0

[PATCH] core200: Ship libjpeg

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/200/filelists/libjpeg | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/200/filelists/libjpeg

diff --git a/config/rootfiles/core/200/filelists/libjpeg b/config/rootfiles/core/200/filelists/libjpeg
new file mode 120000
index 000000000..3b1a782fb
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/libjpeg
@@ -0,0 +1 @@
+../../../common/libjpeg
\ No newline at end of file
-- 
2.52.0

[PATCH] curl: Update to version 8.18.0

[Adolf Belka]

- Update from version 8.17.0 to 8.18.0
- No change to rootfile
- Changelog
    8.18.0
	Changes:
	    build: drop support for VS2008 (Windows)
	    build: drop Windows CE / CeGCC support
	    gnutls: drop support for GnuTLS < 3.6.5
	    gnutls: implement CURLOPT_CAINFO_BLOB
	    openssl: bump minimum OpenSSL version to 3.0.0
	Bugfixes:
	    _PROGRESS.md: add the E unit, mention kibibyte
	    alt-svc: more flexibility on same destination
	    altsvc: accept ma/persist per alternative entry
	    altsvc: make it one malloc instead of three per entry
	    AmigaOS: increase minimum stack size for tool_main
	    apple sectrust: fix ancient evaluation
	    apple-sectrust: always ask when `native_ca_store` is in use
	    asyn-ares: handle Curl_dnscache_mk_entry() OOM error
	    asyn-ares: remove hostname free on OOM
	    asyn-thrdd: fix Curl_async_getaddrinfo() on systems without getaddrinfo
	    asyn-thrdd: release rrname if ares_init_options fails
	    auth: always treat Curl_auth_ntlm_get() returning NULL as OOM
	    autotools: add nettle library detection via pkg-config (for GnuTLS)
	    autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr)
	    autotools: fix LargeFile feature display on Windows (after prev patch)
	    autotools: tidy-up `if` expressions
	    badwords: add fist -> first, fix fallouts
	    badwords: catch and fix threading-related words
	    badwords: fix issues found in scripts and other files
	    badwords: fix issues found in tests
	    build: add build-level `CURL_DISABLE_TYPECHECK` options
	    build: exclude clang prereleases from compiler warning options
	    build: replace `-pedantic` with `-Wpedantic` when supported
	    build: set `-Wno-format-signedness`
	    build: tidy-up MSVC CRT warning suppression macros
	    ccsidcurl: make curl_mime_data_ccsid() use the converted size
	    cf-h1-proxy: support folded headers in CONNECT responses
	    cf-https-connect: allocate ctx at first in cf_hc_create()
	    cf-socket: drop feature check for `IPV6_V6ONLY` on Windows
	    cf-socket: enable Win10 `TCP_KEEP*` options with old SDKs
	    cf-socket: limit use of `TCP_KEEP*` to Windows 10.0.16299+ at runtime
	    cf-socket: return OOM error if socket() fails due to OOM
	    cf-socket: trace ignored errors
	    cfilters: make conn_forget_socket a private libssh function
	    checksrc.pl: detect assign followed by more than one space
	    cmake: adjust defaults for target platforms not supporting shared libs
	    cmake: define dependencies as `IMPORTED` interface targets
	    cmake: delete unused file `CMake/CMakeConfigurableFile.in`
	    cmake: disable `CURL_CA_PATH` auto-detection if `USE_APPLE_SECTRUST=ON`
	    cmake: fix `ws2_32` reference in `curl-config.cmake`
	    cmake: honor `CURL_DISABLE_INSTALL` and `CURL_ENABLE_EXPORT_TARGET`
	    cmake: replace deprecated `OPENSSL_FOUND` with `OpenSSL_FOUND`
	    cmake: replace deprecated `PERL_FOUND` with `Perl_FOUND`
	    cmake: save and restore `CMAKE_MODULE_PATH` in `curl-config.cmake`
	    cmake: set found status to OFF when not found (for compression deps)
	    code: minor indent fixes before closing braces
	    CODE_STYLE.md: sync banned function list with checksrc.pl
	    compressed.md: might generate a huge amount of bytes
	    config-win32.h: delete obsolete, non-Windows comments
	    config-win32.h: drop unused/obsolete `CURL_HAS_OPENLDAP_LDAPSDK`
	    config2setopts: add space in cookie header with multiple -b
	    config2setopts: bail out if curl_url_get() returns OOM
	    config2setopts: exit if curl_url_set() fails on OOM
	    configure: delete unused variable
	    conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64
	    conncontrol: reuse handling
	    connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition'
	    connection: attached transfer count
	    content_encoding: avoid strcpy
	    cookie. return proper error on OOM
	    cookie: allocate the main struct once cookie is fine
	    cookie: flush better
	    cookie: only keep and use the canonical cleaned up path
	    cookie: propagate errors better, cleanup the internal API
	    cookie: return error on OOM
	    cookie: when parsing a cookie header, delay all allocations until okay
	    cshutdn: acknowledge FD_SETSIZE for shutdown descriptors
	    curl: fix progress meter in parallel mode
	    curl_fopen: do not pass invalid mode flags to `open()` on Windows
	    curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer
	    curl_ntlm_core: fix DES_* symbols for some wolfSSL builds
	    curl_quiche: refuse headers with CR, LF or null bytes
	    curl_sasl: if redirected, require permission to use bearer
	    curl_sasl: make Curl_sasl_decode_mech compare case insensitively
	    curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS`
	    curl_setup.h: drop stray `#undef stat` (Windows)
	    curl_setup.h: drop superfluous parenthesis from `Curl_safefree` macro
	    curl_threads: don't do another malloc if the first fails
	    curl_trc: delete unused DoH remains
	    CURLINFO: remove 'get' and 'get the' from each short desc
	    CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer"
	    CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text
	    CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use
	    CURLOPT_ACCEPT_ENCODING.md: warn about the expansion
	    CURLOPT_FOLLOWLOCATION.md: s/Authentication:/Authorization:/
	    CURLOPT_HAPROXY_CLIENT_IP.md: emphasize reused connection use
	    CURLOPT_READFUNCTION.md: clarify the size of the buffer
	    CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
	    curlx/fopen: replace open CRT functions their with `_s` counterparts
		(Windows)
	    curlx/multibyte: stop setting macros for non-Windows
	    curlx/strerr: use `strerror_s()` on Windows
	    curlx: add `curlx_rename()`, fix to support long filenames on Windows
	    curlx: curlx_strcopy() instead of strcpy()
	    curlx: limit use of system allocators to the minimum possible
	    curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows)
	    curlx: replace `sprintf` with `snprintf`
	    curlx: use curl alloc in `curlx_win32_stat()` (Windows)
	    curlx: use curlx allocators in non-memdebug builds (Windows)
	    DEPRECATE: add CMake <3.18 deprecation for April 2026
	    digest: fix OWS and escaped quote handling
	    digest_sspi: fix a memory leak on error path
	    digest_sspi: properly free sspi identity
	    DISTROS.md: add OpenBSD
	    DISTROS: fix a Mageia URL
	    DISTROS: remove broken URLs for buildroot
	    doc: some returned in-memory data may not be altered
	    Dockerfile: update debian:bookworm-slim digest to e899040
	    docs/libcurl: fix C formatting nits
	    docs: add a note about --compressed to note about binary output
	    docs: clarify how to do unix domain sockets with SOCKS proxy
	    docs: fix checksrc `EQUALSPACE` warnings
	    docs: fix time_posttransfer output unit as seconds
	    docs: mention umask need when curl creates files
	    docs: remove dead URLs
	    docs: rename CURLcode variables to 'result'
	    docs: spell it Rustls with a capital R
	    docs: switch more URLs to https://
	    docs: use .example URLs for proxies
	    docs: use mresult as variable name for CURLMcode
	    escape: add a length check in curl_easy_escape
	    example: fix formatting nits
	    examples/crawler: fix variable
	    examples/multi-uv: fix invalid req->data access
	    examples/threaded-ssl: delete in favor of `examples/threaded`
	    examples/threaded: fix race condition
	    examples: fix minor typo
	    examples: make functions/data static where missing
	    examples: tidy-up headers and includes
	    examples: use 64-bit `fstat` on Windows
	    FAQ/TODO/KNOWN_BUGS: convert to markdown
	    FAQ: fix hackerone URL
	    file: do not pass invalid mode flags to `open()` on upload (Windows)
	    formdata: validate callback is non-NULL before use
	    ftp: make EPRT connections non-blocking
	    ftp: refactor a piece of code by merging the repeated part
	    ftp: remove #ifdef for define that is always defined
	    ftp: return better on OOM in two places
	    ftp: return from ftp_state_use_port immediately on OOM
	    getenv: drop internal 1-to-1 wrapper
	    getinfo: improve perf in debug mode
	    gnutls: add PROFILE_MEDIUM as default
	    gnutls: report accurate error when TLS-SRP is not built-in
	    gtls: add return checks and optimize the code
	    gtls: Call keylog_close in cleanup
	    gtls: skip session resumption when verifystatus is set
	    h2/h3: handle methods with spaces
	    headers: add length argument to Curl_headers_push()
	    hostcheck: fail wildcard match if host starts with a dot
	    hostip.h: drop redundant `setjmp.h` include
	    hostip: don't store negative lookup on OOM
	    hostip: make more functions return CURLcode
	    hostip: only store negative response for CURLE_COULDNT_RESOLVE_HOST
	    hsts: propagate and error out correctly on OOM
	    hsts: use one malloc instead of two per entry
	    http: acknowledge OOM errors from Curl_input_ntlm
	    http: avoid two strdup()s and do minor simplifications
	    http: error on OOM when creating range header
	    http: fix OOM exit in Curl_http_follow
	    http: handle oom error from Curl_input_digest()
	    http: replace atoi use in Curl_http_follow with curlx_str_number
	    http: return OOM errors from hsts properly
	    http: the :authority header should never contain user+password
	    http: unfold response headers earlier
	    idn: avoid allocations and wcslen on Windows
	    idn: clarify null-termination on Windows
	    idn: fix memory leak in `win32_ascii_to_idn()`
	    idn: use curlx allocators on Windows
	    imap: check buffer length before accessing it
	    imap: make sure Curl_pgrsSetDownloadSize() does not overflow
	    inet_ntop: avoid the strlen()
	    INSTALL-CMAKE.md: document static option defaults more
	    krb5: fix detecting channel binding feature
	    krb5_sspi: unify a part of error handling
	    ldap: call ldap_init() before setting the options
	    ldap: drop PP logic for old, unsupported, Windows SDKs
	    ldap: improve detection of Apple LDAP
	    ldap: provide version for "legacy" ldap as well
	    lib/sendf.h: forward declare two structs
	    lib: cleanup for some typos about spaces and code style
	    lib: create unitprotos.h in the builddir, not srcdir
	    lib: drop unused or duplicate `curlx/timeval.h` includes
	    lib: drop unused protocol headers
	    lib: eliminate size_t casts
	    lib: error for OOM when extracting URL query
	    lib: fix formatting nits (part 2)
	    lib: fix formatting nits (part 3)
	    lib: fix formatting nits
	    lib: fix gssapi.h include on IBMi
	    lib: name the main CURLMcode variable 'mresult'
	    lib: refactor the type of funcs which have useless return and checks
	    lib: replace `_tcsncpy`/`wcsncpy`/`wcscpy` with `_s` counterparts (Windows)
	    lib: timer stats improvements
	    lib: use `SOCKET_WRITABLE()`/`SOCKET_READABLE()` where possible
	    libssh2: add paths to error messages for quote commands
	    libssh2: cleanup ssh_force_knownhost_key_type
	    libssh2: consider strdup() failures OOM and return correctly
	    libssh2: replace atoi() in ssh_force_knownhost_key_type
	    libssh: fix state machine loop to progress as it should
	    libssh: properly free sftp_attributes
	    libssh: require private key or user-agent for public key auth
	    libssh: set both knownhosts options to the same file
	    libtests: replace `atoi()` with `curlx_str_number()`
	    limit-rate: add example using --limit-rate and --max-time together
	    localtime: detect thread-safe alternatives and use them
	    m4/sectrust: fix test(1) operator
	    manage: expand the 'libcurl support required' message
	    mbedTLS: cleanup insecure/deprecated code
	    mbedtls: fix potential use of uninitialized `nread`
	    mbedtls: sync format across log messages
	    mbedtls_threadlock: avoid calloc, use array
	    mdlinkcheck: ignore IP numbers, allow '@' in raw URLs
	    mdlinkcheck: only look for markdown links in markdown files
	    memdebug: add mutex for thread safety
	    memdebug: fix realloc logging
	    mk-ca-bundle.md: the file format docs URL is permaredirected
	    mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option
	    mk-ca-bundle.pl: use `open()` with argument list to replace backticks
	    mqtt: reject overly big messages
	    mqtt: return error when a too large packet is decoded
	    multi: make max_total_* members size_t
	    multi: remove MSTATE_TUNNELING
	    multi: simplify admin handle processing
	    multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds
	    ngtcp2+openssl: fix leak of session
	    ngtcp2: remove the unused Curl_conn_is_ngtcp2 function
	    ngtcp2: retune window sizes
	    noproxy: fix build on systems without IPv6
	    noproxy: fix ipv6 handling
	    noproxy: replace atoi with curlx_str_number
	    openssl: exit properly on OOM when getting certchain
	    openssl: fix a potential memory leak of bio_out
	    openssl: fix a potential memory leak of params.cert
	    openssl: fix building against no-dsa openssl
	    openssl: fix building against no-ocsp openssl with Apple SecTrust
	    openssl: no verify failf message unless strict
	    openssl: release ssl_session if sess_reuse_cb fails
	    openssl: remove code handling default version
	    openssl: simplify `HAVE_KEYLOG_CALLBACK` guard
	    openssl: stop checking for `OPENSSL_NO_SHA*` macros
	    openssl: stop checking for `OPENSSL_NO_TLSEXT` macro
	    openssl: toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
	    OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs
	    OS400/makefile.sh: fix shellcheck warning SC2038
	    os400sys: replace `strcpy()` with `memcpy()`
	    osslq: code readability
	    progress: make it one column narrower
	    progress: narrower time display, multiple fixes
	    progress: show fewer digits
	    projects/README.md: Markdown fixes
	    pytest fixes and improvements
	    pytest: add tests using sshd
	    pytest: disable two H3 earlydata tests for all platforms (was: macOS)
	    pytest: do not ignore server issues
	    pytest: enable OCSP test 17_08 for LibreSSL
	    pytest: fix and improve reliability
	    pytest: improve stragglers
	    pytest: quiche flakiness
	    pytest: skip H2 tests if feature missing from curl
	    quiche: use client writer
	    ratelimit blocking: fix busy loop
	    ratelimit: redesign
	    rtmp: fix double-free on URL parse errors
	    rtmp: precaution for a potential integer truncation
	    rtmp: stop redefining `setsockopt` system symbol on Windows
	    runner.pm: run memanalyzer as a Perl module
	    runtests: add options to set minimum number of tests, use them
	    runtests: detect bad libssh differently for test 1459
	    runtests: drop Python 2 support remains
	    runtests: enable torture testing with threaded resolver
	    runtests: improve XML prolog check, enable `-w` permanently, fix two tests
	    runtests: make memanalyzer a Perl module (for 1.1-2x speed-up per test run)
	    rustls: fix a potential memory issue
	    rustls: minor adjustment of sizeof()
	    rustls: simplify init err path
	    rustls: verify that verifier_builder is not NULL
	    schannel: cap the maximum allowed size for loading cert
	    schannel: fix memory leak of cert_store_path on four error paths
	    schannel: replace atoi() with curlx_str_number()
	    schannel: use Win8 `CERT_NAME_SEARCH_ALL_NAMES_FLAG` with old SDKs
	    schannel_verify: fix a memory leak of cert_context
	    scripts: fix shellcheck SC2046 warnings
	    scripts: use end-of-options marker in `find -exec` commands
	    setopt: disable CURLOPT_HAPROXY_CLIENT_IP on NULL
	    setopt: when setting bad protocols, don't store them
	    sftp: fix range downloads in both SSH backends
	    slist: constify Curl_slist_append_nodup() string argument
	    smb: fix a size check to be overflow safe
	    socketpair: drop redundant `_WIN32` branch and include
	    socks_sspi: use free() not FreeContextBuffer()
	    source: misc typos
	    speedcheck: do not trigger low speed cancel on transfers with
		CURL_READFUNC_PAUSE
	    speedlimit: also reset on send unpausing
	    src: drop redundant definition of `BIT()`
	    src: fix formatting nits
	    ssh: tracing and better pollset handling
	    sspi: fix memory leaks on error paths in `Curl_create_sspi_identity()`
	    sws: fix binding to unix socket on Windows
	    synctime: tidy up, make it work on all platforms
	    telnet: abort on bad suboption sequence
	    telnet: replace atoi for BINARY handling with curlx_str_number
	    TEST-SUITE.md: correct the man page's path
	    test07_22: fix flakiness
	    test1475: consistently use %CR in headers
	    test1498: disable 'HTTP PUT from stdin' test on Windows
	    test2045: replace HTML multi-line comment markup with `#` comments
	    test318: tweak the name a little
	    test3207: enable memdebug for this test again
	    test363: delete stray character (typo) from a section tag
	    test568: fix codespell, catch it next time early in CI
	    test568: remove what looks like an email and a URL
	    test787: fix possible typo `&` -> `%` in curl option
	    test96: fix to accept non-unity memdump content with MSVC
	    tests/data: move `--libcurl` output to external data files
	    tests/data: replace hard-coded test numbers with `%TESTNUMBER`
	    tests/data: support using native newlines on disk, drop `.gitattributes`
	    tests/server: do not fall back to original data file in `test2fopen()`
	    tests/server: fix initialization on Windows Vista+
	    tests/server: replace `atoi()` and `atol()` with `curlx_str_number()`
	    tests: add `%AMP` macro, use it in two tests
	    tests: add a standard log line for alloc failures
	    tests: allow 2500-2503 to use ~2MB malloc
	    tests: drop redundant parenthesis from two macro expressions
	    tests: fix formatting nits
	    tests: rename CURLMcode variables to mresult
	    tftp: release filename if conn_get_remote_addr fails
	    tftpd: fix/tidy up `open()` mode flags
	    tidy-up: avoid `(())`, clang-format fixes and more
	    tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()`
	    tidy-up: URLs (cont.) and mdlinkcheck
	    tidy-up: URLs
	    TODO: remove a mandriva.com reference
	    tool: consider (some) curl_easy_setopt errors fatal
	    tool: log when loading .curlrc in verbose mode
	    tool_cfgable: free ssl-sessions at exit
	    tool_doswin: clear pointer when thread takes ownership
	    tool_doswin: increase allowable length of path sanitizer
	    tool_doswin: remove the max length check
	    tool_getparam: simplify the --rate parser
	    tool_getparam: use memdup0() instead of malloc + copy
	    tool_getparam: verify that a file exists for some options
	    tool_help: add checks to avoid unsigned wrap around
	    tool_ipfs: check return codes better
	    tool_msgs: make voutf() use stack instead of heap
	    tool_operate: exit on curl_share_setopt errors
	    tool_operate: fix a case of ignoring return code in operate()
	    tool_operate: fix case of ignoring return code in single_transfer
	    tool_operate: remove redundant condition
	    tool_operate: return error for OOM in append2query
	    tool_operate: use curlx_str_number instead of atoi
	    tool_paramhlp: refuse --proto remove all protocols
	    tool_paramhlp: remove a malloc+free from proto2num()
	    tool_paramhlp: simplify number parsing
	    tool_progress: fix large time outputs and decimal size display
	    tool_urlglob: acknowledge OOM in peek_ipv6
	    tool_urlglob: clean up used memory on errors better
	    tool_urlglob: constify an argument
	    tool_urlglob: fix propagating OOM error from `sanitize_file_name()`
	    tool_urlglob: support globs as long as config line lengths
	    tool_writeout: bail out proper on OOM
	    url: fix return code for OOM in parse_proxy()
	    url: if curl_url_get() fails due to OOM, error out properly
	    url: if OOM in parse_proxy() return error
	    url: return error at once when OOM in netrc handling
	    urlapi: fix mem-leaks in curl_url_get error paths
	    urlapi: handle OOM properly when setting URL
	    urlapi: return OOM correctly from parse_hostname_login()
	    verify-release: update to avoid shellcheck warning SC2034
	    vquic-tls/gnutls: call Curl_gtls_verifyserver unconditionally
	    vquic: do not pass invalid mode flags to `open()` (Windows)
	    vquic: do_sendmsg full init
	    vquic: ignore 0-length UDP packets
	    vquic: initialize new callback in nghttp3 1.14.0+
	    vtls: drop unused `use_alpn` from `ssl_connect_data` struct
	    vtls: fix CURLOPT_CAPATH use
	    vtls: handle possible malicious certs_num from peer
	    vtls: pinned key check
	    VULN-DISCLOSURE-POLICY.md: CRLF in data
	    wcurl: import v2025.11.09
	    wcurl: import v2026.01.05
	    windows: assume `USE_WIN32_LARGE_FILES`
	    windows: fix `CreateFile()` calls to support long filenames
	    windows: use `_strdup()` instead of `strdup()` where missing
	    wolfSSL: able to differentiate between IP and DNS in alt names
	    wolfssl: avoid NULL dereference in OOM situation
	    wolfssl: fix a potential memory leak of session
	    wolfssl: fix cipher list, skip 5.8.4 regression
	    wolfssl: fix possible assert with `!HAVE_NO_EX` wolfSSL builds
	    wolfssl: proof use of wolfSSL_i2d_SSL_SESSION
	    wolfssl: simplify wssl_send_earlydata
	    ws: replace a cast by matching the format string
	    x509asn1: drop unused `hostcheck.h`, `vtls_int.h` includes

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/curl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/curl b/lfs/curl
index 33f46881a..eda7cfec1 100644
--- a/lfs/curl
+++ b/lfs/curl
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.17.0
+VER        = 8.18.0
 
 THISAPP    = curl-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a7a804afe058f323b40177bcb4ffc523decde92da3da0a051f2dc1b566131250a96afe1ebf2bebc071993c893bddeef883ef33ddc0a9bee86d4e54402a546fba
+$(DL_FILE)_BLAKE2 = 16e1539616c1800dfa08a5bd3e38ff75d2906a4a574b1541509c69200aebe680b0a5efdf1b1e0c89f3cccb6001bfe1c1459b9fd815053c964e1a1434be1e2e0e
 
 install : $(TARGET)
 
-- 
2.52.0

[PATCH] hwdata: Update to version 0.403

[Adolf Belka]

- Update from version 0.402 to 0.403
- No change to rootfile
    0.403
	Update usb and vendor ids

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/hwdata | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/hwdata b/lfs/hwdata
index cc156e12a..6b717fd2b 100644
--- a/lfs/hwdata
+++ b/lfs/hwdata
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.402
+VER        = 0.403
 
 THISAPP    = hwdata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 8bc0da3c79dde751fd45b41c7a4c1859b0959fabeeaadd9e12a003c2c5a34f32e00e5536b0f515675347bcf34467a465fafb1ac7b8df7bdd9efac863643ed8da
+$(DL_FILE)_BLAKE2 = fbcfdd99418c0bdbdc0c0b1de08e6a39676863fadb9f44315bdd835e2bb84db90ae5e81409ff5dbbc6133d5719cc17fe563cccd39cb0e4ecd44215df1c45638b
 
 install : $(TARGET)
 
-- 
2.52.0

[PATCH] libarchive: Update to version 3.8.5

[Adolf Belka]

- Update from version 3.8.3 to 3.8.5
- Update of rootfile
- Changelog
    3.8.5
	Notable bugxies:
	    bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix (#2809)
	    various small bugfixes in code and documentation
    3.8.4
	Notable bugxies:
	    bsdtar: Fix zero-length pattern issue (#2787)
	    lib: Fix regression introduced in libarchive 3.8.2 when walking enterable
		but unreadable directories (#2797)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/libarchive | 2 +-
 lfs/libarchive                     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index a28fad9e7..71451dc17 100644
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@
 #usr/lib/libarchive.la
 #usr/lib/libarchive.so
 usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.8.3
+usr/lib/libarchive.so.13.8.5
 #usr/lib/pkgconfig/libarchive.pc
 #usr/share/man/man1/bsdcat.1
 #usr/share/man/man1/bsdcpio.1
diff --git a/lfs/libarchive b/lfs/libarchive
index ebce89565..7738984a3 100644
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.3
+VER        = 3.8.5
 
 THISAPP    = libarchive-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 5be5f0e98f7582e2a34a43dd9217644defbd69532474fc07b3ac46ba7820c19dbd28cd691c1c798aed02643bbe68781cecd564127781c9b49323b9b54cebb32c
+$(DL_FILE)_BLAKE2 = d0fa6a49209a06240240cf578f95138eb72eebdc7179d034fdd9efc2e49820e34e9da41aa46cd11be2c2d46c380c8cc7e830d41271a6f3a7d9c39df138098cab
 
 install : $(TARGET)
 
-- 
2.52.0

[PATCH] libcap-ng: Update to version 0.9

[Adolf Belka]

- Update from version 0.8.5 to 0.9
- No change to rootfile
- Changelog
    0.9
	This release contains a significant new utility, cap-audit. Its purpose is to
	 audit the use of capabilities of a target program. When the program ends or
	 Ctl-c stops it, a report is generated about what was used. This can then be
	 used to lower capabilities instead of running as root.
	Other changes in the release include:
	    Fix python path when invoking py-compile (Jan Palus)
	    Drop python2 bindings (Rudi Heitbaum)
	    Optimize capability name translation lookups

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/libcap-ng | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lfs/libcap-ng b/lfs/libcap-ng
index 8bd5ba6fb..29c85ab72 100644
--- a/lfs/libcap-ng
+++ b/lfs/libcap-ng
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.8.5
+VER        = 0.9
 
 THISAPP    = libcap-ng-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = ce0fc4ebceaa66d6f888f8b752e501bed7513d45231425054340016a6215ce52f0cd81b3a4a54c7c9ec0b623965002d66316c6c37844f0bd132b186ff7c6a41f
+$(DL_FILE)_BLAKE2 = 3aa85dafbed89696f9611ef277faeeb1efad40bb4c9891837b1574d435eeece1ba522711a19a13ebe98e387c749e28ce5cb381e17a4f051eb61fcdddf25eface
 
 install : $(TARGET)
 
@@ -70,10 +70,10 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./autogen.sh
 	cd $(DIR_APP) && ./configure \
-		--prefix=/usr \
-		--disable-static
-
+				--prefix=/usr \
+				--disable-static
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	@rm -rf $(DIR_APP)
-- 
2.52.0

[PATCH] libjpeg: Update to version 3.1.3

[Adolf Belka]

- Update from version 3.1.1 to 3.1.3
- No change to rootfile
- Changelog
    3.1.3
      Significant changes relative to 3.1.2:
	1. Hardened the TurboJPEG API against hypothetical applications that may
	erroneously call `tj*Compress*()` or `tj*Transform()` with a reused JPEG
	destination buffer pointer while specifying a destination buffer size of 0.
	2. Hardened the TurboJPEG API against hypothetical applications that may
	erroneously set `TJPARAM_LOSSLESS` or `TJPARAM_COLORSPACE` prior to calling
	`tj3EncodeYUV*8()` or `tj3CompressFromYUV*8()`.  `tj3EncodeYUV*8()` and
	`tj3CompressFromYUV*8()` now ignore `TJPARAM_LOSSLESS` and
	`TJPARAM_COLORSPACE`.
	3. Hardened the TurboJPEG Java API against hypothetical applications that may
	erroneously pass huge X or Y offsets to one of the compression, YUV encoding,
	decompression, or YUV decoding methods, leading to signed integer overflow in
	the JNI wrapper's buffer size checks that rendered those checks ineffective.
	4. Fixed an issue in the TurboJPEG Java API whereby
	`TJCompressor.getSourceBuf()` sometimes returned the buffer from a previous
	invocation of `TJCompressor.loadSourceImage()` if the target data precision was
	changed before the most recent invocation.
	5. Fixed an issue in the PPM reader that caused incorrect pixels to be
	generated when using `tj3LoadImage*()` or `TJCompressor.loadSourceImage()` to
	load a PBMPLUS (PPM/PGM) file into a CMYK buffer with a different data
	precision than that of the file.
    3.1.2
      Significant changes relative to 3.1.1:
	1. Fixed a regression introduced by 3.1 beta1[5] that caused a segfault in
	TJBench if `-copy` or `-c` was passed as the last command-line argument.
	2. The build system now uses wrappers rather than CMake object libraries to
	compile source files for multiple data precisions.  This improves code
	readability and facilitates adapting the libjpeg-turbo source code to non-CMake
	build systems.
	3. Fixed an issue whereby decompressing a 4:2:0 or 4:2:2 JPEG image with merged
	upsampling disabled/one-pass color quantization enabled, then reusing the same
	API instance to decompress a 4:2:0 or 4:2:2 JPEG image with merged upsampling
	enabled/color quantization disabled, caused `jpeg_skip_scanlines()` to use
	freed memory.  In practice, the freed memory was not reclaimed before it was
	used.  Thus, this issue did not cause a segfault or other user-visible errant
	behavior (it was only detectable with ASan), and it did not likely pose a
	security risk.
	4. The AArch64 (Arm 64-bit) Neon SIMD extensions and accelerated Huffman codec
	now support the Arm64EC ABI on Windows, which allows Windows/x64 applications
	to call native Arm64 functions when running under the Windows/x64 emulator on
	Windows/Arm.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/libjpeg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/libjpeg b/lfs/libjpeg
index a2fbea304..da4c04536 100644
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.1.1
+VER        = 3.1.3
 
 THISAPP    = libjpeg-turbo-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 813781b1c91ed132b2d1b6e3d7834673e202765362cc9e77a6e7d4a92e89c0192312405ae8197e1c306ad3c89e23cd6dc5e418bb9f3570f110014ab79f717401
+$(DL_FILE)_BLAKE2 = 3c675aa56b3474ca8a27f355d14dd7411d90471564c5916884e87818b7165e73a6c6b416dc2800e31c10dd1390ae88353e81d80eceb2e22c00b6a81ac5cf3d65
 
 install : $(TARGET)
 
-- 
2.52.0