[PATCH] core202: Ship ethtool

[PATCH] core202: Ship ethtool

[Adolf Belka]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/202/filelists/ethtool | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/202/filelists/ethtool

diff --git a/config/rootfiles/core/202/filelists/ethtool b/config/rootfiles/core/202/filelists/ethtool
new file mode 120000
index 000000000..494a53e9d
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/ethtool
@@ -0,0 +1 @@
+../../../common/ethtool
\ No newline at end of file
-- 
2.54.0

[PATCH] ethtool: Update to version 7.0

[Adolf Belka]

- Update from version 6.15 to 7.0
- No change to rootfile
- Changelog
7.0
	* Feature: support MSE display (--show-mse)
	* Feature: add 2 new link_ext_state names
	* Fix: fix index calculation in ixgbe register dump (-d)
	* Fix: cmis wavelength tolerance output (-m)
	* Fix: duplicate sfpid Active Cu compliance output (-m)
6.19
	* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
	* Feature: display HW timestamp source (-T)
	* Feature: support PLCA notifications (--get/set-plca-cfg)
	* Feature: add PSE priority management support (--show/set-pse)
	* Feature: support PSE notifications (--show/set-pse)
	* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
	* Feature: support FEC bit error histograms (--show-fec)
	* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
	* Fix: fix missing headers in text output
	* Fix: fix print_string when the value is NULL (-Werror=format-security)
	* Fix: fix JSON output of SFP diagnostics
	* Fix: fix duplicated JSON keys in module info
	* Misc: clarify that symmetric RSS may be on by default (-x/-X)
	* Misc: add AppStream metainfo file to %files section

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/ethtool | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/ethtool b/lfs/ethtool
index cd5d25150..006c8ad37 100644
--- a/lfs/ethtool
+++ b/lfs/ethtool
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.15
+VER        = 7.0
 
 THISAPP    = ethtool-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2a4a71c7ea6ac047d23fa9c8265a2dce8432f4417f6006f71dc91e365b9a841b5bfd44683e3179806f38285f199ed0cb84d1ca7a3f02979b8f4045274736f9eb
+$(DL_FILE)_BLAKE2 = c2cfdb3256044dd4e331f8663a87e1b5231d45a693501bfd022c823bdbea950c93f0586e5d61e02d28f7ff87df769a68e1126123429f82899603baa69f153006
 
 install : $(TARGET)
 
-- 
2.54.0

[PATCH] lvm2: Update to version 2.03.40

[Adolf Belka]

- Update from version 2.03.39 to 2.03.40
- Update of rootfile
- Changelog
2.03.40
  Reset warned flag in dmeventd raid plugin when device fully syncs.
  Fix inverted range comparison in libdm reserved value check.
  Fix percent_check threshold stuck above 100% in dmeventd thin/vdo plugins.
  Fix cache_check_for_warns reading wrong cache mode for cachevol.
  Fix memory leak in process_each_label duplicate handling.
  Fix missing unlock_vg in vgcreate when pvcreate_each_device fails.
  Lock the origin LV when locking a COW snapshot in lvmlockd.
  Preserve bcache AIO context across lvm shell commands to avoid reinit cost.
  Fix msg.data leaks in dmeventd restart and reinstate paths.
  Fix VG lock leak on init_processing_handle failure in vgcreate.
  Fix VG lock leak on lv_remove_single failure in vgmerge.
  Fix VG lock leak on second lock_vol failure in vgimportclone.
  Fix VG lock leak on early return in pvscan.
  Fix inverted strstr check in remove_layer_from_lv layer rename.
  Fix inverted strcmp for vgchange --persist lockstart check.
  Fix argv overwriting last vdoformat option with device path.
  Fix NULL deref of sync_action in dm_get_status_raid.
  Fix recovery rate check in lvcreate when max rate is unset.
  Fix dm_strncpy off-by-one in raid split image conversion name.
  Fix missing failure return after reshape space allocation error in raid.
  Pre-create udev cookie before critical section to avoid resume failures.
  Validate area_count before subtracting parity_devs in RAID metadata import.
  Validate area_count against MAX_STRIPES to prevent integer overflow.
  Validate mda size and prevent uint64 to uint32 truncation in metadata reads.
  Extract label_check_pv_layout to validate PV label buffer structure.
  Remove redundant memset from command registration (global array is zero-init).
  Kill orphaned polling lvpoll process in lvmpolld on pvmove --abort.
  Fix pvmove mirror image bounds check off-by-one in poll completion.
  Fix dev_manager to restore track_pvmove_deps flag on error path.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/lvm2 | 2 ++
 lfs/lvm2                     | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/lvm2 b/config/rootfiles/common/lvm2
index 61da721b1..45150d859 100644
--- a/config/rootfiles/common/lvm2
+++ b/config/rootfiles/common/lvm2
@@ -23,6 +23,7 @@ usr/lib/udev/rules.d/95-dm-notify.rules
 usr/sbin/blkdeactivate
 usr/sbin/dmsetup
 usr/sbin/dmstats
+usr/sbin/dmvdostats
 usr/sbin/fsadm
 usr/sbin/lvchange
 usr/sbin/lvconvert
@@ -87,6 +88,7 @@ usr/sbin/vgsplit
 #usr/share/man/man8/blkdeactivate.8
 #usr/share/man/man8/dmsetup.8
 #usr/share/man/man8/dmstats.8
+#usr/share/man/man8/dmvdostats.8
 #usr/share/man/man8/fsadm.8
 #usr/share/man/man8/lvchange.8
 #usr/share/man/man8/lvconvert.8
diff --git a/lfs/lvm2 b/lfs/lvm2
index bc2de3904..538cb161e 100644
--- a/lfs/lvm2
+++ b/lfs/lvm2
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.03.39
+VER        = 2.03.40
 
 THISAPP    = LVM2.$(VER)
 DL_FILE    = $(THISAPP).tgz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 24dc0f3a07dbd07a808343bb35078b6fe9e0372052c5d58c1d18b525ed23621434accce891d0a9390f9b5bd790c2d67dd22280746aada409e02c7cef9d9fae1f
+$(DL_FILE)_BLAKE2 = 8879915ba959de72becceddfccd4a9f7cae14e1614cddc1b4f89ad6f784ecbca03c0d734e834f87f9f53b432aa16ac9a55c9e1c93cdf199a53166ea4c1964330
 
 install : $(TARGET)
 
-- 
2.54.0

[PATCH] openvpn: Update to version 2.7.3

[Adolf Belka]

- Update from version 2.7.1 to 2.7.3
- No change to rootfile
- 2 CVE fixes in 2.7.2. These have also been applied to 2.6.20 on the 2.6 branch
- Changelog
2.7.3
bugfixes
	in combination with --management-query-passwords, setups using --auth-user-pass
	 file or inline auth-user-pass would no longer use the configured passwords and
	 prompt on the management interface instead (OpenVPN GUI would then provide an
	 empty user/password prompt) (Github: OpenVPN/openpvn#1021).
2.7.2
Security fixes
    fix race condition in TLS handshake that could lead to leaking of packet data from
	a previous handshake under specific circumstances (CVE-2026-40215)
        (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com))
    fix server ASSERT() on receiving a suitably malformed packet with a valid
	tls-crypt-v2 key (CVE-2026-35058)
        (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com)
        and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
Bugfixes
    when using a config file with inlined username and no password, fix prompting for
	the password from management interface.
    Windows: fix DNSSEC flag handling - this got never applied due to a bad comparison
	being always false.
    Windows: fix deinstallation progress bar on adapter deletion.
New features
    management interface: permit input of very long passwords in base64-encoded
	multiline format. Signal support to management clients via
	"management version 6".
Documentation
    improve documentation and error messages related to old and new Linux DCO modules
    remove some references to pre-2.3 OpenVPN
    improve manpage for --learn-address config
User-visible Changes
    improve error messages on --verify-x509-name failures
    improve error logging when overlong username or passwords can not be written to TLS
	buffer
Long-term code maintenance
    fully support OpenSSL 4.0 now, without "deprecated API" warnings (multiple small
	changes to adapt to 3.5 -> 4.0 API changes)
    add unit tests for certificate detail printing
    add unit tests for "empty password on inline credentials" handling

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/openvpn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openvpn b/lfs/openvpn
index 80eb94032..c1d0f69b6 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.7.1
+VER        = 2.7.3
 
 THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a5f598a4f2366c3134578af6bf08750c3d4269ab036f1b49b44799174bca01dc4d79c8ddfce2b5948f186a7729cd96e428b74dda4a685bf44323aaa188739405
+$(DL_FILE)_BLAKE2 = ef569507072af64cab3d2458f3f1ec86478975c4df9a33320b3e96df63d1e8ecbec9bc1b12344c58bdd2c9c734b065100a71f1d7954f324a325f39d220b914cc
 
 install : $(TARGET)
 
-- 
2.54.0

[PATCH] rsync: Update to version 3.4.2

[Adolf Belka]

- Update from version 3.4.1 to 3.4.2
- No change to rootfile
- Changelog
3.4.2
SECURITY RELATED:
	Several security-relevant defects were reported and fixed since 3.4.1.
	None were assigned a CVE — rsync's fork-per-connection design scopes
	the impact of each of these to the attacker's own connection, which is
	equivalent to the client closing the socket itself — but they are
	fixed here as a matter of hygiene and to reduce the chances of a
	future exploitable combination.  Many thanks to the external
	researchers who reported these issues.
	- Fixed a signed integer overflow in the PROXY protocol v2 header
	  parser: a negative `len` field could bypass the size check and cause
	  a stack buffer overflow in `read_buf()`.  Reported by John Walker of
	  ZeroPath.
	- Fixed an invalid access to the files array.  Reported by Calum
	  Hutton of Rapid7.
	- Reject negative token values in the compressed-stream token
	  decoder; a negative value could cause callers to misinterpret a
	  missing data pointer as literal data.  Reported by Will Sergeant.
	- Fixed the element count passed to the xattr `qsort()` (see
	  https://www.openwall.com/lists/oss-security/2026/04/16/2).
	- Fixed a buffer underflow in `clean_fname()`, and added a regression
	  test.
	- Fixed an uninitialized `mul_one` in the AVX2 get_checksum1 path
	  (undefined behaviour), and added a SIMD-checksum self-test that
	  cross-checks SSE2, SSSE3 and AVX2 against the C reference on both
	  aligned and unaligned buffers.
	- Fixed an uninitialized `buf1` on the first call to
	  `get_checksum2()` in the MD4 path (fixes #673).
	- Zero all new memory from internal allocations: `my_alloc()` now uses
	  `calloc`, and `expand_item_list()` zeros the expanded portion after
	  `realloc`.  This gives more predictable behaviour if stale or
	  uninitialised memory is ever accidentally read.
BUG FIXES:
	- Call `tzset()` before chroot so that log timestamps continue to
	  reflect the configured local timezone after the daemon chroots
	  (glibc needs `/etc/localtime`, which is unreachable post-chroot).
	- Use the correct time when writing to the log file.
	- Do not clear `DISPLAY` unconditionally.
	- Fixed a Y2038 bug in `syscall.c` by replacing the `Int32x32To64`
	  macro (which truncates its arguments to 32 bits) with a plain
	  64-bit multiplication.
	- Fixed ACL ID mapping for non-root users (closes #618).
	- Fixed handling of objects with many xattrs on FreeBSD.
	- Fixed `--open-noatime` not taking effect when opening regular
	  files: `O_NOATIME` is now also passed to `do_open_nofollow()`, which
	  has been used for regular files since the CVE fix "fixed symlink
	  race condition in sender".
	- Ignore "directory has vanished" errors.
	- Fixed the removal of multiple leading slashes.
	- Added the missing `--dirs` long option.
	- Fixed a segfault if `poptGetContext()` returns NULL (e.g. under
	  OOM) by not passing NULL to `poptReadDefaultConfig()`.  Reported by
	  Ronnie Sahlberg; found with `malloc-fail-tester`.
	- Fixed a build error on ia64 NonStop (which treats missing
	  prototypes as an error, not a warning).
	- Fixed a flaky hardlinks test (fixes #735).
ENHANCEMENTS:
	- Added multi-threaded `zstd` compression, gated by a new
	  `--compress-threads=N` option, with validation and man-page
	  coverage.
	- Documented the `temp dir` parameter in the rsyncd.conf man page
	  (fixes #820).
	- Improved rendering of interior dashes in long-option names in
	  `md-convert` (perhaps fixes #686).
PORTABILITY / BUILD:
	- Fixed glibc 2.43 const-preserving overloads of `strtok()`,
	  `strchr()` etc. by declaring the affected locals with the right
	  constness.  Contributed by Holger Hoffstätte.
	- Converted the bundled zlib 1.2.8 from K&R-style function
	  definitions to ANSI prototypes, so it builds with clang 16+.
	- Avoid using `bool` as an identifier; it is a keyword in C23.
	- `configure.ac`: check for xattr functions in libc first and only
	  fall back to `-lattr`, avoiding spurious overlinking when `-lattr`
	  happens to be installed.  Contributed by Eli Schwartz.
	- Made the build reproducible by honouring `SOURCE_DATE_EPOCH` for
	  the manpage date.
	- Removed obsolete `popt/findme.c` and `popt/findme.h` that upstream
	  popt 1.14 folded into `popt.c` (fixes #710).  Contributed by Alan
	  Coopersmith.
INTERNAL:
	- Made many module-global variables `const` so they can live in
	  `.rodata` and enable additional compiler optimization.
DEVELOPER RELATED:
	- Replaced `runtests.sh` with `runtests.py`, a Python test runner
	  that supports `--valgrind` (with per-process log files so valgrind
	  output no longer interferes with output comparisons) and
	  `-j/--parallel` execution for roughly a 7× speed-up on typical
	  hardware.
	- Added a SIMD checksum self-test and a `clean-fname-underflow`
	  regression test.
	- Various CI fixes for macOS and Cygwin (including adding
	  `simd-checksum` to the expected-skipped lists on platforms without
	  SIMD), and tests now run on `ubuntu-latest`.
	- removed support for the unmaintained rsync-patches archive

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/rsync | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/lfs/rsync b/lfs/rsync
index 789b100bd..6053dca82 100644
--- a/lfs/rsync
+++ b/lfs/rsync
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Versatile tool for fast incremental file transfer
 
-VER        = 3.4.1
+VER        = 3.4.2
 
 THISAPP    = rsync-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = rsync
-PAK_VER    = 21
+PAK_VER    = 22
 
 DEPS       = libxxhash
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 79c1cad697547059ee241e20c26d7f97bed3ad062deb856d31a617fead333a2d9f62c7c47c1efaf70033dbc358fe547d034c35e8181abb51a1fc893557882bc7
+$(DL_FILE)_BLAKE2 = bfc8aa3dc3b75de5e81519eab6d505ebd4d05ebc79c3336ebc925486fa6267cd13a37844d0817183cec68215788bc07e4a281f716bcd0bc7d93daa995df9122c
 
 install : $(TARGET)
 
@@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
 	# Replace shebang in rsync-ssl
 	cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
-
 	cd $(DIR_APP) && ./configure \
-	--prefix=/usr \
-	--without-included-popt \
-	--without-included-zlib \
-	--enable-xxhash
-
+				--prefix=/usr \
+				--without-included-popt \
+				--without-included-zlib \
+				--enable-xxhash
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP) && make install
-
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
-- 
2.54.0