[git.ipfire.org] IPFire 2.x development tree branch, core192, created. 2112342dd3ccaf6008c742dddd4ca26b17c5651d

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, core192 has been created at 2112342dd3ccaf6008c742dddd4ca26b17c5651d (commit)

- Log ----------------------------------------------------------------- commit 2112342dd3ccaf6008c742dddd4ca26b17c5651d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 19 15:13:42 2025 +0000

core192: Ship OpenSSH

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Feb 19 14:30:43 2025 +0100

openssh: Update to version 9.9p2

- Update from version 9.9p1 to 9.9p2 - Update of rootfile not required - Changelog 9.9p2 Security * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. Bugfixes * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 09dd8d7085448ea01637c9cd14d7a8b63e9036d0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 12 16:25:45 2025 +0100

openssl: update to 3.4.1

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 77a942d735713f3117f967f9995c0e7ca6d68d14 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Feb 11 10:15:44 2025 +0100

core192: ship libyang

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9ad59410624beaccef5c75bcca4e1d4ddb0be98b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Feb 11 08:49:51 2025 +0100

backup.cgi: allow iso backup only on x86_64

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit a19e6bce428394ff596599b943a6bdf13f4e81f4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Feb 10 08:24:17 2025 +0100

samba: bump package

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ffdf4462fc2d9984a5ce9df7f84f504448bdf189 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Feb 8 21:07:39 2025 +0100

initskripts: remove symlinks for removed addons

imspector and motion was removed years ago. removed the leftover initskript symlinks.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4a991cd92943bb673b003aa475400a62f5a4804a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Feb 8 20:25:33 2025 +0100

core192: remove cups symlinks

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 89c366f3557f2b6e9ab99a93d2f33980cdd566c6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Feb 8 20:25:15 2025 +0100

kernel: update to 6.12.13

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6fb6199bb71f3fd8ecff4ff688bba3612acd35e7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 5 17:29:54 2025 +0100

samba: remove perl-JSON from deps

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1000035ea4f1c4ca1518878ce730e2e9f045bc5f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 5 15:32:34 2025 +0100

core192: remove dropped packages

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 041adb61486a06517ece8323668b6ebb199f2825 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 5 06:53:38 2025 +0100

ovmf: add open virtual machine firmware

this is needed for booting kvm machines in uEFI mode. Currently we unpack the firmware from the debain binary package. Maybee later we wuill compile self, but currently the needed compilers are missing in the IPFire build environment.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 43df1bce368a1bd3f176cce06ef227e4444eb44d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Feb 2 15:19:32 2025 +0100

kernel: update to 6.12.12

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit debac0e634bac4f6a0db970067ec85b9071c6f9a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 17:50:57 2025 +0100

collectd: cleanup iptables-filter-HOSTILE and HOSTILE_DROP

this chains are splittet to seperate IN and OUT chains so this files are also useless.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8c60e0425a9b2474b8f403888cfaaaa06b2e6c1a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 13:49:16 2025 +0100

collectd: add processes* to cleanup list

The processes graph was removed some month ago but it was not correct cleaned. I asume because the updater has cleaned the ramdisk but not the persistant copy.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7909dc2194718f7f929261cd33fba06f145fd856 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 12:52:51 2025 +0100

collectd: another fix at converting rrd databases

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 23772010b193df17abfd5d250a8a7da165256475 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 10:25:43 2025 +0100

kernel: update riscv64 rootfile

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ebceac121adffbf8b8690101e4a50e3f4c1566e5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 10:23:10 2025 +0100

collectd: add more changes to the converter

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7ba01388d488ea2cefe704b31d14acf43648bfb8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 30 10:18:01 2025 +0100

collectd: add some devices to the ignore list

disks: cdroms, tape, loop and ram cooling-devices: 0-7 was already disabled but there are more possible

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2b892c6863960fd35034fb2bee6c1fd69372b587 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jan 27 19:08:04 2025 +0100

core192: ship system.cgi

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 26997d4f9309d9f4409cfa9624ba7d49c27266f8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jan 27 14:11:42 2025 +0100

core192: fix another typo

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit bad1dc36abed9d2a623e34d4e3add7080f53eb40 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 17:33:33 2025 +0100

core192: fix typo and add verbose output to rm for collectd data

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8d0df657b53e9f9930827278bf22a3892e47e456 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 11:41:54 2025 +0100

core192: fix some collectd convertion issues

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit cd2e22704336c533c188b8418f2f48c99513a466 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 11:22:44 2025 +0100

system.cgi: update cpufreq graph

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4d7c9a860f5e3e98b0289097d15c25a40e52de86 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 11:21:47 2025 +0100

graphs.pl: update cpufreq and themalzone graph

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6ca4e2f29feb17401815aac2fb046e4354c1def2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 09:39:05 2025 +0100

toolchain: bump version

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit e556984600411ec7953efefddff5b60666103be9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:27:31 2025 +0100

core192: ship protobuf

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6311a62c229ca08ee72687da341658ba4006a4b7 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:08 2025 +0100

protobuf: Update to version 29.3

- Update from version 28.3 to 29.3 - Update of rootfile - Changelog 29.3 Announcements Protobuf News may include additional announcements or pre-announcements for upcoming changes. C++ Fix cmake installation location of java and go features (#19773) (1dc5842) Other Add .bazeliskrc for protobuf repo to tell bazelisk to use 7.1.2 by default. (#19884) (9a5d2c3) Update artifact actions to v4 (#19703) (8e7e6b0) 29.2 Announcements Protobuf News may include additional announcements or pre-announcements for upcoming changes. C++ Automated rollback of commit 23aada2. (#19692) (1772657) Remove unused / invalid C++ lazy repeated field code from OSS. (#19682) (3649f87) Java Automated rollback of commit 23aada2. (#19692) (1772657) Other Export environment variables so bazelisk picks them up (#19690) (8b9d76c) Pin staleness check to Bazel 7 (#19689) (a1c9b6a) Remove CMake downgrade workaround from Windows CI tests (#19630) (3a7bb4a) 29.1 Announcements Protobuf News may include additional announcements or pre-announcements for upcoming changes. Java Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44) Kotlin Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44) Python Revert "Remove deprecated service.py usages from test". For 29.x only (#19434) (5864b50) 29.0 Announcements Protobuf News may include additional announcements or pre-announcements for upcoming changes. Bazel Add missing line to docstring after Args (#19213) (6f310d5) Fix proto_info_bzl (#18918) (083de5f) Use rules_cc everywhere in protobuf (ddadd0b) Upgrade rules_cc to 0.0.13 (3dd4835) Convert proto toolchain string to Label (aa181e2) Prepare supporting targets for testing (a748b10) Support --incompatible_enable_proto_toolchain_resolution (372ddb3) Move ProtoInfo and ProtoLangToolchainInfo from Bazel (426ca8a) Move java_{lite_}proto_library from Bazel repository (d77bdac) Move proto_toolchain from rules_proto to protobuf (9f9cb7a) Move proto_library from Bazel repository (3ff2cf0) Move proto_common implementation from Bazel binary (b19fbe6) Compiler Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for tooling purposes. (07e489d) Update protoc release to include editions language features proto for Go (#19013) (63d966b) Introduce lifetimes for individual feature values. (0b6e768) Windows - Fix handling of utf8 command line arguments (#17854) (b9d1800) Limit feature deprecation warnings to reduce noise. (5cd9a46) C++ Fix C++ ifndef_guard printer to also convert "-" to "_". (7331b77) Fix C++ codegen namespace printer to print closing namespaces in reverse order. (3bf9c40) Fix raw_ptr.cc on exotic architectures (#18193) (63f6262) Fix cord handling in DynamicMessage and oneofs. (9e8b30c) Fix packed reflection handling bug in edition 2023. (4c92328) Add JsonStreamToMessage method (0259cc3) Introduce lifetimes for individual feature values. (0b6e768) Insert software prefetches into merge functions. This improves performance when hardware prefetchers are disabled on AMD machines. (d993365) Insert software prefetches into proto parsing functions. This improves performance when hardware prefetchers are disabled on AMD platforms. (8aa0add) Add prefetching of subsequent extensions in ExtensionSet::ForEach. (9b019ee) Remove the AnyMetadata class and use free functions instead. (920d5c3) Add [[deprecated]] attribute when generating enums and classes. (23aada2) Use linear search instead of binary search in flat mode of ExtensionSet. (0ed61f0) Prepare MessageLite::GetTypeName to be upgraded to return (30a8ef5) Limit feature deprecation warnings to reduce noise. (5cd9a46) Add Compiler Condition to use inline assembly optimizations with ARM64 for Compatibility with MSVC (#17671) (c5f6231) Enable small object optimization (SOO) for RepeatedField in order to reduce data indirections. (e2525e6) Return backing array memory to arena in ExtensionSet. (5ac8ee1) In edition 2024, Enum_Name(value) functions return absl::string_view by default. (e3fa6aa) Add Prefetchers to Proto Copy Construct to help address load misses (cdb7238) Reduced nesting in GenerateByteSize: slight readability improvements in generated code. (162a740) Introduce FieldDescriptor::cpp_string_type() API to replace direct ctype inspection which will be removed in the next breaking change (d0e49df) Update the comment of TextFormat::Printer::RegisterMessagePrinter that the method takes ownerhip of the printer pointer. (d911161) Prepare the code for migrating return types from const std::string& to (e13b8e9) Java Remove deprecation warnings for Timestamp and Duration add/subtract/between that we do not yet have alternatives to. (f606c13) [29.x] Add missing java load (#19016) (bb287be) Give Kotlin jars an OSGi Manifest (#18812) (0c51eba) Re-export includingDefaultValueFields in deprecated state for important Cloud customer. (7321b2f) Restore compatibility with 3.22 gencode by re-adding mutableCopy helpers (1b1e90b) Speed up CodedOutputStream by extracting rarely-executed string formatting code (f8f5136) Return constant Value objects for true, false, and "" (4fbb0c5) Optimise CodedOutputStream.ArrayEncoder.writeFixed32NoTag/writeFixed64NoTag (a51f98c) CodedOutputStream: avoid updating position to go beyond end of array. (76ab5f2) Convert IndexOutOfBoundsException to OutOfSpaceException in UnsafeDirectNioEncoder (0e75d92) Suppress ReturnValueIgnored errorprone issues (bbbc7b9) Fix packed reflection handling bug in edition 2023. (4c92328) Move cc_proto_library from Bazel repository (5254448) Protobuf Lite ArrayLists: Defer allocating backing array until we have some idea how much to allocate. (05a8a40) Allocate correct-sized array when parsing packed fixed-width primitives (4e8469c) Bugfix: Make extensions beyond n=16 immutable. (ee419f2) Reserve capacity in ProtobufArrayList when calling Builder.addAllRepeatedMessage(Collection) (e3cc31a) Avoid allocating iterators when calling Message.Builder.addAllFoo(RandomAccess List) (bd1887e) Remove the AnyMetadata class and use free functions instead. (https://github.com/protocolbuffers/protobuf/com...

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 31457b85124fd445f585268ef3add1a6a2e8602d Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:07 2025 +0100

postfix: Update to version 3.9.1

- Update from version 3.9.0 to 3.9.1 - Update of rootfile not required - Changelog 3.9.1 The mail_version configuration parameter did not have a three-number value (3.9 instead of 3.9.0; it still had the two-number version from the development releases postfix-3.9-yyyymmdd). This broke pathnames derived from the mail_version value, such as shlib_directory. Problem reported by Michael Orlitzky. Bugfix (defect introduced: Postfix 2.9, date 20111218): with "smtpd_sasl_auth_enable = no", the permit_sasl_authenticated feature ignored information that was received with the XCLIENT LOGIN command, so that the client was treated as unauthenticated. This was fixed by removing an unnecessary test. Problem reported by Antonin Verrier. Bugfix (defect introduced: postfix 3.0): the default master.cf syslog_name setting for the relay service did not preserve multi-instance information, which complicated logfile analysis. Found during a support discussion. Bugfix (defect introduced: Postfix 2.3, date 20051222): file descriptor leak after failure to connect to a Dovecot auth server. The impact is limited because Dovecot auth failures are rare, there are limits on the number of retries (one), on the number of errors per SMTP session (smtpd_hard_error_limit), on the number of sessions per SMTP server process (max_use), and on the number of file handles per process (managed with sysctl). Found during code maintenance. Bugfix (defect introduced: Postfix 3.4, date 20190121): the postsuper command failed with "open logfile '/path/to/file': Permission denied" when the maillog_file parameter specified a filename and Postfix was not running. This was fixed by opening the maillog_file before dropping root privileges. Found during code maintenance. Bugfix (defect introduced Postfix 3.0). No autodetection of UTF8 text when missing message headers were automatically added by Postfix (for example, a From: header with UTF8 full name information from the password file). This caused Postfix to send UTF8 in message headers without using the SMTPUTF8 protocol. Problem reported by Michael Tokarev.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7488c240679fed1872ea3ed0514901bce3aa164e Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:06 2025 +0100

frr: Update to version 10.2.1

- Update from version 10.1 to 10.2.1 - Update of rootfile not required - Changelog 10.2.1 Fixed CVE-2024-55553 More details: https://frrouting.org/security/cve-2024-55553 Bug Fixes bfdd retain remote dplane client socket bgpd Fix to pop items off zebra_announce FIFO for few EVPN triggers Check if as_type is not specified when peer is a peer-group member Do not reset peers on suppress-fib toggling Fix bgp core with a possible Intf delete Fix enforce-first-as per peer-group removal Fix evpn bestpath calculation when path is not established Fix graceful-restart for peer-groups Fix memory leak when creating BMP connection with a source interface Fix memory leak when reconfiguring a route distinguisher Fix unconfigure asdot neighbor Fix use single whitespace when displaying flowspec entries Fix version attribute is an int, not a string Import allowed routes with self AS if desired Initialize as_type for peer-group as AS_UNSPECIFIED Use gracefulRestart JSON field Validate both nexthop information (NEXTHOP and NLRI) Validate only affected RPKI prefixes instead of a full RIB When calling bgp_process, prevent infinite loop lib Allow setsockopt functions to return size set Fix session re-establishment Take ge/le into consideration when checking the prefix with the prefix-list Use backoff setsockopt option for freebsd ospfd OSPF multi-instance default origination fixes pimd Fix access-list memory leak in pimd Free igmp proxy joins on interface deletion igmp proxy joins should not be written as part of config Prevent crash of pim when auto-rp's socket is not initialized

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 77ccf4949b96f1326932d77496f64c76134428a8 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:04 2025 +0100

fetchmail: Update to version 6.5.2

- Update from version 6.4.39 to 6.5.2 - Update of rootfile not required - Changelog 6.5.2 ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS (There are no plans to remove features from a 6.5.X release, but they may be removed from a 6.6.0 or newer release.) * Support for operating systems that are not sufficiently POSIX compliant may be removed or operation on such systems may be suboptimal for future releases. * Future fetchmail releases may require compilers and operating systems that adhere to standards issued 2011 or later. (See README for requirements.) * Future fetchmail releases may tighten up security and lean towards it a bit more by, for instance, implementing recommendations from RFC-7817 or RFC-8314. This may, for instance, require that TLS v1.1 or newer be used. * The MX and host alias DNS lookups that fetchmail performs in multidrop mode are based on assumptions that are rarely met in practice, somewhat defective, deprecated and may be removed from a future fetchmail version. They have never supported IPv6 (including IPv6-mapped IPv4). Non-DNS based alias keywords such as "aka" will remain in fetchmail. * The monitor and interface options may be removed from a future fetchmail version as they are not reasonably portable across operating systems. * POP2 is obsolete, support will be removed from a future fetchmail version. * IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a future fetchmail version. * RPOP is obsolete, support will be removed from a future fetchmail release. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor is deprecated and may be removed from a future release. * The "envelope Received" option may be removed from a future release, because the Received header was never meant to be machine-readable, the format varies widely, and various other differences in behavior make parsing Received an unreliable undertaking. The envelope option as such will remain though, in order to support Delivered-To, X-Envelope-To, X-Original-To and similar. See also http://home.pages.de/~mandree/mail/multidrop. * The "protocol auto" default inside fetchmail may be removed from a future fetchmail release. Explicit configuration of the protocol is recommended. * Kerberos IV support may be removed from a future fetchmail release. * Kerberos 5 support may be removed from a future fetchmail release. (Although GSS-API support should remain as long as it's viable.) * The --principal option may be removed from a future fetchmail release. * SIGHUP wakeup support may be removed from a future fetchmail release and cause fetchmail to terminate - it was broken for many years. * The maintainer may migrate fetchmail to C++, and impose further requirements (dependencies), such as Boost or other class libraries. * The softbounce option default will change to "false" in the next release. * The --bsmtp - mode of operation may be removed in a future release. * Fetchmailconf is deprecated and will be removed from a future release. * Fetchmail does not guarantee compatibility with EOL OpenSSL versions. Support for end-of-life OpenSSL versions may be removed even from patchlevel releases. * Nonstandard or by today's standards insufficiently secure authentication schemes (such as OPIE, RPA) may be removed from future fetchmail versions. * Nonstandard protocol extensions (such as SDPS/*ENV) may be removed from future fetchmail versions. * --auth ssh may be removed from future fetchmail versions. Use --auth implicit. * Future fetchmail releases (even minor ones) may change undocumented parts of the .netrc parser in incompatible ways to enhance compatibility with typical ftp(1) .netrc parsers. KNOWN BUGS AND WORKAROUNDS * Fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * Fetchmail currently uses 31-bit signed integers in several places where unsigned and/or wider types should have been used. Please report issues with this. * BSMTP is mostly untested and errors can cause corrupt output. * Fetchmail does not track pending deletes across crashes. * The command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. * For IMAP connections, fetchmail will print "will idle after poll" in verbose mode even though --idle is not given, as an artifact of the 6.4.22 security fixes. Fetchmail means "could idle after poll", but this would have required another loop through the translators. * aka ... hostnames are not considered for upstream server X.509 certificate verification, aka was meant for alias detection with multidrop mailboxes. * When compiled against wolfSSL, note that it is not a feature-complete emulation of OpenSSL. Main functionality is given, but some minor details may not work the same as in OpenSSL builds. * When compiled against LibreSSL (due to licensing, this only works on OpenBSD where LibreSSL is part of the OS), note that LibreSSL is somewhat behind recent OpenSSL versions, so prefer OpenSSL to LibreSSL if you can. * FreeBSD's OPIE implementation cannot be found when using a C++ compiler. This should not affect the normal build, which uses a C compiler. * Using ccache may trigger "implicit fallthrough" warnings because the comments that, for instance, GCC understands, are removed by ccache's separate preprocessing. Fixing this portably requires C++17. * Fetchmail's RFC-2047 encoder (used for localized Subject: lines of locally- originated e-mail messages) is simplistic and violates the RFC-2047 requirement that multibyte characters must not be split across encoded-words. TRANSLATIONS: fetchmail's translations were updated, courtesy of: * cs: Petr Pisar [Czech] * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] CHANGES: * Minor documentation consistency fixes (versions, dates). 6.5.1 BUG AND PORTABILITY FIXES: * Drop two wolfSSL compile-time checks that were for older 6.4 or for future 7.0 releases and broke compilation with wolfSSL 5.7.4. Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4 * Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message (FreeBSD defines %#p to be %p, on many other platforms it's undefined behavior). * Add regex_helper.c to list of files that contain translatable strings, which contains two strings we missed to translate. CHANGES: * Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1") for version switch and base it on the claimed OpenSSL version of the crypto SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike. TRANSLATIONS: fetchmail's messages were translated by these fine people: * sq: Besnik Bleta [Albanian] * es: Cristian Othón Martínez Vera [Spanish] * ro: Remus-Gabriel Chelu [Romanian] * fr: Frédéric Marchal [French] * pl: Jakub Bogusz [Polish] * sv: Göran Uddeborg [Swedish] * ja: Takeshi Hamasaki [Japanese] * eo: Keith Bowes [Esperanto] 6.5.0 SECURITY FIX: * .netrc now may not have more than 0700 permission if it contains passwords, else fetchmail will warn and ignore the file. REMOVED FEATURES * fetchmail no longer supports using an MDA as SMTP fallback. This is required to make deliveries consistent. The --enable-fallback configure option is gone. * fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have been removed and behave as though "--sslproto auto" had been given. INCOMPATIBLE CHANGES * fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525) * fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option. * fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option. * fetchmailconf now requires Python 3.7.0 or newer. * fetchmail, with --logfile, now logs time stamps into the file, in localtime and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through the environment variables LC_TIME (or LC_ALL) and TZ. Contributed by Holger Hoffstätte. * fetchmail sets the OPENSSL security level to 2 by default. Override is possible from an environment variable, see EXPERIMENTAL CHANGES below. * The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled, they are too far behind. CHANGED REQUIREMENTS * fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with XSI extension) compliant system. In particular, older fetchmail versions had workarounds or replacement code for several functions standardized in the Single Unix Specification v3, these have been removed. Hence: - The trio/ library has been removed from the distribution. - The libesmtp/getaddrinfo.? library has been removed from the distribution. - The KAME/getnameinfo.c file has been removed from the distribution. * fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL, at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2. TRANSLATIONS: fetchmail's messages were translated by these fine people: * cs: Petr Pisar [Czech] * eo: Keith Bowes [Esperanto] * es: Cristian Othón Martínez Vera [Spanish] * fr: Frédéric Marchal [French] * ja: Takeshi Hamasaki [Japanese] * ro: Remus-Gabriel Chelu [Romanian] * sv: Göran Uddeborg [Swedish] * sq: Besnik Bleta [Albanian] * pl: Jakub Bogusz [Polish] BUG FIXES * fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB). This required C99 support (for the long long type). Fixes Debian Bug#873668, reported by Andreas Schmidt. * fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the 3.0.0 APIs from OpenSSL. * The .netrc parser no longer permits "machine" after "default". * Add manpage info on the .netrc syntax, as ftp(1) is not standardized and may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes. * Received: lines now return GMT time if the tzoffset cannot be represented as whole minutes. Reported by @rriddicc via Gitlab #49. * If fetchmail was running localized, generated an error e-mail message locally, and if the selected translation would require the Subject: line to wrap inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word was not indented, thus not marked as a continuation line. * SSL error handling was improved, fetchmail now consistently clears the thread/SSL error queue before SSL I/O operations and checks SSL_get_error afterwards. The SSL_connect() error handling has been revised to log more consistently. CHANGES * When fetchmail attempts to log out from an IMAP4 server and the server messes up its responses (it is supposed to send an untagged * BYE and a tagged A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than reporting a protocol error. We don't intend to chat any more so the protocol violation is harmless, and we know the server cannot send more untagged status responses. Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20. * The configure script now spends more effort for getting --with-ssl right, by running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS macro to obtain run-time library path setting flags. * For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option do not match, emit a warning and continue. Closes Gitlab #31. * There is now a --idletimeout feature contributed by Eric Durand, to permit setting a shorter timeout for the --idle option, because many servers violate the protocol (requiring 30 minutes) and hang up sooner than the 28 minutes fetchmail waits before refreshing IDLE. GitLab merge request !35. * There is now a --forceidle feature to force idle mode even if not advertised in the server capabilities. This is a dangerous option, use it carefully. Courtesy of Eric Durand, GitLab merge request !39. * There is now a --moveto feature (only feasible in IMAP) that, instead of flushing mail, moves it to a user-specified folder. This is to assist with archiving, or when providers (G...) break the IMAP model. Courteously provided by Damjan Jovanovic. * rcfile parsing errors are now reported in more detail, and with -vv mode, also lead to a non-importable Python dump of what was obtained, for debugging. * fetchmail's --auth option ssh was renamed to implicit, to make clear that it does *NOT* imply any particular type or features of the --plugin. --auth ssh will be understood for a while for compatibility but fetchmail will report it as implicit. * fetchmail no longer warns about port/service mismatches with/without ssl option when a "plugin" is in use because fetchmail cannot know whether the plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604. * fetchmail re-executes itself if the .netrc file's modification change is found to be newer at the beginning of a new run. * fetchmail can now use other digest algorithms than MD5 for the --sslfingerprint option. To use, specify the algorithm's name in curly braces as prefix in the finger print, say, --sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the algorithm for printing. All algorithms supported by the TLS/SSL library can be specified. Fixes Gitlab issue #19, Debian Bug#700266. EXPERIMENTAL CHANGES - these are not documented anywhere else, only here: * fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that can be used to override the OpenSSL security level. Fetchmail by default raises the security level to 2 if lower. This variable can be used to lower it. Use with extreme caution. Note that levels 3 or higher will frequently cause incompabilities with servers because server-side data sizes are often too low. Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0. * fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that sets the cipher string (through two different OpenSSL functions) for SSL and TLS versions up to TLSv1.2. If setting the ciphers fails, fetchmail will not connect. If not given, defaults to Postfix's "medium" list, "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH". * fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable that sets the ciphersuites (a colon-separated list, without + ! -) for TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the ciphersuites fails, fetchmail refuses to connect. * NOTE the features above are simplistic. For instance, even though you configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause a connection abort. * fetchmail can be built with meson 1.30 or newer https://mesonbuild.com/. fetchmail is not currently written in a way that supports unity (amalgamated) builds.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 46da743318cb03d76992541b6571e1a0af7fdfac Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:03 2025 +0100

dnsdist: Update to version 1.9.8

- Update from version 1.9.7 to 1.9.8 - Update of rootfile not required - Changelog 1.9.8 Improvements Add the ability to load a given TLS tickets key References: pull request 14877 Custom metrics: better error messages, small doc improvements References: pull request 14978 Add elapsed time to dq object (@phonedph1) References: pull request 14887 Bug Fixes setTicketsKeyAddedHook: pass a std::string to the hook to avoid luawrapper to truncate content at potential null chars References: pull request 14878 Fix ECS zero-scope caching with incoming DoH queries References: #14959, pull request 14977 Allow resetting setWeightedBalancingFactor() to zero References: pull request 14929

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 3caaf256c7c2652fa579ae5338a60429b1b58558 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:25:01 2025 +0100

core192: ship dma

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d53adf3d1d434b139fde81a26be2d308e2c40a60 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:02 2025 +0100

dma: Update to version 0.14

- Update from version 0.13 to 0.14 - Update of rootfile not required - Changelog 0.14 https://github.com/corecode/dma/commits/v0.14/

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 44b8e06f7814129c4c4cbc2800e5282042593333 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:40:32 2025 +0100

make.sh: Move python3-tomli to before qemu as it is now needed for the build

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 672af0ab2c6d3af01b879cfad0577c69f752d724 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:40:31 2025 +0100

qemu-ga: Update to version 9.2.0

- Update from version 9.0.2 to 9.2.0 - Update of rootfile not required - Changelog same as in the commit for qemu to 9.2.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ade79737a329213e7872a035a30a705f7a9e31f2 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:40:30 2025 +0100

qemu: Update to version 9.2.0

- Update from version 9.0.2 to 9.2.0 - Update of rootfile - Changelog 9.2.0 https://wiki.qemu.org/ChangeLog/9.2 9.1.0 https://wiki.qemu.org/ChangeLog/9.1

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 38c13c04fcd4b7a5e2d08ffeb1b85a77b5461bec Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:40:07 2025 +0100

asciidoctor: Update of rootfile to take account of ruby update to 3.4.0 branch

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4234436fc76d48706b7c7f336e7ddb1503d56737 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:40:06 2025 +0100

ruby: Update to version 3.4.1

- Update from version 3.3.6 to 3.4.1 - Update of rootfile - Changelog 3.4.0 changes compared to 3.3.0 See file NEWS.md in source tarball

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d226ab59914488fe9660542b6797711c9625779d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:14:27 2025 +0100

core192: ship backup exclude

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 83df9ec1753af193da7d72f795af2894d528c031 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 13:24:42 2025 +0100

backup-exclude: Add suricata ruleset-sources to backup exclude file

- This will ensure that an old version will no longer be restored back onto a users system. - The suricata ruleset-sources file should also be shipped in the CU that this will be applied to make sure that all usders have the correct version installed, in case they have done a restore from an old backup after doing a fresh install. - Tested on my vm testbed system and after making the change, the ruleset-sources file is no longer added to the backup set but also it is excluded from the restore if it is included in an old backup.

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7d42fc3576cbb130193361b4e68015398998b2c8 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:33 2025 +0100

tshark: Update to version 4.4.3

- Update from version 4.4.2 to 4.4.3 - Update of rootfile - Changelog 4.4.3 Bug Fixes Potential mis-match in GSM MAP dissector for uncertainty radius and its filter key. Issue 20247. Macro eNodeB ID and Extended Macro eNodeB ID not decoded by User Location Information. Issue 20276. The NFSv2 Dissector appears to be swapping Character Special File and Directory in mode decoding. Issue 20290. CMake discovers Strawberry Perl’s zlib DLL when it shouldn’t. Issue 20304. VOIP Calls call flow displaying hours. Issue 20311. Fuzz job issue: fuzz-2024-12-26-7898.pcap. Issue 20313. sFlow: Incorrect length passed to header sample dissector. Issue 20320. wsutil: Should link against -lm due to missing fabs() when built with -fno-builtin. Issue 20326. Updated Protocol Support ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF, ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2, ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES, NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC, RPC, RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL New and Updated Capture File Support CLLog EMS ERF

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4657aed760f81c0c0faf7be5873238f98ef6ccff Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:32 2025 +0100

samba: Update to version 4.21.3

- Update from version 4.21.2 to 4.21.3 - Update of rootfile not required - Changelog 4.21.3 * BUG 15701: More possible replication loops against Azure AD. * BUG 15697: Compound rename from Mac clients can fail with NT_STATUS_INTERNAL_ERROR if the file has a lease. * BUG 15724: vfs crossrename seems not work correctly. * BUG 6750: After 'machine password timeout' /etc/krb5.keytab is not updated. * BUG 15771: Memory leak wbcCtxLookupSid. * BUG 15765: Fix heap-user-after-free with association groups. * BUG 15758: Segfault in vfs_btrfs. * BUG 15755: Avoid event failure race when disabling an event script. * BUG 15724: vfs crossrename seems not work correctly.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 86f25118f96caf6e58433276acaa89fd27798aff Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:11:56 2025 +0100

core192: ship nettle

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c1dd437f246f23d683478ef582c93d8a3f8159a0 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:31 2025 +0100

nettle: Update to version 3.10.1

- Update from version 3.10 to 3.10.1 - Update of rootfile - Changelog 3.10.1 This is a maintenance release, with only a few bugfixes and portability improvements. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.10 and libhogweed.so.6.10, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix buffer overread in the new sha256 assembly for powerpc64, as well as a stack alignment issue. * Added missing nettle_mac structs for hmac-gosthash. * Fix configure test for valgrind, to not attempt to run valgrind on executables built using memory sanitizers. Optimizations: * Improved runtime detection of cpu features for OpenBSD and FreeBSD, using elf_aux_info when available. This also adds runtime detection for FreeBSD on arm64. Contributed by Brad Smith.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b9671e1644b45a9353b81a3c7ca47d8b5ff04f5a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:11:05 2025 +0100

core192: ship nano

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d6b378f3f0a86d78c5ef18d7a2243c8a57dd2a7b Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:30 2025 +0100

nano: Update to version 8.3

- Update from version 8.2 to 8.3 - Update of rootfile not required - Changelog 8.3 • A build failure with gcc-15 is fixed. • Several translations were updated.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1e3176c9074a480fd6bfe25aff5f9f4e1ab017f2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:10:03 2025 +0100

core192: ship mdadm

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 47fa1360ac84a1f4563d9ffc258017b2fb66c07d Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:29 2025 +0100

mdadm: Update to version 4.4

- Update from version 4.3 to 4.4 - Update of rootfile not required - mdadm has been formally moved to github. - Changelog 4.4 Features: - Remobe custom bitmap file support from Yu Kuai. - Custom device policies implementation from Mariusz Tkaczyk. - Self encrypted drives (**SED**) support for IMSM metadata from Blazej Kucman. - Support more than 4 disks for **IMSM** RAID10 from Mateusz Kusiak. - Read **IMSM** license information from ACPI tables from Blazej Kucman. - Support devnode in **--Incremental --remove** from Mariusz Tkaczyk. - Printing **IMSM** license type in **--detail-platform** from Blazej Kucman. - README.md from Mariusz Tkaczyk and Anna Sztukowska. Fixes: - Tests improvements from Xiao Ni and Kinga Stefaniuk. - Mdmon's Checkpointing improvements from Mateusz Kusiak. - Pass mdadm environment flags to systemd-env to enable tests from Mateusz Kusiak. - Superblock 1.0 uuid printing fixes from Mariusz Tkaczyk. - Find VMD bus manually if link is not available from Mariusz Tkaczyk. - Unconditional devices count printing in --detail from Anna Sztukowska. - Improve SIGTERM handling during reshape, from Mateusz Kusiak. - **Monitor.c** renamed to **Mdmonitor.c** from Kinga Stefaniuk. - Mdmonitor service documentation update from Mariusz Tkaczyk. - Rework around writing to sysfs files from Mariusz Tkaczyk. - Drop of HOT_REMOVE_DISK ioctl in Manage in favour of sysfs from Mariusz Tkaczyk. - Delegate disk removal to managemon from Mariusz Tkaczyk. - Some clean-ups of legacy code and functionalities like **--auto=md** from Mariusz Tkaczyk. - Manual clean-up, references to old kernels removed from Mariusz Tkaczyk. - Various static code analysis fixes. In this release we created github repository and allowed participation through Github. It allowed us to use Github actions adn create CI. Currently, we have: - Compilation tests with various gcc. - **mdadm** tests. - Checkpatch test.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 3bdf61a453f8c6980309b70d890d8da59b6c0da1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:08:59 2025 +0100

core192: ship libpng

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8610ff4b77fe3c66ef3858fb2ea04e503edf9d5a Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:27 2025 +0100

libpng: Update to version 1.6.45

- Update from version 1.6.44 to 1.6.45 - Update of rootfile - Changelog 1.6.45 Added support for the cICP chunk. (Contributed by Lucas Chollet and John Bowler) Adjusted and improved various checks in colorspace calculations. (Contributed by John Bowler) Rearranged the write order of colorspace chunks for better conformance with the PNG v3 draft specification. (Contributed by John Bowler) Raised the minimum required CMake version from 3.6 to 3.14. Forked off a development branch for libpng version 1.8.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2688b78f179448017ff15af77e72c695a1fc91ac Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:07:57 2025 +0100

core192: ship hwdata

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b30e089176b87df03800b8cbf909d23394c01d57 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:26 2025 +0100

hwdata: Update to version 0.391

- Update from version 0.389 to 0.391 - Update of rootfile not required - Changelog 0.391 Update usb and vendor ids 0.390 Update pci and vendor ids

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d35a0fc715c2cbf1abf90955be105819ed2a731c Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:25 2025 +0100

fping: Update to version 5.3

- Update from version 5.2 to 5.3 - Update of rootfile not required - Changelog 5.3 New features - New option --icmp-timestamp to send ICMP timestamp requests (ICMP type 13) instead of ICMP Echo requests (#353 #363, thanks @auerswal and @gsnw-sebast) - New option --print-ttl to print returned TTL value (#354, thanks @nalves599) - New option --print-tos to print returned TOS value (#335 #346 #347, thanks @auerswal and @gsnw-sebast) - New option --check-source (#334, thanks @auerswal) - Predefined various timestamp formats (#321, thanks @auerswal and @gsnw-sebast) - Print cumulative stats with -Q SECS,cumulative (#315, thanks @auerswal) Bugfixes and other changes - ci: Upgrade actions/upload-artifact to v4 (#360, thanks @gsnw-sebast) - ci: Azure Pipeline only trigger when changes are made in the development branch (#359, thanks @gsnw-sebast) - ci: Upgrade actions/upload-artifact to v3 (#355, thanks @pevik) - ci: Azure Pipeline YAML add docker build (#354, thanks @gsnw-sebast) - Dockerfile: change distribution from ubuntu to debian (#350, thanks @gsnw-sebast) - Fix warning unused parameter 'reply_timestamp' under macOS (#348, thanks @gsnw-sebast) - Fix increase maximum -s value to 65507 (#344, thanks @pevik) - ci: use File::Temp to create temporary directory (#343, thanks @auerswal) - Fix -k, --fwmark with setuid fping executable (#342, thanks @auerswal) - Another batch of additional tests (take 2) (#341, thanks @auerswal) - Document that -a and -u are overridden by -c and -C (#338, thanks @auerswal) - Fix macOS build warning sets SEQMAP_TIMEOUT_IN_NSSEQMAP_TIMEOUT_IN_NS as INT64_C (#336, thanks @gsnw-sebast) - Fix inconsistent limits for address generation via -g, --generator using either range or CIDR (#331, thanks @auerswal) - Some additional tests (#329, thanks @auerswal) - ci: skip an unreliable test on macOS (#328, thanks @auerswal) - Fix incorrect return-value check for a scanf like function (CWE-253) (#323, thanks @gsnw-sebast) - A few more tests to increase code coverage a little bit (#320, thanks @auerswal) - Github fix: Change to codeql-action-v2 (#319, thanks @gsnw-sebast) - Developer function: Debug with Visual Studio Code (#318, thanks @gsnw-sebast)

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c2e664ed119ecd6bcbebac110f2a55ff4d7aa39d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 14:06:25 2025 +0100

core192: ship e2fsprogs

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 630b37c57c4a671c5be9ab1bcfc6aa4980723035 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Jan 11 15:43:24 2025 +0100

e2fsprogs: Update to version 1.47.2

- Update from version 1.47.1 to 1.47.2 - Update of rootfile not required - Changelog 1.47.2 UI and Features Drop the tune2fs -r option and replace it with -E revision=<fs-rev>. Revision 0 file systems are needed for compatibility with pre-1995 Linux kernels (older that version 1.2). Most of the time, users shouldn't be using the -r option and they can confuse themselves and end up creating a file system that is missing most modern ext4 features, including no online resizing, no support for post-2038 timestamps, etc. (Addresses Debian Bug #1086603) Add support for gnu.translator extended attributes in tar files fed to mke2fs -d. (Addresses Github issue https://github.com/tytso/e2fsprogs/issues/192) Add a debugfs command to list all of the inodes in the orphan list. Fixes Fix orphan_file support on big endian systems. Fix resize2fs to update the checksums in blocks belonging to the orphan file if it needs to move them. Fix e2fsck to clear the orphan file after processing it so that e2fsck -E journal_only doesn't leave the file system in a corrupted state. Avoid a spurious failure in badblocks when -n or -w is specified twice. (Addresses Debian Bug #1087341) Fix a bug where e2fsck could skip checking a file systems with the orphan_file feature if there are orphaned files that need to be cleaned up. (Addresses Red Hat Bugzilla 2318710, SuSE Bugzilla #1226043) Tune2fs will now upgrade a revision 0 file system to revision 1 before trying to change the inode size. Otherwise, this could result in a corrupted file system. Fix fuse2fs --helpfull so that it displays the full help message. Allow resize2fs to perform an offline resize past the 256 TiB boundary (which the kernel could do as part of an online resize). Performance, Internal Implementation, Development Support etc. Fix various Coverity and compiler warnings. Speed up tune2fs -g when the group is not changed by the command. Fix build failures on GCC 15 due to it switched to using -std=c23 by default. (Addresses https://github.com/tytso/e2fsprogs/issues/202) Fix build failure when linking fuse2fs with old (2.9.9) version of libfuse2 on aarch64. This hack was needed to fix a regression caused by another hacky workaround needed to work around a build failure on mipsel64 thanks to glibc using different struct stat layouts depending _FILE_OFFSET_BITS is set and this caused failures when dynamic linking against libarchive on Debian's mipsel64. (Sigh.) Fix unused parameter warnings for packages which including ext2fs.h. (Addresses Debian Bug #1082500) Fix bug where packages including ext2fs.h would get the 32-bit versions of the timestamp routines even on 64-bit platforms due to a missing SIZEOF_TIME_T autoconf definiton in public_config.h. Teach dumpe2fs and e2mmpstatus to support LABEL= and UUID= specifiers since the e2mmpstatus man page claims that it supports LABEL= and UUID=. This support was accidentally dropped when e2mmpstatus was reimplemented in terms of dumpe2fs. (Addresses https://github.com/tytso/e2fsprogs/issues/106) Suppress mke2fs's "Creating regular file" message when the -q option is in force. Enable Continuous Integration testing in Debian's Salsa forge. Fix a memory leak in oss-fuzz test programs. Provide fuseext2 to replace the debian package src:fuse-umfuse-ext2. (Addresses Debian Bug #1085590, #1088838) In the Debian package for e2fsprogs, add a suggestion to install the package libarchive13t64. (Addresses DebianBug #1089085) In the Debian package for e2fsprogs, decrease the priority from required to important. (Addresses Debian Bug #897277) Fix the f_badjour_encrypted test to write the error output from mke2fs and debugfs to a log file so it doesn't mess up the "make check" output and to make those error messages available in the case of test failure. Fix my_llseek() declaration when building against musl libc. Clean up groff warnings in man pages. (Addresses Debian Bugs #1086892, #1082787, #1072866, #1087898) Document the orphan_file feature in the ext4(5) and tune2fs(8) man pages. (Addresses Debian Bug #1073062) Allow building e2fsprogs without libarchive-dev installed to make life easier for bootstrapping for new Debian ports (Addresses Debian Bug #1078693) Various man page cleanups. Update Chinese, Czech, French, Malay, Polish, Romainian, Spanish, Swedish, and Ukrainian translations.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 5e84cecc11037d3a8e728c1de084c57ebb68b7de Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:59:52 2025 +0100

core192: ship captive portal changes

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9b3462a2ca55192b6330f9df839247859eec1e69 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 9 20:04:38 2025 +0100

language files: Updated de, en, es, fr & tr language files

- Changed the phrase in the code from Captive wrong ext to Captive wrong type as it is now the type and not the extension that is being checked.

Fixes: Bug13795 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d705f5e58801d6116e09af9dfaec8d6ed58827b3 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 9 20:04:37 2025 +0100

perl-File-LibMagic: New package implemented for content type extraction of a file

- It was placed in make.sh after perl-Config-AutoConf as that package is at least one build dependency.

Fixes: Bug13795 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 01de28ec05cde5d945500ef6bd5ce25c3586f686 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 9 20:04:36 2025 +0100

captive.cgi: Update code to check for the image content type not just the extension

- The File-LibMagic used to do this content type check. As this requires the actual file and path name to access, the CGI::upload command had to be brought to before the content type check and download the file to /tmp/. Then the content type can be identified. If it is either image/png or image/jpeg then the logo.tmp file is moved to replace the existing logo.dat. If the uploaded logo is not a png or jpeg image content then the logo.tmp file in /tmp/ is deleted by unlinking it. - I also added the actual content type to the error message if it is not a png or jpeg. - Tested the code out on my vm testbed and it worked fine. Only png or jpeg content type is accepted It makes no difference what the extension on the file is. When not the correct content type the old logo.dat is left alone and not changed and the new logo stored in /tmp/ is removed. If the content type is correct then the new logo file in /tmp/ is moved to replace the existing logo.data file. - When the wrong type of content was in the file, for example html code, then the error message is shown saying that the content type is not correct and showing the actual content type, in this case text/html.

Fixes: Bug13795 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 36391d1d0d2dfb69077e2d860d2af3c975cf86f6 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 9 20:04:35 2025 +0100

logo.cgi: Fix for bug13795 - captive portal not displaying uploaded logo

- This v2 version now includes the use of File-LibMagic to identify the specific content type and apply that to the modified header command so that image/png or image/jp[eg are used depending on the type of image provided. - Something changed in some package in CU188 that means that the existing method of printing the content type to the browser no longer worked. - I tested it in some stand alone code and even if using text/txt for the content-type print statement the File::Copy::copy then resulted in an Internal Server Error with the same message as with the image file which was "malformed header from script 'logo.cgi': Bad header:". - I tested it with text, html, image and application. In all cases the error message about a bad header was provided. - Did some searching and found an alternative way to explicitly print the header info which is what I have used in this patch change. - With this approach, in the stand alone code, I was able to get an image, html code or text shown in the browser correctly and without any error message. - I then used this new method in the logo.cgi code as submitted here and tested the change in my vm testbed and the image was shown in the captive portal correctly. - So this change fixes the problem with the logo not being shown but I have been unable to identify what changed to stop the method that worked prior to CU188 from working any more.

Fixes: Bug13795 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 55b13b3b94713ab800bf28d919cd2b2b036f3f31 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:54:04 2025 +0100

core192: ship unbound root.hints

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit dda60a8af902f383eb291b3cbe09f8d7f0150698 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 6 10:52:08 2025 +0100

root.hints: Update to version Dec 18, 2024

- Update from version Jul 3, 2019 to Dec 18, 2024 - Not sure if there have been other version in between or not as no history is stored anywhere on this. - No changelog for any changes to the root.hints file but the diff in the file shows that just one change has been done to the B.ROOT-SERVERS.NET. entry with a change in IP.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org Tested-by: Bernhard Bitsch bbitsch@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 637b614f1c73d004a5eca20696958a4aa85c0c2a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:51:54 2025 +0100

core192: ship ppp

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit e8dc56382628fab7d970a6e799269aa73e4ec2ae Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jan 3 15:21:22 2025 +0100

ppp: Update to version 2.5.2

- Update from version 2.5.1 to 2.5.2 - Update of rootfile - Changelog 2.5.2 Some old and probably unused code has been removed, notably the pppgetpass program and the passprompt plugin, and some of the files in the sample and scripts directories. If a remote number has been set, it is available to scripts in the REMOTENUMBER environment variable. The Solaris port has been updated, including updated installation instructions in README.sol2. Various other bug fixes and minor enhancements.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c3a156c047d34770da7e8f1c67c5301204cf1b44 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:47:16 2025 +0100

core192: ship liburcu

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 33bbc4aee45173cf17f22a11bee3ccbe30f0daaf Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jan 3 15:21:21 2025 +0100

liburcu: Update to version 0.15.0

- Update from version 0.14.1 to 0.15.0 - Update of rootfile - Changelog 0.15.0 * Fix compilation errors * Document cmm_cast_volatile * Honor URCU_DEREFERENCE_USE_VOLATILE * arm: Use atomic builtins for xchg if supported * Introduce _CMM_TOOLCHAIN_SUPPORT_C11_MM * Seperate uatomic and uatomic_mo * uatomic: Fix header guard comment * Fix: missing typename in URCU_FORCE_CAST * Allow building with GCC >= 13.3 on RISC-V * pointer.h: Fix the rcu_cmpxchg_pointer documentation * rculfhash: make cds_lfht_iter_get_node argument const * lfstack: make cds_lfs_empty argument const * wfcqueue: make cds_wfcq_empty arguments const * wfstack: make cds_wfs_empty argument const * cds_list: make cds_list_replace @old argument const * cds_list: make cds_list_empty const * Adjust shell script to allow Bash in other locations * futex.h: Indent preprocessor directives * futex.h: Use urcu_posix_assert to validate unused values * Use futex on OpenBSD * fix: handle EINTR correctly in get_cpu_mask_from_sysfs * Relicense src/compat-smp.h to MIT * uatomic/x86: Remove redundant memory barriers * cleanup: move rand_r compat code to tests * ppc: Document cache line size choice * Fix: change order of _cds_lfht_new_with_alloc parameters * Add support for custom memory allocators for rculfhash * ppc.h: use mftb on ppc * rcutorture: Check histogram of ages * docs: Add links to project resources * Fix: allow clang to build liburcu on RISC-V * Fix -Walloc-size * cleanup: use an enum for the error states of nr_cpus_mask * fix: add missing SPDX licensing tags * urcu/uatomic/riscv: Mark RISC-V as broken * Fix: urcu-bp: misaligned reader accesses * rculfhash: Only pass integral types to atomic builtins * LoongArch: Document that byte and short atomics are implemented with LL/SC * Add LoongArch support * Tests: Add test for byte/short atomics on addresses which are not word-aligned * Complete removal of urcu-signal flavor * doc/examples: Remove urcu-signal example * tests/common: Remove urcu-signal common test files * tests/benchmark: Remove urcu-signal benchmark tests * tests/regression: Remove urcu-signal regression tests * tests/unit: Remove urcu-signal unit tests * Fix: Add missing cmm_smp_mb() in deprecated urcu-signal * urcu/uatomic.h: Improve verbosity of static assert error messages * urcu/compiler: Add urcu_static_assert * Phase 1 of deprecating liburcu-signal * uatomic/generic: Fix redundant declaration warning * tests: Add tests for checking race conditions * Add cmm_emit_legacy_smp_mb() * urcu/annotate: Add CMM annotation * tests/unit/test_build: Quiet unused return value * benchmark: Use uatomic for accessing global states * tests: Use uatomic for accessing global states * urcu-wait: Fix wait state load/store * Add CMM memory model * urcu/arch/generic: Use atomic builtins if configured * urcu/compiler: Use atomic builtins if configured * configure: Add --enable-compiler-atomic-builtins option * Fix: tests/rcutorture: Put thread offline on busy-wait * tests/regression/rcutorture: Use urcu-wait * tests/rcutorture: Factor out thread registration * tests/regression/rcutorture: Add wait state * urcu-wait: Initialize node in URCU_WAIT_NODE_INIT * Complete REUSE support * extras/abi: license data files under CC-1.0 * examples: use SPDX identifiers * tests: use SPDX identifiers * src: use SPDX identifiers * Public headers: use SPDX identifiers * Build system: use SPDX identifiers * Fix: urcu-wait: add missing futex.h include * doc: update GCC baseline to 4.8 * doc: update FreeBSD tested version * doc: Remove Solaris from tested platforms * Revert "compiler.h: Introduce caa_unqual_scalar_typeof" * rculfhash: Use caa_container_of_check_null in cds_lfht_entry * compiler.h: Introduce caa_container_of_check_null * compiler.h: Introduce caa_unqual_scalar_typeof * Avoid calling caa_container_of on NULL pointer in cds_lfht macros * Fix: revise urcu_read_lock_update() comment * Fix: uatomic powerpc comment about lwsync * fix: aarch64: allow RHEL7 gcc 4.8.5-11 * aarch64: Implement caa_cpu_relax as yield instruction * fix: warning 'noreturn' function does return on ppc * Fix: use __noreturn__ for C11-compatibility * Adjust shell scripts to allow Bash in other locations * Add support for OpenBSD * Bump version to 0.15.0-pre

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 06683f9630e7ab5dc33fc65b6d63ef3317f4804b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:45:53 2025 +0100

core192: ship kbd

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 00124b6d9faa53e278f03c6d0504a7d0cae25330 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jan 3 15:21:20 2025 +0100

kbd: Update to version 2.7.1

- Update from version 2.6.4 to 2.7.1 - Update of rootfile - Changelog 2.7.1 setfont: Fixed regression in argument parsing. Allow arguments and options to be mixed. dumpkeys: Fixed dumpkeys on pc and non-pc architectures. The value of keycode 0 has a special meaning, but on some architectures (like powerpc) keyboards may generate keycode zero. 2.7.0 libkeymap: Add API to get/set keymap keywords. Export functions to convert the value to kernel code. Fix double kbdfile open. Dump action codes for keycode 0. libkfont: Fix buffer allocation for doubled font. Check console mode. keymaps: Add hcesar layout, for portuguese speaking countries. Update Colemak-DH keymaps with upstream changes. sv-latin1.map: make Ctrl+AltGr+9 act as Ctrl+]. fonts: Remove non-free Agafari fonts. build-sys: Use autoconf 2.72. Do not substitute variables from configure. Makefiles cleanup. Fix build warning. other: Add configure option to control keymaps compression. Update man pages. Remove deprecated startup scripts. Remove outdated docs. Update translations (from translationproject.org)

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b7420d15630e62a20e43ad385c92133b82e5f673 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jan 3 15:21:19 2025 +0100

dbus: Update to version 1.16.0

- Update from version 1.14.10 to 1.16.0 - Update of rootfile - Autotools has been removed from dbus so build converted to meson - Changelog 1.16.0 Build system and dependencies: • The Meson build system is the recommended way to build dbus on Unix. This requires Meson 0.56 and Python 3.5. · Projects that depend on libdbus can build it as a Meson subproject. See tests/use-as-subproject/meson.build for suggested build options. • CMake continues to be available as an alternative build system, and is recommended on Windows. This requires CMake 3.10. • A C99 compiler such as gcc, clang, or Visual Studio 2015 is required. A C11 compiler such as gcc, clang, or Visual Studio 2019 is recommended. • On platforms with larger-than-64-bit pointers, a C11 compiler is required Behaviour changes: • On Unix, the well-known system bus socket is in the runtime state directory by default (normally /run) (see 1.15.4 for more details) • On Linux with systemd, dbus-daemon starts as the target user/group (retaining CAP_AUDIT_WRITE) instead of starting as root and dropping privileges Feature removals: • Autotools build system • pam_console/pam_foreground integration (Autotools --with-console-auth, CMake -DDBUS_CONSOLE_AUTH_DIR) New features and significant bug fixes: • ProcessFD in GetConnectionCredentials() on Linux (see 1.15.8 for more details) • On Unix, the system message bus now loads .service files from /etc and /run • Use close_range() to close unwanted file descriptors or mark them close-on-exec, if available • Use 64-bit timestamps internally on 32-bit platforms, for Y2038 safety • Use APIs that can return 64-bit timestamps and inode numbers on 32-bit glibc • AF_UNIX sockets are available on sufficiently recent Windows • dbus-send can send arrays of variants, variant values in dictionaries, and nested variants • Portability to CPU architectures with larger-than-64-bit pointers Dependencies: • Building with CMake now requires CMake ≥ 3.10. Bug fixes: • Avoid deprecation warnings with newer Meson versions (dbus!507, Simon McVittie) • Avoid deprecation warnings with newer CMake versions (dbus#541, Ralf Habacker) Tests and CI enhancements: • When building with CMake, set the same environment variables as Meson. This improves test coverage. (dbus#533, Ralf Habacker) • Remove a remaining reference to Debian 11, which is EOL (dbus!508, Simon McVittie) 1.15.92 Build-time configuration changes: • When building with Meson, the embedded_tests option has been renamed to intrusive_tests. This option adds test instrumentation in libdbus and dbus-daemon, which reduces performance and is not secure. For production builds of dbus in OS distributions, it must be false (-Dintrusive_tests=false, which is the default) During development, it should be set true (-Dintrusive_tests=true) for full test coverage. (dbus#537, Simon McVittie) • Similarly, when building with CMake, the DBUS_BUILD_TESTS option no longer enables intrusive test instrumentation. A new option -DDBUS_ENABLE_INTRUSIVE_TESTS=ON is equivalent to the Meson build system's -Dintrusive_tests=true. Bug fixes: • If a DBusWatch callback fails because there is insufficient memory, make sure to retry it within a finite time (dbus#536, Petr Malat) • On macOS with launchd enabled, if the session bus launchd integration is not correctly configured, don't treat that as a fatal error that prevents connecting to the system bus (dbus#510, Mohamed Akram) • If intrusive test instrumentation is enabled, older versions of dbus would simulate an out-of-memory condition once per 2**32 allocations, even if not specifically requested. This is no longer done. (dbus#535, Simon McVittie) • Fix compilation on non-Linux platforms with glibc, such as Debian GNU/Hurd (dbus#539, Simon McVittie) • Avoid test failures with non-trivial NSS modules, similar to dbus#256 (dbus#540, Simon McVittie) • When built with CMake, make paths in DBus1Config relocatable (dbus!499, Ralf Habacker) 1.15.90 Build-time configuration changes: • The experimental Containers1 interface has been removed from this branch. It is incomplete and not ready for production use, and has been compile-time-disabled and impossible to enable without patching since 1.13.20. To reduce confusion, delete the code completely. It remains present on the git `master` branch for 1.17.x, and will hopefully be reinstated during the 1.17.x cycle. (dbus!488, dbus!490; Simon McVittie) Bug fixes: • Fix the Devhelp index for API documentation (dbus!486, Simon McVittie) • Fix detection of socketpair() on Solaris 10 (dbus#531, Simon McVittie) • Avoid undefined signed integer overflow when calculating hash table indexes (dbus!487, Jami Kettunen) 1.15.12 Enhancements: • D-Bus Specification 0.43: · Recommend loading system services from /etc/dbus-1/system-services and /run/dbus-1/system-services (dbus!467, Luca Boccassi) · Reorganise documentation of the message bus to make it easier to add new interfaces (dbus!472, Simon McVittie) · Document o.fd.DBus.Debug.Stats interface (dbus!472, Simon McVittie) · Document o.fd.DBus.Verbose interface (dbus!472, Simon McVittie) · Formatting improvements (dbus!471, dbus!472; Simon McVittie) · Don't imply that all clients need to support obsolete message bus implementations (dbus!471, Simon McVittie) • API design advice: · Document typical approaches to emulating nullable types in the D-Bus type system (dbus!446, Zeeshan Ali Khan) • On Unix, additionally load system services from: · /etc/dbus-1/system-services, reserved for use by either the local system administrator, or software such as asset managers and configuration management frameworks acting on their behalf · /run/dbus-1/system-services, for ephemeral services (dbus!467, Luca Boccassi) Bug fixes: • Increase file descriptor soft limit to hard limit before testing file descriptor passing, and correctly skip the test for flooding the bus with fds when the limit is too low, fixing test failures on Solaris (dbus#176, Alan Coopersmith)

• When building API documentation with Doxygen, always generate a working link in the index HTML page (dbus#519, dbus!470; Ralf Habacker, Simon McVittie) • When building with Meson, add (more) test dependencies so that 'meson test' does not always need to be preceded by 'meson compile' (dbus!468, Simon McVittie) • When installing with Meson, don't fail if we are installing as root but the user/group that will own the setuid dbus-daemon-launch-helper do not yet exist (dbus#492, Jordan Williams) • When building with Meson on Solaris, fix detection and build of Solaris audit API integration (dbus!477, Alan Coopersmith) • Fix service activation timeouts when built with embedded tests (test instrumentation) and run on a platform with a large file descriptor limit (dbus#527, Simon McVittie) • Fix test failures on platforms where deleting the current working directory is not allowed, such as Solaris (dbus!480, Alan Coopersmith) Internal changes: • CI fixes (dbus!474, Simon McVittie) 1.15.10 Build-time configuration changes: • The Autotools build system has been removed. Its replacement is Meson. (dbus#443, Ralf Habacker) Enhancements: • Use 64-bit timestamps internally. This will allow 32-bit builds of libdbus to continue working after 2038 if there is OS-level support for 64-bit time_t, either opt-in (as on 32-bit glibc systems) or by default. (dbus!444, Alexander Kanavin) • When building with CMake, build more HTML documentation (dbus#504, Ralf Habacker) Bug fixes: • Don't crash if configured to watch more than 128 directories with inotify (dbus#481, hongjinghao) • Never add (uid_t) -1, (gid_t) -1 or (pid_t) 0 to credentials (dbus!464, Alyssa Ross) • Fix a regression since 1.15.0 for "autolaunch:" on Windows (dbus#503, Thomas Sondergaard) • When building with Meson, don't use stdatomic.h if it exists but is non-functional, for example under Visual Studio 2022 (dbus#494, Thomas Sondergaard) • When building with Meson, add test dependencies so that 'meson test' does not always need to be preceded by 'meson compile' (dbus!465, Alyssa Ross) • When building with Meson, really enable launchd if appropriate (dbus!463, Alyssa Ross) • In the test suite, use a more widely-implemented group name 'tty' in preference to 'bin' (dbus#514, Alyssa Ross) • Ensure that `dbus-test-tool spam` options cannot leave the payload length uninitialized (dbus!469, Simon McVittie) • Fix compiler warnings with gcc 14 (dbus!469, Simon McVittie) Documentation: • Clarify ownership transfer of pending call in dbus_connection_send_with_reply() (dbus!455, Wiebe Cazemier) • Explicitly document dbus-send exit status (dbus#452, Philip Withnall) • Refer to d-spy in preference to unmaintaned D-Feet (dbus!460, Ludovico de Nittis) • Update URL to Bustle tool (dbus!460, Ludovico de Nittis) Internal changes: • Replace _dbus_string_append_int(), _dbus_string_append_uint() with calls to _dbus_string_append_printf() (dbus!445, Simon McVittie) • Clean up unused macros in CMake build (dbus!463, Alyssa Ross) • Internal CI changes (dbus#487, dbus#488, dbus#489, dbus#509; Ralf Habacker, Simon McVittie) 1.15.8 Build-time configuration changes: • For this version of dbus, Meson is the recommended build system for all Unix platforms. CMake continues to be recommended for Windows, but this recommendation might change to Meson in a future release, so please test the Meson build. See INSTALL for details. • Autotools-generated files are no longer included in the tarball release. The Autotools build system is likely to be removed in a future dbus release, so Autotools users should migrate to Meson as soon as possible. It is still possible to build using Autotools, by following the same procedure as for a git clone (starting with the `./autogen.sh` script). Enhancements: • D-Bus Specification 0.42: · GetConnectionCredentials can return ProcessFD (dbus!420, dbus!398; Luca Boccassi) • On Linux with sufficiently new glibc and kernel headers, report a pinned process file descriptor (pidfd) as the ProcessFD member of the GetConnectionCredentials() result (dbus!420, dbus!398; Luca Boccassi) • On Linux with systemd, start as the target user/group (retaining CAP_AUDIT_WRITE to preserve the ability to write to the audit log), instead of starting as root and dropping privileges (dbus!399, Luca Boccassi) • On 32-bit glibc systems, opt-in to 64-bit timestamps if possible. This will allow 32-bit builds of libdbus to continue working after 2038. (dbus#465, Simon McVittie) • On 32-bit glibc systems when built with CMake, also opt-in to large file sizes, offsets and inode numbers, as was done for Autotools since 1.12.x and Meson since the Meson build was introduced (dbus#465, fd.o #93545; Simon McVittie) • Avoid known dbus-daemon options being interpreted as optional arguments (dbus#467, Xin Shi) • If libdbus is a Meson subproject in a larger project, announce it as an implementation of the dbus-1 dependency (dbus!415, Barnabás Pőcze) • When built with CMake, get the version number from Meson instead of Autotools, in preparation for the Autotools build system being removed (dbus!382, Ralf Habacker) • When built with Meson, disable some unwanted warnings when either assertions or checks is disabled (dbus!412, Simon McVittie) • Use C11 <stdatomic.h> if possible (dbus!431, Simon McVittie) • Expand coverage of SPDX/REUSE copyright/license information (dbus!427, Simon McVittie) • On Linux, let dbus-daemon start up successfully (with a warning) if inotify initialization fails, even if DBUS_FATAL_WARNINGS=1 is present in the environment (dbus#473, Simon McVittie) • On Unix, provide a better error message when looking up a user by name or user ID fails (dbus!442, Simon McVittie) Bug fixes: • Avoid a dbus-daemon crash if re-creating a connection's policy fails. If it isn't possible to re-create its policy (for example if it belongs to a user account that has been deleted or if the Name Service Switch is broken, on a system not supporting SO_PEERGROUPS), we now log a warning, continue to use its current policy, and continue to reload other connections' policies. (dbus#343; Peter Benie, Simon McVittie) • If getting the groups from a user ID fails, report the error correctly, instead of logging "(null)" (dbus#343, Simon McVittie) • Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs field for processes with a valid-but-empty supplementary group list (dbus!422, cptpcrd) • `sudo meson install` without a DESTDIR is now possible, although strongly discouraged on production systems (dbus#436, Simon McVittie) • Fix a Meson deprecation warning (dbus#439, Simon McVittie) Tests and CI enhancements: • Internal CI changes (dbus#455, dbus!414, dbus#468, dbus#469, dbus!424, dbus!430, dbus#436, dbus#470; Ralf Habacker, Simon McVittie) 1.15.6 Denial-of-service fixes: • Fix an assertion failure in dbus-daemon when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. This is a denial of service if triggered maliciously by a local attacker. (dbus#457; hongjinghao, Simon McVittie) Enhancements: • Special-case reading pseudo-files from Linux /proc to take into account the filesystem's unusual semantics (dbus!401, Luca Boccassi) Other fixes: • Fix compilation on compilers not supporting __FUNCTION__ (dbus!404, Barnabás Pőcze) • Fix some memory leaks on out-of-memory conditions (dbus!403, Barnabás Pőcze) • Documentation: · Update the README to recommend building with Meson (dbus!402, Ahmed Abdelfattah) · Fix syntax of a code sample in dbus-api-design (dbus!396; Yen-Chin, Lee) • CMake build fixes: · Detect presence of <sys/syscall.h> (dbus!400, Luca Boccassi) Tests and CI enhancements: • Fix CI pipelines after freedesktop/freedesktop#540 (dbus!405, dbus#456; Simon McVittie) • Ensure the messagebus user is created if necessary (dbus#445, Ralf Habacker) 1.15.4 Dependencies: • Building with CMake now requires CMake ≥ 3.9. Build-time configuration changes: • On Unix platforms, a path in the runtime state directory (often /run) is now used for the well-known system bus socket by default. OS distributors should check that the path used is equivalent to the interoperable path /var/run/dbus/system_bus_socket, especially if running on an OS where /var/run is not guaranteed to be a symbolic link to /run. (dbus#180; Issam E. Maghni, Simon McVittie) · With Autotools, this is controlled by --runstatedir, which defaults to ${localstatedir}/run but is often set to /run by OS distributors. The path to the system bus socket can be overridden with the --with-system-socket option if required. · With CMake, this is controlled by the RUNSTATEDIR option, which has behaviour similar to Autotools. There is no separate option for the path to the system bus socket. · With Meson, this is controlled by the runtime_dir option, which defaults to /run if the installation prefix is set to /usr, or has behaviour similar to Autotools otherwise. The path to the system bus socket can be overridden with the system_socket option if required. Denial of service fixes: • Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin) Enhancements: • D-Bus Specification 0.41: · Clarify handling of /run vs. /var/run on Unix systems (dbus#180, Simon McVittie) • Add dbus_connection_set_builtin_filters_enabled(), intended to be called by tools that use BecomeMonitor() such as dbus-monitor (dbus#301, Kai A. Hiller) • When using the Meson build system, dbus can now be used as a subproject. To avoid colliding with a separate system copy of dbus, building it as a static library with tests, tools and the message bus disabled is strongly recommended. See test/use-as-subproject for sample code. (dbus!368, dbus!388; Daniel Wagner) Other fixes: • When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination (dbus#301, Kai A. Hiller) • Fix out-of-bounds varargs read in the dbus-daemon's config-parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. (dbus!357, Evgeny Vereshchagin) • Avoid a data race in multi-threaded use of DBusCounter (dbus#426, Ralf Habacker) • Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) • If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) • Use C11 _Alignof if available, for better standards-compliance (dbus!389, Khem Raj) • Stop including an outdated copy of pkg.m4 in the git tree (dbus!365, Simon McVittie) • Meson build fixes: · Use -fvisibility=hidden on Unix if supported, in particular on Linux (dbus!383, dbus#437; Simon McVittie) · Fix build on macOS, and any other platform that has CLOCK_MONOTONIC but not pthread_condattr_setclock() (dbus#419, Jordan Williams) • Documentation: · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan) • Licensing: · Use MIT license for some test files that did not previous specify a license, with permission from their authors (dbus!359, Simon McVittie) · Add more SPDX/REUSE license markers (dbus!311, dbus!369, dbus!370, dbus!371, dbus!375, dbus!376; Ralf Habacker, Simon McVittie) · Correct syntax of some SPDX license markers (dbus!360, Ralf Habacker) • Tests fixes: · Fix an assertion failure in test-autolaunch-win (dbus#422, Ralf Habacker) · Expand test coverage under CMake (dbus!322, Ralf Habacker) · Fix the test-apparmor-activation test after dbus#416 (dbus!380, Dave Jones) Internal changes: • Add static assertions for some things we assume about pointers (dbus!345, Simon McVittie) • Refactoring (dbus!356, dbus#430, dbus#431; Simon McVittie, Xin Shi) • Fix CI builds with recent git versions (dbus#447, Simon McVittie) • Build dbus with clang during CI (dbus!358, Evgeny Vereshchagin) 1.15.2 Behaviour changes: • On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) Denial of service fixes: Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. • An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) • A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) • A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) Enhancements: • D-Bus Specification 0.40 (dbus#416, Simon McVittie) · Clarify that unix:tmpdir is not required to use abstract sockets, even where supported · Mention implications of abstract sockets for Linux namespacing 1.15.0 Dependencies: • On platforms where a pointer is larger than 64 bits, dbus requires at least a C11 compiler. On other platforms, dbus now requires either a C99 compiler such as gcc or clang, or Microsoft Visual Studio 2015 or later. Some workarounds for pre-C99 environments are currently still present, but we plan to remove them during this development cycle. • Building with CMake now requires CMake ≥ 3.4. • Building with Meson requires Meson ≥ 0.56 and Python ≥ 3.5. Feature removal: • Remove support for the obsolete pam_console and pam_foreground modules (the Autotools --with-console-auth-dir= and CMake -DDBUS_CONSOLE_AUTH_DIR= options, which have been deprecated since dbus 1.11.18). (dbus#181, fd.o#101629) Build-time configuration changes: • Add a Meson build system. This is currently considered experimental, but the intention is for it to replace Autotools and/or CMake in future releases, preferably both. Please test! (dbus!303, dbus!325; Félix Piédallu, Marc-André Lureau, Simon McVittie) · This requires Meson 0.56 or newer, and Python 3.5 or newer. · Expat can be built as a subproject using Meson's "wrap" mechanism, if desired. This should make it considerably easier to build dbus for Windows or other platforms without a library packaging system. · GLib can also be built as a subproject using Meson's "wrap" mechanism, if desired. This should make it considerably easier to build full test coverage on Windows or other platforms without a library packaging system. • Please note that not all Meson build options correspond 1:1 to how the closest equivalents in Autotools or CMake behave, and the Meson build options are subject to change. Distributors and developers evaluating the Meson build should check that they are configuring dbus the way they intend to. Enhancements: • D-Bus Specification 0.39: · Document how to represent internationalized domain names in D-Bus names (dbus!324, Simon McVittie) · Improve documentation of AF_UNIX sockets (Marc-André Lureau) • On Unix, speed up closing file descriptors for subprocesses by using closefrom() or close_range() where available (dbus#278; rim, Simon McVittie) • On Windows, dbus can now use AF_UNIX sockets, not just TCP. This requires Windows 10 build 17063 or later at runtime, and either Windows 10 SDK 17063 or mingw-w64 version 9.0.0 or later at compile-time. (dbus!249, Marc-André Lureau) • Teach dbus-send to handle variants in containers: arrays of variants, variant values in dictionaries, and nested variants (dbus!206, Frederik Van Bogaert) • Detect programming errors with Windows mutexes if assertions are enabled, similar to what we already did for pthreads mutexes (dbus#369, Ralf Habacker) • Move license text into LICENSES, and start to use SPDX markers (Simon McVittie, Ralf Habacker) Fixes: • Portability to CPU architectures with larger-than-64-bit pointers (dbus!335, dbus!318; Alex Richardson) • Fix build failure on FreeBSD (dbus!277, Alex Richardson) • Fix build failure on macOS with launchd enabled (dbus!287, Dawid Wróbel) • Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) • Improve dbus-launch --autolaunch so it can pick up an existing bus from Linux XDG_RUNTIME_DIR or macOS launchd, even if X11 autolaunching was disabled (dbus#385, dbus#392; Simon McVittie, Alex Richardson) • Correctly escape AF_UNIX socket paths when converting them to D-Bus address strings (dbus#405, Marc-André Lureau) • On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) • Slightly improve error-handling for inotify (dbus!235, Simon McVittie) • Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) • Silence various compiler warnings (dbus!275, dbus!289, dbus!305, dbus!307, dbus!312, dbus!315; Ralf Habacker, Simon McVittie, Alex Richardson, Marc-André Lureau) • On Windows, use safer locking patterns for the system-global mutex used to implement autolaunching (dbus#368, dbus#370; Ralf Habacker) • Index dbus-arch-deps.h for API documentation when building out-of-tree (dbus!312, Marc-André Lureau) • Silence xmlto warnings when building man pages (dbus!312, Marc-André Lureau) • Fix build failure when checks are disabled but assertions are enabled (dbus#412, Johannes Kauffmann) • Use C99 flexible arrays in the memory pool implementation for better support for modern compilers (dbus!343, dbus!344; Alex Richardson, Simon McVittie) • Autotools build system fixes: · Don't treat --with-x or --with-x=yes as a request to disable X11, fixing a regression in 1.13.20. Instead, require X11 libraries and fail if they cannot be detected. (dbus!263, Lars Wendler) · When a CMake project uses an Autotools-built libdbus in a non-standard prefix, find dbus-arch-deps.h successfully (dbus#314, Simon McVittie) · Don't include generated XML catalog in source releases (dbus!317, Jan Tojnar) · Improve robustness of detecting gcc __sync atomic builtins (dbus!320, Alex Richardson) • CMake build system fixes: · Detect endianness correctly, fixing interoperability with other D-Bus implementations on big-endian systems (dbus#375, Ralf Habacker) · Fix a race condition generating man pages and HTML documentation (dbus#381, Ralf Habacker) · When building for Unix, install session and system bus setup in the intended locations (dbus!267, dbus!297; Ralf Habacker, Alex Richardson) · Detect setresuid() and getresuid() (dbus!319, Alex Richardson) · Detect backtrace() on FreeBSD (dbus!281, Alex Richardson) · Don't include headers from parent directory (dbus!282, Alex Richardson) · Fix -Wunused-command-line-argument on FreeBSD (dbus!278, Alex Richardson) · Only add warning flags if the compiler supports them (dbus!276, Alex Richardson) · Distinguish between host and target TMPDIR when cross-compiling (dbus!279, Alex Richardson) · Improve compiler warning detection (dbus#387, Ralf Habacker) · Allow TEST_SOCKET_DIR to be overridden (dbus!295, Ralf Habacker) · Fix detection of atomic operations (dbus!306, Alex Richardson) · Use DWARF 2 instead of STABS for debug symbols on Windows, for compatibility with newer gcc versions (dbus!323, Marc-André Lureau) · Fix use of paths relative to the dbus project directory when dbus is vendored into a larger CMake project (dbus!332, Jordan Williams) Tests and CI enhancements: • Add an automated test for Windows autolaunching (dbus#235, Ralf Habacker) • Avoid compiler warnings in test code (dbus#383, dbus!274, dbus!275; Simon McVittie, Ralf Habacker) • Avoid LeakSanitizer warnings in test code (dbus!326, Simon McVittie) • Speed up a particularly slow unit test by a factor of 30 (dbus!328, Simon McVittie) • On Unix, skip tests that switch uid if run in a container that is unable to do so, instead of failing (dbus#407, Simon McVittie) • On Unix, consistently create test sockets in DBUS_TEST_SOCKET_DIR and not the build directory, allowing the build directory to be mounted with a non-POSIX filesystem (dbus!334, Alex Richardson) • Gitlab-CI improvements (dbus#383, dbus#388, dbus!262, dbus!288, dbus!292, dbus!296, dbus!299, dbus!301; Ralf Habacker, Simon McVittie, Alex Richardson) • Added FreeBSD Gitlab-CI build jobs (dbus!280, dbus!347; Alex Richardson) • Use the latest MSYS2 packages for CI (Ralf Habacker, Simon McVittie)

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 86a84624f5723774cfb0df337cbaec0681d9aa7d Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Jan 22 22:07:00 2025 +0100

clamav: Update to version 1.4.2

- Update from version 1.4.1 to 1.4.2 - Update of rootfile - Changelog 1.4.2 - [CVE-2025-20128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128): Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in: - 1.4.2 - 1.0.8 Thank you to OSS-Fuzz for identifying this issue.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 66e1d282c8e46168677abed8606cbbfb6c1ffe1c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 09:30:05 2025 +0100

kernel: update to 6.12.11

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9a8d32f8ede08be18c8b2db56e04fe06b27ee22b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 08:37:49 2025 +0100

collectd: load syslog plugin first

this remove the plugin load ouptput on the console at collectd startup.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit a23189d202df8c3b80e0594b0e4a1710f9831252 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 23 08:37:34 2025 +0100

rootfile consistency check: check also commented lines

report also commented files to build rootfiles matching for all arches.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 3e85c21e8a122c041245ac06f6d2e65b955e522d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 23 06:23:33 2025 +0100

collectd: fix rootfile

we need this machine type check for the perl modules back!

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 31bc8f934bfe90a2b66b0bb8575053acf9a19487 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 22 13:00:47 2025 +0100

collectd: fix rootfiles

the turbostat plugin is only present on x86_64 so we need a separate rootfile on x86_64.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c77cc6646e22c689b2efbd8e3654fad34506deb2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 22 07:07:56 2025 +0100

core192: ship openssl

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 51203ff501aadda962e06d90b382b7fec4f762c2 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:50 2025 +0000

slang: This package does not build the zlib module any more

This is due to the removal of the static version of zlib, but we don't need this module anyways.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit bb0dff6f0b8c1b86f614a783951778c0fb0f569d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:49 2025 +0000

core192: Remove the old version of zlib

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1e21f69e81fb0b681478713583a07c898be2a585 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:48 2025 +0000

zlib-ng: Don't install the static version of the library

We want everythink to link against zlib dynamically so that we can easily replace the library in case there is some urgent reason to do so.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 29119178f5b1dde27a1c90d8b202828e4e90b3bb Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:47 2025 +0000

zlib-ng: Install the compat library into /lib again

This is just to remain compatible with the older version which was also installed in /lib.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 0290bf4d643d1c4c4e2c1bb36a0f5c9ea9e78713 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:46 2025 +0000

Revert "zlib-ng: ship /usr/lib/libz.so"

This reverts commit 2dbfc2f042839d2942b2a38790123c480d087cd8.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c706e7601bb3be8ffbcbc4414af71110a38e4dfa Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 14:57:45 2025 +0000

openssl: Dynamically link zlib

The former way was to open libz.so whenever it was needed. This is however not a very good solution and we will have trouble in dependency tracking and discover any linking problems much later.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 66557751042e081147de7347da8a549e10b1468a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 21 19:39:19 2025 +0100

core192: ship collectd changes.

- collectd - backup.pl - graphs.pl

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 79d6ae8caf28366401fe230b131dde9e35f2e1cd Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:28 2024 +0100

nut: Update to enable collectd to find the nut files

- with-dev is required as a configure option to ensure that the package-config files are installed during the build so that collectd can find the libupsclient library files which are needed for the nut plugin.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4145cffd4303eeaab0cf4d4725c95eb51b3cd068 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:27 2024 +0100

make.sh: Change of position for nut and dependant programs

- With nut enabled in collectd as a plugin (to match with apcupsd) then it had to be moved to before collectd. - netsnmpd is required by nut for one of its rootfiles and therefore has to stay before nut.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 60ccc0901996449fcc2121039fc5ebf9d1c765c3 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:26 2024 +0100

update.sh: Update to migrate rrd directories for collectd-5.x

- Not tested by myself but it uses the same code as in the backup.pl changes which were tested and worked. So expectation is that they will work in the Core Update but this will be able to be evaluated when the Testing Release is issued.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7a317798d47b0b6154815362b081147c65eab6a4 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:25 2024 +0100

backup.pl: Update to migrate rrd directories for collectd-5.x

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 03d6ab55162c35533fb89881750900ddd346a19c Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:24 2024 +0100

graphs.pl: Update to names used by collectd-5.x

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2653023bdd90d03d8fb1b45c74554e7a10e4995c Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:23 2024 +0100

collectd: Removal of old patches that are no longer needed

Tested-by: Adolof Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 698639e3597607381ed340b252fbc5e9998e15f7 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Dec 25 14:48:22 2024 +0100

collectd: Update to version 5.12.0

- Update from version 4.10.9 to 5.12.0 - Update of rootfile - Removal of the patches that were used for version 4.10.9. Checking these they have either been included, are no longer applicable as the involved code is no longer present or were changes specific to BSD or Solaris OS's or were related to plugins that were not enabled on IPFire such as mysql. - If anyone is aware of patches that should be applied to version 5.12.0 then let me know. - Updated the plugin lists to disable some that were enabled such as multimeter and battery. We shouldn't need to use IPFire as a multimeter and it should not really be running on a laptop in battery mode. - Re-arranged the order of the plugins to make them alphabetical again. - Added nut to the enabled plugins. apcupsd was already enabled but nut was not. - Disabled making warnings into errors, updated the librrd directory and specified the libgcrypt directory so that the build was successfull. - collecvtd-5.x supports parallel builds - copied the 4.x to 5.x migration program into IPFire. This is then used when restoring older backups or for the update script for when collectd-5.12.0 is merged. - The change set was installed on my vm and the graphs all worked as expected and got updated. Doing a restore from an earlier backup with the 4.x format of files was correctly migrated and installed. - Changelog is rather large covering everything that has changed and been updated. Details can be found at https://github.com/collectd/collectd/releases

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit bd475ad3b9fa1106d45d723764313397717d0fe1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jan 20 00:21:56 2025 +0100

kernel: update to 6.12.10

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 5dd0babeda2e6f03536b934c69e2c76ac84a02f3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 19 22:44:46 2025 +0100

kernel: update riscv64 config and rootfile

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 356bfb56925800ef0347bf30d738fa633d9d3bed Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 18 17:40:17 2025 +0100

linux-headers: riscv64 rootfile update

commit 8423327e6b09d9438d04a4acf7d544102fb705c4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 18 17:33:04 2025 +0100

gdb: rootfile update

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 42823268d0356da39370a97002bf7bc78802434e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 18 17:26:10 2025 +0100

flash-images: increase initial rootsize to 2.5GB

the riscv64 build run out of diskspace.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2e16824b87c6803b5df75c33407d7ef094b4daf2 Merge: e0bc608bf8 6c8b544494 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 17 09:43:05 2025 +0000

Merge remote-tracking branch 'origin/master' into next

commit e0bc608bf8d1f7e81f3bd35a5d4454eed495f858 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 14 14:05:44 2025 +0100

core192: ship zlib-ng

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2dbfc2f042839d2942b2a38790123c480d087cd8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 14 13:30:15 2025 +0100

zlib-ng: ship /usr/lib/libz.so

openssl needs this for dso library loading

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4a7cd2a5d6dbf51d07293b82e614d696bae2b2ba Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 9 20:32:44 2025 +0100

tr.pl: Update tr.pl

- Corrected some sentences amd miss-uasages of words.

Suggested-by: Onur Erden onur_erden@hotmail.com Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c5fc76563baf2f6e1f62a7b78dca1f82630a346d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 9 15:08:22 2025 +0000

kernel: Strip modules

The kernel does not strip modules by default. This can be enabled by passing INSTALL_MOD_STRIP=1 when installing the modules.

Since we are not actually building the kernel with debuginfo and we are comressing the modules afterwards, there is not a huge saving on disk space, but there is a small saving of memory when loading the modules.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 0934e36ef7d2a16c03cb7a0d3919b3d3b1b911c3 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Jan 8 13:18:54 2025 +0100

fr.pl: Additional update to French translations for the optionsfw.cgi page

Reported-by: Phil SCAR p27m@orange.fr Fixes: Bug13800 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 18e20aef568362f7b772bd72ab88ee520fb6f8c9 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Jan 7 17:34:18 2025 +0100

web-user-interface: Update rootfile

- Comment out the wlanap.cgi rootfile entry as this is tied to the hostapd addon and is installed when hostapd is installed.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2dc005c68b24f7e3d5d59258da26c9ff6e25ffdc Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 6 14:52:26 2025 +0100

speedtest-cli: Fix for bug13805 - error message if run on hour or half hour

- Created a self consistent patch set out of four patches on the speedtest-cli github site. Slight changes needed in each to allow them to be successfully applied in sequence. - Additional comments added to top of the various patches. - Tested out this modified package on my vm testbed and it fixes the bug of speedtest-cli giving an error message if run on the hour or on the half hour. I tested it out with the original system first and it failed with the error message for 7 half hour tests. With this modified version it ran for 9 half hour slots with no problems at all. Tested with the command being run via fcrontab. - None of these patches have ben merged by the speedtest-cli github owner as the last commit was July 2021 and the patches were proposed in Feb 2023. There has been no resposne to anything on the speedtest-cli github site by the owner. - I have reviewed all the patches and the content looks fine to me with no concerns from a security point of view although it would be good to get feedback from alternative eyes. - Update of rootfile not required.

Fixes: Bug13805 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Tested-by: Bernhard Bitsch bbitsch@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7aa181ec1fd492c1a60df67782257c144bb693dc Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 08:47:27 2025 +0000

kernel: update to 6.12.9

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 93f8b568175a73a7f1ad52b47cf44013544266a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 8 20:19:37 2025 +0100

core192: ship suricata

this is now build with updated rust compiler.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c4a21542834c0a5dc13192aa5a30be2fd60c10e0 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 3 10:39:28 2025 +0000

zlib-ng: Migrate to zlib-ng

This is a new and improved version of zlib that merges various fixes and optimizations from various contributors.

Amonst those are taking advantage of AVX and instruction sets if they are available.

This patch adds the new API and a compat library that is a drop-in replacement for the legacy version of zlib.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit df7d6c99a9831d47d93df5258eeddc26f8568d89 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 3 10:40:03 2025 +0000

make.sh: Actually perform the build in the toolchain stage

Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4aae2b40b94222cff29dd2797ad3b2e17b33afad Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:39 2024 +0100

clamav: Update to version 1.4.1

- Update from version 1.3.2 to 1.4.1 - Update of rootfile - Changelog 1.4.1 ClamAV 1.4.1 is a critical patch release with the following fixes: - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. 1.4.0 Major changes - Added support for extracting ALZ archives. The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`. Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html) option to enable or disable ALZ archive support. > _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some > configuration changes to be made via ClamAV `.cfg` "signatures". - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1183) - Added support for extracting LHA/LZH archives. The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`. Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html) option to enable or disable LHA/LZH archive support. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1192) - Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. New ClamScan options: ``` --scan-image[=yes(*)/no] --scan-image-fuzzy-hash[=yes(*)/no] ``` New ClamD config options: ``` ScanImage yes(*)/no ScanImageFuzzyHash yes(*)/no ``` New libclamav scan options: ```c options.parse &= ~CL_SCAN_PARSE_IMAGE; options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH; ``` Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html) option to enable or disable image fuzzy hashing support. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186) Other improvements - Added cross-compiling instructions for targeting ARM64/aarch64 processors for [Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-windows-arm64....) and [Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linux-arm64.md). - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1116) - Improved the Freshclam warning messages when being blocked or rate limited so as to include the Cloudflare Ray ID, which helps with issue triage. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1195) - Removed unnecessary memory allocation checks when the size to be allocated is fixed or comes from a trusted source. We also renamed internal memory allocation functions and macros, so it is more obvious what each function does. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1137) - Improved the Freshclam documentation to make it clear that the `--datadir` option must be an absolute path to a directory that already exists, is writable by Freshclam, and is readable by ClamScan and ClamD. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1199) - Added an optimization to avoid calculating the file hash if the clean file cache has been disabled. The file hash may still be calculated as needed to perform hash-based signature matching if any hash-based signatures exist that target a file of the same size, or if any hash-based signatures exist that target "any" file size. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1167) - Added an improvement to the SystemD service file for ClamOnAcc so that the service will shut down faster on some systems. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1164) - Added a CMake build dependency on the version map files so that the build will re-run if changes are made to the version map files. Work courtesy of Sebastian Andrzej Siewior. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1294) - Added an improvement to the CMake build so that the RUSTFLAGS settings are inherited from the environment. Work courtesy of liushuyu. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1301) Bug fixes - Silenced confusing warning message when scanning some HTML files. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1252) - Fixed minor compiler warnings. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1197) - Since the build system changed from Autotools to CMake, ClamAV no longer supports building with configurations where bzip2, libxml2, libz, libjson-c, or libpcre2 are not available. Libpcre is no longer supported in favor of libpcre2. In this release, we removed all the dead code associated with those unsupported build configurations. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1217) - Fixed assorted typos. Patch courtesy of RainRat. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1228) - Added missing documentation for the ClamScan `--force-to-disk` option. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186) - Fixed an issue where ClamAV unit tests would prefer an older libclamunrar_iface library from the install path, if present, rather than the recently compiled library in the build path. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1258) - Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) - Fixed a bug that prevented loading plaintext (non-CVD) signature files when using the `--fail-if-cvd-older-than=DAYS` / `FailIfCvdOlderThan` option. Fix courtesy of Bark. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1309)

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2491a8377dec09d1653cd81c82519accf4122f77 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:38 2024 +0100

make.sh: Addition of new and pinned rust crates

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit a47b54a291e126a77fd48fb7e9d5cd4d13f54c3a Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:37 2024 +0100

rust-winnow: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 38ba7f31ea1494ea7b77c6b7481e606589def442 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:36 2024 +0100

rust-unicode-ident: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 3d7053d9d344cb42812f70bd457646dc314f19a0 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:35 2024 +0100

rust-toml_edit: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1fb656b2d794c900f43a6f9935b2228506c3656e Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:34 2024 +0100

rust-toml_datetime: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 19a2333d665d3ac645f860d8000570d75e3efb7e Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:33 2024 +0100

rust-target-triple: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1816b14124737452da09f741accc94d72b6f29a0 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:32 2024 +0100

rust-syn-1.0.109: Crate required pinned at version 1.0.109

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 21487812db8b754b4d7b86fefdd3c6ce74654f41 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:31 2024 +0100

rust-serde_spanned: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 61b7f8d5b0b13f1f67367a06add063df96cc9161 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:30 2024 +0100

rust-indoc-impl-0.3.6: Crate required to be pinned at version 0.3.6

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit cd456f9154a9e69bfecce17ee4adb6d75bf9789b Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:29 2024 +0100

rust-indexmap: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 66f6d14002a28886d510856091bb122ce9f889d6 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:28 2024 +0100

rust-hashbrown: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit a57ea02b22f952c2db068de96590948915335b50 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:27 2024 +0100

rust-foldhash: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit abd4591d0835186cf3f4a3b577adcfbe51223ea1 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:26 2024 +0100

rust-equivalent: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6504114f013f275fb212791ef006425199c7bda4 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:25 2024 +0100

rust-allocfator-api2: New crate required by rust-1.83.0

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit add6ad00799bb4d649530c432fdf32b9bf2359bd Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:24 2024 +0100

rust-unindent: Update to version 0.1.11 from 0.1.7

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b22d6d51dce07204dfba6adf26a8b0a8e2e93a4c Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:23 2024 +0100

rust-trybuild: Update to version 1.0.101 from 1.0.54

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c21208205ed0f1cd37608398b98d74d2b1590bac Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:22 2024 +0100

rust-toml: Update to version 0.8.19 from 0.5.8

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit f958ce5d7e5c70b0221e97b9e7a3f9660f934d64 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:21 2024 +0100

rust-synstructure: Update to version 0.13.1 from 0.12.6

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 23b1ddf5d60e6bca64e2da94092beda623f325d2 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:20 2024 +0100

rust-syn: Update to version 2.0.90 from 1.0.86

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b653dee1a6a0fbffd0badf1226792a8b9f395a5c Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:19 2024 +0100

rust-serde_json: Update to version 1.0.133 from 1.0.78

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8d22a6f9476f577eb80c367437bbd7bc3af8aa92 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:18 2024 +0100

rust-serde_derive: Update to version 1.0.216 from 1.0.136

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d0a954d10456371deb2e8b7760675ed4850cbdec Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:17 2024 +0100

rust-serde: Update to version 1.0.216 from 1.0.136

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 1a9d05b3bd2f6880f18b106be8b4037a49e48ed9 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:16 2024 +0100

rust-rand: Update for template to add removal of Cargo.toml.orig from source file

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 5289fd8591b15948dfb0d795735f52f78ef73dc4 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:15 2024 +0100

rust-quote: Update to version 1.0.37 from 1.0.15

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8845196a159bad9e4aaa5c7d9491bf16d3fa1a23 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:14 2024 +0100

rust-proc-macro2: Update to version 1.0.36 from 1.0.92

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9a81b0bfa90a88594a6a717f54363b15ec250c27 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:13 2024 +0100

rust-memchr: Update to version 2.7.4 from 2.4.1

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit a067bd801e9d084a75d6fdfca525862380562b6f Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:12 2024 +0100

rust-inventory-impl: Update to version 0.1.11 from 0.1.4

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6a11a83ac7ebc0fafb2f791270805b8f436f945b Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:11 2024 +0100

rust-inventory: Update to version 0.1.4 from 0.3.15

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ada6d56583ba0e9d3240de37dbf6219e97dcd907 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:10 2024 +0100

rust-indoc-impl: Update to version 0.3.7 from 0.3.6

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d584ba5c7280d69f8d241a9a3e6ad0b00255be8a Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:09 2024 +0100

rust-ctor: Update to version 0.2.9 from 0.1.21

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 51949018d02b6e0e9a541f9a6932a3863b44b295 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Dec 21 13:55:08 2024 +0100

rust: Update to version 1.83.0

- Update from version 1.67.0 to 1.83.0 - Update x86_64, aarch64 & riscv64 rootfiles - This version of rust hasd the fix to ensure that ruby builds okay with aarch64 & riscv64. This required a fix to be applied to the LLVM and then for the updated LLVM to be built into rust. That has occurred with this version. - Tested out the build on aarch64 and riscv64 and confirmed that ruby built without any problems with this version of rust. - The update of rust required a range of updates of other rust crates plus the inclusion of new crates and the pinning of some crates to older versions. This patch set includes all the rust crate changes. - The download-rust-crate script results in source tarballs that have a Cargo.toml.orig file included in them. This is not allowed in the rust building so the rust-rand file which is used as a template for the rust crate script has been modified to remove this .orig file so that the build can complete. - With this updated version of rust the clamav addon can also now be updated and so is also included in this patch set. - There are 29 rust crate changes. - Changelog is too large to include here. Details can be found at https://releases.rs/docs/

Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 201dd22052b178718142c593dbcbf1bd268f5028 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 8 20:01:37 2025 +0100

qemu: update rootfile

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9ce7664513091dfec6c770906a1121b7f4a8099a Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:17 2024 +0200

samba: Modification to disable cups for samba build and install

- As discussed at IPFire conf call on 7th Oct - disable cups for the samba configure stage - Update of rootfiles - Update of samba.cgi to remove the printing of a printer share into the samba configuration file. - Tested out on vm system. Installed samba with only avahi, perl-Parse-Yapp, perl-JSON and wsdd as dependencies. Installed without any problems. Existing share was able to be accessed without any problems and a new share was created and was also able to be accessed without problems.

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9a05bf8e6beb16ab186051156fd14a589dc5c9d6 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:16 2024 +0200

perl-Imager: Removal of all tiff related lines in rootfile

- With removal of libtiff, the perl-Imager rootfile has to have tiff related lines removed. - perl-Imager works without the tiff lines in place. Only no tiff images will be able to be processed by perl-Imager but that is not required for its use in IPFire. - Tested out creating an OpenVPN connection with OTP enabled and the OTP QR code was produced and able to be viewed.

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c5d2db20e4df204c46dd3c0da19e8a65c6899597 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:15 2024 +0200

make.sh: All removed packages removed from make.sh

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 891ec92e339a5cabc926a242701ea8163e3a7fd7 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:14 2024 +0200

qpdf: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 45dd83171b2b01ecbe68ea80228ef7944fedb71c Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:13 2024 +0200

poppler-data: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 728f1e8ea04e03a33761ca2f4dfea8162515d3bc Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:12 2024 +0200

poppler: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 42175db71b55909ada801cd497e137aa5bb6807f Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:11 2024 +0200

openjpeg: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 61688b35c36fa26d8f1c79c99aabd48759e03714 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:10 2024 +0200

libtiff: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9c72de7ac492429b23531159e5d2a0d7f68cfad9 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:09 2024 +0200

lcms2: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4677b1fec5fecc1549d14ca579ac3555b7bb33b1 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:08 2024 +0200

hplip: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 6101e448354318bf912673e8a36a2c8f6ae34f02 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:07 2024 +0200

gutenprint: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit faeb6046cf41e21b52c0f20235fbb8a0d4b73ff6 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:06 2024 +0200

ghostscript: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 0b0a2a4eeb0769caba19e7311523bf99e324b98d Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:05 2024 +0200

foomatic: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 450de5a2d58bb8c55613dedcc78609d975555760 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:04 2024 +0200

epson-inkjet-printer-escpr: Removal of package

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit bba7bf37eba7ee7e6e8a5358db93629bd5e8be13 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:03 2024 +0200

cups-pdf: Removal of cups-pdf

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 8f89cc08187e605a4288eb9c0c2ef221f5a7c8d0 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:02 2024 +0200

cups-filters: Removal of cups-filters

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 70d59110a445ecf5ab8776027763a0124c196b9c Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 14 18:51:01 2024 +0200

cups: Removal of cups and associated packages

- As discussed at IPFire conf call on 7th Oct

Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 99790b2a1c30a06c7bb91fb9ba364828eb20638f Merge: b9dd3e205b 0ba187b4d3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 8 06:36:20 2025 +0100

Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit b9dd3e205bca7b7d1cedc38b44ff72be346a4998 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 5 19:59:27 2025 +0100

u-boot: update rootfile

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7c7868104c03efca79b88dcbb381a2e5f0a38110 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 5 18:00:14 2025 +0100

kernel: update to 6.12.8

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2e1528a90095ad8f0421d631f75844a7ad26e04c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 5 14:14:19 2025 +0000

u-boot: add support for OrangePi PC 2

this board can also boot with the OrangePi Zero+ u-boot but then it not support video out.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 15667b3394ff07a9970f0c7ea76f27f08b5d1323 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 22:50:40 2025 +0100

u-boot: remove some arm32bit parts from bootscript

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 318c037092abe862bdf1cbea0fe5e28fb8278b7d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 22:46:29 2025 +0100

rpi-firmware: update to 20240424

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit f7a575cebb35155372a32bc26e062dac32be9b3d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 22:31:13 2025 +0100

mympd: update to 19.0.2

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4f9ffb9f20c739c49dfafe256e9674f4d8262c11 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 17:30:06 2025 +0100

mympd: fix typo

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit bbbe9111da6aaef3b0855bd85867accc5275e20e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 09:12:05 2025 +0000

mympd: set loglevel 2

this silence the log to errors only.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 113750aae50a352a234a72527ed22729c0fb2bcc Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 4 09:10:04 2025 +0000

u-boot: fix usb boot on rpi4

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ec6f65d9cc6be9863f39b896b479907f96416c4e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 3 23:44:06 2025 +0000

u-boot: revert rpi boards to distro_bootcmd

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 23e8b462f3775ffe0511ecc736a9d4fe490047a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 3 00:48:18 2025 +0000

u-boot: fix settings and patch for rk3399

distro_bootcmd was not correct added for this board.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit de8edcf515c7f856d10fad1f5d1421538048fa09 Merge: fb0fc29abc e3b5000b83 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 2 10:16:08 2025 +0100

Merge remote-tracking branch 'origin/master' into next

commit fb0fc29abc107cf356ecdfe01299427e683144e0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 30 18:04:14 2024 +0000

u-boot: fix distro_bootcmd on rockchip boards

this function was removed but we need it for our configuration.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d95af1ad4a5aeb7c2ce7b71d1e392c6355013db6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 30 19:02:26 2024 +0100

core192: ship u-boot for aarch64

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 4bd8107bf940d5cbcb7ed0b7ddfe13f76190549f Merge: c6e9d9d9cb 8ceaf358ae Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 30 19:00:07 2024 +0100

Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c6e9d9d9cb069c7b7b22ccd8bda120943c909dba Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Dec 28 08:55:38 2024 +0000

u-boot: update to 2024.10

removed also some leftover arm32 patches.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 2186f19f13c6086675ba42aacb3707e30cb5f4e6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Dec 28 08:51:45 2024 +0000

python3-pyelftools: add new package

this is a buildtime dependency for u-boot but i have also added the files to build an addon. Maybee it is usefull later.

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 9849d383efb6e031937aadaa7a4f08a0d3c29ed7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Dec 27 08:24:57 2024 +0000

kernel: update aarch64 rootfiles

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit c7717b75b0a598bbcf5384885b9a1d6e5363dbac Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 19:35:30 2024 +0100

kernel: update x86_64 rootfiles

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit fecd75593d10fe3e32482f0803efe64f751ecc55 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 19:22:49 2024 +0100

core192: start updater and add kernel and udev

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 40f02625e128d87498275b2a74f43b2db5bc55ac Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 10:26:08 2024 +0100

kernel: update to 6.12.6

todo: rootfiles and riscv64 config

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit 7e7c59872bdd82b9aee09d5e50d8688ceba8c87c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 10:23:08 2024 +0100

rtl8812au: update to 20210820-ad90dfb072ed4aed0703f1209272195214fb4300

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit ca6c720173da888af68651232b80f24ce0aa5ee4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 10:21:10 2024 +0100

strace: update to 6.12

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

commit d19b71301d08db94341eae1d62500a928a8f6712 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 26 10:19:20 2024 +0100

udev: patch to handle pidfs and bcachefs

this is needed to build udev with kernel 6.12 headers

Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org

-----------------------------------------------------------------------

hooks/post-receive -- IPFire 2.x development tree