From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. cb010e23da05a5acd966265fd2daca9736db734b
Date: Sat, 13 Sep 2025 11:02:13 +0000 (UTC) [thread overview]
Message-ID: <4cP7fY6jYlz2xRZ@people01.haj.ipfire.org> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 115646 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via cb010e23da05a5acd966265fd2daca9736db734b (commit)
via 630920eb33860ee1172b40527b152053460f6932 (commit)
via 9887048ac4cd5c52a27420ba936952a183129ddf (commit)
via 762a6e27010f9e60ddbc7e0c64b2c1c50044abf4 (commit)
via 134c5656e2650ebd49606e3cf637ebe8448e74ab (commit)
via ec7e2a750b815a85bec7f01ae192c0cd18a4f123 (commit)
via e4a850a05a96a67f8cfc8a729baea7ff8686b8cc (commit)
via 459c83435673c8b3e730e1037b9a2366fdfc1832 (commit)
via 5f46ad85918fd552529270504ad0941cc6a7a153 (commit)
via 78c7800d13de161e9ddd852a4759696d0d960d1d (commit)
via 8729e18bcd673bc167cac12a48ac55787389cfc3 (commit)
via 15b209f4cae7ad2951f296486ccb902d4001013b (commit)
via b93cc8669262bab4dd6cfa8bb635c2142a769346 (commit)
via e12534743b8e1c135c0698176a283da94cad8cc2 (commit)
via 9fa166f93ee5898823012be5e0ef3328ca07965f (commit)
via ee580f7fb0be4034b863cd8f3b61dd4f724bc40f (commit)
via 91f144a0ad143bf4c44123b28ff9785b0e2f3798 (commit)
via 3ee333ba1fc2c52ffcf580eb1c1a66a8b50d1cd1 (commit)
via be36f48113b98196e845936836217e57db1f5d43 (commit)
from 268d8d631983806482da9c03f5015f393c2e1d4d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cb010e23da05a5acd966265fd2daca9736db734b
Merge: 630920eb3 9887048ac
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Sep 13 11:02:02 2025 +0000
Merge branch 'master' into next
commit 630920eb33860ee1172b40527b152053460f6932
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Sep 13 12:38:03 2025 +0200
tcl: Add note in lfs about tcl9 incompatibilities
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9887048ac4cd5c52a27420ba936952a183129ddf
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:29:34 2025 +0200
core197: Ship wio.cgi & wiovpn.pl files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 762a6e27010f9e60ddbc7e0c64b2c1c50044abf4
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:29:33 2025 +0200
wiovpn.pl: Update openvpn rw log filename
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 134c5656e2650ebd49606e3cf637ebe8448e74ab
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:29:32 2025 +0200
wio.cgi: Update openvpn rw log filename
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ec7e2a750b815a85bec7f01ae192c0cd18a4f123
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:10:18 2025 +0200
lynis: Update to version 3.1.5
- Update from version 3.1.3 to 3.1.5
- Update of rootfile
- Changelog
3.1.5
Added
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll
Changed
- Corrected detection of service manager SMF
- Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt
- Check modules also under /usr/lib/modules.d
3.1.4
Changed
- Update of translations: Portuguese
- Add macOS Sequoia
- Update of EOL database
- Bugfix for using slashes in parameters (SafeInput function)
- Simplified copyright line and meta data in files
- Support for powerpc64le in authentication section
- Don't show error "kadmin.local: unable to get default realm"
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e4a850a05a96a67f8cfc8a729baea7ff8686b8cc
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:14 2025 +0200
strace: Update to version 6.16
- Update from 6.12 to 6.16
- Update of rootfile not required
- Changelog
6.16
* Improvements
* Added -N/--arg-names option for printing syscall argument names.
* Implemented setting of system call information using
PTRACE_SET_SYSCALL_INFO ptrace API introduced in Linux 6.16.
* Implemented decoding of SO_RCVPRIORITY and SO_PASSRIGHTS socket options.
* Implemented decoding of RTA_NH_ID and RTA_FLOWLABEL netlink attributes.
* Updated decoding of statx syscall.
* Updated lists of BR_*, CRYPTOCFGA_*, FUTEX2_*, IORING_*, IPSET_*, KVM_*,
MDB_*, NETDEV_*, PR_*, RXRPC_*, SW_*, THERMAL_*, and V4L2_*
constants.
* Updated lists of ioctl commands from Linux 6.16.
6.15
* Improvements
* Implemented decoding of open_tree_attr syscall.
* Implemented decoding of AF_TIPC socket addresses and socket options.
* Updated decoding of statmount syscall.
* Updated lists of AUDIT_*, BPF_*, BTRFS_*, COUNTER_*, FAN_*, FRA_*, IFLA_*,
IORING_*, KVM_*, LANDLOCK_*, PKEY_*, RTPROT_*, TCP_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 6.15.
6.14
* Improvements
* Added -e namespace=new option for printing the namespaces entered
by the tracee.
* Implemented decoding of FRA_FLOWLABEL and FRA_FLOWLABEL_MASK netlink
attributes of RTM_{NEW,DEL,GET}RULE NETLINK_ROUTE messages.
* Implemented decoding of RTM_{NEW,DEL}MULTICAST and RTM_{NEW,DEL}ANYCAST
NETLINK_ROUTE messages.
* Updated decoding of statx syscall.
* Updated lists of AT_*, AUDIT_*, ETHTOOL_*, FAN_*, IORING_*, IPPROTO_*,
KEY_*, NL80211_*, RWF_*, and SECBIT_* constants.
* Updated lists of ioctl commands from Linux 6.14.
6.13
* Improvements
* Implemented decoding of getxattrat, setxattrat, listxattrat,
and removexattrat syscalls.
* Updated decoding of struct io_uring_clone_buffers, struct io_uring_napi,
and struct perf_event_attr.
* Updated decoding of crypto_user_alg netlink attributes of NETLINK_CRYPTO.
* Implemented decoding of IFLA_MCTP_PHYS_BINDING netlink attribute.
* Updated lists of AT_*, BPF_*, FAN_*, IORING_*, MADV_*, NT_*, and SCM_*
constants.
* Updated lists of ioctl commands from Linux 6.13.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 459c83435673c8b3e730e1037b9a2366fdfc1832
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:13 2025 +0200
nginx: Update to version 1.29.1
- Update from version 1.26.2 to 1.29.1
- Update of rootfile not required
- One CVE fix in 1.27.4, one CVE fix in 1.27.1, four CVE fixes in 1.27.0
- Changelog
1.29.1
*) Change: now TLSv1.3 certificate compression is disabled by default.
*) Feature: the "ssl_certificate_compression" directive.
*) Feature: support for 0-RTT in QUIC when using OpenSSL 3.5.1 or newer.
*) Bugfix: the 103 response might be buffered when using HTTP/2 and the
"early_hints" directive.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in the "none" parameter of the "smtp_auth" directive.
1.29.0
*) Feature: support for response code 103 from proxy and gRPC backends;
the "early_hints" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
provider.
*) Feature: support for the "so_keepalive" parameter of the "listen"
directive on macOS.
*) Change: the logging level of SSL errors in a QUIC handshake has been
changed from "error" to "crit" for critical errors, and to "info" for
the rest; the logging level of unsupported QUIC transport parameters
has been lowered from "info" to "debug".
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built by gcc 15 if ngx_http_v2_module or
ngx_http_v3_module modules were used.
*) Bugfix: nginx might not be built by gcc 14 or newer with -O3 -flto
optimization if ngx_http_v3_module was used.
*) Bugfixes and improvements in HTTP/3.
1.27.5
*) Feature: CUBIC congestion control in QUIC connections.
*) Change: the maximum size limit for SSL sessions cached in shared
memory has been raised to 8192.
*) Bugfix: in the "grpc_ssl_password_file", "proxy_ssl_password_file",
and "uwsgi_ssl_password_file" directives when loading SSL
certificates and encrypted keys from variables; the bug had appeared
in 1.23.1.
*) Bugfix: in the $ssl_curve and $ssl_curves variables when using
pluggable curves in OpenSSL.
*) Bugfix: nginx could not be built with musl libc.
Thanks to Piotr Sikora.
*) Performance improvements and bugfixes in HTTP/3.
1.27.4
*) Security: insufficient check in virtual servers handling with TLSv1.3
SNI allowed to reuse SSL sessions in a different virtual server, to
bypass client SSL certificates verification (CVE-2025-23419).
*) Feature: the "ssl_object_cache_inheritable", "ssl_certificate_cache",
"proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
"uwsgi_ssl_certificate_cache" directives.
*) Feature: the "keepalive_min_timeout" directive.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: nginx could not build libatomic library using the library
sources if the --with-libatomic=DIR option was used.
*) Bugfix: QUIC connection might not be established when using 0-RTT;
the bug had appeared in 1.27.1.
*) Bugfix: nginx now ignores QUIC version negotiation packets from
clients.
*) Bugfix: nginx could not be built on Solaris 10 and earlier with the
ngx_http_v3_module.
*) Bugfixes in HTTP/3.
1.27.3
*) Feature: the "server" directive in the "upstream" block supports the
"resolve" parameter.
*) Feature: the "resolver" and "resolver_timeout" directives in the
"upstream" block.
*) Feature: SmarterMail specific mode support for IMAP LOGIN with
untagged CAPABILITY response in the mail proxy module.
*) Change: now TLSv1 and TLSv1.1 protocols are disabled by default.
*) Change: an IPv6 address in square brackets and no port can be
specified in the "proxy_bind", "fastcgi_bind", "grpc_bind",
"memcached_bind", "scgi_bind", and "uwsgi_bind" directives, and as
client address in ngx_http_realip_module.
*) Bugfix: in the ngx_http_mp4_module.
Thanks to Nils Bars.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFly BSD.
*) Bugfix: in the "proxy_store" directive.
1.27.2
*) Feature: SSL certificates, secret keys, and CRLs are now cached on
start or during reconfiguration.
*) Feature: client certificate validation with OCSP in the stream
module.
*) Feature: OCSP stapling support in the stream module.
*) Feature: the "proxy_pass_trailers" directive in the
ngx_http_proxy_module.
*) Feature: the "ssl_client_certificate" directive now supports
certificates with auxiliary information.
*) Change: now the "ssl_client_certificate" directive is not required
for client SSL certificates verification.
1.27.1
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
*) Change: now the stream module handler is not mandatory.
*) Bugfix: new HTTP/2 connections might ignore graceful shutdown of old
worker processes.
Thanks to Kasei Wang.
*) Bugfixes in HTTP/3.
1.27.0
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Feature: variables support in the "proxy_limit_rate",
"fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
directives.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic
option was used.
Thanks to Edgar Bonet.
*) Bugfixes in HTTP/3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5f46ad85918fd552529270504ad0941cc6a7a153
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:12 2025 +0200
mympd: Update to version 22.0.4
- Update from version 21.0.1 to 22.0.4
- Update of rootfile not required
- Changelog
22.0.4
- Upd: Restrict sticker names (forbid equal sign)
- Fix: Really shuffle the playlist #1455
- Fix: Relax search expression validation #1455
- Fix: Alpine packaging
- Fix: Detection of local playback features #1452
22.0.3
- Upd: Create cache und workdir in init script
- Upd: Feature detection for local playback output selection #1452
22.0.2
- Fix: MYMPD_API_JUKEBOX_RESTART requires MPD connection #1448
22.0.1
- Fix: Respect backgroundImage setting #1446
- Fix: Alpine packaging
22.0.0
Notes
- This release enables certificate checking for outgoing https connections. The system CA cert store should be autodetected, open an issue if it fails.
- The startup process of myMPD was reworked. myMPD no longer drops privileges, the included startup scripts are using now the init system to do this.
- The default listening ports are now 8080 for HTTP and 8443 for HTTPS.
API changes
- MYMPD_API_SCRIPT_VERIFY_SIG: new
- MYMPD_API_HOME_WIDGET_IFRAME_SAVE: new
- MYMPD_API_HOME_WIDGET_SCRIPT_SAVE: new
- MYMPD_API_HOME_WIDGET_SAVE: removed
Scripting changes
- Feat: `mympd.tblvalue_in_list()` - Checks a Lua table of tags against a comma separated list.
- Upd: Executing external scripts is now disabled by default.
Changelog
- Feat: iFrames for home screen #1429
- Feat: Feat: Add custom css and js #1428
- Feat: Use system provided ca store for ssl certificate checking #1427
- Feat: Sign and verify scripts from mympd-scripts repository #1426
- Feat: Add trigger `mympd_playlistart`, `mympd_folderart`
- Feat: Sort list of timers and triggers #1425
- Feat: Allow changing output device with local playback #1434
- Upd: Improve "Edit Script"-Layout
- Upd: Bootstrap v5.3.7
- Upd: Mongoose 7.18
- Upd: libmympdclient 1.0.34 (libmpdclient 2.24.0)
- Upd: Incbin
- Upd: Replaced mjson with mongoose implementation
- Fix: Improve MPD search expression validation #1435
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 78c7800d13de161e9ddd852a4759696d0d960d1d
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:11 2025 +0200
mtr: Update to version 0.96
- Update from version 0.95 to 0.96
- Update of rootfile not required
- Changelog
0.96
Merge branch 'traviscross:master' into master
Change UDP and ICMP sockets binding to accept a source IP from the -a CLI option
Adjust MIN_PORT to match other implementations
Handle EHOSTDOWN and refine error handling better granularity
add braille graph support with --displaymode 3
fix legend for braille display
fix documentation/comment for ENABLE_BRAILLE
use addrs for static host ordering in curses
add --max-display-paths option
Add a compact mode in curses
mtr.8.in: spell --mark argument type properly
Fix tiny typo in target
Implement ASN lookups in well-known nat64 prefix
net: implement addrcmp for AF_UNSPEC
Initialize lines to empty string in split mode
Add error code ETIMEOUT(110) handle logic
fixed the sizes passed into snprintf
Allow signed integers in the utils function
Split the strtonum function into two parts to create a better structure
Remove redundant code
Fix https://github.com/traviscross/mtr/issues/475
xml report: remove leading spaces
Set UTF-8 encoding for XML reports
Update Cygwin ICMP service thread for asynchronous pipes
Prevent icmp_socket leak on error
Markus pointed out useless statement.
merged
Merge branch 'master' of github.com:traviscross/mtr
Fixed typo noted by @szczot3k
Changed how conflicitng first/max TTL works.
Increased max probes
Added protection against use of MTR_PACKET under special circumstances
Merge branch 'master' of github.com:traviscross/mtr
Added Arad Cohen to NEWS
Set SO_BINDTODEVICE for -I
Check if SO_BINDTODEVICE is defined
ui: make interactive and non-interactive exit code the same
Add WSL method to Windows Install
Add Ubuntu as specific distribution
Update section title
Github actions added to perform lint and compile
configure.ac: fix broken cap check
Add option to use custom ipinfo provider
Fix Capability Management, Retain CAP_NET_ADMIN
Fix interface binding by retaining CAP_NET_RAW
Linux-Only Interface, Marking, and IP Unit Tests
Annotate `set_privileged_socket_opt` with UNUSED
Drop capabilities when `setsockopt` errors
Fix flake8 linting
Change B101->S101 to reflect flake8
Use a uint32 for the type of a Linux mark
Use Packet Marking for IP Address Selection
Support Hexadecimal Arguments for Packet Marking
ipv6 udp checksums like ipv4 but with ipv6 pseudoheader
fix typo
Merge branch 'master' into compact-layout
Add help info for option -E
Brought an unlikely privilege escalation scenario to my attention.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8729e18bcd673bc167cac12a48ac55787389cfc3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:10 2025 +0200
libogg: Update to version 1.3.6
- Update from version 1.3.5 to 1.3.6
- Update of rootfile
- Changelog
1.3.6
* Update minimum cmake version to 3.6
This fixes incompatibility with cmake >= 4.0
* Fix UBsan issues
* Improve allocation failure handling
* Fix various compiler warnings
* Fix various autotool warnings
* Improve continuous integration testing scripts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 15b209f4cae7ad2951f296486ccb902d4001013b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:09 2025 +0200
frr: Update to version 10.4.1
- Update from version 10.3.1 to 10.4.1
- Update of rootfile
- Changelog
10.4.1
bgpd: initialize local variable (backport #19233)
ospfd: Use after free cleanup of lsa (backport #19224)
vtysh: copy config from file should actually apply (backport #19242)
Revert PR #18358: BGP evpn testing and bug fixes related to non default EVPN
backbone (backport #19241)
topotests: improve embedded RP test reliability (backport #19240)
lib, zebra: mark singleton nexthops inactive/active on link state changes for
wecmp (backport #18947)
bgpd: LL next-hop capabilty fixes (backport #19261)
eigrp: validate hello packets and tlvs better (backport #19251)
bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp
(backport #19266)
bgpd: Ensure addpath does not withdraw selected route in some situations
(backport #19210)
bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val (#19282)
bgpd: LL next-hop capabilty fixes (round 2) (backport #19277)
lib: compute link-state zapi message size (backport #19290)
zebra: Fix buffer overflows found by fuzzing. (backport #19303)
10.4.0
New Features Highlight
BGP BFD Strict-Mode
neighbor PEER bfd strict [hold-time N]
BGP Link-Local Next Hop Capability (draft-ietf-idr-linklocal-capability)
neighbor PEER capability link-local
BGP Transparent mode
neighbor PEER ip-transparent
BGP Next Hop Dependent Characteristics Attribute (draft-ietf-idr-entropy-label)
neighbor PEER send-nexthop-characteristics
IGMP and MLD group/source limits
ip igmp max-groups
ip igmp max-sources
ipv6 mld max-groups
ipv6 mld max-sources
PIM dense and sparse-dense mode support (RFC3973)
new interface mode: dense ip pim dm
new interface mode: sparse-dense ip pim sm-dm
IGMPv2/MLDv1 immediate leave
v4-via-v6 nexthop support for static routes
Timeout for vtysh
exec-timeout
Discover PREF64 in Router Advertisements (RFC8781)
ipv6 nd nat64
What's Changed
bgpd: Do not start BGP session if BGP identifier is not set
by @ton31337 in #17959
bgpd: fix add label support to EVPN AD routes by @pguibert6WIND in #17985
isisd: 'tiebreaker' command line funtionality is inconsistent with its
implementation by @baozhen-H3C in #16593
bgpd: Send non-transitive extended communities from/to OAD peers
by @ton31337 in #17896
Add bgpevpn route type-2 route map filter tests by @lsang6WIND in #17918
lib: Remove System routes from ip protocol route map choices
by @donaldsharp in #17953
staticd: Add CLI to support steering of IPv4 traffic over SRv6 SID list
by @cscarpitta in #17988
Fpm problems by @donaldsharp in #17962
bgpd: Fix up memory leak in processing eoiu marker by @donaldsharp in #18000
doc: fix sbfd.rst doc warnings by @forrestchu in #18018
Nexthop leak by @donaldsharp in #18014
lib: actually hash all 16 bytes of IPv6 addresses, not just 4
by @eqvinox in #17901
bgpd: add L2 attr community support as per RFC8214 by @pguibert6WIND
in #17987
tests: Remove improper pymark by @donaldsharp in #18025
tools: Add some more support bundle commands by @donaldsharp in #18029
Coverity 2024 new hotness by @donaldsharp in #17865
pimd: fix memory leak and assign allocation type by @rzalamena in #18038
isisd: Do not leak a linked list in the circuit by @donaldsharp in #18033
pimd: Fix for FHR mroute taking longer to age out by @routingrocks in #14105
pimd: fix DR election race on startup by @rzalamena in #18048
bgpd: rfapi: fix mem leak when killed by @gpziemba in #18045
bgpd: Implement Link-Local Next Hop capability by @ton31337 in #17871
Fix journald logging via "log stdout" by @gromit1811 in #17775
babeld: Improve code clarity and maintainability by @y-bharath14 in #18077
bgpd: fix for the validity and the presence of prefixes in the BGP VPN
table. by @louis-6wind in #17370
bgpd: Show internal data for BGP routes by @ton31337 in #17870
isisd: Remove unneeded modify functions by @donaldsharp in #18034
bgpd: fix bgp vrf instance creation from implicit by @chiragshah6 in #18081
lib: crash handlers must be allowed on threads by @eqvinox in #18060
Bmp bgp open router id and as val by @pguibert6WIND in #18037
nhrpd: fix dont consider incomplete L2 entry by @pguibert6WIND in #18078
bgpd: Request SRv6 locator after zebra connection by @cscarpitta in #18069
zebra: Allow fpm_listener to continue to try to read by @donaldsharp
in #18049
lib (+bfd): improve late timer warnings by @eqvinox in #18094
bgpd: Do not check for capability length for Link-Local Next Hop
capability by @ton31337 in #18068
Cid 1636504 by @pguibert6WIND in #18062
Bfd fixups by @donaldsharp in #18026
tests: clear -Wcalloc-transposed-args warnings by @ariel-anieli in #17649
bfdd: 0 is a valid fd. by @donaldsharp in #18125
yang: Reorder the revision statements by @y-bharath14 in #18118
bgpd: fix incorrect JSON in bgp_show_table_rd by @louis-6wind in #18120
pimd,pim6d: implement GMP group / source limits by @rzalamena in #18032
ospfd: Replace LSDB callbacks with LSA Update/Delete hooks.
by @aceelindem in #18046
bgpd: Fix crash in bgp_labelpool by @donaldsharp in #18079
lib: fix false context information for SRv6 route by @pguibert6WIND in #18023
staticd: Fix SRv6 SID installation and deletion by @cscarpitta in #18064
Vrf tableid debugs by @donaldsharp in #18142
bgpd: Some fixes/improvements for Link-Local Next Hop capability
by @ton31337 in #18080
bgpd: release manual vpn label on instance deletion by @louis-6wind in #18121
watchfrr: Allow -w option to be ignored by @donaldsharp in #18127
bgpd: factorize bgp_table_cleanup() by @louis-6wind in #18122
bgpd: When removing the prefix list drop the pointer by @donaldsharp
in #18160
sharpd: add crashme commands by @eqvinox in #18163
isisd: Request SRv6 locator after zebra connection by @cscarpitta in #18178
bgpd: fix vty output of evpn route-target AS4 by @mjstapp in #18109
tests: Fix intermittent failures in srv6_encap_src_addr topotest
by @cscarpitta in #18187
yang: Default value for a key leaf to be ignored by @y-bharath14 in #18139
tools: add logfmt option for frr-reload.py by @gtataranni in #16796
lib: nb: call child destroy CBs when YANG container is deleted
by @choppsv1 in #18082
isisd, lib: add some codepoints usually shared with other vendors
by @pguibert6WIND in #17957
Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default
by @davischw in #18095
doc: correct ip rip split-horizon command in the documentation
by @Shbinging in #18189
staticd: Failed to register nexthop after networking restart
by @Pdoijode in #18164
pimd,pim6d: support IGMPv2/MLDv1 immediate leave by @rzalamena in #18111
zebra: Do not flush an existing vni configuration trying to remove wrong
vni by @ton31337 in #18108
pimd: filter neighbors by address by @rzalamena in #17914
tests: Remove warning about passive command by @donaldsharp in #18197
bgpd: Fix another crash in orf by @donaldsharp in #18194
pimd: Fix for data packet loss when FHR is LHR and RP by @routingrocks
in #14227
pimd: During prefix-list update, behave as PIM_UPSTREAM_NOTJOINED sta…
by @routingrocks in #17666
*: Remove unneeded IPV6_JOIN|LEAVE_GROUP by @donaldsharp in #18213
yang: Corrected Pyang errors or warnings by @y-bharath14 in #18218
doc: update mgmtd list of converted by @choppsv1 in #18223
tests: add docstrings to frontend mgmtd client by @choppsv1 in #18224
bgpd: remove dmed check not required in bestpath selection
by @donaldsharp in #18210
Fix oper-state queries that involve choice/case nodes by @choppsv1 in #18231
zebra: Add operational retrieval of Multipath Number by @donaldsharp
in #18236
pim: Fix autorp group joins by @nabahr in #18225
pim: Fix vrf binding of autorp and mroute socket by @nabahr in #18226
pimd: Fix PIM VRF support (send register/register stop in VRF)
by @gromit1811 in #18216
Drop unused code by @dksharp5 in #18243
bgpd: fix default instance when leaving the hidden state. by @louis-6wind
in #18119
ripd: fix no ip rip split-horizon poisoned-reverse command by @Shbinging
in #18256
staticd: Fix crash because registering unknown vrf by @donaldsharp in #18235
staticd: Add support for SRv6 uA behavior by @cscarpitta in #18198
fabricd: add option to treat dummy interfaces as loopback interfaces
by @kaffarell in #18242
support pre-built oper state in libyang tree by @choppsv1 in #18237
tests: Fixed input dict at create_router_bgp by @y-bharath14 in #18261
ospf6d: Fix use after free of router in OSPFv3 ABR route calculation.
by @aceelindem in #18254
staticd: Do not log uninitialized nexthop variable by @cscarpitta in #18271
lib: Prevent crash in getting label chunk by @donaldsharp in #18270
mgmtd: Prevent use after free by @donaldsharp in #18264
Bgp ecommlist count by @pguibert6WIND in #18159
staticd: Add no form for static-sids command by @cscarpitta in #18263
pimd: fix null memory access on IGMP source limit by @rzalamena in #18285
tools: Fix frr-reload.py error related to static-sids by @cscarpitta
in #18290
staticd: Fix no srv6 command by @cscarpitta in #18289
isisd: Correct edge insertion into TED by @odd22 in #18294
zebra: reduce memory usage by streams when redistributing routes
by @fdumontet6WIND in #18030
bgpd: Do not advertise aggregate routes to contributing ASes
by @ton31337 in #17961
Allow retrieval of v4/v6 forwarding state via NB by @dksharp5 in #18253
Vpn prefix aggregate export and accept by @pguibert6WIND in #18301
bfdd: Add "log-session-changes" command to BFD configuration and
operational state via YANG Northbound API. by @aceelindem in #18306
yang: Imported modules are not in use by @y-bharath14 in #18293
lib: Correct handling of /frr-vrf:lib/vrf/state/active by @donaldsharp
in #18268
configure.ac: fix sed failure on FreeBSD by @rzalamena in #18310
More connection cleanup by @donaldsharp in #18195
doc: don't override automake builtin targets by @qlyoung in #18319
lib: Document --command-log-always in help by @donaldsharp in #18313
zebra: Bring up 514 BGP neighbor sessions by @soumyar-roy in #18214
pimd: Fix PIM6 MLD VRF support (use recvmsg() pktinfo) by @gromit1811
in #18315
bgpd: Fix dead code in bgp_route.c #1637664 by @donaldsharp in #18327
Revert "bgpd: Make keepalive pthread be connection based."
by @donaldsharp in #18337
Documentation typesafe by @donaldsharp in #18338
tests: bgp_evpn_route_map_match fix invalid escape sequence
by @donaldsharp in #18344
lib: use memcpy in bf_copy by @karthikeyav in #18335
Topotest startup order by @donaldsharp in #18348
ospfd: minor change for style by @anlancs in #18342
Clean up some code and bad assumptions in zebra by @donaldsharp in #18346
tests: Fixed NameError at bmpserver.py by @y-bharath14 in #18362
zebra: fix table heap-after-free crash by @louis-6wind in #16614
zebra: Fix neigh delete causing heap-use-after-free error
by @routingrocks in #18336
Revert "bgpd: upon if event, evaluate bnc with matching nexthop"
by @donaldsharp in #18368
staticd: Install known nexthops upon connection with zebra
by @donaldsharp in #18367
Add Testing for community and Extended community match limit zero
by @pguibert6WIND in #18366
bgpd: Show bgp shouldn't display peers in groups by @donaldsharp in #18380
yang: Fixed pyang errors at frr-bgp-common.yang by @y-bharath14 in #18388
isisd: fix bit flag collision in options field by @kaffarell in #18377
Fix bug with oper-state queries including list node by @choppsv1 in #18383
zebra: ensure proper return for failure for Sid allocation
by @raja-rajasekar in #18360
ospf6d: Disable and delete OSPFv3 areas that no longer have interfaces or
configuration. by @aceelindem in #18393
bgpd: Remove unnecessary stream_new/stream_copies in bgp_open_make
by @donaldsharp in #18395
zebra: add ability to specify output file with fpm_listener
by @donaldsharp in #18394
bgpd: Fixed crash upon bgp network import-check command by @Manpreet-k0
in #18387
lib: suppress libyang logs during expected error result by @choppsv1
in #18384
2 unit-test fixes by @choppsv1 in #18399
bgpd: Do not keep stale paths in Adj-RIB-Out if not addpath aware
by @ton31337 in #18275
bgpd, zebra, tests: disable rtadv when bgp instance unconfiguration.
by @dmytroshytyi-6WIND in #18364
fix(vrrp): display vrrp version by default by @echkenluo in #18407
bgpd: Print the real reason why the peer is not accepted (incoming)
by @ton31337 in #18410
tests: Corrected input dict at pim.py by @y-bharath14 in #18414
More yang state by @donaldsharp in #18349
babled: reset wired/wireless internal only when wired/wireless status
changed by @Shbinging in #18413
doc: Modify typesafe documentation by @donaldsharp in #18419
ripngd: Access and Prefix lists are being leaked on shutdown
by @donaldsharp in #18418
zebra: Fix reinstalling nexthops in NHGs upon interface flaps
by @raja-rajasekar in #18374
RedHat: Fixing for PR17793 - Allow RPM build without docs and/or rpki
by @mwinter-osr in #18426
lib: Create VRF if needed by @nabahr in #18430
bgpd: fix "delete in progress" flag on default instance by @lsang6WIND
in #18412
Fix topotest to wait for zebra connection by @donaldsharp in #18432
bgpd: Fix leaked memory when showing some bgp routes by @donaldsharp
in #18435
Fpm listener reject by @donaldsharp in #18431
topotests: Add EVPN RT5 multipath flap test by @chdxD1 in #18325
Typesafe zclient by @donaldsharp in #18409
pimd: Skip RPF check for SA message from mesh group peer
by @usrivastava-nvidia in #18330
tests: Catch specific exceptions by @y-bharath14 in #18277
lib: fix static analysis error by @dmytroshytyi-6WIND in #17986
zebra: zebra crash for zapi stream by @soumyar-roy in #18359
yang: Code inline with RFC 8407 rules by @y-bharath14 in #18442
tests: Change up start order of bmp tests by @donaldsharp in #18452
tests: add bfd_static_vrf by @louis-6wind in #18446
tests: Corrected typo at path_attributes.py by @y-bharath14 in #18339
bgpd: fix set evpn gateway-ip ipv[46] route-map by @Tuetuopay in #18378
tests: add another directory to search path for pylint by @choppsv1 in #18475
tests: high_ecmp creates 2 update groups by @donaldsharp in #18469
staticd: Fix a crash that occurs when modifying an SRv6 SID
by @cscarpitta in #18467
babeld: Missing Validation for AE=0 and Plen!=0 by @zmw12306 in #18473
Bgp clear batch by @donaldsharp in #18447
bgpd: fix handling of configured route-targets for l2vni, l3vni
by @mjstapp in #18484
bgpd: Fix holdtime not working properly when busy by @donaldsharp in #18483
babeld: add check incorrect AE value for NH TLV. by @zmw12306 in #18471
isisd:IS-IS hello packets not sent with configured hello timer
by @Z-Yivon in #18311
isisd: Fix the issue where redistributed routes do not change when th…
by @huchaogithup in #18369
babeld: Hop Count must not be 0. by @zmw12306 in #18474
lib: Return duplicate prefix-list entry test by @ton31337 in #18494
bgpd: fix SA warning in bgp clearing code by @mjstapp in #18496
tests: Handling potential errors gracefully by @y-bharath14 in #18476
babeld: fix hello packets not sent with configured hello timer
by @Shbinging in #18448
Eigrp typesafe by @donaldsharp in #18482
ospf6d: Fix LSA memory leaks related to graceful restart by @gromit1811
in #18503
tests: Add ripng aggregate address testing by @donaldsharp in #18506
yang: Fixed pyang errors at frr-isisd.yang by @y-bharath14 in #18500
bgpd: Set the label for MP_UNREACH_NLRI 0x800000 instead of 0x000000
by @ton31337 in #18502
tests: Modify simple_snmp_test to use frr.conf by @donaldsharp in #18508
bgpd: Retain the routes if we do a clear with N-bit set for
Graceful-Restart by @ton31337 in #18498
lib: show route-map should not print (null) by @donaldsharp in #18515
tests: Fix potential issues at send_bsr_packet.py by @y-bharath14 in #18520
tests: Irrelevant code in lutil.py by @y-bharath14 in #18532
tools: Add option to frr-reload to specify alternate logfile
by @mwinter-osr in #15471
Memory leaks all over by @donaldsharp in #18544
Bgp packet reads conversion to a FIFO by @donaldsharp in #18450
babeld: Add next hop initialization by @zmw12306 in #18470
yang: Limit eigrp to just 1 instance per vrf by @donaldsharp in #18524
yang: Corrected pyang errors in frr-zebra.yang by @y-bharath14 in #18543
bgpd: optimize attrhash_cmp calls by @louis-6wind in #18097
lib: Return duplicate ipv6 prefix-list entry test by @ton31337 in #18561
eigrpd: Fix possible use after free in nbr deletion by @donaldsharp in #18525
bgpd: Skip EVPN MAC processing for non-EVPN peers by @routingrocks in #18564
tests: Resource leaks in test_all_protocol_startup by @y-bharath14 in #18553
Add BGP redistribution in SRv6 BGP by @pguibert6WIND in #18396
bgpd: rfapi: track outstanding rib and import timers, free mem at exit
by @gpziemba in #18546
tests: Fix typo when configuring delayopen timer by @ton31337 in #18572
pimd: Initialize gm proxy to false by @nabahr in #18567
bgpd: Treat the peer as not active due to BFD down only if established
by @ton31337 in #18562
bgpd: flowspec: remove sizelimit check applied to the wrong length field
(issue 18557) by @spoignant-proton in #18558
staticd: Avoid requesting SRv6 sid from zebra when loc and sid block dont
match by @raja-rajasekar in #18580
babeld: Hop Count must not be 0. by @zmw12306 in #18547
babeld: Request forwarding does not prioritize feasible routes
by @zmw12306 in #18581
babeld: Fix starvation handling on route loss per RFC 8966 §3.8.2.1
by @zmw12306 in #18582
babeld: Add a check to prevent all-ones case by @zmw12306 in #18584
babel: fix incorrect check in known_ae() by @zmw12306 in #18585
doc: add a diagram for config datastore cleanup on file reads
by @choppsv1 in #18602
pimd: Fix memory leak on shutdown by @donaldsharp in #18526
nhrpd: Add Hop Count Validation Before Forwarding in nhrp_peer_recv()
by @zmw12306 in #18598
babeld: check valid babel port by @zmw12306 in #18583
bgpd: On shutdown free up memory leak found by topotest by @donaldsharp
in #18614
*: expose and fix variable shadowing warnings by @mjstapp in #17915
yang: Pyang errors in frr-bfdd.yang by @y-bharath14 in #18604
mgmtd: remove bogus "hedge" code which corrupted active candidate DS
by @choppsv1 in #18601
zebra: Fix shadow warning in irdp_packet.c by @donaldsharp in #18627
bgpd: On shutdown free up table for static routes by @donaldsharp in #18625
bgpd: Paths not deleted received from shutdown peer by @soumyar-roy in #18594
bgpd: remove useless calls to afi2family by @louis-6wind in #18624
bfdd: Fix demultiplexing to rely solely on Your Discriminator
by @zmw12306 in #18586
babeld: fix incorrect type assignment in parse_request_subtlv
by @zmw12306 in #18548
babeld: Add input validation for update TLV. by @zmw12306 in #18472
bgpd: add usid behavior for bgp srv6 instructions by @pguibert6WIND in #18611
bgpd: fix add prefix sent in 'show bgp neighbor' by @pguibert6WIND in #18376
tools: Add pathspace option to generate_support_bundle by @mwinter-osr
in #18635
tests: Fix potential issues in mcast-tester.py by @y-bharath14 in #18633
babeld: Add MBZ and Reserved field checking by @zmw12306 in #16735
isisd: fix asla memory leak by @louis-6wind in #18642
lib, staticd, isisd: add B6.ENCAPS codepoint extensions by @pguibert6WIND
in #18597
zebra: modify fpm_listener to display data about nhgs by @donaldsharp
in #18640
tools: fix reload script for SRv6 locators and formats by @raja-rajasekar
in #18628
tests: Shadowing the built-in function by @y-bharath14 in #18574
zebra: fix pbr_iptable memory leak by @louis-6wind in #18645
Rpki testing and bug fix by @donaldsharp in #18649
pim6d: fix missing 'use-source' interface command by @ak503 in #18578
zebra: Add ability to dump routes received from fpm_listener
by @donaldsharp in #18641
Add v4-via-v6 nexthop support to staticd by @chdxD1 in #18654
lib,bgpd: clean up clang warnings by @mjstapp in #18655
bgpd: fix pbr memory leaks by @louis-6wind in #18653
fix yang commands that don't have yang attr by @lsang6WIND in #18610
lib: nb: add list_entry_done() callback to free resources by @choppsv1
in #18540
bfdd: Set bfd.LocalDiag when transitioning to AdminDown by @zmw12306
in #18592
tests: Fix northbound endian use in a unit-test by @mjstapp in #18662
isisd: fix srv6_sid memory leak by @louis-6wind in #18667
zebra: change fpm_read to batch the messages by @krishna-samy in #18579
zebra: show command to display metaq info by @krishna-samy in #18497
yang: Corrected pyang errors in frr-pathd.yang by @y-bharath14 in #18665
bgpd: fix misused rfapi conditional by @eqvinox in #18669
pimd: Only create and bind the autorp socket when really needed
by @nabahr in #18538
tests: Resource leak in common_config.py by @y-bharath14 in #18658
lib,pimd,bgpd,bfdd: Fix clang 18 warnings by @mjstapp in #18675
zebra: Save event pointer for rib sweeping by @donaldsharp in #18692
bgpd: ensure that bgp_generate_updgrp_packets shares nicely
by @donaldsharp in #18689
Implement RFC8781 (NAT64 prefix in RA's) by @donaldsharp in #18626
zebra: implement RFC8781 (NAT64 prefix in RAs) by @eqvinox in #11224
Update EVPN prefix routes properly instead of withdraw/install
by @chdxD1 in #18158
bgpd: fix vty's version of show advertised-routes by @askorichenko in #18695
Improve notification selectors (sort, eliminate dups) by @choppsv1 in #18683
tests: Shadowing the built-in function by @y-bharath14 in #18698
bgpd: Fix deref after free in bgp_vrf_unlink by @petrvaganoff in #18694
doc: line vty was not documented by @donaldsharp in #18703
bgpd: Clean extended communities for VRF routes imported from EVPN
by @leonshaw in #18656
zebra: Add CLI to display SRv6 SIDs allocated by @cscarpitta in #16836
zebra: add vtep_ip to rmac nh_list in all cases by @chdxD1 in #18677
doc: state correct default behaviour of VTYSH_PAGER env if unset
(vtysh manpage) by @valentinbinotto in #18691
pimd: Fix for crash during networking restart by @usrivastava-nvidia
in #18672
yang: Fix pyang errors in frr-interface.yang by @y-bharath14 in #18716
Fix Pim ssmpingd by @donaldsharp in #18652
change to 18652 to test by @choppsv1 in #18713
topotests: clarify bgp evpn rt5 by @louis-6wind in #18708
zebra: Display nhg's afi as No Afi by @donaldsharp in #18709
*: enable the missing-noreturn compiler warning by @mjstapp in #18720
*: Fix MULTIPATH_NUM check in nhg encode by @karthikeyav in #18690
zebra: Cancel new client accept events after zsock is closed by @Pdoijode
in #18704
tests: Proper handling of resource allocation by @y-bharath14 in #18730
*: Allow returns to work with --enable-undefined-behavior by @donaldsharp
in #18731
zebra: use nexthop instead of route vrf_id for EVPN by @chdxD1 in #18309
bgpd: fix bmp heap use after free on non connected session
by @pguibert6WIND in #18700
ldpd: Option for disabled LDP hello message during TCP by @AndriiFullroot
in #18417
Add sharp support for seg6local routes with uSID flavor by @pguibert6WIND
in #18605
doc: add commit message guidelines to the dev guide by @Jafaral in #18657
tests: Unidiomatic-typecheck in bgp.py by @y-bharath14 in #18738
*: Remove deprecated EVENT_OFF macro by @mjstapp in #18739
Isis run level issue by @donaldsharp in #18734
staticd: Add support for other SRv6 Headend Behaviors by @cscarpitta
in #18623
zebra: Fixes allowing SRv6 func-bits length 0 by @raja-rajasekar in #18737
add total path count for bgp net in json output by @soumyar-roy in #18740
show ipv6 route [json] displays seg6local flavors by @pguibert6WIND in #18563
ospf6d: Remove dead code by @donaldsharp in #18752
yang: Fix pyang errors in frr-ospfd.yang by @y-bharath14 in #18756
Remove dead code found by @donaldsharp in #18757
yang: Correct unidiomatic-typecheck in pim.py by @y-bharath14 in #18764
zebra: show nexthops count in nexthop-group command by @krishna-samy
in #18762
Move where nhe_installed_id is set in zebra by @donaldsharp in #18749
staticd: Fix an issue where SRv6 SIDs may not be allocated on heavily
loaded systems by @cscarpitta in #18317
Allow using reserved ranges in RIP by @ton31337 in #18768
Remove unused functions as well as cleanup a header file by @donaldsharp
in #18766
build: fail on docstring problems by @eqvinox in #18765
Fix spelling error in bgp as well as clean up bgp documentation
by @donaldsharp in #18770
tests: Unreachable code in ospf.py by @y-bharath14 in #18767
docker: Build with 256 way ecmp by @donaldsharp in #18779
eigrpd: Clean up comment to reflect reality by @donaldsharp in #18780
zebra: Allow show ip route table X A.B.C.D/M to work by @donaldsharp
in #18776
bgpd: restart R-bit startup timer on no shutdown by @ton31337 in #18773
Add initial state dump on frontend datastore notify subscribe
by @choppsv1 in #18778
Gather vtysh return codes up to report to operator by @donaldsharp in #18783
BGP should stay in Idle if BFD profile is in admin shutdown state
by @ton31337 in #18763
bfdd: Adding my discriminator id in show bfd peers counters json
by @sougata-github-nvidia in #18772
mgmtd: need to set default notify_format for protobuf message too
by @choppsv1 in #18788
zebra: Allow nhg's to be reused when multiple interfaces are going amuck
by @donaldsharp in #18723
Replace use of __ as identifier prefix by @choppsv1 in #18790
lib/clippy: pointer offsets are signed by @eqvinox in #18792
zebra: Prevent vrf table 254 being used by non-default vrf
by @donaldsharp in #18702
*: some gcc warnings clean up by @rzalamena in #18794
bgpd: Remove linklist.h inclusion in bgp_mpath.c by @donaldsharp in #18800
bgpd: fix second router-id of loc-rib peer-up message set to 0.0.0.0
by @pguibert6WIND in #18799
bgpd: Not advertised to any peer in peer-group by @soumyar-roy in #18587
bgpd: Add support for BGP to use SRv6 SID in an explicit way
by @GaladrielZhao in #18519
bgpd: fix show bgp vpn rd json by @louis-6wind in #18802
bgpd: Fix flag issue in delete_vrf_tovpn_sid_per_vrf by @GaladrielZhao
in #18808
ripd, ripngd: Timer values by @ton31337 in #18805
zebra: guard against use of zapi client data during close by @mjstapp
in #18721
docker: install correct python protobuf in ubuntu docker images
by @choppsv1 in #18816
tests: Fix unreachable code in pim.py by @y-bharath14 in #18817
tests: bgp_evpn_rt5 add route-reflector by @louis-6wind in #18733
bgpd: Rename bgp_path_info_delete to bgp_path_info_mark_for_delete
by @donaldsharp in #18818
isid, lib: Fix gcc 15 warnings by @mjstapp in #18820
Fix bestpath reason being incorrectly set in some cases by @donaldsharp
in #18819
tests: Remove version (BGP version) from JSON by @ton31337 in #18831
ci: harden wget from github servers by @vjardin in #18833
doc: topotest add missing media type MIB by @vjardin in #18832
Ipforwarding modify by @donaldsharp in #18316
Prefix list leak bfdd ldpd by @donaldsharp in #18830
Bgp encaps reduced by @pguibert6WIND in #18803
End psp flavor by @pguibert6WIND in #18647
Fix up from a bunch of ubsan issues found. by @donaldsharp in #16074
Add PIC support in the srv6 VPN scenario. by @zice312963205 in #16879
bgpd: Implement BGP Next Hop Dependent Characteristics Attribute
(NNHN only) by @ton31337 in #18729
bgpd: fix view deletion and main socket deletion by @rzalamena in #18758
SRv6: Allow configuring node-len 0 by @raja-rajasekar in #18774
bgpd: fix to show exist/non-exist-map in 'show run' properly
by @krishna-samy in #18828
zebra: finish moving ip[v6] forwarding to NB/mgmtd by @choppsv1 in #18845
mgmtd top level root query by @choppsv1 in #18835
Clang-19 cleanup and removal of scheduled functionality by @donaldsharp
in #18821
pimd: add support for group range prefix-list filter for v6 by @rzalamena
in #18260
pimd,pim6d: require router alert configuration by @rzalamena in #18202
zebra: V6 RA not sent anymore after interface up-down-up by @soumyar-roy
in #18451
redhat: Add Workaround for inet_ntop replacement which breaks rpms
by @mwinter-osr in #18864
staticd, bgp: fix srv6 encap-value displayed with _ instead of .
by @pguibert6WIND in #18858
bgpd: fix PEER_FLAG_CONFIG_DAMPENING to be ULL by @vjardin in #18869
Revert 16879 by @ton31337 in #18856
build: the great war against config.h, issue 0 of ∞ by @eqvinox in #18860
yang: Fix pyang errors in frr-staticd.yang by @y-bharath14 in #18857
Keep the original NHE associated with a re around by @donaldsharp in #18751
build: the war against config.h continues, 1 of ∞ by @eqvinox in #18874
bgpd: fix import all adj-rib-in and loc-rib after bmp connects
by @pguibert6WIND in #18843
lib: fix mis-done endian check by @eqvinox in #18875
Eliminate protobuf from mgmtd backend (daemon) messaging by @choppsv1
in #18878
*: SPDX license spring cleaning by @eqvinox in #18883
build: the war on config.h is a war of attrition, 2 of ∞ by @eqvinox
in #18877
bgpd: two minor fixes for command by @anlancs in #18882
bfdd: Only apply increased transmission interval after Poll Sequence
by @zmw12306 in #18589
bfdd: Check for passive mode with zero discriminator by @zmw12306 in #18591
ospfd: Fix crash when ospf client connects before configuring an OSPF
instance by @Jafaral in #18785
lib: fix copying of resolved addresses by @kunkku in #18871
*: oh no, config.h is mobilizing its forces! - 3 of ∞ by @eqvinox in #18884
doc/developer: update instructions for NetBSD by @eqvinox in #18879
yang: Correct pyang errors in frr-bgp-route-map.yang by @y-bharath14
in #18781
nhrpd: ignore non-host addresses on NHRP interfaces by @kunkku in #18873
staticd: fix deref of NULL pointer in srv6 code by @mjstapp in #18890
vtysh,doc: add an idle timeout for vtysh by @mjstapp in #18711
pimd: add support for PIM dense and sparse-dense modes by @Jafaral in #18648
doc: add a note about dplane API version to the release docs by @mjstapp
in #18896
zebra: bump the dplane api version for FRR 10.4 by @mjstapp in #18893
lib: fix coverity defect CID 1643927 by @choppsv1 in #18892
bgpd: add neighbor ip-transparent by @vjardin in #18789
pimd, yang: move bsr xpath to be consistent with other rp implementations
by @Jafaral in #18898
lib: fix build failure in darr by @eqvinox in #18863
github: Do not cache docker foobar by @ton31337 in #18909
bgpd: Drop deprecated JSON field gracefulRestartCapability by @ton31337
in #18900
pimd: fix a coverity issue with state refresh by @Jafaral in #18902
pbrd: Fix memory leak when destroying an interface by @ton31337 in #18906
zebra: [SRv6] persist func-len 0 across frr restart by @raja-rajasekar
in #18847
bgpd: correct no form commands by @anlancs in #18911
mgmtd simplify frontend CLI config path by @choppsv1 in #18888
build: check for libunwind.h, not unwind.h by @eqvinox in #18912
mgmtd: remove unused and unneeded code. by @choppsv1 in #18927
zebra: Add some more debugging when netlink read fails for a route
by @donaldsharp in #18914
build: autoconf cleanup pass by @eqvinox in #18913
Revert "tools: ignore spaces only in macro empty line." by @donaldsharp
in #18934
tests: Address resource leaks in bmpserver.py by @y-bharath14 in #18935
bgpd: do not accept a host route that matches a local address
by @enkechen-panw in #17976
bgpd: Add Hold Time(r) for BFD strict mode by @ton31337 in #18901
tools: ignore spaces only in macro empty line. by @choppsv1 in #18937
redhat: make FRR RPM build to work on RedHat 10 by @mwinter-osr in #18920
tools: Fix VRF static routes deletion on config reload instead of update
by @dendergunov in #18908
Handle VRF blackhole routes in SRv6 L3VPN setup with static routes
by @pguibert6WIND in #18931
bgpd: use AS4B format for BGP loc-rib messages. by @pguibert6WIND in #18936
BGP evpn testing and bug fixes related to non default EVPN backbone
by @pguibert6WIND in #18358
bgpd: Supporting Graceful Shutdown feature for Peer-Group
by @Manpreet-k0 in #18659
*: fix a bunch of header file / #include loops by @eqvinox in #18953
Fix up dplane handling of some edge cases by @donaldsharp in #18919
pimd, tests: Fix dense mode flooding/grafting, expand dense/mixed mode
testing by @nabahr in #18903
lib: use forward-refs to remove bgp header from lib header by @mjstapp
in #18960
zebra: Do not show SRv6 locator params when they are set to default
by @cscarpitta in #18961
tools: Ensure that checkpatch.sh checks return code of checkpatch.pl
by @donaldsharp in #18938
bgpd: Force adj-rib-out updates if MRAI is kicked in by @ton31337 in #18959
zebra: add ability to dump fpm listener nhg by @donaldsharp in #18676
Replace lock and commit protobuf messages with native variants
by @choppsv1 in #18928
bgpd: Unset TOVPN_SID_EXPLICIT flag to ensure BGP can release SRv6 SIDs
by @cscarpitta in #18969
Remove last bits of protobuf from MGMTD by @choppsv1 in #18948
zebra: Provide SID value when sending SRv6 SID release notify message
by @cscarpitta in #18971
lib: fix coverity "free address-of" issues by @choppsv1 in #18968
zebra: Allow routes that could be considered connected to exist
by @donaldsharp in #18967
pimd: fix coverity issues by @Jafaral in #18985
bgpd: Free up leaked memory in case where routemap is not used
by @donaldsharp in #18529
bgpd: Don't send notification if IPv6 Link-Local is not assigned on the
interface by @ton31337 in #18930
zebra: Cleanup SRv6 output of show running-config by @cscarpitta in #18970
bgpd: Set atomic aggregate attribute if we drop AS_SETs by @ton31337
in #18983
bgpd: Add new CLI to show the counters of each attribute by @ton31337
in #18984
yang: Fix pyang errors in frr-pim-rp.yang by @y-bharath14 in #18992
pimd: use the correct vrf with recv prune and state refresh by @Jafaral
in #18986
bgpd: Clean up evpn mac hash on shutdown. (backport #18996)
by @mergify[bot] in #18998
bgpd: Do not reuse the same adj->adv when flushing fifo (attributes too
long) (backport #18993) by @mergify[bot] in #18999
pimd: add boundary checks when parsing join/graft source lists (coverity)
(backport #18989) by @mergify[bot] in #19006
bgpd: Fix crash when fetching statistics for bgp instance
(backport #19003) by @mergify[bot] in #19004
tests: add new /run/netns tmpfs to each topotest router namespace
(backport #19007) by @mergify[bot] in #19012
Fix some coverity issues (backport #18897) by @mergify[bot] in #19021
Add frr-host yang module - fix bug with reserved IP range config
(backport #19019) by @mergify[bot] in #19026
static: [SRv6] Fixing uninstall and reinstall uA Sids upon Intf flaps
(backport #19027) by @mergify[bot] in #19032
nhrpd: fix crash when accessing invalid memory zone (backport #18994)
by @mergify[bot] in #19035
bgpd: [TOPOTEST] stabilize bgp_peergroup_gshut test case (backport #18991)
by @mergify[bot] in #19046
pathd: fix compare function overflow (backport #19050) by @mergify[bot]
in #19053
Nhrp redundancy ping (backport #19048) by @mergify[bot] in #19052
zebra: Initialize RB tree for router tables (backport #19049)
by @mergify[bot] in #19055
tests: Fix bgp_srv6_sid_explicit test failures (backport #19068)
by @mergify[bot] in #19075
debian, redhat: add missing info to changelog by @Jafaral in #19072
zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del
(backport #19054) by @mergify[bot] in #19081
zebra: fix stale NHG in kernel (backport #18899) by @mergify[bot] in #19085
Doc and test update (backport #19070) by @mergify[bot] in #19084
bgpd: Fix incorrect stripping of transitive extended communities due …
(backport #19065) by @mergify[bot] in #19093
lib: Fix no on-match goto NUM command (backport #19108) by @mergify[bot]
in #19112
bgpd: fix missing BGP_ROUTE_AGGREGATE for announcing to zebra
(backport #19105) by @mergify[bot] in #19130
bgpd: Fix extended community check for IP non-transitive type
(backport #19097) by @mergify[bot] in #19133
bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet (backport #19126)
by @mergify[bot] in #19142
zebra: zebra core with v6 RA (backport #19000) by @mergify[bot] in #19152
lib: revert addition of vtysh_flush() call in vty_out() (backport #19109)
by @mergify[bot] in #19153
bgpd: free json objects in error paths (backport #19158) by @mergify[bot]
in #19163
bgpd: Extract link bandwidth value from extcommunity before using for
WCMP (backport #19165) by @mergify[bot] in #19169
lib,bgpd,ospf6d,zebra: Free json objects in error paths (backport #19182)
by @mergify[bot] in #19184
zebra: clean up a json object leak (backport #19192) by @mergify[bot]
in #19195
bgpd: Do not try to reuse freed route-maps (backport #19191) by
@mergify[bot] in #19200
10.3.2
What's Changed
bgpd: correct no form commands (backport #18911)
bgpd: fix to show exist/non-exist-map in 'show run' properly
redhat: make FRR RPM build to work on RedHat 10 (backport #18920)
build: check for libunwind.h, not unwind.h (backport #18912)
bgpd: use AS4B format for BGP loc-rib messages. (backport #18936)
bgpd: fix for the validity and the presence of prefixes in the BGP VPN
table. (backport #17370)
bgpd: Force adj-rib-out updates if MRAI is kicked in (backport #18959)
github: Do not cache docker foobar (backport #18909)
zebra: Provide SID value when sending SRv6 SID release notify message
(backport #18971)
bgpd: Fix crash when fetching statistics for bgp instance (backport #19003)
tests: add new /run/netns tmpfs to each topotest router namespace
(backport #19007)
nhrpd: fix crash when accessing invalid memory zone (backport #18994)
zebra: Initialize RB tree for router tables (backport #19049)
zebra: fix null pointer dereference in zebra_evpn_sync_neigh_del
(backport #19054)
zebra: fix stale NHG in kernel (backport #18899)
bgpd: Fix incorrect stripping of transitive extended communities
(backport #19065)
lib: Fix no on-match goto NUM command (backport #19108)
bgpd: Fix extended community check for IP non-transitive type
(backport #19097)
bgpd: Fix DEREF_OF_NULL.EX.COND in bgp_updgrp_packet (backport #19126)
lib: revert addition of vtysh_flush() call in vty_out() (backport #19109)
bgpd: Extract link bandwidth value from extcommunity before using for WCMP
(backport #19165)
Use ipv4 class E addresses (240.0.0.0/4) as connected routes by default
(backport #18095)
bfdd: Set bfd.LocalDiag when transitioning to AdminDown (backport #18592)
zebra: clean up a json object leak (backport #19192)
bgpd: Do not try to reuse freed route-maps (backport #19191)
lib: fix routemap crash (backport #19127)
bgpd: initialize local variable (backport #19233)
ospfd: Use after free cleanup of lsa (backport #19224)
vtysh: copy config from file should actually apply (backport #19242)
bgpd : Fix compilation error in bgpd module: Update TP_ARGS for bgp
(backport #19266)
bgpd: Ensure addpath does not withdraw selected route in some situations
(backport #19210)
lib, zebra: mark singleton nexthops inactive/active on link state changes
for wecmp (backport #18947)
eigrp: validate hello packets and tlvs better (backport #19251)
bgpd: [GR] fixed selectionDeferralTimer to display select_defer_time val
(#19283)
zebra: Fix buffer overflows found by fuzzing. (backport #19303)
lib: compute link-state zapi message size (backport #19290)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b93cc8669262bab4dd6cfa8bb635c2142a769346
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 22:08:08 2025 +0200
dehydrated: Update to version 0.7.2
- Update from version 0.7.1 to 0.7.2
- Update of rootfile not required
- Changelog
0.7.2
Added
- Implemented support for certificate profile selection
- Added a configuration parameter to allow for timeouts during order processing
(`ORDER_TIMEOUT`, defaults to 0 = no timeout)
- Allowed for automatic deletion of old files (`AUTO_CLEANUP_DELETE`, disabled
by default)
Changed
- Renew certificates with 32 days remaining (instead of 30) to avoid issues
with monthly cronjobs (`RENEW_DAYS=32`)
Fixed
- Changed behaviour of `openssl req` stdin handling to fix compatibility with
OpenSSL version 3.2+
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e12534743b8e1c135c0698176a283da94cad8cc2
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 21:54:47 2025 +0200
ncat: Update to version 7.98
- Update from version 7.95 to 7.98
- Update of rootfile not required
- Changelog as for the nmap update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9fa166f93ee5898823012be5e0ef3328ca07965f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 21:54:46 2025 +0200
nmap: Update to version 7.98
- Update from version 7.95 to 7.98
- Update of rootfile
- Changelog
7.98
o Updated liblua to 5.4.8
o Fixed an issue in FTP bounce scan where a single null byte is written past
the end of the receive buffer. The issue is triggered by a malicious server
but does not cause a crash with default builds. [Tyler Zars]
o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the
parallel DNS resolver. Additionally, improved performance by processing
responses that come after the request has timed out. [Daniel Miller]
o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys:
"Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers
that are registered as Extension Header values. When the --data option was
used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"
[Daniel Miller]
o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void
receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L)
== 1' failed."
when reading from an SSL connection. [Daniel Miller]
o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per
hostgroup, which led to progressively slower scans and assertion failures in
other scan phases. [Daniel Miller]
o [NSE] Added NSE bindings for more libssh2 functions: channel_request,
channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive.
ssh-brute will now use keyboard-interactive auth if password auth is not
offered. [Daniel Miller, CrowdStrike]
o Fix a bug that was causing Nmap to send empty DNS packets for each target
that was not found up instead of just skipping them for reverse DNS.
o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since
Nmap 7.96. [Daniel Miller]
o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including
post-quantum ciphersuites.
o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces
for forward and reverse DNS lookups. When -e or -S are used, use only DNS
servers that can be connected via that interface or source address.
[Daniel Miller]
o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module.
[Daniel Miller]
o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover
latest strings.
o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being
installed. [Daniel Miller]
o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file"
when Nmap crashes or fails. [Daniel Miller]
o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata
and UmitConfigParser. [Daniel Miller]
o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID
was not prefixed with "urn:". [nnposter]
7.97
o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that
use non-latin character sets. Also changed Nmap to print the time zone as an
offset from UTC instead of as a localized string. [Daniel Miller]
o Fixed an issue with the parallel forward DNS resolver: it had not been
consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
[Daniel Miller]
o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in
the example output of http-malware-host [nnposter]
7.96
o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1,
libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0
o [Windows] Upgraded the included version of Npcap from version 1.79 to the
latest version 1.82, bringing faster packet injection, VLAN header capture,
and support for SR-IOV adapters, along with many other bug fixes and feature
enhancements described at https://npcap.com/changelog
o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
engine that has been reliably performing reverse-DNS lookups for nearly a
decade. Scanning large lists of hostnames is now enormously faster and avoids
the unresponsive wait for blocking system calls, so progress stats can be
shown. In testing, resolving 1 million website names to both IPv4 and IPv6
took just over an hour. The previous system took 49 hours for the same data
set! [Daniel Miller]
o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to
the same release version as Nmap.
o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or
window::dark_mode in zenmap.conf. [Daniel Miller]
o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
+ [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin
service to get the RouterOS version. New service probes were also added for
this service. [deauther890, Daniel Miller]
+ mikrotik-routeros-username-brute brute-forces WinBox usernames for the
router using CVE-2024-54772. [deauther890]
+ targets-ipv6-eui64 generates target IPv6 addresses from a user-provided
file of MAC addresses, using the EUI-64 method. [Daniel Miller]
o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
correctly uninstalling Nmap OEM.
o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted
since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6.
[Daniel Miller]
o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show
'filtered' instead of 'closed', due to differences in understanding timeouts.
o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255.
[nnposter]
o Nmap will now allow targets to be specified both on the command line and in
an input file with -iL. Previously, if targets were provided in both places,
only the targets in the input file would be scanned, and no notice was given
that the command-line targets were ignored. [Daniel Miller]
o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with
error.
o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes
throughout Zenmap.
o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was
not in the PATH. The issue primarily affected macOS users. [Daniel Miller]
o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the
-iR option.
o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of
redis.
o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers
discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
o [Nping] Bind raw socket to device when possible. This was already done for
IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
connections. This makes it more compatible with other netcats. The -k option
will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
[Daniel Miller]
o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL
layer's buffer could not be read until more data arrived on the socket, which
could lead to deadlock. [Daniel Miller]
o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the
same as traditional netcat's -q option. [Daniel Miller]
o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and
EOF conditions that had not been being delivered to the child process.
o [Ncat][Windows] All Nsock engines now work correctly. The default is still
'select', but others can be set with --nsock-engine=iocp or
--nsock-engine=poll [Daniel Miller]
o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by
the libssh2 Lua binding, providing useful output instead of a backtrace.
[Joshua Rogers, Daniel Miller]
o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
libssh2.channel_read_stderr, which was reading stdout instead; add binding
for libssh2_userauth_publickey_frommemory; allow open_channel to avoid
allocating a pty;
o [Nsock] Improvements for platforms without selectable pcap handles (e.g.
Windows). Interleaved pcap and socket events were favoring pcap reads,
possibly resulting in timeouts of the socket events. [Daniel Miller]
o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller]
o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing
errors like "could not find 1 of the purportedly pending events on that IOD."
[Daniel Miller]
o When Nmap is used with --disable-arp-ping, a local IP that cannot be
ARP-resolved will use the "no-route" reason instead of the "unknown-response"
reason, since no response was received.
o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE
library. [johnjaylward, nnposter]
o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for
a given username caused heap corruption. [Julijan Nedic, nnposter]
o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
from a file. [nnposter]
o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE
module did not work correctly when the IV started with a null byte.
[nnposter]
o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now
supported. Script smb-protocols now reports SMB dialects correctly.
[nnposter]
o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ee580f7fb0be4034b863cd8f3b61dd4f724bc40f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 18:45:02 2025 +0200
python3-msgpack: Update to version 1.1.0
- Update from version 1.0.8 to 1.1.0
- Update of rootfile
- borgbackup requires python3-msgpack and has updated the version to be up to 1.1.0
- Changelog
1.1.0
use PyLong_* instead of PyInt_* for compatibility with future Cython. (#620)
1.1.0rc2
Update Cython to 3.0.11 for better Python 3.13 support.
Update cibuildwheel to 2.20.0 to build Python 3.13 wheels
1.1.0rc1
Update Cython to 3.0.10 to reduce C warnings and future support for Python 3.13.
Stop using C++ mode in Cython to reduce compile error on some compilers.
Packer() has buf_size option to specify initial size of internal buffer to
reduce reallocation.
The default internal buffer size of Packer() is reduced from 1MiB to 256KiB to
optimize for common use cases. Use buf_size if you are packing large data.
Timestamp.to_datetime() and Timestamp.from_datetime() become more accurate by
avoiding floating point calculations. (#591)
The Cython code for Unpacker has been slightly rewritten for maintainability.
The fallback implementation of Packer() and Unpacker() now uses keyword-only
arguments to improve compatibility with the Cython implementation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 91f144a0ad143bf4c44123b28ff9785b0e2f3798
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Sep 12 18:45:01 2025 +0200
borgbackup: Update to version 1.4.1
- Update from version 1.4.0 to 1.4.1
- Update of rootfile
- Changelog
1.4.1
New features:
- prune: add 13weekly and 3monthly quarterly pruning strategies, #8337
- add BORG_USE_CHUNKS_ARCHIVE env var as a cleaner way to control whether
borg shall use chunks.archive.d/ cache directory. the previous "hack" to
create a non-directory file at that place is still supported.
- compact: support --dry-run (do nothing) to simplify scripting, #8300
- add {unixtime} placeholder, #8522
- macOS: retrieve birthtime in nanosecond precision via system call, #8724
- implement padme chunk size obfuscation (SPEC 250), #8705
Fixes:
- borg exits when assertions are disabled with Python optimizations, #8649
- fix remote repository exception handling / modern exit codes, #8631
- config: fix acceptance of storage_quota 0, #8499
- config: reject additional_free_space < 10M (but accept 0), #6066
- check: more consistent messaging considering --repair, #8533
- yes: deal with UnicodeDecodeError in input(), #6984
- fix WORKAROUNDS=authenticated_no_key support for archive TAM authentication,
#8400
- diff: do not assert on diff if hard link sources are not found due to
exclusions, #8344
- diff:
- suppress modified changes for files which weren't actually modified in JSON
output, #8334
- ensure that 0B changes are hidden from text diffs, too.
- remove 0-added,0-removed modified entries from JSON output.
- try to rebuild cache if an exception is raised, #5213
- freebsd: fix nfs4 acl processing, #8756.
This issue only affected borg extract --numeric-ids when processing NFS4
ACLs, it didn't affect POSIX ACL processing.
Other changes:
- support and test on Python 3.13
- use Cython 3.0.12
- filter LibreSSL related warnings on OpenBSD
- docs:
- update install docs, nothing bundled anymore, #8342
- clarify excluded and included flags for dry-run, #8556
- small changes regarding compression, #8542
- clean up entries regarding SSH settings, link to recommended ones, #8542
- borg/borgfs detects internally under which name it was invoked, #8207
- binary: using the directory build is faster, #8008
- add readme of the binaries
- mount: document on-demand loading, perf tips, #7173
- better link modern return codes, #8370
- update repository URLs in docs to use new syntax, #8361
- align /etc/backups path references in automated backups deployment guide
- mount docs: apply jdchristensen's suggestion, better phrasing.
- FAQ: Why is backing up an unmodified FAT filesystem slow on Linux?
- FAQ: Why are backups slow on a Linux server that is a member of a windows domain?
- FAQ: add entry about pure-python msgpack warning, #8323
- modify docs for automated backup to append to SYSTEMD_WANTS rather than overwrite, #8641
- fix udev rule priority in automated-local.rst, #8639
- clarify requirements when using command line options with special characters within a shell, #8628
- work around sudden failure of sphinx ini lexer
- readthedocs theme fixes
- bring back highlighted content preview in search results.
- fix erroneous warning about missing javascript support.
- tests:
- github CI: windows msys2 build: broken, disable it for now, #8264
- improve borg check --repair healing tests, #8302
- fix hourly prune test failure due to local timezone
- ignore `com.apple.provenance` xattr (macOS specific)
- vagrant:
- pyenv: only use Python 3.11.12, use this for binary build
- macos: give more memory
- install rust on BSD
- add FreeBSD 13 box, for #8266
- fix OpenBSD box, #8506
- use a bento/ubuntu-24.04 box for now
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/oldcore/197/filelists/files | 3 ++
config/rootfiles/packages/borgbackup | 14 +++----
config/rootfiles/packages/frr | 9 ++++-
config/rootfiles/packages/libogg | 2 +-
config/rootfiles/packages/lynis | 1 +
config/rootfiles/packages/nmap | 3 ++
config/rootfiles/packages/python3-msgpack | 10 ++---
config/wio/wiovpn.pl | 6 +--
html/cgi-bin/wio.cgi | 4 +-
lfs/borgbackup | 6 +--
lfs/dehydrated | 8 ++--
lfs/frr | 6 +--
lfs/libogg | 11 +++---
lfs/lynis | 7 ++--
lfs/mtr | 11 +++---
lfs/mympd | 9 +++--
lfs/ncat | 6 +--
lfs/nginx | 59 ++++++++++++++--------------
lfs/nmap | 9 +++--
lfs/python3-msgpack | 8 ++--
lfs/strace | 8 ++--
lfs/tcl | 4 +-
src/initscripts/sysconfig/createfiles | 2 +-
23 files changed, 111 insertions(+), 95 deletions(-)
Difference in files:
diff --git a/config/rootfiles/oldcore/197/filelists/files b/config/rootfiles/oldcore/197/filelists/files
index b49f7d984a..8e79a54c42 100644
--- a/config/rootfiles/oldcore/197/filelists/files
+++ b/config/rootfiles/oldcore/197/filelists/files
@@ -12,6 +12,7 @@ etc/rc.d/rc3.d/S51openvpn-n2n
etc/rc.d/rc6.d/K10openvpn-rw
etc/rc.d/rc6.d/K11openvpn-n2n
etc/rc.d/rcsysinit.d/S46cpupower
+etc/sysconfig/createfiles
lib/udev/network-hotplug-master
lib/udev/network-hotplug-rename
lib/udev/rules.d/60-net.rules
@@ -19,6 +20,7 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/cgi-bin/vulnerabilities.cgi
+srv/web/ipfire/cgi-bin/wio.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
usr/local/bin/openvpnctrl
var/ipfire/backup/bin/backup.pl
@@ -30,4 +32,5 @@ var/ipfire/menu.d/40-services.menu
var/ipfire/main/manualpages
var/ipfire/ovpn/collectd.vpn
var/ipfire/suricata/ruleset-sources
+var/ipfire/wio/wiovpn.pl
var/ipfire/wireguard-functions.pl
diff --git a/config/rootfiles/packages/borgbackup b/config/rootfiles/packages/borgbackup
index 1f62a2d66c..d17f41212d 100644
--- a/config/rootfiles/packages/borgbackup
+++ b/config/rootfiles/packages/borgbackup
@@ -93,10 +93,10 @@ usr/lib/python3.10/site-packages/borg/testsuite/xattr.py
usr/lib/python3.10/site-packages/borg/upgrader.py
usr/lib/python3.10/site-packages/borg/version.py
usr/lib/python3.10/site-packages/borg/xattr.py
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/PKG-INFO
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/SOURCES.txt
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/dependency_links.txt
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/entry_points.txt
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/requires.txt
-usr/lib/python3.10/site-packages/borgbackup-1.4.0-py3.10.egg-info/top_level.txt
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/PKG-INFO
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/SOURCES.txt
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/dependency_links.txt
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/entry_points.txt
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/requires.txt
+usr/lib/python3.10/site-packages/borgbackup-1.4.1-py3.10.egg-info/top_level.txt
diff --git a/config/rootfiles/packages/frr b/config/rootfiles/packages/frr
index 039023d3e5..3fa99fc445 100644
--- a/config/rootfiles/packages/frr
+++ b/config/rootfiles/packages/frr
@@ -45,6 +45,7 @@ usr/bin/vtysh
#usr/include/frr/graph.h
#usr/include/frr/hash.h
#usr/include/frr/hook.h
+#usr/include/frr/host_nb.h
#usr/include/frr/iana_afi.h
#usr/include/frr/id_alloc.h
#usr/include/frr/if.h
@@ -68,13 +69,11 @@ usr/bin/vtysh
#usr/include/frr/log_vty.h
#usr/include/frr/md5.h
#usr/include/frr/memory.h
-#usr/include/frr/mgmt.pb-c.h
#usr/include/frr/mgmt_be_client.h
#usr/include/frr/mgmt_defines.h
#usr/include/frr/mgmt_fe_client.h
#usr/include/frr/mgmt_msg.h
#usr/include/frr/mgmt_msg_native.h
-#usr/include/frr/mgmt_pb.h
#usr/include/frr/mlag.h
#usr/include/frr/module.h
#usr/include/frr/monotime.h
@@ -183,6 +182,10 @@ usr/lib/libfrrcares.so.0.0.0
#usr/lib/libmgmt_be_nb.so
usr/lib/libmgmt_be_nb.so.0
usr/lib/libmgmt_be_nb.so.0.0.0
+#usr/lib/libmlag_pb.la
+#usr/lib/libmlag_pb.so
+usr/lib/libmlag_pb.so.0
+usr/lib/libmlag_pb.so.0.0.0
usr/sbin/bgpd
usr/sbin/fabricd
usr/sbin/fpm_listener
@@ -219,6 +222,7 @@ usr/sbin/zebra
#usr/share/yang/frr-deviations-bgp-datacenter.yang
#usr/share/yang/frr-deviations-ietf-key-chain.yang
#usr/share/yang/frr-filter.yang
+#usr/share/yang/frr-host.yang
#usr/share/yang/frr-if-rmap.yang
#usr/share/yang/frr-interface.yang
#usr/share/yang/frr-module-translator.yang
@@ -243,4 +247,5 @@ usr/sbin/zebra
#usr/share/yang/ietf-netconf-with-defaults.yang
#usr/share/yang/ietf-netconf.yang
#usr/share/yang/ietf-routing-types.yang
+#usr/share/yang/ietf-srv6-types.yang
var/ipfire/backup/addons/includes/frr
diff --git a/config/rootfiles/packages/libogg b/config/rootfiles/packages/libogg
index 2977fc6b09..10685b38d1 100644
--- a/config/rootfiles/packages/libogg
+++ b/config/rootfiles/packages/libogg
@@ -6,7 +6,7 @@
#usr/lib/libogg.la
#usr/lib/libogg.so
usr/lib/libogg.so.0
-usr/lib/libogg.so.0.8.5
+usr/lib/libogg.so.0.8.6
#usr/lib/pkgconfig/ogg.pc
#usr/share/aclocal/ogg.m4
#usr/share/doc/libogg
diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
index 9c0157ddb3..b68c9eaa3d 100644
--- a/config/rootfiles/packages/lynis
+++ b/config/rootfiles/packages/lynis
@@ -120,3 +120,4 @@ var/ipfire/lynis/lynis
#var/ipfire/lynis/plugins
#var/ipfire/lynis/plugins/README
var/ipfire/lynis/plugins/custom_plugin.template
+#var/ipfire/lynis/publiccode.yml
diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap
index 4fa71c9cf7..39032f1ce6 100644
--- a/config/rootfiles/packages/nmap
+++ b/config/rootfiles/packages/nmap
@@ -581,6 +581,8 @@ usr/share/nmap/scripts/metasploit-info.nse
usr/share/nmap/scripts/metasploit-msgrpc-brute.nse
usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse
usr/share/nmap/scripts/mikrotik-routeros-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-username-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-version.nse
usr/share/nmap/scripts/mmouse-brute.nse
usr/share/nmap/scripts/mmouse-exec.nse
usr/share/nmap/scripts/modbus-discover.nse
@@ -791,6 +793,7 @@ usr/share/nmap/scripts/stuxnet-detect.nse
usr/share/nmap/scripts/supermicro-ipmi-conf.nse
usr/share/nmap/scripts/svn-brute.nse
usr/share/nmap/scripts/targets-asn.nse
+usr/share/nmap/scripts/targets-ipv6-eui64.nse
usr/share/nmap/scripts/targets-ipv6-map4to6.nse
usr/share/nmap/scripts/targets-ipv6-multicast-echo.nse
usr/share/nmap/scripts/targets-ipv6-multicast-invalid-dst.nse
diff --git a/config/rootfiles/packages/python3-msgpack b/config/rootfiles/packages/python3-msgpack
index 4859b8a714..74fe2f1aa7 100644
--- a/config/rootfiles/packages/python3-msgpack
+++ b/config/rootfiles/packages/python3-msgpack
@@ -1,9 +1,9 @@
usr/lib/python3.10/site-packages/msgpack
-#usr/lib/python3.10/site-packages/msgpack-1.0.8-py3.10.egg-info
-#usr/lib/python3.10/site-packages/msgpack-1.0.8-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/msgpack-1.0.8-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/msgpack-1.0.8-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/msgpack-1.0.8-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/msgpack-1.1.0-py3.10.egg-info
+#usr/lib/python3.10/site-packages/msgpack-1.1.0-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/msgpack-1.1.0-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/msgpack-1.1.0-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/msgpack-1.1.0-py3.10.egg-info/top_level.txt
usr/lib/python3.10/site-packages/msgpack/__init__.py
usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpython-310-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.10/site-packages/msgpack/exceptions.py
diff --git a/config/wio/wiovpn.pl b/config/wio/wiovpn.pl
index 22116cd621..80b020dc93 100644
--- a/config/wio/wiovpn.pl
+++ b/config/wio/wiovpn.pl
@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2017-2020 Stephan Feddersen <sfeddersen@ipfire.org> #
+# Copyright (C) 2017-2025 IPFire Team <info@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
-# Version: 2020/05/04 12:02:23
+#
#
# This wioovpn.pl is based on the code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.
@@ -75,7 +75,7 @@ if ( ! -e "$ovpnpid" ) {
}
else {
-@ovpnstatus = `cat /var/run/ovpnserver.log`;
+@ovpnstatus = `cat /var/run/openvpn-rw.log`;
open(FILE, "$ovpnconfig");
@ovpncfg = <FILE>;
diff --git a/html/cgi-bin/wio.cgi b/html/cgi-bin/wio.cgi
index 30a51104c1..d988ec5973 100644
--- a/html/cgi-bin/wio.cgi
+++ b/html/cgi-bin/wio.cgi
@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2017-2021 Stephan Feddersen <sfeddersen@ipfire.org> #
+# Copyright (C) 2017-2025 IPFire Team <info@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -1291,7 +1291,7 @@ print"</table>";
if ( -e "$ovpnpid" ) {
-@ovpnstatus = `cat /var/run/ovpnserver.log`;
+@ovpnstatus = `cat /var/run/openvpn-rw.log`;
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
diff --git a/lfs/borgbackup b/lfs/borgbackup
index 189526073b..2e64177e9b 100644
--- a/lfs/borgbackup
+++ b/lfs/borgbackup
@@ -24,7 +24,7 @@
include Config
-VER = 1.4.0
+VER = 1.4.1
SUMMARY = Deduplicating backup program with compression and authenticated encryption
THISAPP = borgbackup-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = borgbackup
-PAK_VER = 18
+PAK_VER = 19
DEPS = python3-msgpack python3-packaging python3-pyfuse3 libxxhash
# borgbackup only works with specific versions of python3-msgpack
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 06d4d67e211a3ab1bc6d7155cbce8205fb7408a1149e44c77b500af02c25e62a569e3eaf50c11916a2ff9adea47c5791febfb7d0c657d0b195e5c5bbbd33a7d7
+$(DL_FILE)_BLAKE2 = fbf5cd06bcddd5b90db75ed1b2276d2eba0d17d0545a751acfd40d051053d9d3e1a0ea2f1dd87e6541aeca6199e98ad1885b9d3155696268752069b763b660a4
install : $(TARGET)
diff --git a/lfs/dehydrated b/lfs/dehydrated
index 821c1433bd..ab2bf8acd7 100644
--- a/lfs/dehydrated
+++ b/lfs/dehydrated
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = A client for signing certificates with an ACME server
-VER = 0.7.1
+VER = 0.7.2
THISAPP = dehydrated-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = dehydrated
-PAK_VER = 6
+PAK_VER = 7
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0b287537206936ceff33bde8bbb8ab7b13f28bf58cd29c898348db0cf5a83157fed4535da218ac48a810a93b99474e96334a27c062c157e2f164b0e516b47111
+$(DL_FILE)_BLAKE2 = a79f81e30b6687b012780a7949b877ef9db2f32c92906bf086f41ae325130afafe0d6f67bf49afa41b5f4a068509321a2a8ad03f8bb72b9d62d88d55e043a748
install : $(TARGET)
diff --git a/lfs/frr b/lfs/frr
index 6f60f7cdd9..8332b6006c 100644
--- a/lfs/frr
+++ b/lfs/frr
@@ -26,7 +26,7 @@ include Config
SUMMARY = FRRouting Routing daemon
-VER = 10.3.1
+VER = 10.4.1
THISAPP = frr-frr-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = frr
-PAK_VER = 14
+PAK_VER = 15
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aeeaa15bcd102ec322672106e1fdd98f2d124ac79514be6ee1ac63648a336519a95b1f1dc5fbee348b92796e6e79e2a9f857b959af5838b2c2b4afb2dc68de0a
+$(DL_FILE)_BLAKE2 = 1270fe6bb82e9e0ea718bab72658ad8b82c936f06f2c5e3686a66f3e9baeedf10e181bbf6c9cd05713194518f7bc6ab561b9baeaf609716fe182240e8abccdce
install : $(TARGET)
diff --git a/lfs/libogg b/lfs/libogg
index e678b9b376..90eef212d6 100644
--- a/lfs/libogg
+++ b/lfs/libogg
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Ogg Bitstream Library
-VER = 1.3.5
+VER = 1.3.6
THISAPP = libogg-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libogg
-PAK_VER = 5
+PAK_VER = 6
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 464cf767902bd8bd463d3faaae01fecbe33d4cc87dabf38388ac961bfbe24e6d113f4ee88542e6bed6fd7eaaf0709c7f5cb7a306ee910527f79810054ccdbae7
+$(DL_FILE)_BLAKE2 = 18b5563775b0569db1c41358a8c2de9a64b14754ca0da8a154e692e6cb26fbd5dc73ac7fa61697304bca2847db5b5f256be8361840b3e0df270a0701f1468814
install : $(TARGET)
@@ -82,7 +82,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/lynis b/lfs/lynis
index b95ace3f4f..3a9d217229 100644
--- a/lfs/lynis
+++ b/lfs/lynis
@@ -26,16 +26,15 @@ include Config
SUMMARY = Security and System auditing tool
-VER = 3.1.3
+VER = 3.1.5
THISAPP = lynis-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-
PROG = lynis
-PAK_VER = 14
+PAK_VER = 15
DEPS =
@@ -49,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 68483c194b3202befe3d45386d30c51399a7e9e413509fec982a120a5ab6ae22609c0e975d6fab33658decb0f2cf1c8dfb75434c68bfa76ad4f6602d10ad5a84
+$(DL_FILE)_BLAKE2 = dcbf4c0f996d2daea2b0b9be248079acd4583c4b07fdba8f46cd83017f7e6fee684f472749754c6dd8f792d97d9932945478d4daebc2ac74f6a11cbd238d73ab
install : $(TARGET)
diff --git a/lfs/mtr b/lfs/mtr
index dd190a90fe..a80df177da 100644
--- a/lfs/mtr
+++ b/lfs/mtr
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Ping and Traceroute Network Diagnostic Tool
-VER = 0.95
+VER = 0.96
THISAPP = mtr-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mtr
-PAK_VER = 6
+PAK_VER = 7
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3c972675b97945b96562802c5d0f10de963160682c93c0ea2991b72eca33d136d18948c5e746ca3dfb280ebc9c3ab154e7774f8409ed4e5f7470a8feb128e71b
+$(DL_FILE)_BLAKE2 = c7dff18b6f6e48a648783d719a6cedd14b141fe2013b75031f3ee830e8c4fb9c93639259c860047c8108c21519df30740f7515256ed08552f7697a42e938257b
install : $(TARGET)
@@ -83,7 +83,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && ./bootstrap.sh
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/mympd b/lfs/mympd
index 6d9d08bc9f..a05cacf50c 100644
--- a/lfs/mympd
+++ b/lfs/mympd
@@ -26,7 +26,7 @@ include Config
SUMMARY = Webfrontend for Music Player Daemon
-VER = 21.0.1
+VER = 22.0.4
THISAPP = myMPD-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mympd
-PAK_VER = 13
+PAK_VER = 14
DEPS = mpd libmpdclient
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4470f239933f3f540741439a1fc7e6f3de1c839371d77893160f19d0b80c793943b456a56f36df1c426a36c352b18a0bdd5d3073926644f12d8c2881af317b2d
+$(DL_FILE)_BLAKE2 = d59eba43d083adb2bc58bf31ec03bea1105143d681e409c92e60303b9ede75285aec04d0f70a6dcc52ca62f3eb27a8287840d3fcc3ff9489a4dc9d53e61e9a89
install : $(TARGET)
@@ -87,7 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && mkdir -p build
cd $(DIR_APP)/build && cmake -Wno-dev \
- -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release ..
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_BUILD_TYPE=Release ..
cd $(DIR_APP)/build && make $(MAKETUNING)
cd $(DIR_APP)/build && make install
diff --git a/lfs/ncat b/lfs/ncat
index 8596471792..01f2b114e3 100644
--- a/lfs/ncat
+++ b/lfs/ncat
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Network tool to concatenate and redirect sockets
-VER = 7.95
+VER = 7.98
THISAPP = ncat-$(VER)
DL_FILE = nmap-$(VER).tar.bz2
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c
+$(DL_FILE)_BLAKE2 = bbc7f4931876b2a59dc8d94b5498e72ee76084db19089820030473628f215a0a89972638f4128e46a46ffa55bd92141bfceab311fa00f4798cf111aca5ec104a
install : $(TARGET)
diff --git a/lfs/nginx b/lfs/nginx
index 0468fed117..59b670c614 100644
--- a/lfs/nginx
+++ b/lfs/nginx
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
SUMMARY = A HTTP server and IMAP/POP3 proxy server
-VER = 1.26.2
+VER = 1.29.1
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
-PAK_VER = 17
+PAK_VER = 18
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f054deb47bf21bf963fedc8f980d29c92325bbfcb39c5a2cc67cce15add32036f0b771c7abac018ded6354a0df0850ed5843d26e0cf5d9577b70ca3fa89a206c
+$(DL_FILE)_BLAKE2 = ab2f49ff5564fa45f86732e92abf8a43ce5f225cfcffcd66f40c7e35377525fe18a7760c1946e6e9f48e7fc07e99fdefa4ea5c19deae3cde00121aefa3d7cc14
install : $(TARGET)
@@ -81,32 +81,31 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr/share/nginx \
- --conf-path=/etc/nginx/nginx.conf \
- --sbin-path=/usr/sbin/nginx \
- --pid-path=/var/run/nginx.pid \
- --lock-path=/var/lock/nginx.lock \
- --http-client-body-temp-path=/var/spool/nginx/client_body_temp \
- --http-proxy-temp-path=/var/spool/nginx/proxy_temp \
- --http-fastcgi-temp-path=/var/spool/nginx/fastcgi_temp \
- --http-log-path=/var/log/nginx/access.log \
- --error-log-path=/var/log/nginx/error.log \
- --user=nobody \
- --group=nobody \
- --with-mail \
- --with-mail_ssl_module \
- --with-http_ssl_module \
- --with-http_gunzip_module \
- --with-http_gzip_static_module \
- --with-http_random_index_module \
- --with-http_secure_link_module \
- --with-http_degradation_module \
- --with-http_stub_status_module \
- --with-http_dav_module \
- --with-http_sub_module \
- --with-http_v2_module \
- --with-pcre
-
+ --prefix=/usr/share/nginx \
+ --conf-path=/etc/nginx/nginx.conf \
+ --sbin-path=/usr/sbin/nginx \
+ --pid-path=/var/run/nginx.pid \
+ --lock-path=/var/lock/nginx.lock \
+ --http-client-body-temp-path=/var/spool/nginx/client_body_temp \
+ --http-proxy-temp-path=/var/spool/nginx/proxy_temp \
+ --http-fastcgi-temp-path=/var/spool/nginx/fastcgi_temp \
+ --http-log-path=/var/log/nginx/access.log \
+ --error-log-path=/var/log/nginx/error.log \
+ --user=nobody \
+ --group=nobody \
+ --with-mail \
+ --with-mail_ssl_module \
+ --with-http_ssl_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_degradation_module \
+ --with-http_stub_status_module \
+ --with-http_dav_module \
+ --with-http_sub_module \
+ --with-http_v2_module \
+ --with-pcre
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
mkdir -p /var/log/nginx /var/spool/nginx
diff --git a/lfs/nmap b/lfs/nmap
index cee8fa2a94..8418dcf4dd 100644
--- a/lfs/nmap
+++ b/lfs/nmap
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,8 @@ include Config
SUMMARY = Network exploration tool and security scanner
-VER = 7.95
+VER = 7.98
+# Also update ncat when nmap is updated
THISAPP = nmap-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -34,7 +35,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nmap
-PAK_VER = 19
+PAK_VER = 20
DEPS =
@@ -48,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c
+$(DL_FILE)_BLAKE2 = bbc7f4931876b2a59dc8d94b5498e72ee76084db19089820030473628f215a0a89972638f4128e46a46ffa55bd92141bfceab311fa00f4798cf111aca5ec104a
install : $(TARGET)
diff --git a/lfs/python3-msgpack b/lfs/python3-msgpack
index d8edd89e03..0917d3b78a 100644
--- a/lfs/python3-msgpack
+++ b/lfs/python3-msgpack
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.8
+VER = 1.1.0
SUMMARY = Python module for reading and writing MessagePack data
THISAPP = msgpack-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = python3-msgpack
-PAK_VER = 5
+PAK_VER = 6
DEPS =
# borgbackup only works with specific versions of python3-msgpack - check when updating
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 714b0355941104e791c5a3b8ee2bd4f40b11484631a3bde63e7c0bdbb925a603c4704b037ab437c2330dc0d2e466d41ccfd50c6a45ef798e5cd34a87e4e3863f
+$(DL_FILE)_BLAKE2 = fd6497ce248fabae481de41cb27bccf001e75425564f16caff9f5dceb52d82949481589a92635f4c25178f03002daf604073fc2bb07c8133e81a8ee2f1ccb7c4
install : $(TARGET)
diff --git a/lfs/strace b/lfs/strace
index 3531f50dcf..817ceddbf8 100644
--- a/lfs/strace
+++ b/lfs/strace
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = A utility to trace the system calls of a program
-VER = 6.12
+VER = 6.16
# SUP_ARCHES = x86_64 aarch64
THISAPP = strace-$(VER)
@@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = strace
-PAK_VER = 13
+PAK_VER = 14
DEPS =
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8077a9ae0b05065cf2de7a2bd630a6275735bd77765a5654cb34f17c93b3fda69d77743c5eb8e75efcc1f6ec8707698642d30bd62cc3aa4355bec0d5a00eec89
+$(DL_FILE)_BLAKE2 = 42155b733d18de50e38b95847a018b315ab36622823ba1113d1a58666de9eda373cc4110b2acdc0c4173520eb55859ff4493fa4a01df1b7c4c1902b11afaa88e
install : $(TARGET)
diff --git a/lfs/tcl b/lfs/tcl
index 05cf99aa6b..b02f11ac00 100644
--- a/lfs/tcl
+++ b/lfs/tcl
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,6 +25,8 @@
include Config
VER = 8.6.14
+# Do not update to tcl9 without careful checking as expect and maybe other packages
+# in the toolchain arer incomaptible
THISAPP = tcl$(VER)
DL_FILE = $(THISAPP)-src.tar.gz
diff --git a/src/initscripts/sysconfig/createfiles b/src/initscripts/sysconfig/createfiles
index cf7d6e1469..2545c9586b 100644
--- a/src/initscripts/sysconfig/createfiles
+++ b/src/initscripts/sysconfig/createfiles
@@ -25,7 +25,7 @@
# <major> and <minor> are the major and minor numbers used for the device.
########################################################################
-/var/run/ovpnserver.log file 644 nobody nobody
+/var/run/openvpn-rw.log file 644 nobody nobody
/var/run/openvpn dir 644 nobody nobody
# End /etc/sysconfig/createfiles
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2025-09-13 11:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4cP7fY6jYlz2xRZ@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox