* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. d3725fecec79b5d2c807e9830d983a1804b14616
@ 2025-09-16 8:52 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-09-16 8:52 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 64207 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via d3725fecec79b5d2c807e9830d983a1804b14616 (commit)
via 7ab09188f9f292f42f10b2f51923625ec72a8a0e (commit)
via 6d332fdc0c3c24eaff4492f020cc617cb726d4de (commit)
via 31c5b4b03598793dec01ff6cf91465ca9f432786 (commit)
via 932c1a82183897e27b54bf2ea5987f1d03eca7eb (commit)
via c785cc3c45f5a33e87c09a487306e8c56b13d613 (commit)
via 9acb4b08cb2fa38c591c270d75f3d823243232d8 (commit)
via 798fa55f0d58f3bfcad9a26f3b579daba2a92bfe (commit)
via 199dc49ad07635013f639107f269d5059219c147 (commit)
via 2b4ca744b03f828297bde50e43f40abbf146b64f (commit)
via 3063559e4fa15e3058f2e62d8df617fae4a92e69 (commit)
via c9ff62f3d28bf9c95de5889b02f9b13a3be8726d (commit)
via 1345abf18b964289bbc37033eb8d7500cd97a15f (commit)
via 36110b3f109fa60308a790aee1875e4816521f9f (commit)
via b07d7b7c66f75ac05491b3fee9cab812b20d88fe (commit)
via 5c3108043280aabd6821b988dbde720be4bd92ef (commit)
via 4740d7ccb17db0e8c697630b72934ba8f1809bfc (commit)
from 0fb06f864f987396be173350362b35f1ebe1fd17 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d3725fecec79b5d2c807e9830d983a1804b14616
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:40:55 2025 +0200
core198: Ship collectd due to sobump in nut update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7ab09188f9f292f42f10b2f51923625ec72a8a0e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:40:54 2025 +0200
nut: Update to version 2.8.4
- Update from version 2.8.3 to 2.8.4
- Update of rootfile
- sobump requires shipping of collectd
- Changelog
2.8.4
- Bug fixes for fallout possible due to "fightwarn" effort in 2.8.0+:
* In `usbhid-ups` sources, introduced optional `HU_FLAG_PARAM_REQUIRED` for
`setvar()` or `instcmd()` handling (and a `HU_TYPE_CMD_PARAM_REQUIRED`
shortcut) for setting in the mapping table flags, to specify variables
or instant commands that require an argument (either from caller or a
non-`NULL` default in the run-time table after device data discovery);
if the flag is not set, a zero value is assumed. Incomplete code was a
regression of NUT v2.8.3 causing some instant commands to fail. [#2860,
#2955]
- Fix fallout of development in NUT v2.8.0 and/or v2.8.1 and/or v2.8.2 and/or
v2.8.3:
* Fixed a regression in recipes of NUT v2.8.3 release (as compared to
v2.8.2), where `configure --with-docs=all` no longer failed a run
of the `configure` script when some of the required rendering tools
were not in fact available. [#2842, fixed by #2921]
* Some recipe improvements in earlier releases led to `make check` always
running a spelling check (if tools are available), even if the explicit
`configure --disable-spellcheck` option was used. Now it would not run
if disabled (e.g. to speed up CI builds in scenarios that focus on other
aspects of the code base), although developers can still use the explicit
`make spellcheck*` goals, when tools are in fact available. [#2973]
* A change in `Makefile.am` recipes to evaluate some driver names in the
`DRIVERLIST` variables inspected by `configure` script, rather than
having all their names hard-coded like before, led to inability to
`configure --with-drivers=dummy-ups`. [#2825, #2927, fixed by PR #2929]
* A problem noted with `upsdrvquery` (since NUT v2.8.1) message logging
at high debug verbosity levels (5+) with very large blocks of content
has exposed a deficiency in variable-argument handling, and specifically
adaptive resizing of the output buffer or truncation of logged inputs
(which is something NUT code tried to do since the beginning of time),
and could lead to "segmentation fault" crashes on some platforms.
[issue #2948, PR #2963]
* Documentation build recipes overly zealously pre-processed source files,
which was not applicable for each and every document type we have (e.g.
binary images for illustrations); this caused grief with some toolkits.
[issue #2989]
- common code:
* Revised common `writepid()` to use `altpidpath()` as location for the
PID file creation, if the default `rootpidpath()` is not accessible
(e.g. daemon was not initially started as `root`). Likewise updated
short PID file based signal sending to consult both locations. [#1717]
* Linux may report a `/proc/X/exe` symlink with an embedded "(deleted)"
suffix, if the binary was removed (or replaced) since the running process
started. This confused our code which verifies that when it is sending a
signal to a PID, that PID does reflect the expected NUT program. [#3021]
* Refactored NUT "common" sources to reference `nut_version.h` macros from
a smaller C source file, to minimize the compilation unit size impacted
by development iterations. [issue #2097]
* Common code hardening: added sanity-checking for dynamically constructed
or selected formatting strings with variable-argument list methods
(typically used with log printing, `dstate` setting, etc.) [#2450, #3016]
- Warn if `%n` formatting string is used -- it is deprecated in some
newer distros due to security concerns.
* Refactored repetitive implementations of `inet_ntopSS()` (nee
`inet_ntopW()` in `upsd.c`) and `inet_ntopAI()` methods into `common.c`,
so now they can be re-used or expanded more easily. [#2916]
- `upsd` updates:
* Fixed two bugs about printing the "further (ignored) addresses resolved
for this name": the way to extract IP address string was not portable
and misfired on some platforms, and the way to print had a theoretical
potential for buffer overflow. [#2915]
* Print arguments of a processed command into the debug log, to help track
down what unsupported queries are about, etc. (but only endeavor to spend
time, RAM and CPU on this if debug verbosity is high enough). Hide the
sensitive commands' parameters unless verbosity is unusually high. [#3023]
- `upsdrvquery` API updates [#2969]:
* Added `upsdrvquery_oneshot_conn()` for issuing one-shot queries using an
existing `udq_pipe_conn_t *` connection. The caller manages the
connection's lifecycle, and the function includes a best-effort call to
restore broadcast mode after the query to return the connection as it was.
* Added `upsdrvquery_oneshot_sockfn()` for initiating one-shot queries using
a socket filename. Shares internal logic with the existing
`upsdrvquery_oneshot()`, which uses a UPS and driver name, respectively.
* Introduced `upsdrvquery_restore_broadcast()` to explicitly restore
broadcast mode (`BROADCAST 1`) on a connection, helping return it to a
consistent and talkative state.
* Revised connection ownership handling: internal functions like
`upsdrvquery_prepare()` and `upsdrvquery_request()` no longer close
connections they do not own. Responsibility for cleanup is now delegated to
the caller to avoid unintended side effects and better align with expected
usage patterns.
- common driver code:
* Update reports of failed socket file creation, to help troubleshooting
some error cases in the field. [#2959]
* Removed workarounds trying to migrate legacy driver raised `ALARM`
status tokens into modern `alarm_*` function logic. Rather, we keep
supporting them as separate from the modern logic, seeing as `upsmon`
does not care where the token itself was raised for its notifications.
Driver-code related test-cases were updated to reflect these changes.
[issue #2928, PRs #2931 and #2934]
* Introduced some macros in `drivers/upshandler.h` for common syslog level
definitions and message wording for beginning and failing `instcmd()` or
`setvar()` operations consistently in different drivers. As a related
change, operations that intend to turn off or restart the load, or can
do that by side effect (e.g. calibration if batteries are old or dead),
would explicitly `upslogx(LOG_CRIT,...)` by default before commencing.
[#2957]
* Fixed a couple of ancient memory leaks: one "shared" during driver
program initialization, and one specific to `dummy-ups` wind-down. [#2972]
* Added a `suggest_NDE_conflict()` method so drivers which lack access
to the expected device can consistently suggest that this may be because
of running both an NDE-wrapped service unit and a manually launched
driver program at the same time. Currently added to `libusb{0,1}.c`
code, but may later be expanded to e.g. serial drivers and other media,
when their behavior in such situations gets identified. [follow-up to
issue #477, PR #3041]
- `apc_modbus` driver updates:
* The time stamp and inter-frame delay accounting was fixed, alleviating
one of the problems reported in issue #2609. [PR #2982]
* Fix missing variables due to mismatching format string. [PR #3013]
- `bcmxcp` driver updates:
* The latching on to a previous replace battery status was fixed, with its
alarm state variable now correctly being reset; previously a factually
replaced battery did not clear the alarm and the whole driver needed to
be restarted. [issue #2999, PR #3002]
- `clone`, `clone-outlet`, `nhs_ser` driver and `nutdrv_qx_ablerex`
subdriver updates:
* Refactored to follow modern handling of status and alarm conditions,
aligning with current driver design practices. This includes fixing
copy-paste related issues in alarm reporting and removing some alarm
messages that should instead be reflected as status flags. [#2936]
- `dummy-ups` driver updates:
* A new instruction `ALARM` was added for the `Dummy Mode` operation
of the driver, enabling simulation of UPS alarm states more closely
in line with modern, real-world UPS driver implementations. This
follows the updated principle of keeping alarm states decoupled from
the `ups.status` variable, with alarms now raised via common alarm
functions rather than direct manipulation. [issue #2928, PR #2936]
- `nutdrv_qx` driver updates:
* Added support for "preprocess"/"process" methods called from mapping tables
to report back to the driver that an argument value was not supported,
so `setvar()` or `instcmd()` can not proceed safely and should return
`STAT_SET_CONVERSION_FAILED` or `STAT_INSTCMD_CONVERSION_FAILED`. [#3017]
* Introduced `innovart33` protocol support for Ippon Innova RT 3/3 topology
UPSes. [#2938]
* Updated `megatec` protocol for more detailed responses to `I` query
which may return `ups.serial` (after a shorter `device.mfr`) and the
`battery.runtime` (after a shorter `device.model`). Note that the
expected response is shorter than in other dialects (38 vs. 39 bytes),
so if this change breaks anything for your UPS that reported the values
above correctly (e.g. the `ups.firmware` version becomes shorter or
none of these are reported), please let NUT developers know. [#2980]
* Revised `voltronic` protocol to suppress alarm "UPS is in ECO Mode",
using "buzzword mode" settings more correctly than in the previous
iteration, shipped in NUT v2.8.3 release (as PR #2750 for issue #2708).
[issue #2494]
* Introduced a `voltronic-axpert` subdriver for Voltronic Axpert inverters
which speak the P30 protocol, currently in a highly experimental state:
with initial support for query commands, but most values are "hidden"
from default NUT builds by being defined in `experimental.*` namespace,
and should also be enabled by `configure --with-unmapped-data-points`.
Development was based on work done in the Voltronic Sunny subdriver in
https://github.com/nickma82/nut/tree/nutdrv_qx_voltronic-sunny_rebased%2Bcommand
[#1407]
- `phoenixcontact_modbus` driver updates:
* Added more settings that can be tuned -- support for shutdown variables,
UPS mode selector, PC reset delay after main power recovers, and
automatic switch to battery mode (and back) if main power is below
or above a defined threshold (see the new "Configurable Values" section
in the man page). They can be configured via `default.*` values in
`ups.conf`. [#2986]
- `pijuice` driver updates:
* Converted to NUT standard use of `status_set()` with single-token values.
[issue #2708]
- `snmp-ups` driver updates:
* Added support for "fun"/"nuf" methods called from mapping tables to
report back to the driver that an argument value was not supported,
so `setvar()` or `instcmd()` can not proceed safely and should return
`STAT_SET_CONVERSION_FAILED` or `STAT_INSTCMD_CONVERSION_FAILED`. [#3017]
* Fixed `ups.test.date` to be semi-static in `apc-mib` mapping, so it
would be queried more than once per driver up-time. [issue #3011]
* Fixed debug-logging around `SU_FLAG_STATIC` entries to clarify when
they get skipped. [issue #3011]
- `usbhid-ups` driver updates:
* Added support for "fun"/"nuf" methods called from mapping tables to
report back to the driver that an argument value was not supported,
so `setvar()` or `instcmd()` can not proceed safely and should return
`STAT_SET_CONVERSION_FAILED` or `STAT_INSTCMD_CONVERSION_FAILED`. [#3017]
* `hid_ups_walk(HU_WALKMODE_INIT)`: report if exactly one of "fun" or "nuf"
dynamic value mapping methods is defined in a one-line table, and this
may preclude reads/writes of that variable. [#2956]
* The `cps-hid` subdriver's existing mechanism for fixing broken report
descriptors was extended to cover a newly reported case of nominal UPS
power being incorrectly reported due to an unrealistically low maximum
threshold, as seen with a EC850LCD device. [issue #2917, PR #2919]
* Further revision of "ECO mode" related code in `mge-hid` subdriver,
following up from work started for NUT v2.8.3 release. [PR #2956]
* Added APC BVKxxxM2 and BKxxxM2-CH to list of devices where
`lbrb_log_delay_sec=N` may be necessary to address spurious LOWBATT
and REPLACEBATT events. [PR #2942, PR #3007, issue #2347, issue #3006]
- New NUT drivers:
* Introduced a `ve-direct` driver for Victron Energy UPS/solar panels
monitoring. Most specific reported values are in an `experimental.*`
namespace, as a community we need to come up with standard naming for
those via `docs/nut-names.txt`. [#440]
* Introduced a `nutdrv_hashx` driver for numerous devices from Ablerex,
Atlantis Land, Epyc, Infosec, ION, PowerWalker, Right Power Technology,
Salicru, UPS Solutions and other vendors (originally shipped with a
"PowerMaster+", "PowerMaster" or "PowerGuide" software companion suite).
This seems to be a protocol developed by Cyber Energy for serial-port
devices, subsequently used by different vendors in their own products
or re-branded Cyber Energy creations. [#2940]
* Introduced a `failover` driver for monitoring multiple UPS driver sockets
and seamless switching out of UPS data in a failover situation, includes
support for end-to-end tracked instant commands and also variable updating.
[#2962]
* Introduced USB (`powervar_cx_usb`) and Serial (`powervar_cx_ser`) drivers
for Powervar CUSPP protocol, tested with GTS (USB) and UPM (USB, Serial)
models. [#2988]
- The `nut-driver-enumerator.sh` script (NDE) updates:
* Now NDE internally tracks dependency of one driver on another one that
should be locally running to serve the "original" data points (`clone`,
`clone-outlet`, `dummy-ups`, `failover`). It should create "soft"
dependencies between respective service instances to order their
start-up sequence. [#2962]
* Fixed NDE to not consider "masked" systemd units as non-existent or
as syntactically failed instantiated unit names. [#3033]
- NUT Monitor GUI:
* Ported Python 3 version to Qt6, now shipped alongside Qt5 for systems
with either or both, maximizing compatibility with old and new setups.
[#2946]
- `upsmon` client:
* Clearer debug logging of `SHUTDOWNCMD` and `NOTIFYCMD` that would be used
(or warnings that none was set); flush output buffers after these messages
and after each main loop cycle, so any emitted text is seen in a timely
manner. [issue #3003, PR #3008]
- The `nutshutdown` script (end-game integration for UPS power-off in case
of FSD initiated by `upsmon`) was updated to consider `MODE=none` set in
`nut.conf` and bail out quietly. [issue #2935, PR #3008]
- Manual page recipes and contents:
* Introduced handling (possibly rewriting) for man page section "Overviews,
conventions, and miscellaneous" (commonly number 7), to deliver support
for `man nut` queries (NUT overview manual page also created). [#2945]
* A new `configure --with-docs-man-dir-as-base` option was introduced so
that directories for man page sections can now be automatically named
as either "base" number of the section (e.g. `man1`) or by full section
name (`man1m`), as different OS distributions have different preferences
in this regard. [#2950]
* Option to `configure --enable-docs-man-for-progs-built-only` was added,
to differentiate NUT builds that deliver man pages for only built programs
(legacy default) or for all of them (as needed for docs sites). [#2976]
* Option to `configure --enable-docs-changelog` was added, specifically
to allow developer iterations to not waste CPU time rebuilding the huge
`ChangeLog*` files whenever their Git index changes. [#3019]
* Options to `configure --with-docs-changelog-start` and/or
`configure --with-docs-changelog-end` were added to allow developers
to customize the size of `ChangeLog*` files when they are generated.
Default starting value is `auto` which applies the legacy default
`v2.6.0` to release/pre-release builds, or when local Git version info
could not be retrieved, and the most-recent release tag (or `master`
as fallback) for usual build iterations. Default ending value is `HEAD`
for the current git commit at the moment the ChangeLog is (re-)generated.
Balancing against the option to not build `ChangeLog*` files at all,
this couple allows quicker builds that exercise all relevant recipe
code paths. [#3019]
- Extended the `gitlog2changelog.py` helper script to report start/end commits
actually used, and to allow callers to tweak them better (not only `HEAD`
for the end of range); this may be of interest to other projects which use
this script. Allow `configure` to disable generation of either certain
`ChangeLog*` rendering formats or completely, to speed up developer
iterations (much time is wasted when dev-testing new code, due to git
index changes if NUT was configured to build with documentation). [#3019]
- The `BUILD_TYPE=default-all-errors ci_build.sh` script handling was
revised to simplify code, and to default in CI builds to a quicker
mode which randomly mixes the selected SSL, USB and UNMAPPED variants
(and relies on the dozens of NUT CI farm runs per iteration to likely
cover all possible combinations), which should roughly halve the CI
build times. Default activity for developer builds should remain as
it was -- to try each such "axis" sequentially. [#2973]
- Revised generation of links to external manual pages in HTML rendering
of NUT manual pages (previous recipe iterations left DocBook XML `ulink`
tag "as is", which was not understood by web browsers).
[follow-up to PR #2797]
- Made the distro-dependent URL template for man pages configurable.
[follow-up to PR #2797]
- Revised `make install-as-root` to fall back to legacy ways of enabling
services, if `systemctl preset-all` fails (assumed due to a systemd 252
bug). [#3022]
- Added a `make check-parallel-builds` recipe to help troubleshoot recipes
in sub-directories, and improved build-ability of existing NUT sources
starting from scratch there. This is a workflow useful for NUT development
(e.g. to focus only on drivers, or tests, or nut-scanner) but not so much
for end-user packaging where everything builds from the root directory.
[PR #3030, follows up from PR #2825, highlights why issue #2584 better
be solved]
- Revised `appveyor.yml` to run CI builds faster (forfeit MSYS2 ecosystem
updates and some other steps) and more likely fit in one-hour allocation.
Also have it install `mingw-w64-x86_64-python-pyqt6` so the `NUT-Monitor`
application can get packaged (would need a capable Python run-time though).
[#3046]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6d332fdc0c3c24eaff4492f020cc617cb726d4de
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:22 2025 +0200
core198: Ship p11-kit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 31c5b4b03598793dec01ff6cf91465ca9f432786
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:30 2025 +0200
p11-kit: Update to version 0.25.8
- Update from version 0.25.5 to 0.25.8
- Update of rootfile
- Changelog
0.25.8
* rpc: Unbreak protocol compatibility by reverting "rpc: Correctly map Mozilla
certificate distrust attributes" [PR#716]
0.25.7
* Build fixes from tarball with Meson [PR#714]
0.25.6
* rpc: Add module configuration option to specify server address [PR#707]
* rpc: Correctly map Mozilla certificate distrust attributes [PR#705]
* rpc: Fix empty array attribute handling [PR#704]
* server: Remove libsystemd dependency for socket activation [PR#685]
* Avoid segfault if p11_library_init_impl/p11_library_uninit are called
multiple times [PR#682]
* Add zsh completions [PR#674]
* pkcs11: Update pkcs11.h to version 3.1 [PR#671]
* pkcs11: Add IBM specific mechanisms [PR#669]
* server: check SHELL if (and only if) neither --sh nor --csh is specified
[PR#661]
* trust: don't create file names longer then 255 [PR#659]
* trust: sort paths for reproducible extract [PR#656]
* Build and test fixes [PR#647, PR#653, PR#654, PR#657, PR#660, PR#667, PR#673,
PR#681, PR#683, PR#688, PR#694]
* Update translations [PR#663, PR#701]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 932c1a82183897e27b54bf2ea5987f1d03eca7eb
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:21 2025 +0200
core198: Ship lvm2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c785cc3c45f5a33e87c09a487306e8c56b13d613
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:29 2025 +0200
lvm2: Update to version 2.03.35
- Update from version 2.03.33 to 2.03.35
- Update of rootfile
- Changelog
2.03.35
Fix unlocking devices file only after all PVs are processed.
Avoid creating system.devices when deleting entries.
Fix existing issues with persistent reservations.
Fix possible report output format inconsistencies while processing PVs.
Allow report options for pv/vg/lvdisplay only if used with -C|--columns.
Fix vgsplit failing to split a VG with RAID+integrity or cache with cachevol.
Fix --lockopt handling in lvmlockd when --nolocking is used.
Optimize dmeventd when remonitoring active devices.
2.03.34
Support dmeventd restart when there are no monitored devices.
Dmeventd no longer calls 'action commands' on removed devices.
Fix reader of VDO metadata on 32bit architecture.
Fix lvmdevices --deldev/--delpvid to error out if devices file not writeable.
Fix lvresize corruption in LV->crypt->FS stack if near crypt min size limit.
Enhanced lvresize -r support for btrfs.
Use glibc standard functions htoX, Xtoh functions for endian conversion.
Fix structure copying within sanlock's release_rename().
Fix autoactivation on top of loop dev PVs to trigger once for change uevents.
Add lvmlockd --lockopt repair to reinitialize corrupted sanlock leases.
Fix support for lvcreate -T --setautoactivation.
Add lvm.conf global/lvresize_fs_helper_executable.
Enable lvm to use persistent reservations on a VG.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9acb4b08cb2fa38c591c270d75f3d823243232d8
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:20 2025 +0200
core198: Ship libxml2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 798fa55f0d58f3bfcad9a26f3b579daba2a92bfe
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:28 2025 +0200
libxml2: Update to version 2.14.6
- Update from version 2.14.4 to 2.14.6
- Update of rootfile
- 5 CVE fixes in version 2.14.5
- Changelog
2.14.6
Regressions
valid: Don't add ids when validating entity content
Fix initGenericErrorDefaultFunc(NULL) (Samuel Thibault)
valid: Undeprecate xmlAdd*Decl
globals: Include HTMLparser.h, fixing Windows build
io: Fix reading from pipes like stdin on Windows
Security
regexp: Avoid integer overflow and OOB array access
tree: Guard against atype corruption
Improvements
parser: Fix xmlSaturatedAddSizeT argument type
2.14.5
Regressions
valid: Don't add ids when validating entity content
io: Fix reading from pipes like stdin on Windows
parser: Fix handling of invalid char refs in recovery mode
Security
regexp: Avoid integer overflow and OOB array access
tree: Guard against atype corruption
[CVE-2025-49794] [CVE-2025-49796] schematron: Fix xmlSchematronReportOutput
[CVE-2025-49795] schematron: Fix null pointer dereference leading to DoS
(Michael Mann)
[CVE-2025-6170] Fix potential buffer overflows of interactive shell
(Michael Mann)
[CVE-2025-6021] tree: Fix integer overflow in xmlBuildQName
Bug fixes
save: Fix serialization of attribute defaults containing <
Improvements
parser: Fix xmlSaturatedAddSizeT argument type
Build systems and portability
meson: Add libxml2 part of include dir to pc file (Heiko Becker)
cmake: Fix installation directories in libxml2-config.cmake
io: Fix linkage of __xml*BufferCreateFilename functions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 199dc49ad07635013f639107f269d5059219c147
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:19 2025 +0200
core198: Ship libssh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2b4ca744b03f828297bde50e43f40abbf146b64f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:27 2025 +0200
libssh: Update to version 0.11.3
- Update from version 0.11.2 to 0.11.3
- Update of rootfile
- Changelog
0.11.3
* Security:
* CVE-2025-8114: Fix NULL pointer dereference after allocation failure
* CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated
wrong KEX
* Potential UAF when send() fails during key exchange
* Fix possible timeout during KEX if client sends authentication too early (#311)
* Cleanup OpenSSL PKCS#11 provider when loaded
* Zeroize buffers containing private key blobs during export
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3063559e4fa15e3058f2e62d8df617fae4a92e69
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:18 2025 +0200
core198: Ship libffi
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c9ff62f3d28bf9c95de5889b02f9b13a3be8726d
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:26 2025 +0200
libffi: Update to version 3.5.2
- Update from version 3.5.1 to 3.5.2
- Update of rootfile not required
- Changelog
3.5.2
fix: enable FFI_MMAP_EXEC_WRIT for DragonFly BSD by @liweitianux in #930
Emscripten: Add wasm64 target by @ktock in #927
fix: Ensure trampoline file descriptors are closed on exec.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1345abf18b964289bbc37033eb8d7500cd97a15f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:25 2025 +0200
haproxy: Update to version 3.2.4
- Update from version 3.2.2 to 3.2.4
- Update of rootfile not required
- Changelog
3.2.4
- DOC: deviceatlas build clarifications
- BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no
ECDSA ciphers
- BUG/MEDIUM: acme: use POST-as-GET instead of GET for resources
- MINOR: acme: remove acme_req_auth() and use acme_post_as_get() instead
- BUG/MINOR: acme: allow "processing" in challenge requests
- CLEANUP: acme: fix wrong spelling of "resources"
- MINOR: acme: add ACME to the haproxy -vv feature list
- MINOR: acme: implement traces
- BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
- BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
- BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
- BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally
established
- BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
- BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
- BUG/MEDIUM: mux-quic: ensure Early-data header is set
- CLEANUP: ssl: Rename ssl_trace-t.h to ssl_trace.h
- BUILD: acme: avoid declaring TRACE_SOURCE in acme-t.h
- BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list
iterator
- MINOR: acme: emit a log for DNS-01 challenge response
- MINOR: acme: emit the DNS-01 challenge details on the dpapi sink
- MEDIUM: acme: allow to wait and restart the task for DNS-01
- MINOR: acme: update the log for DNS-01
- BUG/MINOR: acme: possible integer underflow in acme_txt_record()
- MEDIUM: acme: use lowercase for challenge names in configuration
- DOC: management: clarify usage of -V with -c
- MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory
- BUG/MINOR: listener: really assign distinct IDs to shards
- MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version
< 3.5.1
- BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration
(OpenSSL 3.5)
- BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was
xferred
- BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are
xferred
- BUG/MEDIUM: http-client: Ask for more room when request data cannot be
xferred
- BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
- BUG/MINOR: http-client: Reject any 101-switching-protocols response
- BUG/MEDIUM: http-client: Drain the request if an early response is received
- BUG/MEDIUM: http-client: Notify applet has more data to deliver until
the EOM
- MINOR: h1-htx: Add function to format an HTX message in its H1
representation
- BUG/MINOR: mux-h1: Use configured error files if possible for early H1
errors
- BUG/MINOR: h1-htx: Don't forget to init flags in h1_format_htx_msg function
- BUG/MEDIUM: h3: do not overwrite interim with final response
- BUG/MINOR: h3: properly realloc buffer after interim response encoding
- BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
- MINOR: qmux: change API for snd_buf FIN transmission
- BUG/MEDIUM: h3: handle interim response properly on FE side
- BUG/MINOR: quic: Wrong source address use on FreeBSD
- MINOR: h3: remove unused outbuf in h3_resp_headers_send()
- BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
- BUG/MINOR: halog: exit with error when some output filters are set
simultaneosly
- BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
- BUG/MINOR: logs: fix log-steps extra log origins selection
- BUG/MINOR: hq-interop: fix FIN transmission
- BUG/MINOR mux-quic: apply correctly timeout on output pending data
- BUG/MINOR: mux-quic: ensure close-spread-time is properly applied
- CLEANUP: http-client: Remove useless indentation when sending request body
- DOC: list missing global QUIC settings
- BUILD: compat: provide relaxed versions of the MIN/MAX macros
- BUILD: compat: always set _POSIX_VERSION to ease comparisons
- BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr
instead of MAX_SESS_STKCTR
- MINOR: sock: update broken accept4 detection for older hardwares.
- BUG/MEDIUM: ssl: Fix 0rtt to the server
- BUG/MEDIUM: ssl: fix build with AWS-LC
- BUG/MINOR: init: Initialize random seed earlier in the init process
- DOC: management: fix typo in commit f4f93c56
- DOC: config: recommend single quoting passwords
- BUG/MEDIUM: mux-quic: adjust wakeup behavior
- BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX
buffer
3.2.3
- CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0
- CI: github: add an OpenSSL 3.5.0 job
- CI: github: update the stable CI to ubuntu-24.04
- BUILD: quic: QUIC build against OpenSSL 3.5 broken
- BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
- CI: github: update to OpenSSL 3.5.1
- BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits
(OpenSSL 3.5 QUIC API)
- BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
- BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle
connections
- BUG/MINOR: http-act: Fix parsing of the expression argument for pause
action
- BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 36110b3f109fa60308a790aee1875e4816521f9f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:17 2025 +0200
core198: Ship freetype
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b07d7b7c66f75ac05491b3fee9cab812b20d88fe
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:24 2025 +0200
freetype: Update to version 2.14.1
- Update from version 2.13.3 to 2.14.1
- Update of rootfile
- Changelog
2.14.1
This is an emergency release that fixes a couple of severe bugs introduced in
version 2.14.0 and discovered right after the release;
see issues #1349, #1353, #1354, #1355, and #1356.
2.14.0
IMPORTANT CHANGES
- A new configuration macro `FT_CONFIG_OPTION_USE_HARFBUZZ_DYNAMIC`
is available to load the HarfBuzz library dynamically (in addition
to the standard static and dynamic linking modes); cmake, meson,
and autotools support have been updated accordingly. Using this
new feature makes it possible to avoid the circular dependency
between HarfBuzz and FreeType.
A side effect of this change is that FreeType no longer uses
HarfBuzz header files (if HarfBuzz support is activated).
This code was contributed by Behdad Esfahbod.
- The auto-hinter got new abilities.
. It can now better separate diacritic glyphs from base glyphs at
small sizes by artificially moving diacritics up (or down) if
necessary.
. Tilde accent glyphs get vertically stretched at small sizes so
that they don't degenerate to horizontal lines.
. Diacritics directly attached to a base glyph (like the ogonek in
character 'ę') no longer distort the shape of the base glyph.
These features use a database (which currently has entries for
Unicode characters up to U+FFFF, based on Unicode 17.0), handling
scripts like Latin, Cyrillic, or Greek, but not Arabic or Indic
scripts. FreeType needs to access a proper Unicode character map
(or must be able to construct such a cmap) of a given font to make
this work.
The central algorithm and the foundation of this feature was Craig
White's GSoC 2023 project.
- Bitmap-only TrueType fonts now ignore the `FT_LOAD_NO_BITMAP` flag
and proceed loading bitmaps instead of giving an error. This
behavior is documented and implemented for other bitmap-only
fonts. The flag was always meant to suppress the bitmap strikes
in favor of outlines, not to ban them completely.
IMPORTANT BUG FIXES
- Users of the `TT_CONFIG_OPTION_GPOS_KERNING` configuration option
should update; the 'GPOS' table wasn't correctly validated before
access, which could lead to crashes with malformed font files.
MISCELLANEOUS
- `FT_Set_Var_Design_Coordinates` and `FT_Set_MM_Blend_Coordinates`
now set the `FT_FACE_FLAG_VARIATION` bit in the `face_flag` field
of `FT_Face` (i.e., the macro `FT_IS_VARIATION` returns true) also
if any of the provided coordinates is different from the face's
default value for the corresponding axis, that is, the set up face
is not at its default position.
- `FT_Load_Sfnt_Table` can now also load a font's table directory.
- The TrueType instruction interpreter was optimized to produce a
15% gain in the glyph loading speed.
- Handling of Variation Fonts is now considerably faster, thanks to
contributions by Behdad Esfahbod.
- TrueType and CFF glyph loading speed has been improved by 5-10% on
modern 64-bit platforms as a result of better handling of fixed-
point multiplication.
- The BDF driver now loads fonts 75% faster.
- 'GPOS' kern table handling (if the `TT_CONFIG_OPTION_GPOS_KERNING`
configuration option is active) is now about 3.5 times faster than
before.
- Support for the (currently undocumented) 'flip' graphic type in
the 'sbix' SFNT table as used in the `Apple Color Emoji.ttc` font
(code provided by Andrew Murray).
- `ftmulti` can now scroll through named instances and gracefully
show static fonts.
- The build file on OpenVMS now also creates a 32-bit version of the
library.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5c3108043280aabd6821b988dbde720be4bd92ef
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:16 2025 +0200
core198: Ship ethtool
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4740d7ccb17db0e8c697630b72934ba8f1809bfc
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 15 19:46:23 2025 +0200
ethtool: Update to version 6.15
- Update from version 6.9 to 6.15
- Update of rootfile
- Changelog
6.15
* Feature: support OR-XOR symmetric RSS hash type (-x/-X)
* Feature: dump registers for hibmcge driver (-d)
* Feature: configure header-data split threshold (-g/-G)
* Feature: dump registers for fbnic driver (-d)
* Feature: JSON output for channels info (-l)
* Fix: incorrect data in appstream metainfo XML
* Fix: prevent potential null pointer dereferences
* Fix: more consistent and better parseable per lane signal info (-d)
6.14
* Feature: list PHYs (--show-phys)
* Feature: target a specific PHY with some commands (--phy)
* Feature: more attributes for C33 PSE (--show-pse, --set-pse)
* Feature: source information for cable tests (--cable-test[-tdr])
* Feature: JSON output for module info (-m)
* Feature: misc RSS hash info improvements (-x)
* Feature: tsinfo hwtstamp provider (--{get,set}-hwtimestamp-cfg)
* Fix: fix wrong auto-negotiation state (no option)
* Fix: more explicit RSS context action (-n)
* Fix: print PHY address as decimal (no option)
* Fix: fix return value on flow hashing error (-N)
* Fix: fix JSON output for IRQ coalescing
* Fix: fix MDI-X info output (no option)
* Misc: code cleanup in module parsers
* Misc: provide module_info JSON schema
* Misc: add '-j' alias for --json
* Misc: provide AppStream metainfo XML
* Misc: update message descriptions for debugging output
6.11
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
6.10
* Feature: suport for PoE in PSE (--show-pse and --set-pse)
* Feature: add statistics support to tsinfo (-T)
* Feature: add JSON output to base command (no option)
* Feature: add JSON output to EEE info (--show-eee)
* Fix: qsfp: better handling on page 03h read failure (-m)
* Fix: handle zero arguments for module eeprom dump (-m)
* Fix: check for missing arguments in do_srxfh() (-X)
* Misc: compiler warnings in "make check"
* Misc: more descriptive error when JSON output is not available
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/ethtool | 2 ++
config/rootfiles/common/freetype | 2 +-
config/rootfiles/common/libssh | 2 +-
config/rootfiles/common/libxml2 | 2 +-
config/rootfiles/common/lvm2 | 2 ++
config/rootfiles/common/p11-kit | 3 ++-
.../rootfiles/{oldcore/125 => core/198}/filelists/collectd | 0
.../rootfiles/{oldcore/158 => core/198}/filelists/ethtool | 0
.../rootfiles/{oldcore/110 => core/198}/filelists/freetype | 0
.../rootfiles/{oldcore/155 => core/198}/filelists/libffi | 0
.../rootfiles/{oldcore/137 => core/198}/filelists/libssh | 0
.../rootfiles/{oldcore/101 => core/198}/filelists/libxml2 | 0
config/rootfiles/{oldcore/125 => core/198}/filelists/lvm2 | 0
.../rootfiles/{oldcore/160 => core/198}/filelists/p11-kit | 0
config/rootfiles/packages/nut | 9 +++++++--
lfs/ethtool | 9 +++++----
lfs/freetype | 14 +++++++-------
lfs/haproxy | 6 +++---
lfs/libffi | 7 ++++---
lfs/libssh | 4 ++--
lfs/libxml2 | 4 ++--
lfs/lvm2 | 4 ++--
lfs/nut | 6 +++---
lfs/p11-kit | 6 +++---
24 files changed, 47 insertions(+), 35 deletions(-)
copy config/rootfiles/{oldcore/125 => core/198}/filelists/collectd (100%)
copy config/rootfiles/{oldcore/158 => core/198}/filelists/ethtool (100%)
copy config/rootfiles/{oldcore/110 => core/198}/filelists/freetype (100%)
copy config/rootfiles/{oldcore/155 => core/198}/filelists/libffi (100%)
copy config/rootfiles/{oldcore/137 => core/198}/filelists/libssh (100%)
copy config/rootfiles/{oldcore/101 => core/198}/filelists/libxml2 (100%)
copy config/rootfiles/{oldcore/125 => core/198}/filelists/lvm2 (100%)
copy config/rootfiles/{oldcore/160 => core/198}/filelists/p11-kit (100%)
Difference in files:
diff --git a/config/rootfiles/common/ethtool b/config/rootfiles/common/ethtool
index 1ffc4025d..28879aae3 100644
--- a/config/rootfiles/common/ethtool
+++ b/config/rootfiles/common/ethtool
@@ -1,3 +1,5 @@
usr/sbin/ethtool
#usr/share/bash-completion/completions/ethtool
#usr/share/man/man8/ethtool.8
+#usr/share/metainfo
+#usr/share/metainfo/org.kernel.software.network.ethtool.metainfo.xml
diff --git a/config/rootfiles/common/freetype b/config/rootfiles/common/freetype
index 81adc2503..0781a0f17 100644
--- a/config/rootfiles/common/freetype
+++ b/config/rootfiles/common/freetype
@@ -60,7 +60,7 @@
#usr/lib/libfreetype.la
#usr/lib/libfreetype.so
usr/lib/libfreetype.so.6
-usr/lib/libfreetype.so.6.20.2
+usr/lib/libfreetype.so.6.20.4
#usr/lib/pkgconfig/freetype2.pc
#usr/share/aclocal/freetype2.m4
#usr/share/man/man1/freetype-config.1
diff --git a/config/rootfiles/common/libssh b/config/rootfiles/common/libssh
index 77dfc71cf..d0b55519f 100644
--- a/config/rootfiles/common/libssh
+++ b/config/rootfiles/common/libssh
@@ -14,5 +14,5 @@
#usr/lib/cmake/libssh/libssh-config.cmake
#usr/lib/libssh.so
usr/lib/libssh.so.4
-usr/lib/libssh.so.4.10.2
+usr/lib/libssh.so.4.10.3
#usr/lib/pkgconfig/libssh.pc
diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2
index 009e1fb06..995a268bd 100644
--- a/config/rootfiles/common/libxml2
+++ b/config/rootfiles/common/libxml2
@@ -54,7 +54,7 @@
#usr/lib/libxml2.la
#usr/lib/libxml2.so
usr/lib/libxml2.so.16
-usr/lib/libxml2.so.16.0.4
+usr/lib/libxml2.so.16.0.6
#usr/lib/pkgconfig/libxml-2.0.pc
#usr/share/doc/libxml2
#usr/share/doc/libxml2/xmlcatalog.html
diff --git a/config/rootfiles/common/lvm2 b/config/rootfiles/common/lvm2
index bd1329e54..a71ac8be8 100644
--- a/config/rootfiles/common/lvm2
+++ b/config/rootfiles/common/lvm2
@@ -35,6 +35,7 @@ usr/sbin/lvmconfig
usr/sbin/lvmdevices
usr/sbin/lvmdiskscan
usr/sbin/lvmdump
+usr/sbin/lvmpersist
usr/sbin/lvmsadc
usr/sbin/lvmsar
usr/sbin/lvreduce
@@ -99,6 +100,7 @@ usr/sbin/vgsplit
#usr/share/man/man8/lvmdevices.8
#usr/share/man/man8/lvmdiskscan.8
#usr/share/man/man8/lvmdump.8
+#usr/share/man/man8/lvmpersist.8
#usr/share/man/man8/lvmsadc.8
#usr/share/man/man8/lvmsar.8
#usr/share/man/man8/lvreduce.8
diff --git a/config/rootfiles/common/p11-kit b/config/rootfiles/common/p11-kit
index c0ea3ac58..2d3fbf246 100644
--- a/config/rootfiles/common/p11-kit
+++ b/config/rootfiles/common/p11-kit
@@ -15,7 +15,7 @@ usr/bin/trust
#usr/lib/libp11-kit.la
#usr/lib/libp11-kit.so
usr/lib/libp11-kit.so.0
-usr/lib/libp11-kit.so.0.4.1
+usr/lib/libp11-kit.so.0.4.3
usr/lib/p11-kit-proxy.so
#usr/lib/pkcs11
#usr/lib/pkcs11/p11-kit-client.la
@@ -54,6 +54,7 @@ usr/lib/pkcs11/p11-kit-trust.so
#usr/share/gtk-doc/html/p11-kit/p11-kit.devhelp2
#usr/share/gtk-doc/html/p11-kit/p11-kit.html
#usr/share/gtk-doc/html/p11-kit/pkcs11-conf.html
+#usr/share/gtk-doc/html/p11-kit/proxy.html
#usr/share/gtk-doc/html/p11-kit/reference.html
#usr/share/gtk-doc/html/p11-kit/remoting.html
#usr/share/gtk-doc/html/p11-kit/right-insensitive.png
diff --git a/config/rootfiles/core/198/filelists/collectd b/config/rootfiles/core/198/filelists/collectd
new file mode 120000
index 000000000..871b32f14
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/collectd
@@ -0,0 +1 @@
+../../../common/collectd
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/ethtool b/config/rootfiles/core/198/filelists/ethtool
new file mode 120000
index 000000000..494a53e9d
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/ethtool
@@ -0,0 +1 @@
+../../../common/ethtool
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/freetype b/config/rootfiles/core/198/filelists/freetype
new file mode 120000
index 000000000..79ec5c42e
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/freetype
@@ -0,0 +1 @@
+../../../common/freetype
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/libffi b/config/rootfiles/core/198/filelists/libffi
new file mode 120000
index 000000000..c391acd0c
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/libffi
@@ -0,0 +1 @@
+../../../common/libffi
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/libssh b/config/rootfiles/core/198/filelists/libssh
new file mode 120000
index 000000000..ecbb67053
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/libssh
@@ -0,0 +1 @@
+../../../common/libssh
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/libxml2 b/config/rootfiles/core/198/filelists/libxml2
new file mode 120000
index 000000000..242e69fa3
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/libxml2
@@ -0,0 +1 @@
+../../../common/libxml2
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/lvm2 b/config/rootfiles/core/198/filelists/lvm2
new file mode 120000
index 000000000..d640870b7
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/lvm2
@@ -0,0 +1 @@
+../../../common/lvm2
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/p11-kit b/config/rootfiles/core/198/filelists/p11-kit
new file mode 120000
index 000000000..e652deb67
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/p11-kit
@@ -0,0 +1 @@
+../../../common/p11-kit
\ No newline at end of file
diff --git a/config/rootfiles/packages/nut b/config/rootfiles/packages/nut
index 4367797bf..6bcd2a553 100644
--- a/config/rootfiles/packages/nut
+++ b/config/rootfiles/packages/nut
@@ -27,6 +27,7 @@ usr/bin/clone-outlet
usr/bin/dummy-ups
usr/bin/etapro
usr/bin/everups
+usr/bin/failover
usr/bin/gamatronic
usr/bin/genericups
usr/bin/isbmex
@@ -44,12 +45,15 @@ usr/bin/nhs_ser
usr/bin/nut-scanner
usr/bin/nutconf
usr/bin/nutdrv_atcl_usb
+usr/bin/nutdrv_hashx
usr/bin/nutdrv_qx
usr/bin/nutdrv_siemens-sitop
usr/bin/oneac
usr/bin/optiups
usr/bin/powercom
usr/bin/powerpanel
+usr/bin/powervar_cx_ser
+usr/bin/powervar_cx_usb
usr/bin/rhino
usr/bin/richcomm_usb
usr/bin/riello_ser
@@ -69,6 +73,7 @@ usr/bin/upslog
usr/bin/upsrw
usr/bin/upssched-cmd
usr/bin/usbhid-ups
+usr/bin/ve-direct
usr/bin/victronups
#usr/include/nut-scan.h
#usr/include/nutclient.h
@@ -89,8 +94,8 @@ usr/lib/libnutclientstub.so.1
usr/lib/libnutclientstub.so.1.0.1
#usr/lib/libnutscan.la
#usr/lib/libnutscan.so
-usr/lib/libnutscan.so.3
-usr/lib/libnutscan.so.3.0.0
+usr/lib/libnutscan.so.4
+usr/lib/libnutscan.so.4.0.0
#usr/lib/libupsclient.la
#usr/lib/libupsclient.so
usr/lib/libupsclient.so.7
diff --git a/lfs/ethtool b/lfs/ethtool
index 9cdede460..cd5d25150 100644
--- a/lfs/ethtool
+++ b/lfs/ethtool
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 6.9
+VER = 6.15
THISAPP = ethtool-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e04fa530084ad14abfea8c3802f272eb61eae9ee07aa2a12d16eeb77708b5ab021f1cdee10c24f83f77d65f2740ba5aceda99c21c47ef6cbcd65834af8334b00
+$(DL_FILE)_BLAKE2 = 2a4a71c7ea6ac047d23fa9c8265a2dce8432f4417f6006f71dc91e365b9a841b5bfd44683e3179806f38285f199ed0cb84d1ca7a3f02979b8f4045274736f9eb
install : $(TARGET)
@@ -70,7 +70,8 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/freetype b/lfs/freetype
index fa69e4e31..2a1d90aeb 100644
--- a/lfs/freetype
+++ b/lfs/freetype
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.13.3
+VER = 2.14.1
THISAPP = freetype-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f9591c6998df02b072adaf38a968e91deae8ed4d53ea0cb74d08982c4f0e48b1a98c1378a698164e4f730f07a3b0bea308a94fcc2e2b8ce9967dbf9478b599bd
+$(DL_FILE)_BLAKE2 = 1dc62d337a93ca94f93496e60bdf9cbabed5867d66bb2f07669f1b5f81ef16f6cc57c401f51bb62d919680316f73902fafb6a167c45183872faaf984840b5ec7
install : $(TARGET)
@@ -72,11 +72,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -ri "s:.*(AUX_MODULES.*valid):\1:" modules.cfg
cd $(DIR_APP) && sed -r "s:.*(#.*SUBPIXEL_RENDERING) .*:\1:" \
- -i include/freetype/config/ftoption.h
+ -i include/freetype/config/ftoption.h
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --enable-freetype-config \
- --disable-static
+ --prefix=/usr \
+ --enable-freetype-config \
+ --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/haproxy b/lfs/haproxy
index 005754e55..633d11f50 100644
--- a/lfs/haproxy
+++ b/lfs/haproxy
@@ -26,7 +26,7 @@ include Config
SUMMARY = The Reliable, High Performance TCP/HTTP Load Balancer
-VER = 3.2.2
+VER = 3.2.4
# From: https://www.haproxy.org/download/
@@ -36,7 +36,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = haproxy
-PAK_VER = 32
+PAK_VER = 33
DEPS =
@@ -54,7 +54,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8dc203c6ff0d366cba482c55bb8fc03d0b8ed7f6fee96a311efebc8a00abb5f50f087fa4b1045322ee831f3f7da0bee6eea67200083b0af5d40e8dd3f252644c
+$(DL_FILE)_BLAKE2 = b08c8637623a81f0e39ef897db032e43a5129cdff8440e6d77c8c19e3700b6f67bf4ac75084a465e100a7fb16c25a4c15830cda15baa4af927a919bff1c977bf
install : $(TARGET)
diff --git a/lfs/libffi b/lfs/libffi
index 545d45c9d..2217a8ea7 100644
--- a/lfs/libffi
+++ b/lfs/libffi
@@ -24,7 +24,7 @@
include Config
-VER = 3.5.1
+VER = 3.5.2
THISAPP = libffi-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = eaeb04beeb4ab6e0ef5652175d5c9d29a18b6f1edbf05db819a3a6ac9c8ed47de32c54fca4c3a9a476283c0771650d5a577e7868f16c671ee46e25db27369066
+$(DL_FILE)_BLAKE2 = 35ce590926bcdd2556c30c94bb0fef3f0cfe8f32e809ffad00eb0bc7a8ba1ba40da844b108069c87e86bff278221cc42dc7c7aacd02a7b7bc408ea054085398c
install : $(TARGET)
@@ -74,7 +74,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/libssh b/lfs/libssh
index 80eaa0219..26d41dd38 100644
--- a/lfs/libssh
+++ b/lfs/libssh
@@ -24,7 +24,7 @@
include Config
-VER = 0.11.2
+VER = 0.11.3
THISAPP = libssh-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 7f4a97b2027e386f5bfd308b1aac1938484722d4d1bb55ce0fa2de8358bedea47955df1cb4e68679033d1a5538058422770872f2f6513a82199ff506eccfad0e
+$(DL_FILE)_BLAKE2 = 859e4af9bf6305e54175e456d153a85e678a6fc49ac184dbe09d94ab01dde42f0321f5a2ac35cf4ca9df188daab6c4bf3171dcd8a3776419a3a1a20474ccf89a
install : $(TARGET)
diff --git a/lfs/libxml2 b/lfs/libxml2
index 7e3be5f8d..0509b9b98 100644
--- a/lfs/libxml2
+++ b/lfs/libxml2
@@ -24,7 +24,7 @@
include Config
-VER = 2.14.4
+VER = 2.14.6
THISAPP = libxml2-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6ee7e4f35e6f15124fe1ceb55758236229f87e05344c55e82c419f8e8dba763adbd25746c038d13189dfadc3bb023fd8891251e78e9c9046d42961829d93b885
+$(DL_FILE)_BLAKE2 = ad5d7cb64f8081559a671e9d79b3ebcd7313dada39d7f0c2854994153a9dff2ef85bc81336437f5881abe637bae51b62e9104b3a099113f4ee2252b604325291
install : $(TARGET)
diff --git a/lfs/lvm2 b/lfs/lvm2
index fd67dd59e..8fa0dc1b6 100644
--- a/lfs/lvm2
+++ b/lfs/lvm2
@@ -24,7 +24,7 @@
include Config
-VER = 2.03.33
+VER = 2.03.35
THISAPP = LVM2.$(VER)
DL_FILE = $(THISAPP).tgz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 89a5f4c338cae4196edf815820819e71a6d4211bdaa447ba6e71100469261d9f0d4071a70502b53e6734a8f857771a73efc9de62644b09363a807c2fa9562829
+$(DL_FILE)_BLAKE2 = f1612a98de3bc9080a514acefc1c9c057e9b2e6915ee6b6755c809eaec960e87f35f67d48ef7e5ef2ccd8f79203af7ef41a43e5318f024159bbef91906097730
install : $(TARGET)
diff --git a/lfs/nut b/lfs/nut
index ffd4601ac..a86b1694f 100644
--- a/lfs/nut
+++ b/lfs/nut
@@ -26,7 +26,7 @@ include Config
SUMMARY = Network UPS Tools Core (Uninterruptible Power Supply Monitoring)
-VER = 2.8.3
+VER = 2.8.4
THISAPP = nut-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nut
-PAK_VER = 14
+PAK_VER = 15
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 515e829286b123610a856003a8838a022ae365b193988477086a683b9da0a99b3b1cf048cecd75c764c8a9a03856e966bd9d82333475670d1df43899d9b8a7bf
+$(DL_FILE)_BLAKE2 = 1a9e86c112055b623811e1747aa420ebb8022189c2e43f38c29cca93171d59b895d1ff5487d8f325c79833c6f6a76bffd849fb179db158bb2a1fbf86952dd797
install : $(TARGET)
diff --git a/lfs/p11-kit b/lfs/p11-kit
index fcc4ce2c2..0676023c7 100644
--- a/lfs/p11-kit
+++ b/lfs/p11-kit
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.25.5
+VER = 0.25.8
THISAPP = p11-kit-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 96d6a9c2807586abafae4da4df89f566672733963997d6a83e00aaf83a7a0c0e2995638f505e98fb87a90c60bde28814f1e8b7d5071bf0af96bb0467105a1ddc
+$(DL_FILE)_BLAKE2 = d351b7b015920d7ecf1b9d3b4f1f3fc62c7ef46c1dc9ed3475b9ac7f5dbf5a47b2d2a19049e7eef81e35d0f993a860ee5df1864f0341596dca143140ae14e5c4
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-16 8:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-16 8:52 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. d3725fecec79b5d2c807e9830d983a1804b14616 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox