* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. b14eaec20f90a2e71073dfe4bc59cc3ee4762978
@ 2026-01-21 13:32 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-01-21 13:32 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via b14eaec20f90a2e71073dfe4bc59cc3ee4762978 (commit)
via 41661fd79fb01c98a0bd70a2f3fe5964f78db40b (commit)
via 24003e4f53ed5be2f8cd09ca7aa137edcec24000 (commit)
via 79858d385ca43b0b91db39ad7806c187a8e49bec (commit)
via a0a70d78ca298da658a0f56183dc9bc76806aa76 (commit)
via 8632f66a035e835ee3d5bae17a94c597815b0251 (commit)
via 0e84d4e405b942c9a8c3e195868b2bcf01a79336 (commit)
via 76f00fb74afc15d46bec75c265e2007f309be770 (commit)
via 6ca468f5160f52a54714d3b14c78b73049c04797 (commit)
via 7e8a27fd7641547a815aa13af052c191d586751a (commit)
from 7475e054284aaf385f618100618bcb906fa27016 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b14eaec20f90a2e71073dfe4bc59cc3ee4762978
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:06 2026 +0100
core200: Ship libjpeg
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 41661fd79fb01c98a0bd70a2f3fe5964f78db40b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:11 2026 +0100
libjpeg: Update to version 3.1.3
- Update from version 3.1.1 to 3.1.3
- No change to rootfile
- Changelog
3.1.3
Significant changes relative to 3.1.2:
1. Hardened the TurboJPEG API against hypothetical applications that may
erroneously call `tj*Compress*()` or `tj*Transform()` with a reused JPEG
destination buffer pointer while specifying a destination buffer size of 0.
2. Hardened the TurboJPEG API against hypothetical applications that may
erroneously set `TJPARAM_LOSSLESS` or `TJPARAM_COLORSPACE` prior to calling
`tj3EncodeYUV*8()` or `tj3CompressFromYUV*8()`. `tj3EncodeYUV*8()` and
`tj3CompressFromYUV*8()` now ignore `TJPARAM_LOSSLESS` and
`TJPARAM_COLORSPACE`.
3. Hardened the TurboJPEG Java API against hypothetical applications that may
erroneously pass huge X or Y offsets to one of the compression, YUV encoding,
decompression, or YUV decoding methods, leading to signed integer overflow in
the JNI wrapper's buffer size checks that rendered those checks ineffective.
4. Fixed an issue in the TurboJPEG Java API whereby
`TJCompressor.getSourceBuf()` sometimes returned the buffer from a previous
invocation of `TJCompressor.loadSourceImage()` if the target data precision was
changed before the most recent invocation.
5. Fixed an issue in the PPM reader that caused incorrect pixels to be
generated when using `tj3LoadImage*()` or `TJCompressor.loadSourceImage()` to
load a PBMPLUS (PPM/PGM) file into a CMYK buffer with a different data
precision than that of the file.
3.1.2
Significant changes relative to 3.1.1:
1. Fixed a regression introduced by 3.1 beta1[5] that caused a segfault in
TJBench if `-copy` or `-c` was passed as the last command-line argument.
2. The build system now uses wrappers rather than CMake object libraries to
compile source files for multiple data precisions. This improves code
readability and facilitates adapting the libjpeg-turbo source code to non-CMake
build systems.
3. Fixed an issue whereby decompressing a 4:2:0 or 4:2:2 JPEG image with merged
upsampling disabled/one-pass color quantization enabled, then reusing the same
API instance to decompress a 4:2:0 or 4:2:2 JPEG image with merged upsampling
enabled/color quantization disabled, caused `jpeg_skip_scanlines()` to use
freed memory. In practice, the freed memory was not reclaimed before it was
used. Thus, this issue did not cause a segfault or other user-visible errant
behavior (it was only detectable with ASan), and it did not likely pose a
security risk.
4. The AArch64 (Arm 64-bit) Neon SIMD extensions and accelerated Huffman codec
now support the Arm64EC ABI on Windows, which allows Windows/x64 applications
to call native Arm64 functions when running under the Windows/x64 emulator on
Windows/Arm.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 24003e4f53ed5be2f8cd09ca7aa137edcec24000
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:05 2026 +0100
core200: Ship libcap-ng
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 79858d385ca43b0b91db39ad7806c187a8e49bec
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:10 2026 +0100
libcap-ng: Update to version 0.9
- Update from version 0.8.5 to 0.9
- No change to rootfile
- Changelog
0.9
This release contains a significant new utility, cap-audit. Its purpose is to
audit the use of capabilities of a target program. When the program ends or
Ctl-c stops it, a report is generated about what was used. This can then be
used to lower capabilities instead of running as root.
Other changes in the release include:
Fix python path when invoking py-compile (Jan Palus)
Drop python2 bindings (Rudi Heitbaum)
Optimize capability name translation lookups
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a0a70d78ca298da658a0f56183dc9bc76806aa76
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:09 2026 +0100
libarchive: Update to version 3.8.5
- Update from version 3.8.3 to 3.8.5
- Update of rootfile
- Changelog
3.8.5
Notable bugxies:
bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix (#2809)
various small bugfixes in code and documentation
3.8.4
Notable bugxies:
bsdtar: Fix zero-length pattern issue (#2787)
lib: Fix regression introduced in libarchive 3.8.2 when walking enterable
but unreadable directories (#2797)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8632f66a035e835ee3d5bae17a94c597815b0251
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:08 2026 +0100
hwdata: Update to version 0.403
- Update from version 0.402 to 0.403
- No change to rootfile
0.403
Update usb and vendor ids
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0e84d4e405b942c9a8c3e195868b2bcf01a79336
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:04 2026 +0100
core200: Ship curl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 76f00fb74afc15d46bec75c265e2007f309be770
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:07 2026 +0100
curl: Update to version 8.18.0
- Update from version 8.17.0 to 8.18.0
- No change to rootfile
- Changelog
8.18.0
Changes:
build: drop support for VS2008 (Windows)
build: drop Windows CE / CeGCC support
gnutls: drop support for GnuTLS < 3.6.5
gnutls: implement CURLOPT_CAINFO_BLOB
openssl: bump minimum OpenSSL version to 3.0.0
Bugfixes:
_PROGRESS.md: add the E unit, mention kibibyte
alt-svc: more flexibility on same destination
altsvc: accept ma/persist per alternative entry
altsvc: make it one malloc instead of three per entry
AmigaOS: increase minimum stack size for tool_main
apple sectrust: fix ancient evaluation
apple-sectrust: always ask when `native_ca_store` is in use
asyn-ares: handle Curl_dnscache_mk_entry() OOM error
asyn-ares: remove hostname free on OOM
asyn-thrdd: fix Curl_async_getaddrinfo() on systems without getaddrinfo
asyn-thrdd: release rrname if ares_init_options fails
auth: always treat Curl_auth_ntlm_get() returning NULL as OOM
autotools: add nettle library detection via pkg-config (for GnuTLS)
autotools: drop autoconf <2.59 compatibility code (zz60-xc-ovr)
autotools: fix LargeFile feature display on Windows (after prev patch)
autotools: tidy-up `if` expressions
badwords: add fist -> first, fix fallouts
badwords: catch and fix threading-related words
badwords: fix issues found in scripts and other files
badwords: fix issues found in tests
build: add build-level `CURL_DISABLE_TYPECHECK` options
build: exclude clang prereleases from compiler warning options
build: replace `-pedantic` with `-Wpedantic` when supported
build: set `-Wno-format-signedness`
build: tidy-up MSVC CRT warning suppression macros
ccsidcurl: make curl_mime_data_ccsid() use the converted size
cf-h1-proxy: support folded headers in CONNECT responses
cf-https-connect: allocate ctx at first in cf_hc_create()
cf-socket: drop feature check for `IPV6_V6ONLY` on Windows
cf-socket: enable Win10 `TCP_KEEP*` options with old SDKs
cf-socket: limit use of `TCP_KEEP*` to Windows 10.0.16299+ at runtime
cf-socket: return OOM error if socket() fails due to OOM
cf-socket: trace ignored errors
cfilters: make conn_forget_socket a private libssh function
checksrc.pl: detect assign followed by more than one space
cmake: adjust defaults for target platforms not supporting shared libs
cmake: define dependencies as `IMPORTED` interface targets
cmake: delete unused file `CMake/CMakeConfigurableFile.in`
cmake: disable `CURL_CA_PATH` auto-detection if `USE_APPLE_SECTRUST=ON`
cmake: fix `ws2_32` reference in `curl-config.cmake`
cmake: honor `CURL_DISABLE_INSTALL` and `CURL_ENABLE_EXPORT_TARGET`
cmake: replace deprecated `OPENSSL_FOUND` with `OpenSSL_FOUND`
cmake: replace deprecated `PERL_FOUND` with `Perl_FOUND`
cmake: save and restore `CMAKE_MODULE_PATH` in `curl-config.cmake`
cmake: set found status to OFF when not found (for compression deps)
code: minor indent fixes before closing braces
CODE_STYLE.md: sync banned function list with checksrc.pl
compressed.md: might generate a huge amount of bytes
config-win32.h: delete obsolete, non-Windows comments
config-win32.h: drop unused/obsolete `CURL_HAS_OPENLDAP_LDAPSDK`
config2setopts: add space in cookie header with multiple -b
config2setopts: bail out if curl_url_get() returns OOM
config2setopts: exit if curl_url_set() fails on OOM
configure: delete unused variable
conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64
conncontrol: reuse handling
connect: reshuffle Curl_timeleft_ms to avoid 'redundant condition'
connection: attached transfer count
content_encoding: avoid strcpy
cookie. return proper error on OOM
cookie: allocate the main struct once cookie is fine
cookie: flush better
cookie: only keep and use the canonical cleaned up path
cookie: propagate errors better, cleanup the internal API
cookie: return error on OOM
cookie: when parsing a cookie header, delay all allocations until okay
cshutdn: acknowledge FD_SETSIZE for shutdown descriptors
curl: fix progress meter in parallel mode
curl_fopen: do not pass invalid mode flags to `open()` on Windows
curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer
curl_ntlm_core: fix DES_* symbols for some wolfSSL builds
curl_quiche: refuse headers with CR, LF or null bytes
curl_sasl: if redirected, require permission to use bearer
curl_sasl: make Curl_sasl_decode_mech compare case insensitively
curl_setup.h: document more funcs flagged by `_CRT_SECURE_NO_WARNINGS`
curl_setup.h: drop stray `#undef stat` (Windows)
curl_setup.h: drop superfluous parenthesis from `Curl_safefree` macro
curl_threads: don't do another malloc if the first fails
curl_trc: delete unused DoH remains
CURLINFO: remove 'get' and 'get the' from each short desc
CURLINFO_SCHEME/PROTOCOL: they return the "scheme" for a "transfer"
CURLINFO_TLS_SSL_PTR.md: remove CURLINFO_TLS_SESSION text
CURLMOPT_SOCKETFUNCTION.md: fix the callback argument use
CURLOPT_ACCEPT_ENCODING.md: warn about the expansion
CURLOPT_FOLLOWLOCATION.md: s/Authentication:/Authorization:/
CURLOPT_HAPROXY_CLIENT_IP.md: emphasize reused connection use
CURLOPT_READFUNCTION.md: clarify the size of the buffer
CURLOPT_SSH_KEYFUNCTION.md: fix minor indent mistake in example
curlx/fopen: replace open CRT functions their with `_s` counterparts
(Windows)
curlx/multibyte: stop setting macros for non-Windows
curlx/strerr: use `strerror_s()` on Windows
curlx: add `curlx_rename()`, fix to support long filenames on Windows
curlx: curlx_strcopy() instead of strcpy()
curlx: limit use of system allocators to the minimum possible
curlx: replace `mbstowcs`/`wcstombs` with `_s` counterparts (Windows)
curlx: replace `sprintf` with `snprintf`
curlx: use curl alloc in `curlx_win32_stat()` (Windows)
curlx: use curlx allocators in non-memdebug builds (Windows)
DEPRECATE: add CMake <3.18 deprecation for April 2026
digest: fix OWS and escaped quote handling
digest_sspi: fix a memory leak on error path
digest_sspi: properly free sspi identity
DISTROS.md: add OpenBSD
DISTROS: fix a Mageia URL
DISTROS: remove broken URLs for buildroot
doc: some returned in-memory data may not be altered
Dockerfile: update debian:bookworm-slim digest to e899040
docs/libcurl: fix C formatting nits
docs: add a note about --compressed to note about binary output
docs: clarify how to do unix domain sockets with SOCKS proxy
docs: fix checksrc `EQUALSPACE` warnings
docs: fix time_posttransfer output unit as seconds
docs: mention umask need when curl creates files
docs: remove dead URLs
docs: rename CURLcode variables to 'result'
docs: spell it Rustls with a capital R
docs: switch more URLs to https://
docs: use .example URLs for proxies
docs: use mresult as variable name for CURLMcode
escape: add a length check in curl_easy_escape
example: fix formatting nits
examples/crawler: fix variable
examples/multi-uv: fix invalid req->data access
examples/threaded-ssl: delete in favor of `examples/threaded`
examples/threaded: fix race condition
examples: fix minor typo
examples: make functions/data static where missing
examples: tidy-up headers and includes
examples: use 64-bit `fstat` on Windows
FAQ/TODO/KNOWN_BUGS: convert to markdown
FAQ: fix hackerone URL
file: do not pass invalid mode flags to `open()` on upload (Windows)
formdata: validate callback is non-NULL before use
ftp: make EPRT connections non-blocking
ftp: refactor a piece of code by merging the repeated part
ftp: remove #ifdef for define that is always defined
ftp: return better on OOM in two places
ftp: return from ftp_state_use_port immediately on OOM
getenv: drop internal 1-to-1 wrapper
getinfo: improve perf in debug mode
gnutls: add PROFILE_MEDIUM as default
gnutls: report accurate error when TLS-SRP is not built-in
gtls: add return checks and optimize the code
gtls: Call keylog_close in cleanup
gtls: skip session resumption when verifystatus is set
h2/h3: handle methods with spaces
headers: add length argument to Curl_headers_push()
hostcheck: fail wildcard match if host starts with a dot
hostip.h: drop redundant `setjmp.h` include
hostip: don't store negative lookup on OOM
hostip: make more functions return CURLcode
hostip: only store negative response for CURLE_COULDNT_RESOLVE_HOST
hsts: propagate and error out correctly on OOM
hsts: use one malloc instead of two per entry
http: acknowledge OOM errors from Curl_input_ntlm
http: avoid two strdup()s and do minor simplifications
http: error on OOM when creating range header
http: fix OOM exit in Curl_http_follow
http: handle oom error from Curl_input_digest()
http: replace atoi use in Curl_http_follow with curlx_str_number
http: return OOM errors from hsts properly
http: the :authority header should never contain user+password
http: unfold response headers earlier
idn: avoid allocations and wcslen on Windows
idn: clarify null-termination on Windows
idn: fix memory leak in `win32_ascii_to_idn()`
idn: use curlx allocators on Windows
imap: check buffer length before accessing it
imap: make sure Curl_pgrsSetDownloadSize() does not overflow
inet_ntop: avoid the strlen()
INSTALL-CMAKE.md: document static option defaults more
krb5: fix detecting channel binding feature
krb5_sspi: unify a part of error handling
ldap: call ldap_init() before setting the options
ldap: drop PP logic for old, unsupported, Windows SDKs
ldap: improve detection of Apple LDAP
ldap: provide version for "legacy" ldap as well
lib/sendf.h: forward declare two structs
lib: cleanup for some typos about spaces and code style
lib: create unitprotos.h in the builddir, not srcdir
lib: drop unused or duplicate `curlx/timeval.h` includes
lib: drop unused protocol headers
lib: eliminate size_t casts
lib: error for OOM when extracting URL query
lib: fix formatting nits (part 2)
lib: fix formatting nits (part 3)
lib: fix formatting nits
lib: fix gssapi.h include on IBMi
lib: name the main CURLMcode variable 'mresult'
lib: refactor the type of funcs which have useless return and checks
lib: replace `_tcsncpy`/`wcsncpy`/`wcscpy` with `_s` counterparts (Windows)
lib: timer stats improvements
lib: use `SOCKET_WRITABLE()`/`SOCKET_READABLE()` where possible
libssh2: add paths to error messages for quote commands
libssh2: cleanup ssh_force_knownhost_key_type
libssh2: consider strdup() failures OOM and return correctly
libssh2: replace atoi() in ssh_force_knownhost_key_type
libssh: fix state machine loop to progress as it should
libssh: properly free sftp_attributes
libssh: require private key or user-agent for public key auth
libssh: set both knownhosts options to the same file
libtests: replace `atoi()` with `curlx_str_number()`
limit-rate: add example using --limit-rate and --max-time together
localtime: detect thread-safe alternatives and use them
m4/sectrust: fix test(1) operator
manage: expand the 'libcurl support required' message
mbedTLS: cleanup insecure/deprecated code
mbedtls: fix potential use of uninitialized `nread`
mbedtls: sync format across log messages
mbedtls_threadlock: avoid calloc, use array
mdlinkcheck: ignore IP numbers, allow '@' in raw URLs
mdlinkcheck: only look for markdown links in markdown files
memdebug: add mutex for thread safety
memdebug: fix realloc logging
mk-ca-bundle.md: the file format docs URL is permaredirected
mk-ca-bundle.pl: default to SHA256 fingerprints with `-t` option
mk-ca-bundle.pl: use `open()` with argument list to replace backticks
mqtt: reject overly big messages
mqtt: return error when a too large packet is decoded
multi: make max_total_* members size_t
multi: remove MSTATE_TUNNELING
multi: simplify admin handle processing
multibyte: limit `curlx_convert_*wchar*()` functions to Unicode builds
ngtcp2+openssl: fix leak of session
ngtcp2: remove the unused Curl_conn_is_ngtcp2 function
ngtcp2: retune window sizes
noproxy: fix build on systems without IPv6
noproxy: fix ipv6 handling
noproxy: replace atoi with curlx_str_number
openssl: exit properly on OOM when getting certchain
openssl: fix a potential memory leak of bio_out
openssl: fix a potential memory leak of params.cert
openssl: fix building against no-dsa openssl
openssl: fix building against no-ocsp openssl with Apple SecTrust
openssl: no verify failf message unless strict
openssl: release ssl_session if sess_reuse_cb fails
openssl: remove code handling default version
openssl: simplify `HAVE_KEYLOG_CALLBACK` guard
openssl: stop checking for `OPENSSL_NO_SHA*` macros
openssl: stop checking for `OPENSSL_NO_TLSEXT` macro
openssl: toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
OS400/ccsidcurl: fix curl_easy_setopt_ccsid for non-converted blobs
OS400/makefile.sh: fix shellcheck warning SC2038
os400sys: replace `strcpy()` with `memcpy()`
osslq: code readability
progress: make it one column narrower
progress: narrower time display, multiple fixes
progress: show fewer digits
projects/README.md: Markdown fixes
pytest fixes and improvements
pytest: add tests using sshd
pytest: disable two H3 earlydata tests for all platforms (was: macOS)
pytest: do not ignore server issues
pytest: enable OCSP test 17_08 for LibreSSL
pytest: fix and improve reliability
pytest: improve stragglers
pytest: quiche flakiness
pytest: skip H2 tests if feature missing from curl
quiche: use client writer
ratelimit blocking: fix busy loop
ratelimit: redesign
rtmp: fix double-free on URL parse errors
rtmp: precaution for a potential integer truncation
rtmp: stop redefining `setsockopt` system symbol on Windows
runner.pm: run memanalyzer as a Perl module
runtests: add options to set minimum number of tests, use them
runtests: detect bad libssh differently for test 1459
runtests: drop Python 2 support remains
runtests: enable torture testing with threaded resolver
runtests: improve XML prolog check, enable `-w` permanently, fix two tests
runtests: make memanalyzer a Perl module (for 1.1-2x speed-up per test run)
rustls: fix a potential memory issue
rustls: minor adjustment of sizeof()
rustls: simplify init err path
rustls: verify that verifier_builder is not NULL
schannel: cap the maximum allowed size for loading cert
schannel: fix memory leak of cert_store_path on four error paths
schannel: replace atoi() with curlx_str_number()
schannel: use Win8 `CERT_NAME_SEARCH_ALL_NAMES_FLAG` with old SDKs
schannel_verify: fix a memory leak of cert_context
scripts: fix shellcheck SC2046 warnings
scripts: use end-of-options marker in `find -exec` commands
setopt: disable CURLOPT_HAPROXY_CLIENT_IP on NULL
setopt: when setting bad protocols, don't store them
sftp: fix range downloads in both SSH backends
slist: constify Curl_slist_append_nodup() string argument
smb: fix a size check to be overflow safe
socketpair: drop redundant `_WIN32` branch and include
socks_sspi: use free() not FreeContextBuffer()
source: misc typos
speedcheck: do not trigger low speed cancel on transfers with
CURL_READFUNC_PAUSE
speedlimit: also reset on send unpausing
src: drop redundant definition of `BIT()`
src: fix formatting nits
ssh: tracing and better pollset handling
sspi: fix memory leaks on error paths in `Curl_create_sspi_identity()`
sws: fix binding to unix socket on Windows
synctime: tidy up, make it work on all platforms
telnet: abort on bad suboption sequence
telnet: replace atoi for BINARY handling with curlx_str_number
TEST-SUITE.md: correct the man page's path
test07_22: fix flakiness
test1475: consistently use %CR in headers
test1498: disable 'HTTP PUT from stdin' test on Windows
test2045: replace HTML multi-line comment markup with `#` comments
test318: tweak the name a little
test3207: enable memdebug for this test again
test363: delete stray character (typo) from a section tag
test568: fix codespell, catch it next time early in CI
test568: remove what looks like an email and a URL
test787: fix possible typo `&` -> `%` in curl option
test96: fix to accept non-unity memdump content with MSVC
tests/data: move `--libcurl` output to external data files
tests/data: replace hard-coded test numbers with `%TESTNUMBER`
tests/data: support using native newlines on disk, drop `.gitattributes`
tests/server: do not fall back to original data file in `test2fopen()`
tests/server: fix initialization on Windows Vista+
tests/server: replace `atoi()` and `atol()` with `curlx_str_number()`
tests: add `%AMP` macro, use it in two tests
tests: add a standard log line for alloc failures
tests: allow 2500-2503 to use ~2MB malloc
tests: drop redundant parenthesis from two macro expressions
tests: fix formatting nits
tests: rename CURLMcode variables to mresult
tftp: release filename if conn_get_remote_addr fails
tftpd: fix/tidy up `open()` mode flags
tidy-up: avoid `(())`, clang-format fixes and more
tidy-up: move `CURL_UNCONST()` out from macro `curl_unicodefree()`
tidy-up: URLs (cont.) and mdlinkcheck
tidy-up: URLs
TODO: remove a mandriva.com reference
tool: consider (some) curl_easy_setopt errors fatal
tool: log when loading .curlrc in verbose mode
tool_cfgable: free ssl-sessions at exit
tool_doswin: clear pointer when thread takes ownership
tool_doswin: increase allowable length of path sanitizer
tool_doswin: remove the max length check
tool_getparam: simplify the --rate parser
tool_getparam: use memdup0() instead of malloc + copy
tool_getparam: verify that a file exists for some options
tool_help: add checks to avoid unsigned wrap around
tool_ipfs: check return codes better
tool_msgs: make voutf() use stack instead of heap
tool_operate: exit on curl_share_setopt errors
tool_operate: fix a case of ignoring return code in operate()
tool_operate: fix case of ignoring return code in single_transfer
tool_operate: remove redundant condition
tool_operate: return error for OOM in append2query
tool_operate: use curlx_str_number instead of atoi
tool_paramhlp: refuse --proto remove all protocols
tool_paramhlp: remove a malloc+free from proto2num()
tool_paramhlp: simplify number parsing
tool_progress: fix large time outputs and decimal size display
tool_urlglob: acknowledge OOM in peek_ipv6
tool_urlglob: clean up used memory on errors better
tool_urlglob: constify an argument
tool_urlglob: fix propagating OOM error from `sanitize_file_name()`
tool_urlglob: support globs as long as config line lengths
tool_writeout: bail out proper on OOM
url: fix return code for OOM in parse_proxy()
url: if curl_url_get() fails due to OOM, error out properly
url: if OOM in parse_proxy() return error
url: return error at once when OOM in netrc handling
urlapi: fix mem-leaks in curl_url_get error paths
urlapi: handle OOM properly when setting URL
urlapi: return OOM correctly from parse_hostname_login()
verify-release: update to avoid shellcheck warning SC2034
vquic-tls/gnutls: call Curl_gtls_verifyserver unconditionally
vquic: do not pass invalid mode flags to `open()` (Windows)
vquic: do_sendmsg full init
vquic: ignore 0-length UDP packets
vquic: initialize new callback in nghttp3 1.14.0+
vtls: drop unused `use_alpn` from `ssl_connect_data` struct
vtls: fix CURLOPT_CAPATH use
vtls: handle possible malicious certs_num from peer
vtls: pinned key check
VULN-DISCLOSURE-POLICY.md: CRLF in data
wcurl: import v2025.11.09
wcurl: import v2026.01.05
windows: assume `USE_WIN32_LARGE_FILES`
windows: fix `CreateFile()` calls to support long filenames
windows: use `_strdup()` instead of `strdup()` where missing
wolfSSL: able to differentiate between IP and DNS in alt names
wolfssl: avoid NULL dereference in OOM situation
wolfssl: fix a potential memory leak of session
wolfssl: fix cipher list, skip 5.8.4 regression
wolfssl: fix possible assert with `!HAVE_NO_EX` wolfSSL builds
wolfssl: proof use of wolfSSL_i2d_SSL_SESSION
wolfssl: simplify wssl_send_earlydata
ws: replace a cast by matching the format string
x509asn1: drop unused `hostcheck.h`, `vtls_int.h` includes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6ca468f5160f52a54714d3b14c78b73049c04797
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 20 17:33:03 2026 +0100
alsa: Update to version 1.2.15.3
- Update from version 1.2.15.1 to 1.2.15.3
- Update of rootfile
- Changelog
1.2.15.3
alsa-lib
Sequencer API
seq: return back old snd_seq_drain_output behaviour for -EAGAIN
alsa-ucm-conf
Configuration
HDA-analog: Fix the phantom jack detection if block
HDA-analog: Use phantom jacks to determine the device for single
output
HDA-analog: Add output when only 'Master Playback' control exists
sof-hda-dsp: remove some debug lines
sof-hda-dsp: Headphone output is optional
ucm2: HDA: Fix headphone detection
USB-Audio: Add volume controls to Behringer UMCx0xHD direct profiles
USB-Audio: Fix UR22C firmware version condition
USB-Audio: Add support for UR24C firmware version channel differences
1.2.15.2
alsa-lib
Use Case Manager API
ucm: add some traces for the config filenames
Makefile.am
Makefile: remove dist-hook and remove tar option 'follow symlinks'
Error handler
error: fix the "return old snd_lib_error_set_handler() behaviour"
error: fix indendation in snd_lib_log_filter()
error: return old snd_lib_error_set_handler() behaviour
alsa-utils
ALSA Control (alsactl)
alsactl: fix sequence to clean card specific config files for UCM
alsactl: add missing call to clean card specific config files
alsaloop
alsaloop: only log xrun debug messages when verbose
aplay/arecord
aplay: add support for G.711 A_LAW enconding in AU file format
alsa-ucm-conf
Configuration
common: remove direct.conf and direct-verb.conf files
USB-Audio: update to use new DirectUseCase macro
common: introduce DirectUseCase macro
USB-Audio: Scarlett 18i20 gen4 - improve channel detection
USB-Audio: Add conditional channel count on Scarlett 18i20 version
USB-Audio: Steinberg UR22C - fix regex
ucm2: HDA: Create microphone devices optionally
ucm2: HDA: Headphone output may be optional
ucm2: sof-soundwire: cs42l45: Remove outdated DisableSequence
elements
ucm2: sof-soundwire: cs42l43: Remove outdated DisableSequence
elements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7e8a27fd7641547a815aa13af052c191d586751a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Jan 21 12:55:09 2026 +0000
cdrom+flash-images: Check if we would remove any libraries
The filesystem-cleanup script has recently shown that it can create some
false-positives. By running it on top of the generated images we should
be able to catch these problems during the build stage.
I have unfortunately no way to run this for any add-on packages.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/libarchive | 2 +-
.../rootfiles/{oldcore/104 => core/200}/filelists/curl | 0
.../{oldcore/131 => core/200}/filelists/libcap-ng | 0
.../{oldcore/107 => core/200}/filelists/libjpeg | 0
config/rootfiles/packages/alsa | 3 +--
lfs/alsa | 16 ++++++++--------
lfs/cdrom | 6 ++++++
lfs/curl | 6 +++---
lfs/flash-images | 6 ++++++
lfs/hwdata | 6 +++---
lfs/libarchive | 6 +++---
lfs/libcap-ng | 12 ++++++------
lfs/libjpeg | 6 +++---
13 files changed, 40 insertions(+), 29 deletions(-)
copy config/rootfiles/{oldcore/104 => core/200}/filelists/curl (100%)
copy config/rootfiles/{oldcore/131 => core/200}/filelists/libcap-ng (100%)
copy config/rootfiles/{oldcore/107 => core/200}/filelists/libjpeg (100%)
Difference in files:
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index a28fad9e7..71451dc17 100644
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@
#usr/lib/libarchive.la
#usr/lib/libarchive.so
usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.8.3
+usr/lib/libarchive.so.13.8.5
#usr/lib/pkgconfig/libarchive.pc
#usr/share/man/man1/bsdcat.1
#usr/share/man/man1/bsdcpio.1
diff --git a/config/rootfiles/core/200/filelists/curl b/config/rootfiles/core/200/filelists/curl
new file mode 120000
index 000000000..4b84bef53
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/curl
@@ -0,0 +1 @@
+../../../common/curl
\ No newline at end of file
diff --git a/config/rootfiles/core/200/filelists/libcap-ng b/config/rootfiles/core/200/filelists/libcap-ng
new file mode 120000
index 000000000..f58b21141
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/libcap-ng
@@ -0,0 +1 @@
+../../../common/libcap-ng
\ No newline at end of file
diff --git a/config/rootfiles/core/200/filelists/libjpeg b/config/rootfiles/core/200/filelists/libjpeg
new file mode 120000
index 000000000..3b1a782fb
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/libjpeg
@@ -0,0 +1 @@
+../../../common/libjpeg
\ No newline at end of file
diff --git a/config/rootfiles/packages/alsa b/config/rootfiles/packages/alsa
index fba276cd8..ba270bd47 100644
--- a/config/rootfiles/packages/alsa
+++ b/config/rootfiles/packages/alsa
@@ -1014,8 +1014,7 @@ usr/share/alsa/ucm2/codecs/wsa884x/two-speakers/init.conf
#usr/share/alsa/ucm2/common/ctl
usr/share/alsa/ucm2/common/ctl/led.conf
usr/share/alsa/ucm2/common/ctl/remap.conf
-usr/share/alsa/ucm2/common/direct-verb.conf
-usr/share/alsa/ucm2/common/direct.conf
+usr/share/alsa/ucm2/common/directm.conf
usr/share/alsa/ucm2/common/linked-card.conf
usr/share/alsa/ucm2/common/linked.conf
#usr/share/alsa/ucm2/common/pcm
diff --git a/lfs/alsa b/lfs/alsa
index beed09dcb..32cfd8081 100644
--- a/lfs/alsa
+++ b/lfs/alsa
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,16 +26,16 @@ include Config
SUMMARY = Advanced Linux Sound Architecture
-VER = 1.2.15.1
-UVER = 1.2.15.1
-CVER = 1.2.15.1
+VER = 1.2.15.3
+UVER = 1.2.15.2
+CVER = 1.2.15.3
THISAPP = alsa-lib-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
PROG = alsa
-PAK_VER = 25
+PAK_VER = 26
DEPS =
@@ -54,9 +54,9 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
alsa-utils-$(UVER).tar.bz2 = $(DL_FROM)/alsa-utils-$(UVER).tar.bz2
alsa-ucm-conf-$(CVER).tar.bz2 = $(DL_FROM)/alsa-ucm-conf-$(CVER).tar.bz2
-$(DL_FILE)_BLAKE2 = 96910ecadafdf5bd12d98c765598f06f7dda94cdfb554e972663b77dc19646700962d6984a228a652f0fb3339e8dc44565d3695aa06971e084f5b951793679e1
-alsa-utils-$(UVER).tar.bz2_BLAKE2 = e3bd56822ec092f96386be3f8ae6772ced899884dfdef2341700be877a4822a3168d55a5aa9ba269e8e1b9fc61ae33a027abfa2e1c4f7fc68e0d8ce8780d3586
-alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = c8c0ef9872f6c2bb69f2a43585a7833663e0f559dc51a5f2c0d361f6dd8fad2d6180dfdebbd4c63f094216570f6109097d1f788bf90b75149ca42871d493ef1d
+$(DL_FILE)_BLAKE2 = 13c21ad3686ed5a8dfa48e8fa8e1b6f3f9a138aeaef2ba778838a8c6f9cbe209a5ece0d9953e2dcdd1e5b90ce50409e77b9485010689adfe4aed176cb8774c0e
+alsa-utils-$(UVER).tar.bz2_BLAKE2 = 0688e668241917027b5dd161ebe3ea4ab6f8fede612e148dee74e033ab09f9557c7610a6b506d2507402cca7007a031b85c8c0cb9af80652ae9f3cc5ea157973
+alsa-ucm-conf-$(CVER).tar.bz2_BLAKE2 = 7b563fa4685988bf509f4accdab1146b49a807eae8d4ebff3d634c1086c70130930a0e09e08af0be0996dd56d4fdbd58e9d7daa37f762106fa493198589ceac4
install : $(TARGET)
diff --git a/lfs/cdrom b/lfs/cdrom
index 52588fc87..f250ed292 100644
--- a/lfs/cdrom
+++ b/lfs/cdrom
@@ -153,6 +153,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Create mount points
$(call CREATE_MOUNTPOINTS,$(DIR_TMP)/root)
+ # Run the filesystem cleanup script
+ chroot $(DIR_TMP)/root /usr/local/bin/filesystem-cleanup > $(DIR_TMP)/cleanup.log
+
+ # Check if any files have been deleted
+ [ -s "$(DIR_TMP)/cleanup.log" ]
+
# Create the archive
$(call COMPRESS_ZSTD,$(DIR_TMP)/root,$(DIR_TMP)/cdrom/distro.img)
diff --git a/lfs/curl b/lfs/curl
index 33f46881a..eda7cfec1 100644
--- a/lfs/curl
+++ b/lfs/curl
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 8.17.0
+VER = 8.18.0
THISAPP = curl-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a7a804afe058f323b40177bcb4ffc523decde92da3da0a051f2dc1b566131250a96afe1ebf2bebc071993c893bddeef883ef33ddc0a9bee86d4e54402a546fba
+$(DL_FILE)_BLAKE2 = 16e1539616c1800dfa08a5bd3e38ff75d2906a4a574b1541509c69200aebe680b0a5efdf1b1e0c89f3cccb6001bfe1c1459b9fd815053c964e1a1434be1e2e0e
install : $(TARGET)
diff --git a/lfs/flash-images b/lfs/flash-images
index 36259acec..e7e5ea8b2 100644
--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -156,6 +156,12 @@ endif
chroot $(MNThdd) /usr/bin/perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+ # Run the filesystem cleanup script
+ chroot $(MNThdd) /usr/local/bin/filesystem-cleanup > $(DIR_TMP)/cleanup.log
+
+ # Check if any files have been deleted
+ [ -s "$(DIR_TMP)/cleanup.log" ]
+
# Create /etc/fstab
printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_BOOT))" "/boot" \
"auto" "defaults,nodev,noexec,nosuid" 1 2 > $(MNThdd)/etc/fstab
diff --git a/lfs/hwdata b/lfs/hwdata
index cc156e12a..6b717fd2b 100644
--- a/lfs/hwdata
+++ b/lfs/hwdata
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.402
+VER = 0.403
THISAPP = hwdata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8bc0da3c79dde751fd45b41c7a4c1859b0959fabeeaadd9e12a003c2c5a34f32e00e5536b0f515675347bcf34467a465fafb1ac7b8df7bdd9efac863643ed8da
+$(DL_FILE)_BLAKE2 = fbcfdd99418c0bdbdc0c0b1de08e6a39676863fadb9f44315bdd835e2bb84db90ae5e81409ff5dbbc6133d5719cc17fe563cccd39cb0e4ecd44215df1c45638b
install : $(TARGET)
diff --git a/lfs/libarchive b/lfs/libarchive
index ebce89565..7738984a3 100644
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 3.8.3
+VER = 3.8.5
THISAPP = libarchive-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5be5f0e98f7582e2a34a43dd9217644defbd69532474fc07b3ac46ba7820c19dbd28cd691c1c798aed02643bbe68781cecd564127781c9b49323b9b54cebb32c
+$(DL_FILE)_BLAKE2 = d0fa6a49209a06240240cf578f95138eb72eebdc7179d034fdd9efc2e49820e34e9da41aa46cd11be2c2d46c380c8cc7e830d41271a6f3a7d9c39df138098cab
install : $(TARGET)
diff --git a/lfs/libcap-ng b/lfs/libcap-ng
index 8bd5ba6fb..29c85ab72 100644
--- a/lfs/libcap-ng
+++ b/lfs/libcap-ng
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.8.5
+VER = 0.9
THISAPP = libcap-ng-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ce0fc4ebceaa66d6f888f8b752e501bed7513d45231425054340016a6215ce52f0cd81b3a4a54c7c9ec0b623965002d66316c6c37844f0bd132b186ff7c6a41f
+$(DL_FILE)_BLAKE2 = 3aa85dafbed89696f9611ef277faeeb1efad40bb4c9891837b1574d435eeece1ba522711a19a13ebe98e387c749e28ce5cb381e17a4f051eb61fcdddf25eface
install : $(TARGET)
@@ -70,10 +70,10 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./autogen.sh
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --disable-static
-
+ --prefix=/usr \
+ --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/libjpeg b/lfs/libjpeg
index a2fbea304..da4c04536 100644
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 3.1.1
+VER = 3.1.3
THISAPP = libjpeg-turbo-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 813781b1c91ed132b2d1b6e3d7834673e202765362cc9e77a6e7d4a92e89c0192312405ae8197e1c306ad3c89e23cd6dc5e418bb9f3570f110014ab79f717401
+$(DL_FILE)_BLAKE2 = 3c675aa56b3474ca8a27f355d14dd7411d90471564c5916884e87818b7165e73a6c6b416dc2800e31c10dd1390ae88353e81d80eceb2e22c00b6a81ac5cf3d65
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-21 13:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-21 13:32 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. b14eaec20f90a2e71073dfe4bc59cc3ee4762978 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox