* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 014b31c6271a8f48af2c8888ca5ad2bdf15c18f7
@ 2026-04-26 10:16 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-26 10:16 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 27326 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 014b31c6271a8f48af2c8888ca5ad2bdf15c18f7 (commit)
via ef7a143ccdc915f747352ce71a80a62a9ecb1650 (commit)
via 8a9f001a4847ebe5e0821519b79173ef339ba483 (commit)
via e27c74a973d9e583534c6da1c7eaa22493710bd1 (commit)
via 37e3d09fea60bd71806df9307d6e14460efffba3 (commit)
via aad4d80f5bd2426e5688ecb88c05e702ce2f34fd (commit)
via 67413daf6d7505173e161572dba23f9989982108 (commit)
via 4ee3364ce966f205eb790d77b6fc7bb6700da21e (commit)
from ffc84170ee5003aa52e1dad23e5e911ed198716f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 014b31c6271a8f48af2c8888ca5ad2bdf15c18f7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Apr 26 10:15:37 2026 +0000
core202: Restart SSH
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ef7a143ccdc915f747352ce71a80a62a9ecb1650
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Apr 25 19:37:32 2026 +0200
core202: Ship iptables
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8a9f001a4847ebe5e0821519b79173ef339ba483
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Apr 25 19:37:33 2026 +0200
iptables: Remove accidental paste of b2sum into lfs comment
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e27c74a973d9e583534c6da1c7eaa22493710bd1
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Apr 24 18:43:00 2026 +0200
tzdata: Update to version 2026b
- Update from version 2026a to 2026b
- No change in rootfile
- Changelog
2026b
Briefly:
British Columbia moved to permanent -07 on 2026-03-09.
Some more overflow bugs have been fixed in zic.
Changes to future timestamps
British Columbia’s 2026-03-08 spring forward was its last
foreseeable clock change, as it moved to permanent -07 thereafter.
(Thanks to Arthur David Olson.) Although the change to permanent
-07 legally took place on 2026-03-09, temporarily model the change
to occur on 2026-11-01 at 02:00 instead. This works around a
limitation in CLDR v48.2 (2026-03-17). This temporary hack is
planned to be removed after CLDR is fixed.
Changes to code
zic no longer mishandles a last transition to a new time type.
zic no longer overflows a buffer when generating a TZ string like
"PST-167:59:58PDT-167:59:59,M11.5.6/-167:59:59,M12.5.6/-167:59:59",
which can occur with adversarial input. (Thanks to Naveed Khan.)
zic no longer generates a longer TZif file than necessary when
an earlier time zone abbreviation is a suffix of a later one.
As a nice side effect, zic no longer overflows a buffer when given
a long series of abbreviations, each a suffix of the next.
(Buffer overflow reported by Arthur Chan.)
zic no longer overflows an int when processing input like ‘Zone
Ouch 2147483648:00:00 - LMT’. The int overflow can lead to buffer
overflow in adversarial cases. (Thanks to Naveed Khan.)
zic now checks for signals more often.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 37e3d09fea60bd71806df9307d6e14460efffba3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Apr 24 18:42:56 2026 +0200
core202: Ship openssh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit aad4d80f5bd2426e5688ecb88c05e702ce2f34fd
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Apr 24 18:42:58 2026 +0200
openssh: Update to version 10.3p1
- Update from version 10.2p1 to 10.3p1
- No change in rootfile
- There are three changes listed as Potentially incompatible changes. They do not look
to me like thinmgs that will affect IPFire but I am happy to be corrected.
- Changelog
10.3p1
Potentially-incompatible changes
* ssh(1), sshd(8): remove bug compatibility for implementations
that don't support rekeying. If such an implementation tries to
interoperate with OpenSSH, it will now eventually fail when the
transport needs rekeying.
* sshd(8): prior to this release, a certificate that had an empty
principals section would be treated as matching any principal
(i.e. as a wildcard) when used via authorized_keys principals=""
option. This was intentional, but created a surprising and
potentially risky situation if a CA accidentally issued a
certificate with an empty principals section: instead of being
useless as one might expect, it could be used to authenticate as
any user who trusted the CA via authorized_keys. [Note that this
condition did not apply to CAs trusted via the sshd_config(5)
TrustedUserCAKeys option.]
This release treats an empty principals section as never matching
any principal, and also fixes interpretation of wildcard
characters in certificate principals. Now they are consistently
implemented for host certificates and not supported for user
certificates.
* ssh(1): the -J and equivalent -oProxyJump="..." options now
validate user and host names for ProxyJump/-J options passed
via the command-line (no such validation is performed for this
option in configuration files). This prevents shell injection in
situations where these were directly exposed to adversarial
input, which would have been a terrible idea to begin with.
Reported by rabbit.
Security
* ssh(1): validation of shell metacharacters in user names supplied
on the command-line was performed too late to prevent some
situations where they could be expanded from %-tokens in
ssh_config. For certain configurations, such as those that use a
"%u" token in a "Match exec" block, an attacker who can control
the user name passed to ssh(1) could potentially execute arbitrary
shell commands. Reported by Florian Kohnhäuser.
We continue to recommend against directly exposing ssh(1) and
other tools' command-lines to untrusted input. Mitigations such
as this can not be absolute given the variety of shells and user
configurations in use.
* sshd(8): when matching an authorized_keys principals="" option
against a list of principals in a certificate, an incorrect
algorithm was used that could allow inappropriate matching in
cases where a principal name in the certificate contains a
comma character. Exploitation of the condition requires an
authorized_keys principals="" option that lists more than one
principal *and* a CA that will issue a certificate that encodes
more than one of these principal names separated by a comma
(typical CAs strongly constrain which principal names they will
place in a certificate). This condition only applies to user-
trusted CA keys in authorized_keys, the main certificate
authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile)
is not affected. Reported by Vladimir Tokarev.
* scp(1): when downloading files as root in legacy (-O) mode and
without the -p (preserve modes) flag set, scp did not clear
setuid/setgid bits from downloaded files as one might typically
expect. This bug dates back to the original Berkeley rcp program.
Reported by Christos Papakonstantinou of Cantina and Spearbit.
* sshd(8): fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys.
Previously if one of these directives contains any ECDSA algorithm
name (say "ecdsa-sha2-nistp384"), then any other ECDSA algorithm
would be accepted in its place regardless of whether it was
listed or not. Reported by Christos Papakonstantinou of Cantina
and Spearbit.
* ssh(1): connection multiplexing confirmation (requested using
"ControlMaster ask/autoask") was not being tested for proxy mode
multiplexing sessions (i.e. "ssh -O proxy ..."). Reported by
Michalis Vasileiadis.
New features
* ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent
forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new
names is advertised via the EXT_INFO message. If a server offers
support for the new names, then they are used preferentially.
Support for the pre-standardisation "@openssh.com" extensions for
agent forwarding remains supported.
* ssh-agent(1): implement support for draft-ietf-sshm-ssh-agent
"query" extension.
* ssh-add(1): support querying the protocol extensions via the
agent "query" extension with a new -Q flag.
* ssh(1): support multiple files in a ssh_config RevokedHostKeys
directive. bz3918
* sshd(8): support multiple files in a sshd_config RevokedKeys
directive bz3918
* ssh(1): add a ~I escape option that shows information about the
current SSH connection.
* ssh(1): add an "ssh -Oconninfo user@host" multiplexing command
that shows connection information, similar to the ~I escapechar.
* ssh(1): add an "ssh -O channels user@host" multiplexing command to
get a running mux process to show information about what channels
are currently open.
* sshd(8): add 'invaliduser' penalty to PerSourcePenalties, which is
applied to login attempts for usernames that do not match real
accounts. Defaults to 5s to match 'authfail' but allows
administrators to block such attempts for longer if desired.
* sshd(8): add a GSSAPIDelegateCredentials option for the server,
controlling whether it accepts delegated credentials offered by
the client. This option mirrors the same option in ssh_config.
GHPR614
* ssh(1), sshd(8): support the VA DSCP codepoint in the IPQoS
directive.
* sshd(8): convert PerSourcePenalties to using floating point time,
allowing penalties to be less than a second. This is useful if you
need to penalise things you expect to occur at >=1 QPS.
* ssh-keygen(1): support writing ED25519 keys in PKCS8 format.
GHPR570
* Support the ed25519 signature scheme via libcrypto.
Bugfixes
* sshd(8): make IPQoS first-match-wins in sshd_config, like other
configuration directives. bz3924
* sshd(8): fix potential crash when MaxStartups is using a single
argument (i.e. not using the MaxStartps x:y:z form) to a value
below 10. bz3941
* sshd(8): fix a potential hang during key exchange if needed DH
group values were missing from /etc/moduli.
* ssh-agent(1): fix return values from extensions to be correct wrt
draft-ietf-sshm-ssh-agent: extension requests should indicate
failure using SSH_AGENT_EXTENSION_FAILURE rather than the generic
SSH_AGENT_FAILURE error code. This allows the client to discern
between "the request failed" and "the agent doesn't support this
extension".
* ssh(1): use fmprintf for showing challenge-response name and info
to preserve UTF-8 characters where appropriate. Prompted by GitHub
PR#452.
* scp(1): when uploading a directory using sftp/sftp (e.g. during a
recursive transfer), don't clobber the remote directory
permissions unless either we created the directory during the
transfer or the -p flag was set. bz3925
* All: implement missing pieces of FIDO/webauthn signature support,
mostly related to certificate handling and enable acceptance of this
signature format by default. bz3748 GHPR624 GHPR625
* sshd_config(5): make it clear that DenyUsers/DenyGroups overrides
AllowUsers/AllowGroups. Previously we specified the order in which
the directives are processed but it was ambiguous as to what
happened if both matched.
* ssh(1): don't try to match certificates held in an agent to
private keys. This matching is done to support certificates that
were loaded without their private key material, but is
unnecessary for agent-hosted certificate which always have
private key material available in the agent. Worse, this matching
would mess up the request sent to the agent in such a way as to
break usage of these keys when the key usage was restricted in
the agent. bz3752
* sftp(1): if editline has been switched to vi mode (i.e. via "bind
-v" in .editrc), setup a keybinding so that command mode can be
entered.
* ssh(1), sshd(8): improve performance of keying the sntrup761 key
agreement algorithm.
* ssh(1), sshd(8): enforce maximum packet/block limit during
pre-authentication phase.
* sftp(1): don't misuse the sftp limits extension's open-handles
field. This value is supposed to be the number of handles a
server will allow to be opened and not a number of outstanding
read/write requests that can be sent during an upload/download.
* sshd(8): don't crash at connection time if the main sshd_config
lacks any subsystem directive but one is defined in a Match block.
bz3906
* sshd_config(5): add a warning next to the ForceCommand directive
that forcing a command doesn't automatically disable forwarding.
* sshd_config(5): add a warning that TOKENS are replaced without
filtering or escaping and that it's the administrator's
responsibility to ensure they are used safely in context.
* scp(1): correctly quote filenames in verbose output for local->
local copies. bz3900
* sshd(8): don't mess up the PerSourceNetBlockSize IPv6 mask if
sscanf didn't decode it. GHPR598
* ssh-add(1): when loading FIDO2 resident keys, set the comment to
the FIDO application string. This matches the behaviour of
ssh-keygen -K. GHPR608
* sshd(8): don't strnvis() log messages that are going to be logged
by sshd-auth via its parent sshd-session process, as the parent
will also run them though strnvis(). Prevents double-escaping of
non-printing characters in some log messages. bz3896
* ssh-agent(1): escape SSH_AUTH_SOCK paths that are sent to the
shell as setenv commands. Unbreaks ssh-agent for home directory
paths that contain whitespace. bz3884
* All: Remove unnecessary checks for ECDSA public key validity.
* sshd(8): activate UnusedConnectionTimeout only after the last
channel has closed. Previously UnusedConnectionTimeout could fire
early after a ChannelTimeout. This was not a problem for the
OpenSSH client because it terminates once all channels have
closed but could cause problems for other clients (e.g. API
clients) that do things differently. bz3827
* All: fix PKCS#11 key PIN entry problems introduced in
openssh-10.1/10.2. bz3879
* scp(1): when using the SFTP protocol for transfers, fix implicit
destination path selection when source path ends with "..". bz3871
* sftp(1): when tab-completing a filename, ensure that the completed
string does not end up mid-way through a multibyte character, as
this will cause a fatal() later on. GHPR#587
* ssh-keygen(1): fix crash at exit (visible via ssh-keygen -D) when
multiple keys loaded.
* scp(1)/sftp(1): correctly display bandwidths >2GBps in the
progress meter.
Portability
* sshd(8): fix condition introduced in openssh 10.2p1 stable branch
here a PAM module that changed the requested username between
SSH_MSG_USERAUTH_REQUEST messages during authentication could
confuse the PAM stack and let it proceed with a different
understanding of the active username than the rest of sshd.
Reported by Mike Damm.
* sshd(8): immediately report interactive instructions to clients
when using keyboard-interactive authentication with PAM. bz2876
* sshd(8): fix duplicate PAM messages under some situations.
* sshd(8): don't leak PAM handle on repeat invocations. bz3882
* All: support linking libcrypto implementations (e.g. BoringSSL)
that require libstdc++.
* sshd(8): fix ut_type for btmp records, correctly using
LOGIN_PROCESS and USER_PROCESS.
* sshd(8): allow uname(3) in the seccomp sandbox. This is needed by
zlib-ng on RISC-V platforms.
* All: remove remaining OpenSSL_add_all_algorithms() calls.
We already have OPENSSL_init_crypto() in the compat layer.
Prompted by github PR#606
* All: fix builds on older Mac OS wrt nfds_t.
* mdoc2man: several improvements including better support for Dl
and Ns inside Ic.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 67413daf6d7505173e161572dba23f9989982108
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Apr 24 18:42:57 2026 +0200
core202: Ship openssl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4ee3364ce966f205eb790d77b6fc7bb6700da21e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Apr 24 18:42:59 2026 +0200
openssl: Update to version 3.6.2
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- This looks to be the last release in the 3.x branch as 4.0.0 has been released.
This patch updates that last 3.x branch version as it is a security release with
eight CVE fixes in it.
Also with the major change from 3.x to 4.x we will need to ensure that there are no
issues for IPFire. I will do a separate build for 4.0.0 and test it before submitting
that patch for consideration for 203 or 204
- Changelog
3.6.2
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
(CVE-2026-28386)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/openssl | 3 +++
config/rootfiles/{oldcore/123 => core/202}/filelists/iptables | 0
config/rootfiles/{oldcore/100 => core/202}/filelists/openssh | 0
config/rootfiles/{oldcore/100 => core/202}/filelists/openssl | 0
config/rootfiles/core/202/update.sh | 1 +
lfs/iptables | 2 +-
lfs/openssh | 6 +++---
lfs/openssl | 4 ++--
lfs/tzdata | 6 +++---
9 files changed, 13 insertions(+), 9 deletions(-)
copy config/rootfiles/{oldcore/123 => core/202}/filelists/iptables (100%)
copy config/rootfiles/{oldcore/100 => core/202}/filelists/openssh (100%)
copy config/rootfiles/{oldcore/100 => core/202}/filelists/openssl (100%)
Difference in files:
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 98d8c211b..bbdfd8cab 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -848,6 +848,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/UI_UTIL_read_pw.html
#usr/share/doc/openssl/html/man3/UI_create_method.html
#usr/share/doc/openssl/html/man3/UI_new.html
+#usr/share/doc/openssl/html/man3/X509V3_EXT_print.html
#usr/share/doc/openssl/html/man3/X509V3_get_d2i.html
#usr/share/doc/openssl/html/man3/X509V3_set_ctx.html
#usr/share/doc/openssl/html/man3/X509_ACERT_add1_attr.html
@@ -6226,6 +6227,8 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/USERNOTICE_new.3ossl
#usr/share/man/man3/X509V3_EXT_d2i.3ossl
#usr/share/man/man3/X509V3_EXT_i2d.3ossl
+#usr/share/man/man3/X509V3_EXT_print.3ossl
+#usr/share/man/man3/X509V3_EXT_print_fp.3ossl
#usr/share/man/man3/X509V3_add1_i2d.3ossl
#usr/share/man/man3/X509V3_get_d2i.3ossl
#usr/share/man/man3/X509V3_set_ctx.3ossl
diff --git a/config/rootfiles/core/202/filelists/iptables b/config/rootfiles/core/202/filelists/iptables
new file mode 120000
index 000000000..8caf12bcc
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/iptables
@@ -0,0 +1 @@
+../../../common/iptables
\ No newline at end of file
diff --git a/config/rootfiles/core/202/filelists/openssh b/config/rootfiles/core/202/filelists/openssh
new file mode 120000
index 000000000..d8c77fd8e
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/202/filelists/openssl b/config/rootfiles/core/202/filelists/openssl
new file mode 120000
index 000000000..e011a9266
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/202/update.sh b/config/rootfiles/core/202/update.sh
index 59f13f900..beeaa8c13 100644
--- a/config/rootfiles/core/202/update.sh
+++ b/config/rootfiles/core/202/update.sh
@@ -96,6 +96,7 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
/etc/init.d/firewall restart
/etc/init.d/suricata restart
/etc/init.d/unbound restart
+/etc/init.d/sshd restart
# Restart IPsec
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
diff --git a/lfs/iptables b/lfs/iptables
index 018d756bc..cbdc43a45 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -2,7 +2,7 @@
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
-# 5bfaa3353c8aa8df34938e00739a6713b49697157268bb65302dac86b832c826d7b73c35ed5e71f376299c69d4a62c1d14d4b2d177c62a4f667d0b3c378a34fa #
+# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
diff --git a/lfs/openssh b/lfs/openssh
index bdaa19c9d..e22105ce4 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 10.2p1
+VER = 10.3p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8c031b10b1642e21b46f7d1db84ba42692e378a54af3d8e5b5c8706c3a0a06d442a02ed8803063121e7ff325ea275cad4432b9eaa6a7f47a4d7cfad504953ab6
+$(DL_FILE)_BLAKE2 = 77ff7c3bc943702267d74f6f7cdae44209ab940e42501e8a225761f3c8ab5416f2f0e4e61183e0b4cd79d5a041f4d1600674fcda17d3a2bd172074655cefdcd1
install : $(TARGET)
diff --git a/lfs/openssl b/lfs/openssl
index 588fe3619..a91e16700 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 3.6.1
+VER = 3.6.2
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = da949967d40ca9e17baf1bedded5080e37bce2dfc187f2a46f80ec01e708f9d550d055ef8557812135c4a1081b8f3477c5d4dbe46e0f39a9b696a7dbdc6b769a
+$(DL_FILE)_BLAKE2 = 21a23c53d16e9fbfb4c6d606d6056e7bb72e15c964c43a7f02837d805584bc34917fb2527cbc7fa75de63f3b5f840c693e7b43ac95e4bf9c10dce27f130bf69f
install : $(TARGET)
diff --git a/lfs/tzdata b/lfs/tzdata
index 50410a8ff..e57625765 100644
--- a/lfs/tzdata
+++ b/lfs/tzdata
@@ -24,7 +24,7 @@
include Config
-VER = 2026a
+VER = 2026b
# https://data.iana.org/time-zones/releases/.tar.gx & .asc
TZDATA_VER = $(VER)
@@ -47,8 +47,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz
tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_BLAKE2 = 01fd07f9bfef107c8fb1ca677b0c25b3162220377610173de6d3591a6e714d25ab763cd2b3121dabeed3f6c95f27a4f402ac4ab59f3959b6f6418824c28fdfc5
-tzcode$(TZCODE_VER).tar.gz_BLAKE2 = 6e427e937a91ed814dc3c25bfb2b64703b2fdaa2129f8a39ecc302090eccd1939403d9eb39b41d7a9252249f970deb106ac5e13030e2c79b90a5f2fcc9acb419
+tzdata$(TZDATA_VER).tar.gz_BLAKE2 = 3134d88addaa6a53749a4c87aa5c1b9d4632478152c67a26e5d1cfcf97b4eaafac3b16a41e61840360d4bde5aa05701aeb1caaafcc8a006c7f4708cfa2ac686d
+tzcode$(TZCODE_VER).tar.gz_BLAKE2 = 89ac1ee3b79c596a4903b9c25a794b24fa8e6076e61fbd30c09c690bd002f3759c76afd303abb9d716efa08da216b64362ec06be0e2c60ee89fd6a5e7b397f17
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-26 10:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-26 10:16 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 014b31c6271a8f48af2c8888ca5ad2bdf15c18f7 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox