Development March 2022

development@lists.ipfire.org

21 participants
109 discussions

[PATCH] backup: Include proxy.pac
by Peter Müller 24 Mar '22

24 Mar '22

Fixes: #12814 Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- config/backup/include | 1 + 1 file changed, 1 insertion(+) diff --git a/config/backup/include b/config/backup/include index 809a49601..cc4dc27dd 100644 --- a/config/backup/include +++ b/config/backup/include @@ -23,6 +23,7 @@ etc/unbound root/.bash_history root/.gitconfig root/.ssh +srv/web/ipfire/html/proxy.pac var/ipfire/auth/users var/ipfire/backup/addons/backup var/ipfire/backup/exclude.user -- 2.34.1

1 0

[PATCH] zlib: Pick up upstream patch for memory corruption fix
by Peter Müller 24 Mar '22

24 Mar '22

See: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- lfs/zlib | 6 +- ...ate-on-some-input-when-using-Z_FIXED.patch | 338 ++++++++++++++++++ 2 files changed, 343 insertions(+), 1 deletion(-) create mode 100644 src/patches/zlib-fix-a-bug-that-can-crash-deflate-on-some-input-when-using-Z_FIXED.patch diff --git a/lfs/zlib b/lfs/zlib index 2c89b4803..c2386778d 100644 --- a/lfs/zlib +++ b/lfs/zlib @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -78,6 +78,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && CROSS_PREFIX=$(CROSS_PREFIX) ./configure --prefix=$(PREFIX) --shared + + # https://www.openwall.com/lists/oss-security/2022/03/24/1 + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/zlib-fix-a-bug-that-can-crash-deflate-on-some-input-when-using-Z_FIXED.patch + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/zlib-fix-a-bug-that-can-crash-deflate-on-some-input-when-using-Z_FIXED.patch b/src/patches/zlib-fix-a-bug-that-can-crash-deflate-on-some-input-when-using-Z_FIXED.patch new file mode 100644 index 000000000..2b46bcce5 --- /dev/null +++ b/src/patches/zlib-fix-a-bug-that-can-crash-deflate-on-some-input-when-using-Z_FIXED.patch @@ -0,0 +1,338 @@ +commit 5c44459c3b28a9bd3283aaceab7c615f8020c531 +Author: Mark Adler <madler(a)alumni.caltech.edu> +Date: Tue Apr 17 22:09:22 2018 -0700 + + Fix a bug that can crash deflate on some input when using Z_FIXED. + + This bug was reported by Danilo Ramos of Eideticom, Inc. It has + lain in wait 13 years before being found! The bug was introduced + in zlib 1.2.2.2, with the addition of the Z_FIXED option. That + option forces the use of fixed Huffman codes. For rare inputs with + a large number of distant matches, the pending buffer into which + the compressed data is written can overwrite the distance symbol + table which it overlays. That results in corrupted output due to + invalid distances, and can result in out-of-bound accesses, + crashing the application. + + The fix here combines the distance buffer and literal/length + buffers into a single symbol buffer. Now three bytes of pending + buffer space are opened up for each literal or length/distance + pair consumed, instead of the previous two bytes. This assures + that the pending buffer cannot overwrite the symbol table, since + the maximum fixed code compressed length/distance is 31 bits, and + since there are four bytes of pending space for every three bytes + of symbol space. + +diff --git a/deflate.c b/deflate.c +index 425babc..19cba87 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + int wrap = 1; + static const char my_version[] = ZLIB_VERSION; + +- ushf *overlay; +- /* We overlay pending_buf and d_buf+l_buf. This works since the average +- * output size for (length,distance) codes is <= 24 bits. +- */ +- + if (version == Z_NULL || version[0] != my_version[0] || + stream_size != sizeof(z_stream)) { + return Z_VERSION_ERROR; +@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ + +- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); +- s->pending_buf = (uchf *) overlay; +- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); ++ /* We overlay pending_buf and sym_buf. This works since the average size ++ * for length/distance pairs over any compressed block is assured to be 31 ++ * bits or less. ++ * ++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 ++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are ++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest ++ * possible fixed-codes length/distance pair is then 31 bits total. ++ * ++ * sym_buf starts one-fourth of the way into pending_buf. So there are ++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol ++ * in sym_buf is three bytes -- two for the distance and one for the ++ * literal/length. As each symbol is consumed, the pointer to the next ++ * sym_buf value to read moves forward three bytes. From that symbol, up to ++ * 31 bits are written to pending_buf. The closest the written pending_buf ++ * bits gets to the next sym_buf symbol to read is just before the last ++ * code is written. At that time, 31*(n-2) bits have been written, just ++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at ++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 ++ * symbols are written.) The closest the writing gets to what is unread is ++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and ++ * can range from 128 to 32768. ++ * ++ * Therefore, at a minimum, there are 142 bits of space between what is ++ * written and what is read in the overlain buffers, so the symbols cannot ++ * be overwritten by the compressed data. That space is actually 139 bits, ++ * due to the three-bit fixed-code block header. ++ * ++ * That covers the case where either Z_FIXED is specified, forcing fixed ++ * codes, or when the use of fixed codes is chosen, because that choice ++ * results in a smaller compressed block than dynamic codes. That latter ++ * condition then assures that the above analysis also covers all dynamic ++ * blocks. A dynamic-code block will only be chosen to be emitted if it has ++ * fewer bits than a fixed-code block would for the same set of symbols. ++ * Therefore its average symbol length is assured to be less than 31. So ++ * the compressed data for a dynamic block also cannot overwrite the ++ * symbols from which it is being constructed. ++ */ ++ ++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); ++ s->pending_buf_size = (ulg)s->lit_bufsize * 4; + + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || + s->pending_buf == Z_NULL) { +@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + deflateEnd (strm); + return Z_MEM_ERROR; + } +- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); +- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; ++ s->sym_buf = s->pending_buf + s->lit_bufsize; ++ s->sym_end = (s->lit_bufsize - 1) * 3; ++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K ++ * on 16 bit machines and because stored blocks are restricted to ++ * 64K-1 bytes. ++ */ + + s->level = level; + s->strategy = strategy; +@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value) + + if (deflateStateCheck(strm)) return Z_STREAM_ERROR; + s = strm->state; +- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) ++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) + return Z_BUF_ERROR; + do { + put = Buf_size - s->bi_valid; +@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source) + #else + deflate_state *ds; + deflate_state *ss; +- ushf *overlay; + + + if (deflateStateCheck(source) || dest == Z_NULL) { +@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source) + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); +- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); +- ds->pending_buf = (uchf *) overlay; ++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); + + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || + ds->pending_buf == Z_NULL) { +@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source) + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); + + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); +- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); +- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; ++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; + + ds->l_desc.dyn_tree = ds->dyn_ltree; + ds->d_desc.dyn_tree = ds->dyn_dtree; +@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +diff --git a/deflate.h b/deflate.h +index 23ecdd3..d4cf1a9 100644 +--- a/deflate.h ++++ b/deflate.h +@@ -217,7 +217,7 @@ typedef struct internal_state { + /* Depth of each subtree used as tie breaker for trees of equal frequency + */ + +- uchf *l_buf; /* buffer for literals or lengths */ ++ uchf *sym_buf; /* buffer for distances and literals/lengths */ + + uInt lit_bufsize; + /* Size of match buffer for literals/lengths. There are 4 reasons for +@@ -239,13 +239,8 @@ typedef struct internal_state { + * - I can't count above 4 + */ + +- uInt last_lit; /* running index in l_buf */ +- +- ushf *d_buf; +- /* Buffer for distances. To simplify the code, d_buf and l_buf have +- * the same number of elements. To use different lengths, an extra flag +- * array would be necessary. +- */ ++ uInt sym_next; /* running index in sym_buf */ ++ uInt sym_end; /* symbol table full when sym_next reaches this */ + + ulg opt_len; /* bit length of current block with optimal trees */ + ulg static_len; /* bit length of current block with static trees */ +@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, + + # define _tr_tally_lit(s, c, flush) \ + { uch cc = (c); \ +- s->d_buf[s->last_lit] = 0; \ +- s->l_buf[s->last_lit++] = cc; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = cc; \ + s->dyn_ltree[cc].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + # define _tr_tally_dist(s, distance, length, flush) \ + { uch len = (uch)(length); \ + ush dist = (ush)(distance); \ +- s->d_buf[s->last_lit] = dist; \ +- s->l_buf[s->last_lit++] = len; \ ++ s->sym_buf[s->sym_next++] = dist; \ ++ s->sym_buf[s->sym_next++] = dist >> 8; \ ++ s->sym_buf[s->sym_next++] = len; \ + dist--; \ + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ + s->dyn_dtree[d_code(dist)].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + #else + # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) +diff --git a/trees.c b/trees.c +index 4f4a650..decaeb7 100644 +--- a/trees.c ++++ b/trees.c +@@ -416,7 +416,7 @@ local void init_block(s) + + s->dyn_ltree[END_BLOCK].Freq = 1; + s->opt_len = s->static_len = 0L; +- s->last_lit = s->matches = 0; ++ s->sym_next = s->matches = 0; + } + + #define SMALLEST 1 +@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) + + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, +- s->last_lit)); ++ s->sym_next / 3)); + + if (static_lenb <= opt_lenb) opt_lenb = static_lenb; + +@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + unsigned dist; /* distance of matched string */ + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ + { +- s->d_buf[s->last_lit] = (ush)dist; +- s->l_buf[s->last_lit++] = (uch)lc; ++ s->sym_buf[s->sym_next++] = dist; ++ s->sym_buf[s->sym_next++] = dist >> 8; ++ s->sym_buf[s->sym_next++] = lc; + if (dist == 0) { + /* lc is the unmatched char */ + s->dyn_ltree[lc].Freq++; +@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; + s->dyn_dtree[d_code(dist)].Freq++; + } +- +-#ifdef TRUNCATE_BLOCK +- /* Try to guess if it is profitable to stop the current block here */ +- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { +- /* Compute an upper bound for the compressed length */ +- ulg out_length = (ulg)s->last_lit*8L; +- ulg in_length = (ulg)((long)s->strstart - s->block_start); +- int dcode; +- for (dcode = 0; dcode < D_CODES; dcode++) { +- out_length += (ulg)s->dyn_dtree[dcode].Freq * +- (5L+extra_dbits[dcode]); +- } +- out_length >>= 3; +- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", +- s->last_lit, in_length, out_length, +- 100L - out_length*100L/in_length)); +- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; +- } +-#endif +- return (s->last_lit == s->lit_bufsize-1); +- /* We avoid equality with lit_bufsize because of wraparound at 64K +- * on 16 bit machines and because stored blocks are restricted to +- * 64K-1 bytes. +- */ ++ return (s->sym_next == s->sym_end); + } + + /* =========================================================================== +@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree) + { + unsigned dist; /* distance of matched string */ + int lc; /* match length or unmatched char (if dist == 0) */ +- unsigned lx = 0; /* running index in l_buf */ ++ unsigned sx = 0; /* running index in sym_buf */ + unsigned code; /* the code to send */ + int extra; /* number of extra bits to send */ + +- if (s->last_lit != 0) do { +- dist = s->d_buf[lx]; +- lc = s->l_buf[lx++]; ++ if (s->sym_next != 0) do { ++ dist = s->sym_buf[sx++] & 0xff; ++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; ++ lc = s->sym_buf[sx++]; + if (dist == 0) { + send_code(s, lc, ltree); /* send a literal byte */ + Tracecv(isgraph(lc), (stderr," '%c' ", lc)); +@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree) + } + } /* literal or match pair ? */ + +- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ +- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, +- "pendingBuf overflow"); ++ /* Check that the overlay between pending_buf and sym_buf is ok: */ ++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); + +- } while (lx < s->last_lit); ++ } while (sx < s->sym_next); + + send_code(s, END_BLOCK, ltree); + } -- 2.34.1

2 1

[PATCH 0/9] pakfire: remove dup. code + seperate ui/logic
by Robin Roevens 23 Mar '22

23 Mar '22

Hi all In a previous patchset extra metadata was added to paks. The intention of this patchset was to make use of this metadata in pakfire and services.cgi. Along the road it was noted by Michael and Jonatan that there was a lot of duplicate and/or ugly code going on there that should be improved and not duplicated once more. I have been working on this for quite some time, seperating logic and UI to have more generic functions in pakfire that can be reused more avoiding duplicate code in pakfire and other scripts that need data from pakfire. Here and there I also added other improvements as the cleaner code made those easy to implement. I hope I have split the changes in small enough patches to make them easier to test. - Patch 1: The function Pakfire::dblist is used to get a list of all paks but, until now, printed this list as a user formatted text which then needed to be catched and parsed again or parts of its code was duplicated to directly parse the .db files. This patch removes all UI parts from the function and refactors it to return the pak list as a hash instead of printing it as text. Also removed the core upgrade check and output from that function and added a function Pakfire::coredbinfo which returns available core db data as a hash. While moving the UI parts to the places where dblist is called I also added a bit more verbosity to the 'pakfire list' command by - adding an 'Installed: yes/no' field, so that also without color output this info is available. And - when a package upgrade is available it will now also be displayed. Example output of pakfire list: --- ... Name: wio ProgVersion: 1.3.2 Release: 14 Installed: yes Name: xinetd ProgVersion: 2.3.15 Release: 2 Installed: no Name: zabbix_agentd ProgVersion: 4.2.6 Release: 4 Installed: yes Update available: Version: 4.2.6 -> 5.0.21 Release: 4 -> 5 204 packages total. --- And finaly I added the currently installed version to each installed pak in pakfire.cgi as that info is now available there. - Patch 2: The result of previous patch are 2 'library' functions which are now the go-to functions if you need data from the core-list.db or packages_list.db files. Those files should not be parsed manually anymore anywhere else. This patch replaces such manual parsing in the 'pakfire install' routine. - Patch 3: Does the same in the Pakfire::dbgetlist function. Also in this function functionality already in Pakfire::getmetafile was duplicated. This was also replaced by a call to getmetafile. - Patch 4: Parsing of core-list.db in Pakfire::coreupdate_available is replaced with a call to the new Pakfire::coredbinfo. - Patch 5: Removes core-list.db parsing and upgrade check from Pakfire::upgradecore and move it to the 'pakfire upgrade' routine adding a bit more verbosity along the way. - Patch 6: Add a new filter 'upgrade' to the 'pakfire list' command. This filter was already available in Pakfire::dblist previously specificly to accomodate pakfire.cgi. Now this filter is also available for the CLI user, displaying a list of only the packages that need updates. Adding core update info as first list entry if an upgrade is available. Also fixed a small bug: previously 'pakfire list --no-colors installed' was not understood. Now it works like the install|remove commands. - Patch 7: Remove UI elements from the Pakfire::status function now returning a hash with status information. Moving UI part to the 'pakfire status' routine. Replaced pakfire.cgi code duplicating the retrieval of the status info by a call to this Pakfire::status function. - Patch 8: Adds a Pakfire::getmetadata function to get the metadata of a specific pak in a hash. Both 'installed' or 'latest' metadata can be requested. This function is for use everywhere pak metadata is required without having to know anything about inner working of pakfire db/meta-files. This functions is put in use for a new 'pakfire info <pak(s)>' routine for the CLI user to get all available metadata for a pak. And finaly the main purpose of this patchset: in services.cgi duplicate and or ugly code is replaced with Pakfire::dblist and Pakfire::getmetadata calls to determine which services are installed. - Patch 9: Changes the workflow of the 'pakfire upgrade' routine. Previously when 'pakfire upgrade' was launched, a core update was immediatly installed. Then available pak updates where listed and user confirmation was asked (when not using -y). Firstly I found it quite rude of pakfire to immediatly perform the core upgrade when it should be 'interactive'. Secondly by then asking user confirmation for the pak updates, it was possible for the user to answer no and end up with a system where the installed addons are compiled against a previous core and probably no longer work. So that is not really a 'free choice' then :-) Now all upgrade info is gathered first and an upgrade summary is presented to the user (more in the style of the output when a pak is installed or removed) and confirmation is requested. Only after the user confirming the upgrade the core and the paks are upgraded in one go (except ofcourse when -y is used, then no confirmation is asked). Example output of 'pakfire upgrade' now: --- CORE INFO: Checking for Core updates... PAKFIRE INFO: Checking for package updates... PAKFIRE RESV: zabbix_agentd: Resolving dependencies... PAKFIRE RESV: zabbix_agentd: Need to install dependency: fping PAKFIRE RESV: fping: Resolving dependencies... PAKFIRE INFO: Upgrade summary: CORE INFO: Core-Update 2.27.2-x86_64 to install: CORE UPGR: Release: 163 -> 165 PAKFIRE INFO: New dependencies to install: PAKFIRE INFO: fping - 30.00 KB PAKFIRE INFO: Total size: ~ 30.00 KB PAKFIRE INFO: Packages to upgrade: PAKFIRE UPGR: zabbix_agentd 4.2.6-4 -> 5.0.21-5 PAKFIRE INFO: Is this okay? [y/N] --- Which looks much cleaner to me than before, and the user has the actual choice to cancel the upgrade before anything happened. I know it is a big patchset and quite intrusive to the inner workings of pakfire, but I tried to test everything as thoroughly as possible and it should not break pakfire :-). It does make it a bit less errorprone, more robust and future-proof, easier to extend and to use both by the user and in other scripts. Regards Robin -- Dit bericht is gescanned op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn.

4 34

Fwd: [FAILED] Nightly Build of next (afd8dc4) for armv6l on arm64-01.zrh.ipfire.org
by Peter Müller 23 Mar '22

23 Mar '22

Hello *, um, could anyone kindly explain to my what happened here, and why things are working fine again a couple of hours later? Thanks in advance, and best regards, Peter Müller -------- Forwarded Message -------- Subject: [FAILED] Nightly Build of next (afd8dc4) for armv6l on arm64-01.zrh.ipfire.org Date: Tue, 22 Mar 2022 23:30:25 +0000 From: IPFire Nightly Builder <nightly-builds(a)ipfire.org> To: Nightly Builds List <nightly-builds(a)lists.ipfire.org> https://nightly.ipfire.org/next/2022-03-22%2017%3A35%3A52%20%2B0000-afd8dc4… commit afd8dc466b3a653adf12830806d7b964c9b29500 Author: Peter Müller <peter.mueller(a)ipfire.org> Date: Mon Mar 21 21:30:57 2022 +0000 Nmap: Update to 7.92 Please refer to https://nmap.org/changelog#7.92 for the changelog of this version; it is too long to include it here. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org> https://git.ipfire.org/?p=ipfire-2.x.git;a=shortlog;h=afd8dc466b3a653adf128… Packaged toolchain compilation Checking for necessary space on disk [ DONE ] Set cache size limit to 4.0 GB Building LFS stage2 [ 0 ][ DONE ] linux (5.15.23) KCFG=-headers [ 22 ][ DONE ] man-pages (2.34) [ 7 ][ DONE ] glibc (2.35) [ 4:46 ][ DONE ] tzdata (2021a) [ 3 ][ DONE ] cleanup-toolchain [ 0 ][ DONE ] zlib (1.2.11) [ 2 ][ DONE ] zstd (1.5.2) [ 1 ][ DONE ] autoconf (2.71) [ 2 ][ DONE ] automake (1.16.3) [ 3 ][ DONE ] libtool (2.4.6) [ 6 ][ DONE ] binutils (2.37) [ 32 ][ DONE ] gmp (6.2.1) [ 30 ][ DONE ] mpfr (4.1.0) [ 15 ][ DONE ] libmpc (1.2.1) [ 5 ][ DONE ] libxcrypt (4.4.28) [ 11 ][ DONE ] file (5.40) [ 8 ][ DONE ] gcc (11.1.0) [ 5:35 ][ DONE ] attr (2.5.1) [ 5 ][ DONE ] acl (2.3.1) [ 9 ][ DONE ] sed (4.8) [ 26 ][ DONE ] berkeley (5.3.28) [ 25 ][ DONE ] coreutils (9.0) [ 2:01 ][ DONE ] iana-etc (20220207) [ 0 ][ DONE ] m4 (1.4.19) [ 34 ][ DONE ] bison (3.8.2) [ 31 ][ DONE ] ncurses (6.3) [ 27 ][ DONE ] perl (5.32.1) [ 2:04 ][ DONE ] readline (8.1) [ 7 ][ DONE ] bzip2 (1.0.8) [ 1 ][ DONE ] xz (5.2.5) [ 10 ][ DONE ] lzip (1.22) [ 1 ][ DONE ] pcre (8.45) [ 8 ][ DONE ] pcre2 (10.39) [ 6 ][ DONE ] gettext (0.21) [ 2:36 ][ DONE ] bash (5.1.8) [ 33 ][ DONE ] diffutils (3.8) [ 25 ][ DONE ] ed (1.17) [ 1 ][ DONE ] findutils (4.9.0) [ 40 ][ DONE ] flex (2.6.4) [ 8 ][ DONE ] gawk (5.1.1) [ 14 ][ DONE ] go (1.15.4) [ 0 ][ SKIP ] grep (3.7) [ 26 ][ DONE ] groff (1.22.4) [ 36 ][ DONE ] gperf (3.1) [ 3 ][ DONE ] gzip (1.11) [ 16 ][ DONE ] hostname (3.20) [ 0 ][ DONE ] whois (5.5.10) [ 1 ][ DONE ] kbd (2.2.0) [ 12 ][ DONE ] less (590) [ 4 ][ DONE ] pkg-config (0.29.2) [ 25 ][ DONE ] procps (v3.3.16) [ 14 ][ DONE ] make (4.3) [ 16 ][ DONE ] man (2.4.3) [ 16 ][ DONE ] net-tools (2.10) [ 2 ][ DONE ] patch (2.7.6) [ 22 ][ DONE ] psmisc (23.4) [ 6 ][ DONE ] shadow (4.11.1) [ 16 ][ DONE ] sysklogd (1.5.1) [ 1 ][ DONE ] sysvinit (3.00) [ 0 ][ DONE ] tar (1.34) [ 34 ][ DONE ] texinfo (6.8) [ 25 ][ DONE ] util-linux (2.28.2) [ 32 ][ DONE ] vim (8.2) [ 18 ][ DONE ] e2fsprogs (1.46.5) [ 15 ][ DONE ] jq (1.6) [ 11 ][ DONE ] Building IPFire configroot [ 1 ][ DONE ] initscripts [ 1 ][ DONE ] backup [ 1 ][ DONE ] rust (2022-01-27) [ 18 ][ DONE ] openssl (1.1.1n) [ 1:25 ][ DONE ] kmod (29) [ 8 ][ DONE ] udev (3.2.6) [ 14 ][ DONE ] popt (1.18) [ 4 ][ DONE ] libedit (20210910-3.1) [ 7 ][ DONE ] libusb (1.0.25) [ 5 ][ DONE ] libusb-compat (0.1.5) [ 2 ][ DONE ] libpcap (1.10.1) [ 7 ][ DONE ] ppp (2.4.9) [ 2 ][ DONE ] pptp (1.10.0) [ 0 ][ DONE ] unzip (60) [ 2 ][ DONE ] which (2.21) [ 3 ][ DONE ] linux-firmware (20211216) [ 25 ][ DONE ] dvb-firmwares (20141125) [ 0 ][ DONE ] xr819-firmware (c01.08.0043) [ 1 ][ DONE ] zd1211-firmware (1.5) [ 0 ][ DONE ] rpi-firmware (20211127) [ 1 ][ DONE ] intel-microcode (20220207) [ 0 ][ SKIP ] pcengines-apu-firmware (4.15.0.1) [ 0 ][ SKIP ] bc (1.07.1) [ 11 ][ DONE ] u-boot (2021.07) MKIMAGE=1 [ 9 ][ DONE ] cpio (2.13) [ 28 ][ DONE ] mdadm (4.2) [ 1 ][ DONE ] dracut (056) [ 2 ][ DONE ] libaio (0.3.112) [ 0 ][ DONE ] lvm2 (2.02.188) [ 15 ][ DONE ] multipath-tools (386d288) [ 0 ][ DONE ] freetype (2.11.1) [ 5 ][ DONE ] libmnl (1.0.4) [ 4 ][ DONE ] libnfnetlink (1.0.1) [ 3 ][ DONE ] libnetfilter_queue (1.0.5) [ 4 ][ DONE ] libnetfilter_conntrack (1.0.8) [ 4 ][ DONE ] libnetfilter_cthelper (1.0.0) [ 4 ][ DONE ] libnetfilter_cttimeout (1.0.0) [ 4 ][ DONE ] iptables (1.8.7) [ 7 ][ DONE ] iproute2 (5.16.0) [ 3 ][ DONE ] screen (4.8.0) [ 7 ][ DONE ] elfutils (0.186) [ 12 ][ DONE ] linux (5.15.23) KCFG= [ 7:17 ][ DONE ] rtl8189es (03ac413135a355b55b693154c44b70f86a39732e) KCFG= [ 4 ][ DONE ] rtl8189fs (3129a665f835ce0342f9a85a0ce14a556e656b8c) KCFG= [ 3 ][ DONE ] rtl8812au (307d694076b056588c652c2bdaa543a89eb255d9) KCFG= [ 5 ][ DONE ] rtl8822bu (fd0b735e2e30d32f4d91497242cf6af288bdd082) KCFG= [ 6 ][ DONE ] xradio (354e8c32e7948d46a63796d0ca266b1f702999b0) KCFG= [ 2 ][ DONE ] linux-initrd ($(KVER)) KCFG= [ 15 ][ DONE ] libgpg-error (1.44) [ 13 ][ DONE ] libgcrypt (1.9.4) [ 16 ][ DONE ] libassuan (2.5.4) [ 8 ][ DONE ] nettle (3.7.3) [ 11 ][ DONE ] json-c (0.13.1) [ 6 ][ DONE ] libconfig (1.7.2) [ 15 ][ DONE ] libevent (1.4.14b-stable) [ 8 ][ DONE ] libevent2 (2.1.12-stable) [ 13 ][ DONE ] expat (2.4.6) [ 5 ][ DONE ] apr (1.7.0) [ 23 ][ DONE ] aprutil (1.6.1) [ 5 ][ DONE ] unbound (1.14.0) [ 23 ][ DONE ] gnutls (3.6.16) [ 1:41 ][ DONE ] libuv (1.42.0) [ 13 ][ DONE ] bind (9.16.26) [ 33 ][ DONE ] dhcp (4.4.1) [ 24 ][ DONE ] dhcpcd (9.4.1) [ 2 ][ DONE ] boost (1_76_0) [ 2:11 ][ DONE ] linux-atm (2.4.1) [ 10 ][ DONE ] gdbm (1.23) [ 12 ][ DONE ] pam (1.5.2) [ 38 ][ DONE ] c-ares (1.17.1) [ 26 ][ DONE ] curl (7.81.0) [ 28 ][ DONE ] tcl (8.6.12) [ 30 ][ DONE ] sqlite (3380000) [ 5 ][ DONE ] libffi (3.4.2) [ 6 ][ DONE ] python3 (3.10.1) [ 54 ][ DONE ] rust (2022-01-27) [ 0 ][ DONE ] rust-dissimilar (1.0.3) [ 4 ][ DONE ] rust-cfg-if (1.0.0) [ 0 ][ DONE ] rust-libc (0.2.108) [ 4 ][ DONE ] rust-getrandom (0.2.4) [ 4 ][ DONE ] rust-typenum (1.15.0) [ 4 ][ DONE ] rust-version-check (0.9.4) [ 3 ][ DONE ] rust-generic-array (0.14.4) [ 6 ][ DONE ] rust-cipher (0.3.0) [ 5 ][ DONE ] rust-hex (0.4.3) [ 2 ][ DONE ] rust-unicode-xid (0.2.1) [ 0 ][ DONE ] rust-proc-macro2 (1.0.36) [ 6 ][ DONE ] rust-quote (1.0.15) [ 6 ][ DONE ] rust-syn (1.0.86) [ 28 ][ DONE ] rust-home (0.5.3) [ 1 ][ DONE ] rust-lazy-static (1.4.0) [ 0 ][ DONE ] rust-memchr (2.4.1) [ 4 ][ DONE ] rust-aho-corasick (0.7.18) [ 6 ][ DONE ] rust-regex-syntax (0.6.25) [ 19 ][ DONE ] rust-regex (1.5.3) [ 37 ][ DONE ] rust-ucd-trie (0.1.3) [ 2 ][ DONE ] rust-pest (2.1.3) [ 4 ][ DONE ] rust-semver-parser (0.7.0) [ 2 ][ DONE ] rust-semver (0.9.0) [ 3 ][ DONE ] rust-same-file (1.0.6) [ 1 ][ DONE ] rust-walkdir (2.3.2) [ 2 ][ DONE ] rust-dirs (1.0.5) [ 4 ][ DONE ] rust-toolchain_find (0.1.4) [ 30 ][ DONE ] rust-serde (1.0.136) [ 10 ][ DONE ] rust-itoa (1.0.1) [ 1 ][ DONE ] rust-ryu (1.0.9) [ 1 ][ DONE ] rust-serde_json (1.0.78) [ 15 ][ DONE ] rust-synstructure (0.12.6) [ 33 ][ DONE ] rust-block-buffer (0.9.0) [ 5 ][ DONE ] rust-crypto-common (0.1.1) [ 6 ][ DONE ] rust-digest (0.9.0) [ 5 ][ DONE ] rust-ppv-lite86 (0.2.16) [ 2 ][ DONE ] rust-rand_core (0.6.3) [ 1 ][ DONE ] rust-rand_core-0.4.2 (0.4.2) [ 0 ][ DONE ] rust-rand_core-0.3.1 (0.3.1) [ 1 ][ DONE ] rust-rand_chacha (0.3.1) [ 6 ][ DONE ] rust-rand_hc (0.3.1) [ 2 ][ DONE ] rust-rand (0.8.4) [ 9 ][ DONE ] rust-rdrand (0.4.0) [ 1 ][ DONE ] rust-rand-0.4 (0.4.6) [ 5 ][ DONE ] rust-log (0.4.14) [ 2 ][ DONE ] rust-num_cpus (1.13.1) [ 5 ][ DONE ] rust-crossbeam-utils (0.8.6) [ 3 ][ DONE ] rust-autocfg (1.0.1) [ 2 ][ DONE ] rust-memoffset (0.6.5) [ 4 ][ DONE ] rust-scopeguard (1.1.0) [ 0 ][ DONE ] rust-crossbeam-epoch (0.9.6) [ 6 ][ DONE ] rust-crossbeam-deque (0.8.1) [ 5 ][ DONE ] rust-either (1.6.1) [ 1 ][ DONE ] rust-crossbeam-channel (0.5.2) [ 3 ][ DONE ] rust-rayon-core (1.9.1) [ 9 ][ DONE ] rust-rayon (1.5.1) [ 12 ][ DONE ] rust-remove_dir_all (0.5.3) [ 0 ][ DONE ] rust-tempdir (0.3.7) [ 6 ][ DONE ] rust-glob (0.3.0) [ 3 ][ DONE ] rust-once_cell (1.9.0) [ 1 ][ DONE ] rust-termcolor (1.1.2) [ 2 ][ DONE ] rust-toml (0.5.8) [ 21 ][ DONE ] rust-serde_derive (1.0.136) [ 1:02 ][ DONE ] rust-trybuild (1.0.54) [ 1:57 ][ DONE ] rust-unindent (0.1.7) [ 1 ][ DONE ] rust-proc-macro-hack (0.5.19) [ 6 ][ DONE ] rust-indoc-impl (0.3.6) [ 31 ][ DONE ] rust-indoc (1.0.3) [ 3 ][ DONE ] rust-instant (0.1.12) [ 1 ][ DONE ] rust-lock_api (0.4.5) [ 1 ][ DONE ] rust-smallvec (1.8.0) [ 1 ][ DONE ] rust-parking_lot_core (0.8.5) [ 4 ][ DONE ] rust-parking_lot (0.11.2) [ 6 ][ DONE ] rust-paste-impl (0.1.18) [ 10 ][ DONE ] rust-paste (1.0.3) [ 4 ][ DONE ] rust-ctor (0.1.21) [ 51 ][ DONE ] rust-ghost (0.1.2) [ 33 ][ DONE ] rust-inventory-impl (0.1.4) [ 30 ][ DONE ] rust-inventory (0.1.4) [ 1:00 ][ DONE ] rust-pyo3-build-config (0.15.1) [ 13 ][ DONE ] rust-pyo3-macros-backend (0.13.1) [ 1:02 ][ DONE ] rust-pyo3-macros (0.13.1) [ 1:09 ][ DONE ] rust-pyo3 (0.13.1) [ 1:34 ][ DONE ] gdb (11.2) [ 56 ][ DONE ] grub (2.06) [ 0 ][ SKIP ] efivar (37) [ 0 ][ SKIP ] efibootmgr (16) [ 0 ][ SKIP ] libtasn1 (4.18.0) [ 14 ][ DONE ] p11-kit (0.24.1) [ 16 ][ DONE ] ca-certificates (20220302) [ 3 ][ DONE ] fireinfo (2.2.0) [ 10 ][ DONE ] libnet (1.1.6) [ 7 ][ DONE ] libnl (1.1.4) [ 4 ][ DONE ] libnl-3 (3.5.0) [ 17 ][ DONE ] libidn (1.38) [ 16 ][ DONE ] nasm (2.14.02) [ 10 ][ DONE ] libarchive (3.6.0) [ 28 ][ DONE ] cmake (3.21.0) [ 30 ][ DONE ] ninja (1.10.2) [ 2 ][ DONE ] meson (0.60.1) [ 3 ][ DONE ] libjpeg (2.0.4) [ 3 ][ DONE ] openjpeg (2.3.1) [ 3 ][ DONE ] libexif (0.6.22) [ 5 ][ DONE ] libpng (1.6.37) [ 5 ][ DONE ] libtiff (4.3.0) [ 12 ][ DONE ] libart (2.3.21) [ 5 ][ DONE ] gd (2.3.3) [ 6 ][ DONE ] slang (2.3.2) [ 15 ][ DONE ] newt (0.52.21) [ 3 ][ DONE ] libsmooth [ 8 ][ DONE ] libcap (2.63) [ 3 ][ DONE ] libcap-ng (0.8.2) [ 4 ][ DONE ] pciutils (3.7.0) [ 1 ][ DONE ] usbutils (013) [ 13 ][ DONE ] libxml2 (2.9.12) [ 9 ][ DONE ] libxslt (1.1.34) [ 8 ][ DONE ] perl-BerkeleyDB (0.63) [ 2 ][ DONE ] cyrus-sasl (2.1.26) [ 18 ][ DONE ] openldap (2.4.49) [ 1:00 ][ DONE ] apache2 (2.4.53) [ 34 ][ DONE ] web-user-interface [ 2 ][ DONE ] flag-icons (2.6) [ 2 ][ DONE ] jquery (3.6.0) [ 0 ][ DONE ] bootstrap (4.0.0-alpha.6) [ 1 ][ DONE ] arping (2.21) [ 6 ][ DONE ] beep (1.3) [ 1 ][ DONE ] libssh (0.9.6) [ 10 ][ DONE ] libinih (r53) [ 3 ][ DONE ] cdrkit (1.1.11) [ 6 ][ DONE ] dosfstools (4.2) [ 3 ][ DONE ] exfatprogs (1.1.3) [ 4 ][ DONE ] reiserfsprogs (3.6.27) [ 12 ][ DONE ] liburcu (0.13.0) [ 15 ][ DONE ] xfsprogs (5.14.2) [ 37 ][ DONE ] sysfsutils (2.1.1) [ 10 ][ DONE ] fuse (3.10.4) [ 3 ][ DONE ] ntfs-3g (2021.8.22) [ 13 ][ DONE ] ethtool (5.16) [ 2 ][ DONE ] fcron (3.2.1) [ 10 ][ DONE ] perl-ExtUtils-PkgConfig (1.16) [ 1 ][ DONE ] perl-GD (2.73) [ 2 ][ DONE ] perl-GD-Graph (1.54) [ 1 ][ DONE ] perl-GD-TextUtil (0.86) [ 1 ][ DONE ] perl-Device-SerialPort (1.000002) [ 6 ][ DONE ] perl-Device-Modem (1.56) [ 0 ][ DONE ] perl-Apache-Htpasswd (1.9) [ 1 ][ DONE ] perl-Parse-Yapp (1.21) [ 2 ][ DONE ] perl-Data-UUID (1.224) [ 1 ][ DONE ] perl-Try-Tiny (0.31) [ 1 ][ DONE ] perl-HTTP-Message (6.36) [ 1 ][ DONE ] perl-HTTP-Date (6.05) [ 1 ][ DONE ] gnupg (1.4.23) [ 17 ][ DONE ] hdparm (9.63) [ 1 ][ DONE ] sdparm (1.12) [ 2 ][ DONE ] whatmask (1.2) [ 2 ][ DONE ] libtirpc (1.3.1) [ 6 ][ DONE ] conntrack-tools (1.4.6) [ 9 ][ DONE ] iputils (20210202) [ 4 ][ DONE ] l7-protocols (2009-05-10) [ 1 ][ DONE ] hwdata [ 0 ][ DONE ] logrotate (3.18.0) [ 5 ][ DONE ] logwatch (7.5.5) [ 2 ][ DONE ] misc-progs [ 2 ][ DONE ] nano (6.1) [ 20 ][ DONE ] perl-URI (5.09) [ 1 ][ DONE ] perl-CGI (4.54) [ 1 ][ DONE ] perl-Switch (2.17) [ 1 ][ DONE ] perl-HTML-Tagset (3.04) [ 1 ][ DONE ] perl-HTML-Parser (3.45) [ 1 ][ DONE ] perl-HTML-Template (2.94) [ 1 ][ DONE ] perl-Compress-Zlib (1.35) [ 1 ][ DONE ] perl-Digest (1.19) [ 1 ][ DONE ] perl-Digest-SHA1 (2.13) [ 2 ][ DONE ] perl-Digest-HMAC (1.03) [ 0 ][ DONE ] perl-libwww (6.61) [ 2 ][ DONE ] perl-LWP-Protocol-https (6.10) [ 1 ][ DONE ] perl-Net-HTTP (6.22) [ 1 ][ DONE ] perl-Net-DNS (1.30) [ 2 ][ DONE ] perl-Net-IPv4Addr (0.10) [ 1 ][ DONE ] perl-Net_SSLeay (1.88) [ 3 ][ DONE ] perl-IO-Stringy (2.110) [ 1 ][ DONE ] perl-IO-Socket-SSL (2.066) [ 1 ][ DONE ] perl-Unix-Syslog (1.1) [ 2 ][ DONE ] perl-Mail-Tools (2.07) [ 1 ][ DONE ] perl-MIME-Tools (5.509) [ 1 ][ DONE ] perl-Net-Server (0.97) [ 1 ][ DONE ] perl-Canary-Stability (2013) [ 1 ][ DONE ] perl-Convert-TNEF (0.18) [ 1 ][ DONE ] perl-Convert-UUlib (1.8) [ 3 ][ DONE ] perl-Archive-Tar (1.29) [ 1 ][ DONE ] perl-Archive-Zip (1.16) [ 1 ][ DONE ] perl-Text-Tabs+Wrap (2013.0523) [ 1 ][ DONE ] perl-XML-Parser (2.46) [ 2 ][ DONE ] perl-Crypt-PasswdMD5 (1.41) [ 1 ][ DONE ] perl-Net-Telnet (3.03) [ 1 ][ DONE ] python3-setuptools (59.5.0) [ 3 ][ DONE ] python3-inotify (0.2.10) [ 1 ][ DONE ] python3-docutils (0.18.1) [ 2 ][ DONE ] python3-daemon (2.3.0) [ 1 ][ DONE ] glib (2.71.1) [ 25 ][ DONE ] ntp (4.2.8p15) [ 50 ][ DONE ] openssh (8.9p1) [ 38 ][ DONE ] fontconfig (2.13.1) [ 14 ][ DONE ] dejavu-fonts-ttf (2.37) [ 1 ][ DONE ] ubuntu-font-family (0.83) [ 1 ][ DONE ] freefont (20060126) [ 1 ][ DONE ] pixman (0.40.0) [ 9 ][ DONE ] cairo (1.16.0) [ 29 ][ DONE ] harfbuzz (3.4.0) [ 15 ][ DONE ] fribidi (1.0.11) [ 4 ][ DONE ] pango (1.50.4) [ 8 ][ DONE ] rrdtool (1.7.2) [ 24 ][ DONE ] setup [ 11 ][ DONE ] libdnet (1.14) [ 12 ][ DONE ] jansson (2.14) [ 5 ][ DONE ] yaml (0.2.5) [ 4 ][ DONE ] libhtp (0.5.39) [ 12 ][ DONE ] colm (0.13.0.6) [ 14 ][ DONE ] ragel (7.0.0.11) [ 1:20 ][ DONE ] hyperscan (5.4.0) [ 0 ][ SKIP ] suricata (5.0.8) [ 2:17 ][ DONE ] oinkmaster (2.0) [ 0 ][ DONE ] ids-ruleset-sources [ 1 ][ DONE ] squid (5.4.1) [ 2:08 ][ DONE ] squidguard (1.6.0) [ 6 ][ DONE ] calamaris (2.59) [ 1 ][ DONE ] tcpdump (4.99.1) [ 6 ][ DONE ] traceroute (2.1.0) [ 1 ][ DONE ] vlan (1.9) [ 0 ][ DONE ] wireless (30.pre9) [ 1 ][ DONE ] pakfire (0.99) [ 1 ][ DONE ] spandsp (0.0.6) [ 11 ][ DONE ] lz4 (1.9.3) [ 10 ][ DONE ] lzo (2.10) [ 14 ][ DONE ] openvpn (2.5.4) [ 20 ][ DONE ] mpage (2.5.7) [ 1 ][ DONE ] dbus (1.12.20) [ 21 ][ DONE ] intltool (0.51.0) [ 2 ][ DONE ] libdaemon (0.14) [ 7 ][ DONE ] avahi (0.8) [ 20 ][ DONE ] cups (2.4.1) [ 21 ][ DONE ] lcms2 (2.13.1) [ 8 ][ DONE ] ghostscript (9.55.0) [ 30 ][ DONE ] qpdf (10.4.0) [ 16 ][ DONE ] poppler (22.02.0) [ 7 ][ DONE ] poppler-data (0.4.11) [ 2 ][ DONE ] cups-filters (1.28.10) [ 12 ][ DONE ] epson-inkjet-printer-escpr (1.6.12) [ 7 ][ DONE ] foomatic (4.0.9) [ 57 ][ DONE ] hplip (3.22.2) [ 14 ][ DONE ] cifs-utils (6.13) [ 6 ][ DONE ] krb5 (1.19.2) [ 29 ][ DONE ] rpcsvc-proto (1.4.2) [ 2 ][ DONE ] samba (4.15.5) [ 5:54 ][ DONE ] netatalk (3.1.12) [ 25 ][ DONE ] sudo (1.9.9) [ 30 ][ DONE ] mc (4.8.27) [ 29 ][ DONE ] wget (1.21.3) [ 35 ][ DONE ] bridge-utils (1.5) [ 3 ][ DONE ] smartmontools (7.2) [ 7 ][ DONE ] htop (3.1.2) [ 8 ][ DONE ] chkconfig (1.5) [ 0 ][ DONE ] postfix (3.7.0) [ 13 ][ DONE ] fetchmail (6.4.19) [ 8 ][ DONE ] clamav (0.104.2) [ 9 ][ DONE ] perl-NetAddr-IP (4.079) [ 15 ][ DONE ] dma (0.13) [ 1 ][ DONE ] alsa (1.2.5.1) [ 26 ][ DONE ] mpfire [ 1 ][ DONE ] guardian (2.0.2) [ 1 ][ DONE ] libid3tag (0.15.1b) [ 6 ][ DONE ] libmad (0.15.1b) [ 12 ][ DONE ] libogg (1.3.5) [ 4 ][ DONE ] libvorbis (1.3.6) [ 6 ][ DONE ] flac (1.3.3) [ 12 ][ DONE ] lame (3.100) [ 9 ][ DONE ] sox (14.4.2) [ 27 ][ DONE ] soxr (0.1.3) [ 3 ][ DONE ] libshout (2.4.3) [ 7 ][ DONE ] xvid (1.3.7) [ 2 ][ DONE ] libmpeg2 (0.4.1) [ 10 ][ DONE ] gnump3d (3.0) [ 2 ][ DONE ] rsync (3.2.3) [ 18 ][ DONE ] rpcbind (1.2.6) [ 2 ][ DONE ] keyutils (1.5.11) [ 1 ][ DONE ] nfs (2.5.3) [ 19 ][ DONE ] gnu-netcat (0.7.1) [ 7 ][ DONE ] ncat (7.91) [ 32 ][ DONE ] nmap (7.92) gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c ncat_listen.c -o ncat_listen.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c ncat_proxy.c -o ncat_proxy.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c ncat_ssl.c -o ncat_ssl.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c base64.c -o base64.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c http.c -o http.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c util.c -o util.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c sys_wrap.c -o sys_wrap.o gcc -DNOLUA -DHAVE_CONFIG_H -DNCAT_DATADIR="\"/usr/share/ncat\"" -D_FORTIFY_SOURCE=2 -I. -I.. -I../nsock/include/ -I../nbase -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall -c http_digest.c -o http_digest.o gcc -o ncat -O2 -pipe -Wall -fexceptions -fPIC -march=armv6zk+fp -mfpu=vfp -mfloat-abi=softfp -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -Wall ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o base64.o http.o util.o sys_wrap.o http_digest.o ../nsock/src/libnsock.a ../nbase/libnbase.a -lssl -lcrypto -lpcap make[2]: Leaving directory '/usr/src/nmap-7.91/ncat' make[1]: Leaving directory '/usr/src/nmap-7.91' cd /usr/src/nmap-7.91/ncat && make install make[1]: Entering directory '/usr/src/nmap-7.91/ncat' Installing Ncat ../shtool mkdir -f -p -m 755 /usr/bin /usr/share/man/man1 /usr/bin/install -c -c -m 755 ncat /usr/bin/ncat /usr/bin/strip -x /usr/bin/ncat if [ -n "certs/ca-bundle.crt" ]; then \ ../shtool mkdir -f -p -m 755 /usr/share/ncat; \ /usr/bin/install -c -c -m 644 certs/ca-bundle.crt /usr/share/ncat/; \ fi /usr/bin/install -c -c -m 644 docs/ncat.1 /usr/share/man/man1/ncat.1 make[1]: Leaving directory '/usr/src/nmap-7.91/ncat' ln -f -s /usr/bin/ncat /usr/bin/nc Updating linker cache... Install done; saving file list to /usr/src/log/ncat-7.91 ... Mar 22 23:30:21: Building nmap -e nmap Download: https://source.ipfire.org/source-2.x/nmap-7.92.tar.bz2 ERROR: The certificate of 'source.ipfire.org' is not trusted. make: *** [nmap:72: /build/nightly/next/cache/nmap-7.92.tar.bz2] Error 5 ERROR: Download error in nmap [ FAIL ] Check /build/nightly/next/log/_build.ipfire.log for errors if applicable[ FAIL ]

3 6

Re: IPFire 2.27 - Core Update 165 is available for testing
by Adolf Belka 23 Mar '22

23 Mar '22

Hi All, Running 165 Testing for a day now. Most things working well. One thing I found is that this morning the daily update of the IPS rulesets had not taken place although the updates were set to occur in 163 and also showed on the WUI page as being set for daily. After some searching I found that the suricata rules update link was not set in the /etc/fcron.daily directory. Pressing save on the IPS page made no difference. I then changed the setting to weekly and pressed save and the link was then created in the fcron.weekly directory. Then I changed it to daily and pressed save and now I have the link in my fcron.daily directory but it was not present after the upgrade process. It is no running with updated rulesets and I will check tomorrow how the update went. In terms of test results, everything was running after the upgrade (On my testbed I have everything set up and running although I don't yet have a working IPSec client but that should be available for the next testing. OpenVPN Roadwarrior connections successfully running. Web Proxy is up and running and working. Openssh is up and working. OpenVPN Roadwarrior connections log working. Domain Name System fully working with five DNS TLS servers. DHCP server up and fully working. Backup system working. All graphs working as before. All Firewall Log Charts working. Regards, Adolf. On 15/03/2022 12:40, IPFire Project wrote: > IPFire Logo > > there is a new post from Michael Tremer on the IPFire Blog: > > *IPFire 2.27 - Core Update 165 is available for testing* > > Another update is ready for testing: IPFire 2.27 - Core Update 165. It comes with various updates for the firewall engine that improve its performance and increase its flexibility, as well as with an updated toolchain, Python 3.10 and various more bug and security fixes. > > Click Here To Read More <https://blog.ipfire.org/post/ipfire-2-27-core-update-165-is-available-for-t…> > > The IPFire Project > Don't like these emails? Unsubscribe <https://people.ipfire.org/unsubscribe>. >

4 7

[PATCH] firewall: Fix placement of HOSTILE chains
by Peter Müller 23 Mar '22

23 Mar '22

They were mistakenly placed after the IPS chains in commit 7b529f5417254c68b6bd33732f30578182893d34, but should be placed after the connection tracking and before the IPS. Fixes: #12815 Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- src/initscripts/system/firewall | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 2a70feac2..2597dae10 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -169,6 +169,17 @@ iptables_init() { iptables -t nat -N CUSTOMPOSTROUTING iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING + # Chains for networks known as being hostile, posing a technical threat to our users + # (i. e. listed at Spamhaus DROP et al.) + iptables -N HOSTILE + iptables -A INPUT -j HOSTILE + iptables -A FORWARD -j HOSTILE + iptables -A OUTPUT -j HOSTILE + + iptables -N HOSTILE_DROP + iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " + iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE" + # IPS (Guardian) chains iptables -N GUARDIAN iptables -A INPUT -j GUARDIAN @@ -259,17 +270,6 @@ iptables_init() { iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT fi - # Chains for networks known as being hostile, posing a technical threat to our users - # (i. e. listed at Spamhaus DROP et al.) - iptables -N HOSTILE - iptables -A INPUT -j HOSTILE - iptables -A FORWARD -j HOSTILE - iptables -A OUTPUT -j HOSTILE - - iptables -N HOSTILE_DROP - iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " - iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE" - # Tor (inbound) iptables -N TOR_INPUT iptables -A INPUT -j TOR_INPUT -- 2.34.1

2 1

[PATCH] module-init-tools: Delete orphaned LFS file
by Peter Müller 23 Mar '22

23 Mar '22

This was dropped 2013 in commit ba109afd0d551909be86bb11d797f1db80ce56f6, but the LFS file remained there. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- lfs/module-init-tools | 77 ------------------------------------------- 1 file changed, 77 deletions(-) delete mode 100644 lfs/module-init-tools diff --git a/lfs/module-init-tools b/lfs/module-init-tools deleted file mode 100644 index 9a97ac8e5..000000000 --- a/lfs/module-init-tools +++ /dev/null @@ -1,77 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see <http://www.gnu.org/licenses/>. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 3.5 - -THISAPP = module-init-tools-$(VER) -DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 2b47686247fc9a99bfdb9dd1d1d80e6f - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/ --disable-nls --enable-zlib - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make INSTALL=install install - @rm -rf $(DIR_APP) - @$(POSTBUILD) -- 2.34.1

1 0

[PATCH] bind: Update to 9.16.27
by Matthias Fischer 23 Mar '22

23 Mar '22

For details see: https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-f… "Security Fixes The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. (CVE-2021-25220) ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University, and Changgen Zou from Qi An Xin Group Corp. for bringing this vulnerability to our attention. [GL #2950] TCP connections with keep-response-order enabled could leave the TCP sockets in the CLOSE_WAIT state when the client did not properly shut down the connection. (CVE-2022-0396) [GL #3112] Feature Changes DEBUG(1)-level messages were added when starting and ending the BIND 9 task-exclusive mode that stops normal DNS operation (e.g. for reconfiguration, interface scans, and other events that require exclusive access to a shared resource). [GL #3137] Bug Fixes The max-transfer-time-out and max-transfer-idle-out options were not implemented when the BIND 9 networking stack was refactored in 9.16. The missing functionality has been re-implemented and outgoing zone transfers now time out properly when not progressing. [GL #1897] TCP connections could hang indefinitely if the other party did not read sent data, causing the TCP write buffers to fill. This has been fixed by adding a “write” timer. Connections that are hung while writing now time out after the tcp-idle-timeout period has elapsed. [GL #3132] The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could be miscalculated in certain resolution scenarios, potentially causing the value of the counter to drop below zero. This has been fixed. [GL #3147]" Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/bind | 14 +++++++------- lfs/bind | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index c0e56854a..df3df4f47 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -274,24 +274,24 @@ usr/bin/nsupdate #usr/include/pk11/site.h #usr/include/pkcs11 #usr/include/pkcs11/pkcs11.h -usr/lib/libbind9-9.16.26.so +usr/lib/libbind9-9.16.27.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libdns-9.16.26.so +usr/lib/libdns-9.16.27.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libirs-9.16.26.so +usr/lib/libirs-9.16.27.so #usr/lib/libirs.la #usr/lib/libirs.so -usr/lib/libisc-9.16.26.so +usr/lib/libisc-9.16.27.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.16.26.so +usr/lib/libisccc-9.16.27.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.16.26.so +usr/lib/libisccfg-9.16.27.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.16.26.so +usr/lib/libns-9.16.27.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/lfs/bind b/lfs/bind index 72c85f5f5..d8970a2af 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.16.26 +VER = 9.16.27 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 799696f44e0d61659fa0efaa3c5fe5d8 +$(DL_FILE)_MD5 = db71eecaf698660da37581c42ce9f904 install : $(TARGET) -- 2.25.1

2 1

[PATCH] rrdtool: Update to 1.8.0
by Matthias Fischer 23 Mar '22

23 Mar '22

For details see: https://github.com/oetiker/rrdtool-1.x/releases/tag/v1.8.0 "Bugfixes python bindings: properly convert double values of rrd info failed to expand 'Py_UNUSED', Invalid usage when expanding 'Py_UNUSED' document --showtime in xport help output fix --use-nan-for-all-missing-data update rrdruby.pod add missing rrdruby.pod and rrdpython.pod to dist Set first_weekday to 0 (Sunday), when HAVE__NL_TIME_WEEK_1STDAY is not defined fix median calculation for all NaN inputs fix potential leak in xport during failure fix many warnings raised by Cppcheck fix many compiler warnings from latest gcc ensure proper initialization in rrd_daemon cleanup testsuite better testing avoid invalid read in rrd_client add symbols from rrdc to librrd Fix duplicate write_changes_to_disk() calls when HAVE_LIBRADOS is true and HAVE_MMAP is false documentation updates for SMIN example in docs fix for pyton3 compatibility freemem only for valid status <Christian Kr"oger> fix double meaning of time 0 as uninitialized value fix for zfs not supporting fallocate. this makes resize work on zfs add rrdrados.pod to dist fetch - do not call rrd_freemem on uninitialized pointers use separate pango fontmap per thread switch to python 3 do not leak filename when opening a broken file fix leaks in rrdcached avoid segfault when flushing cache escape json in legend entries fix leak in xport make rrdcgi param parsing more robust fix race in journal_write" Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/rrdtool | 199 ++++++++++++++++---------------- lfs/rrdtool | 6 +- 2 files changed, 102 insertions(+), 103 deletions(-) diff --git a/config/rootfiles/common/rrdtool b/config/rootfiles/common/rrdtool index de184ce25..b37614c09 100644 --- a/config/rootfiles/common/rrdtool +++ b/config/rootfiles/common/rrdtool @@ -11,114 +11,113 @@ usr/bin/rrdupdate #usr/lib/librrd.la #usr/lib/librrd.so usr/lib/librrd.so.8 -usr/lib/librrd.so.8.2.1 +usr/lib/librrd.so.8.3.0 usr/lib/perl5/site_perl/5.32.1/RRDp.pm usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/RRDs.pm #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDp #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDp/.packlist #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDs #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDs/.packlist -#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDs/RRDs.bs usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/RRDs/RRDs.so #usr/lib/pkgconfig/librrd.pc -#usr/share/doc/rrdtool-1.7.2 -#usr/share/doc/rrdtool-1.7.2/html -#usr/share/doc/rrdtool-1.7.2/html/RRDp.html -#usr/share/doc/rrdtool-1.7.2/html/RRDs.html -#usr/share/doc/rrdtool-1.7.2/html/bin_dec_hex.html -#usr/share/doc/rrdtool-1.7.2/html/cdeftutorial.html -#usr/share/doc/rrdtool-1.7.2/html/index.html -#usr/share/doc/rrdtool-1.7.2/html/librrd.html -#usr/share/doc/rrdtool-1.7.2/html/rpntutorial.html -#usr/share/doc/rrdtool-1.7.2/html/rrd-beginners.html -#usr/share/doc/rrdtool-1.7.2/html/rrd_pdpcalc.html -#usr/share/doc/rrdtool-1.7.2/html/rrdbuild.html -#usr/share/doc/rrdtool-1.7.2/html/rrdcached.html -#usr/share/doc/rrdtool-1.7.2/html/rrdcgi.html -#usr/share/doc/rrdtool-1.7.2/html/rrdcreate.html -#usr/share/doc/rrdtool-1.7.2/html/rrddump.html -#usr/share/doc/rrdtool-1.7.2/html/rrdfetch.html -#usr/share/doc/rrdtool-1.7.2/html/rrdfirst.html -#usr/share/doc/rrdtool-1.7.2/html/rrdflushcached.html -#usr/share/doc/rrdtool-1.7.2/html/rrdgraph.html -#usr/share/doc/rrdtool-1.7.2/html/rrdgraph_data.html -#usr/share/doc/rrdtool-1.7.2/html/rrdgraph_examples.html -#usr/share/doc/rrdtool-1.7.2/html/rrdgraph_graph.html -#usr/share/doc/rrdtool-1.7.2/html/rrdgraph_rpn.html -#usr/share/doc/rrdtool-1.7.2/html/rrdinfo.html -#usr/share/doc/rrdtool-1.7.2/html/rrdlast.html -#usr/share/doc/rrdtool-1.7.2/html/rrdlastupdate.html -#usr/share/doc/rrdtool-1.7.2/html/rrdlist.html -#usr/share/doc/rrdtool-1.7.2/html/rrdresize.html -#usr/share/doc/rrdtool-1.7.2/html/rrdrestore.html -#usr/share/doc/rrdtool-1.7.2/html/rrdthreads.html -#usr/share/doc/rrdtool-1.7.2/html/rrdtool.html -#usr/share/doc/rrdtool-1.7.2/html/rrdtune.html -#usr/share/doc/rrdtool-1.7.2/html/rrdtutorial.html -#usr/share/doc/rrdtool-1.7.2/html/rrdupdate.html -#usr/share/doc/rrdtool-1.7.2/html/rrdxport.html -#usr/share/doc/rrdtool-1.7.2/txt -#usr/share/doc/rrdtool-1.7.2/txt/bin_dec_hex.pod -#usr/share/doc/rrdtool-1.7.2/txt/bin_dec_hex.txt -#usr/share/doc/rrdtool-1.7.2/txt/cdeftutorial.pod -#usr/share/doc/rrdtool-1.7.2/txt/cdeftutorial.txt -#usr/share/doc/rrdtool-1.7.2/txt/librrd.txt -#usr/share/doc/rrdtool-1.7.2/txt/rpntutorial.pod -#usr/share/doc/rrdtool-1.7.2/txt/rpntutorial.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrd-beginners.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrd-beginners.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrd_pdpcalc.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrd_pdpcalc.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdbuild.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdbuild.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdcached.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdcached.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdcgi.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdcgi.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdcreate.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdcreate.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrddump.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrddump.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdfetch.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdfetch.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdfirst.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdfirst.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdflushcached.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdflushcached.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_data.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_data.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_examples.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_examples.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_graph.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_graph.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_rpn.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdgraph_rpn.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdinfo.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdinfo.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdlast.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdlast.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdlastupdate.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdlastupdate.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdlist.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdlist.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdresize.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdresize.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdrestore.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdrestore.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdthreads.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdthreads.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdtool.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdtool.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdtune.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdtune.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdtutorial.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdtutorial.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdupdate.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdupdate.txt -#usr/share/doc/rrdtool-1.7.2/txt/rrdxport.pod -#usr/share/doc/rrdtool-1.7.2/txt/rrdxport.txt +#usr/share/doc/rrdtool-1.8.0 +#usr/share/doc/rrdtool-1.8.0/html +#usr/share/doc/rrdtool-1.8.0/html/RRDp.html +#usr/share/doc/rrdtool-1.8.0/html/RRDs.html +#usr/share/doc/rrdtool-1.8.0/html/bin_dec_hex.html +#usr/share/doc/rrdtool-1.8.0/html/cdeftutorial.html +#usr/share/doc/rrdtool-1.8.0/html/index.html +#usr/share/doc/rrdtool-1.8.0/html/librrd.html +#usr/share/doc/rrdtool-1.8.0/html/rpntutorial.html +#usr/share/doc/rrdtool-1.8.0/html/rrd-beginners.html +#usr/share/doc/rrdtool-1.8.0/html/rrd_pdpcalc.html +#usr/share/doc/rrdtool-1.8.0/html/rrdbuild.html +#usr/share/doc/rrdtool-1.8.0/html/rrdcached.html +#usr/share/doc/rrdtool-1.8.0/html/rrdcgi.html +#usr/share/doc/rrdtool-1.8.0/html/rrdcreate.html +#usr/share/doc/rrdtool-1.8.0/html/rrddump.html +#usr/share/doc/rrdtool-1.8.0/html/rrdfetch.html +#usr/share/doc/rrdtool-1.8.0/html/rrdfirst.html +#usr/share/doc/rrdtool-1.8.0/html/rrdflushcached.html +#usr/share/doc/rrdtool-1.8.0/html/rrdgraph.html +#usr/share/doc/rrdtool-1.8.0/html/rrdgraph_data.html +#usr/share/doc/rrdtool-1.8.0/html/rrdgraph_examples.html +#usr/share/doc/rrdtool-1.8.0/html/rrdgraph_graph.html +#usr/share/doc/rrdtool-1.8.0/html/rrdgraph_rpn.html +#usr/share/doc/rrdtool-1.8.0/html/rrdinfo.html +#usr/share/doc/rrdtool-1.8.0/html/rrdlast.html +#usr/share/doc/rrdtool-1.8.0/html/rrdlastupdate.html +#usr/share/doc/rrdtool-1.8.0/html/rrdlist.html +#usr/share/doc/rrdtool-1.8.0/html/rrdresize.html +#usr/share/doc/rrdtool-1.8.0/html/rrdrestore.html +#usr/share/doc/rrdtool-1.8.0/html/rrdthreads.html +#usr/share/doc/rrdtool-1.8.0/html/rrdtool.html +#usr/share/doc/rrdtool-1.8.0/html/rrdtune.html +#usr/share/doc/rrdtool-1.8.0/html/rrdtutorial.html +#usr/share/doc/rrdtool-1.8.0/html/rrdupdate.html +#usr/share/doc/rrdtool-1.8.0/html/rrdxport.html +#usr/share/doc/rrdtool-1.8.0/txt +#usr/share/doc/rrdtool-1.8.0/txt/bin_dec_hex.pod +#usr/share/doc/rrdtool-1.8.0/txt/bin_dec_hex.txt +#usr/share/doc/rrdtool-1.8.0/txt/cdeftutorial.pod +#usr/share/doc/rrdtool-1.8.0/txt/cdeftutorial.txt +#usr/share/doc/rrdtool-1.8.0/txt/librrd.txt +#usr/share/doc/rrdtool-1.8.0/txt/rpntutorial.pod +#usr/share/doc/rrdtool-1.8.0/txt/rpntutorial.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrd-beginners.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrd-beginners.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrd_pdpcalc.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrd_pdpcalc.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdbuild.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdbuild.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdcached.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdcached.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdcgi.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdcgi.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdcreate.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdcreate.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrddump.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrddump.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdfetch.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdfetch.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdfirst.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdfirst.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdflushcached.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdflushcached.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_data.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_data.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_examples.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_examples.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_graph.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_graph.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_rpn.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdgraph_rpn.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdinfo.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdinfo.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdlast.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdlast.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdlastupdate.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdlastupdate.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdlist.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdlist.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdresize.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdresize.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdrestore.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdrestore.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdthreads.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdthreads.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdtool.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdtool.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdtune.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdtune.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdtutorial.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdtutorial.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdupdate.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdupdate.txt +#usr/share/doc/rrdtool-1.8.0/txt/rrdxport.pod +#usr/share/doc/rrdtool-1.8.0/txt/rrdxport.txt #usr/share/locale/fr/LC_MESSAGES/rrdtool.mo #usr/share/locale/hu/LC_MESSAGES/rrdtool.mo #usr/share/man/man1/bin_dec_hex.1 diff --git a/lfs/rrdtool b/lfs/rrdtool index bbc7f3330..dfa5738d7 100644 --- a/lfs/rrdtool +++ b/lfs/rrdtool @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.7.2 +VER = 1.8.0 THISAPP = rrdtool-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 638e3a0a1609d97e9f82e8832759dcd2 +$(DL_FILE)_MD5 = 852754364cbd0703a099b5eb32932851 install : $(TARGET) -- 2.25.1

2 1

[PATCH 1/5] ids-functions.pl: Drop downloader code for sourcefire based ruleset.
by Stefan Schantl 22 Mar '22

22 Mar '22

Even if the servers do not support HEAD requests, the remote filesize (content_length) can be obtained from the connection headers. This generic method works for all servers and therefore we do not need the code for handle sourcefire servers in a different way anymore. Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org> --- config/cfgroot/ids-functions.pl | 43 +++++---------------------------- 1 file changed, 6 insertions(+), 37 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 94dccc8ae..eb276030b 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -354,43 +354,6 @@ sub downloadruleset ($) { return 1; } - # Variable to store the filesize of the remote object. - my $remote_filesize; - - # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check - # for this webserver. - # - # Check if the ruleset source contains "snort.org". - unless ($url =~ /\.snort\.org/) { - # Pass the requrested url to the downloader. - my $request = HTTP::Request->new(HEAD => $url); - - # Accept the html header. - $request->header('Accept' => 'text/html'); - - # Perform the request and fetch the html header. - my $response = $downloader->request($request); - - # Check if there was any error. - unless ($response->is_success) { - # Obtain error. - my $error = $response->status_line(); - - # Log error message. - &_log_to_syslog("Unable to download the ruleset. $$error$"); - - # Return "1" - false. - return 1; - } - - # Assign the fetched header object. - my $header = $response->headers(); - - # Grab the remote file size from the object and store it in the - # variable. - $remote_filesize = $header->content_length; - } - # Load perl module to deal with temporary files. use File::Temp; @@ -416,6 +379,12 @@ sub downloadruleset ($) { return 1; } + # Obtain the connection headers. + my $headers = $response->headers; + + # Get the remote size of the downloaded file. + my $remote_filesize = $headers->content_length; + # Load perl stat module. use File::stat; -- 2.30.2

1 4

← Newer
1
2
3
4
5
6
7
...
11
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development March 2022