[PATCH] curl: Update to version 8.1.0

[PATCH] curl: Update to version 8.1.0

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 18528 bytes --]

- Update from version 7.88.1 to 8.1.0
- Update of rootfile not required
- Changelog
Fixed in 8.1.0 - May 17 2023
	Changes:
	    curl: add --proxy-http2
	    CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
	    hostip: refuse to resolve the .onion TLD
	    tool_writeout: add URL component variables
	Bugfixes:
	    amiga: Fix CA certificate paths for AmiSSL and MorphOS
	    autotools: sync up clang picky warnings with cmake
	    aws-sigv4.d: fix region identifier in example
	    bufq: simplify since expression is always true
	    cf-h1-proxy: skip an extra NULL assign
	    cf-h2-proxy: fix processing ingress to stop too early
	    cf-socket: add socket recv buffering for most tcp cases
	    cf-socket: Disable socket receive buffer by default
	    cf-socket: remove dead code discovered by PVS
	    cf-socket: turn off IPV6_V6ONLY on Windows if it is supported
	    checksrc: check for spaces before the colon of switch labels
	    checksrc: find bad indentation in conditions without open brace
	    checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"
	    ci: `-Wno-vla` no longer necessary
	    CI: fix brew retries on GHA
	    CI: Set minimal permissions on workflow ngtcp2-quictls.yml
	    CI: skip Azure for commits which change only GHA
	    CI: use another glob syntax for matching files on Appveyor
	    cmake: bring in the network library on Haiku
	    cmake: do not add zlib headers for openssl
	    CMake: make config version 8 compatible with 7
	    cmake: picky-linker fixes for openssl, ZLIB, H3 and more
	    cmake: set SONAME for SunOS too
	    cmake: speed up and extend picky clang/gcc options
	    CMakeLists.txt: fix typo for Haiku detection
	    compressed.d: clarify the words on "not notifying headers"
	    config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
	    configure: don't set HAVE_WRITABLE_ARGV on Windows
	    configure: fix detection of apxs (for httpd)
	    configure: make quiche require quiche_conn_send_ack_eliciting
	    connect: fix https connection setup to treat ssl_mode correctly
	    content_encoding: only do transfer-encoding compression if asked to
	    cookie: address PVS nits
	    cookie: clarify that init with data set to NULL reads no file
	    curl: do NOT append file name to path for upload when there's a query
	    curl_easy_getinfo.3: typo fix (duplicated "from the")
	    curl_easy_unescape.3: rename the argument
	    curl_path: bring back support for SFTP path ending in /~
	    curl_url_set.3: mention that users can set content rather freely
	    CURLOPT_IPRESOLVE.3: this for host names, not IP addresses
	    data.d: emphasize no conversion
	    digest: clear target buffer
	    doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
	    docs/cmdline-opts: document the dotless config path
	    docs/examples/protofeats.c: outputs all protocols and features
	    docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"
	    docs/SECURITY-ADVISORY.md: how to write a curl security advisory
	    docs: bump the minimum perl version to 5.6
	    docs: clarify that more backends have HTTPS proxy support
	    dynbuf: never allocate larger than "toobig"
	    easy_cleanup: require a "good" handle to act
	    ftp: fix 'portsock' variable was assigned the same value
	    ftp: remove dead code
	    ftplistparser: move out private data from public struct
	    ftplistparser: replace realloc with dynbuf
	    gen.pl: error on duplicated See-Also fields
	    getpart: better handle case of file not found
	    GHA-linux: add an address-sanitizer build
	    GHA: add a memory-sanitizer job
	    GHA: run all linux test jobs with valgrind
	    GHA: suppress git clone output
	    GIT-INFO: add --with-openssl
	    gskit: various compile errors in OS400
	    h2/h3: replace `state.drain` counter with `state.dselect_bits`
	    hash: fix assigning same value
	    headers: clear (possibly) lingering pointer in init
	    hostcheck: fix host name wildcard checking
	    hostip: add locks around use of global buffer for alarm()
	    hostip: enforce a maximum DNS cache size independent of timeout value
	    HTTP-COOKIES.md: mention the #HttpOnly_ prefix
	    http2: always EXPIRE_RUN_NOW unpaused http/2 transfers
	    http2: do flow window accounting for cancelled streams
	    http2: enlarge the connection window
	    http2: flow control and buffer improvements
	    http2: move HTTP/2 stream vars into local context
	    http2: pass `stream` to http2_handle_stream_close to avoid NULL checks
	    http2: remove unused Curl_http2_strerror function declaration
	    HTTP3/quiche: terminate h1 response header when no body is sent
	    http3: check stream_ctx more thoroughly in all backends
	    HTTP3: document the ngtcp2/nghttp3 versions to use for building curl
	    http3: expire unpaused transfers in all HTTP/3 backends
	    http3: improvements across backends
	    http: free the url before storing a new copy
	    http: skip a double NULL assign
	    ipv4.d/ipv6.d: they are "mutex", not "boolean"
	    KNOWN_BUGS: remove fixed or outdated issues, move non-bugs
	    lib/cmake: add HAVE_WRITABLE_ARGV check
	    lib/sha256.c: typo fix in comment (duplicated "is available")
	    lib1560: verify that more bad host names are rejected
	    lib: add `bufq` and `dynhds`
	    lib: remove CURLX_NO_MEMORY_CALLBACKS
	    lib: unify the upload/method handling
	    lib: use correct printf flags for sockets and timediffs
	    libssh2: fix crash in keyboard callback
	    libssh2: free fingerprint better
	    libssh: tell it to use SFTP non-blocking
	    man pages: simplify the .TH sections
	    MANUAL.md: add dict example for looking up a single definition
	    md(4|5): don't use deprecated iOS functions
	    md4: only build when used
	    mime: skip NULL assigns after Curl_safefree()
	    multi: add handle asserts in DEBUG builds
	    multi: add multi-ignore logic to multi_socket_action
	    multi: free up more data earleier in DONE
	    multi: remove a few superfluous assigns
	    multi: remove PENDING + MSGSENT handles from the main linked list
	    ngtcp2: adapted to 0.15.0
	    ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
	    noproxy: pointer to local array 'hostip' is stored outside scope
	    ntlm: clear lm and nt response buffers before use
	    openssl: interop with AWS-LC
	    OS400: fix and complete ILE/RPG binding
	    OS400: implement EBCDIC support for recent features
	    OS400: improve vararg emulation
	    OS400: provide ILE/RPG usage examples
	    pingpong: fix compiler warning "assigning an enum to unsigned char"
	    pytest: improvements for suitable curl and error output
	    quiche: disable pacing while pacing is not actually performed
	    quiche: Enable IDLE egress handling
	    RELEASE-PROCEDURE: update to new schedule
	    rtsp: convert mallocs to dynbuf for RTP buffering
	    rtsp: skip malformed RTSP interleaved frame data
	    rtsp: skip NULL assigns after Curl_safefree()
	    runtests: die if curl version can be found
	    runtests: don't start servers if -l is given
	    runtests: fix -c option when run with valgrind
	    runtests: fix quoting in Appveyor and Azure test integration
	    runtests: lots of refactoring
	    runtests: refactor into more packages
	    runtests: show error message if file can't be written
	    runtests: spawn a new process for the test runner
	    rustls: fix error in recv handling
	    schannel: add clarifying comment
	    server/getpart: clear target buffer before load
	    smb: remove double assign
	    smbserver: remove temporary files before exit
	    socketpair: verify with a random value
	    ssh: Add support for libssh2 read timeout
	    telnet: simplify the implementation of str_is_nonascii()
	    test1169: fix so it works properly everywhere
	    test1592: add flaky keyword
	    test1960: point to the correct path for the precheck tool
	    test303: kill server after test
	    tests/http: add timeout to running curl in test cases
	    tests/http: fix log formatting on wrong exit code
	    tests/http: fix out-of-tree builds
	    tests/http: improved httpd detection
	    tests/http: more tests with specific clients
	    tests/http: relax connection check in test_07_02
	    tests/keywords.pl: remove
	    tests/libtest/lib1900.c: remove
	    tests/sshserver.pl: Define AddressFamily earlier
	    tests: 1078 1288 1297 use valid IPv4 addresses
	    tests: document that the unittest keyword is special
	    tests: increase sws timeout for more robust testing
	    tests: log a too-long Unix socket path in sws and socksd
	    tests: make test_12_01 a bit more forgiving on connection counts
	    tests: move pidfiles and portfiles under the log directory
	    tests: move server config files under the pid dir
	    tests: silence some Perl::Critic warnings in test suite
	    tests: stop using strndup(), which isn't portable
	    tests: switch to 3-argument open in test suite
	    tests: turn perl modules into full packages
	    tests: use %LOGDIR to refer to the log directory
	    tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
	    tool_operate: pass a long as CURLOPT_HEADEROPT argument
	    tool_operate: refuse (--data or --form) and --continue-at combo
	    transfer: refuse POSTFIELDS + RESUME_FROM combo
	    transfer: skip extra assign
	    url: fix null dispname for --connect-to option
	    url: fix PVS nits
	    url: remove call to Curl_llist_destroy in Curl_close
	    urlapi: cleanups and improvements
	    urlapi: detect and error on illegal IPv4 addresses
	    urlapi: prevent setting invalid schemes with *url_set()
	    urlapi: skip a pointless assign
	    urlapi: URL encoding for the URL missed the fragment
	    urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication
	    urldata: shrink *select_bits int => unsigned char
	    vlts: use full buffer size when receiving data if possible
	    vtls and h2 improvements
	    Websocket: enhanced en-/decoding
	    wolfssl.yml: bump to version 5.6.0
	    write-out.d: Use response_code in example
	    ws: handle reads before EAGAIN better
Fixed in 8.0.1 - March 20 2023
	Bugfixes:
	    fix crash in curl_easy_cleanup
Fixed in 8.0.0 - March 20 2023
	Changes:
	    build: remove support for curl_off_t < 8 bytes
	Bugfixes:
	    .cirrus.yml: Bump to FreeBSD 13.2
	    aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
	    BINDINGS: add Fortran binding
	    build: drop the use of XC_AMEND_DISTCLEAN
	    build: fix stdint/inttypes detection with non-autotools
	    cf-socket: fix handling of remote addr for accepted tcp sockets
	    cf-socket: if socket is already connected, return CURLE_OK
	    cf-socket: use port 80 when resolving name for local bind
	    CI: don't run CI jobs if only another CI was changed
	    CI: update ngtcp2 and nghttp2 for pytest
	    cmake: delete unused HAVE__STRTOI64
	    cmake: fix enabling LDAPS on Windows
	    cmake: skip CA-path/bundle auto-detection in cross-builds
	    connect: fix time_connect and time_appconnect timer statistics
	    cookie: don't load cookies again when flushing
	    cookie: parse without sscanf()
	    curl.h: require gcc 12.1 for the deprecation magic
	    curl: make -w's %{stderr} use the file set with --stderr
	    curl_path: create the new path with dynbuf
	    CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
	    CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
	    CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
	    DEPRECATE: the original legacy mingw version 1
	    doc: fix compiler warning in libcurl.m4
	    docs/cmdline-opts: mark all global options
	    docs/SECURITY-PROCESS.md: updates
	    docs: extend the URL API descriptions
	    docs: note '--data-urlencode' option
	    DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
	    easy: remove infof() debug leftover from curl_easy_recv
	    examples/http3.c: use CURL_HTTP_VERSION_3
	    ftp: active mode with SSL, add the filter
	    ftp: add more conditions for connection reuse
	    ftp: allocate the wildcard struct on demand
	    ftp: make the EPSV response parser not use sscanf
	    ftp: replace sscanf for MDTM 213 response parsing
	    ftp: replace sscanf for PASV parsing
	    gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura
	    headers: make curl_easy_header and nextheader return different buffers
	    hostip: avoid sscanf and extra buffer copies
	    http2: fix error handling during parallel operations
	    http2: fix for http2-prior-knowledge when reusing connections
	    http2: fix handling of RST and GOAWAY to recognize partial transfers
	    http2: fix upload busy loop
	    http: don't send 100-continue for short PUT requests
	    http: fix unix domain socket use in https connects
	    http: rewrite the status line parser without sscanf
	    http_proxy: parse the status line without sscanf
	    idn: return error if the conversion ends up with a blank host
	    krb5: avoid sscanf for parsing
	    lib1560: test parsing URLs with ridiculously large fields
	    lib2305: deal with CURLE_AGAIN
	    lib517: verify time stamps without leading zeroes plus some more
	    lib: silence clang/gcc -Wvla warnings in brotli headers
	    lib: skip Curl_llist_destroy calls
	    libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3
	    libssh2: only set the memory callbacks when debugging
	    libssh2: remove unused variable from libssh2's struct
	    libssh: use dynbuf instead of realloc
	    Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro
	    Makefile.mk: fix -g option in debug mode
	    mqtt: on send error, return error
	    multi: make multi_perform ignore/unignore signals less often
	    multi: remove PENDING + MSGSENT handles from the main linked list
	    ngtcp2-gnutls.yml: bump to gnutls 3.8.0
	    ngtcp2: fix unwanted close of file descriptor 0
	    page-footer: add explanation for three missing exit codes
	    parsedate: parse strings without using sscanf()
	    parsedate: replace sscanf( for time stamp parsing
	    quic/schannel: fix compiler warnings
	    rand: use arc4random as fallback when available
	    rate.d: single URLs make no sense in --rate example
	    RELEASE-PROCEDURE.md: update coming release dates
	    rtsp: avoid sscanf for parsing
	    runtests: use a hash table for server port numbers
	    sectransp: fix compiler warning c89 mixed code/declaration
	    sectransp: make read_cert() use a dynbuf when loading
	    secure-transport: fix recv return code handling
	    select: stop treating POLLRDBAND as an error
	    setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct
	    socket: detect "dead" connections better, e.g. not fit for reuse
	    src: silence wmain() warning for all build methods
	    telnet: only accept option arguments in ascii
	    telnet: parse NEW_ENVIRON without sscanf
	    telnet: parse telnet options without sscanf
	    telnet: parse the WS= argument without sscanf
	    test1470: test socks proxy using unix sockets and connect to https
	    test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED
	    test2600: detect when ALARM_TIMEOUT is in use and adjust
	    test422: verify --next used without a prior URL
	    tests/http: add pytest to GHA and improve tests
	    tests: add `cookies` features
	    tests: add timeout, SLOWDOWN and DELAY keywords to tests
	    tests: fix gnutls-serv check
	    tests: fix MSVC unreachable code warnings in unit tests
	    tests: hack to build most unit tests under cmake
	    tests: HTTP server fixups
	    tests: keep cmake unit tests names in sync
	    tests: make CPPFLAGS common to all unit tests
	    tests: make first.c the same for both lib tests and unit tests
	    tests: support for imaps/pop3s/smtps protocols
	    tests: sync option lists in runtests.pl & its man page
	    tests: test secure mail protocols with explicit SSL requests
	    tests: use AM_CPPFILES to modify flags in unit tests
	    tests: use dynamic ports numbers in pytest suite
	    tool: dump headers even if file is write-only
	    tool: improve --stderr handling
	    tool_getparam: don't add a new node for just --no-remote-name
	    tool_getparam: error if --next is used without a prior URL
	    tool_operate: avoid fclose(NULL) on bad header dump file
	    tool_operate: propagate error codes for missing URL after --next
	    tool_progress: shut off progress meter for --silent in parallel
	    tool_writeout_json. fix the output for duplicate header names
	    transfer: limit Windows SO_SNDBUF updates to once a second
	    url: fix cookielist memleak when curl_easy_reset
	    url: fix logic in connection reuse to deny reuse on "unclean" connections
	    url: fix the SSH connection reuse check
	    url: only reuse connections with same GSS delegation
	    url: remove dummy protocol handler
	    urlapi: '%' is illegal in host names
	    urlapi: avoid mutating internals in getter routine
	    urlapi: parse IPv6 literals without ENABLE_IPV6
	    urlapi: take const args in _dup and _get functions
	    wildcard: remove files and move functions into ftplistparser.c
	    winbuild: fix makefile clean
	    wolfssl: add quic/ngtcp2 detection in cmake, and fix builds
	    wolfSSL: ressurect the BIO `io_result`
	    ws: keep the socket non-blocking
	    x509asn1.c: use correct format specifier for infof() call
	    x509asn1: use plain %x, not %lx, when the arg is an int

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/curl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/curl b/lfs/curl
index feb4fa810..995f63cd5 100644
--- a/lfs/curl
+++ b/lfs/curl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.88.1
+VER        = 8.1.0
 
 THISAPP    = curl-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839
+$(DL_FILE)_BLAKE2 = 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc
 
 install : $(TARGET)
 
-- 
2.40.1

[PATCH] dhcpcd: Update to version 10.0.1

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3249 bytes --]

- Update from version 9.4.1 to 10.0.1
- Update of rootfile not required
- Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red
   successfully made.
- Changelog is no longer provided. For details of changes you have to look at the commits
   log - https://github.com/NetworkConfiguration/dhcpcd/commits

Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/dhcpcd                                            | 11 ++++++-----
 ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} |  0
 2 files changed, 6 insertions(+), 5 deletions(-)
 rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)

diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 2373198da..ae1b75053 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 9.4.1
+VER        = 10.0.1
 
 THISAPP    = dhcpcd-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87
+$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
 
 install : $(TARGET)
 
@@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
 	cd $(DIR_APP) && ./configure \
 			--prefix="" \
 			--sysconfdir=/var/ipfire/dhcpc \
 			--dbdir=/var/ipfire/dhcpc \
 			--libexecdir=/var/ipfire/dhcpc \
-			--mandir=/usr/share/man
+			--mandir=/usr/share/man \
+			--disable-privsep
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 
diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
similarity index 100%
rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
-- 
2.40.1

[PATCH] ethtool: Update to version 6.3

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1591 bytes --]

- Update from version 6.2 to 6.3
- Update of rootfile not required
- Changelog
Version 6.3 - May 8, 2023
	* Feature: PLCA support (--[gs]et-plca-cfg, --get-plca-status)
	* Feature: MAC Merge layer support (--show-mm, --set-mm)
	* Feature: pass source of statistics for port stats
	* Feature: get/set rx push in ringparams (-g and -G)
	* Feature: coalesce tx aggregation parameters (-c and -C)
	* Feature: PSE and PD devices (--show-pse, --set-pse)
	* Fix: minor fixes of help text (--help)
	* Fix: fix build on systems with older system headers
	* Fix: fix netlink support when PLCA is not present (no option)
	* Fix: fixes for issues found with gcc13 -fanalyzer
	* Fix: fix return code in rxclass_rule_ins (-N)
	* Fix: more robust argc/argv handling

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/ethtool | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/ethtool b/lfs/ethtool
index f2b996fa9..e6d65ea12 100644
--- a/lfs/ethtool
+++ b/lfs/ethtool
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.2
+VER        = 6.3
 
 THISAPP    = ethtool-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b3fa2571b1efef3b686eb4f20b33e6cc32bdb8cff5f2e642454ca3d41c427b1953df7b07e5ac8ef149f8b4be614210e05e593233655e5fe317c48630b20b68e8
+$(DL_FILE)_BLAKE2 = c06509525db47f8ee7c220d0b880fe80323a4a00036e9698432b1b9c85ad75045e98b23498f6283497728cafd187ca173b15f3ad60f8e6f8b4d0c5688d84a1f9
 
 install : $(TARGET)
 
-- 
2.40.1

[PATCH] harfbuzz: Update to version 7.3.0

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3129 bytes --]

- Update from 7.2.0 to 7.3.0
- Update of rootfile
- Changelog
Overview of changes leading to 7.3.0
    Tuesday, May 9, 2023
	- Speedup applying glyph variation in VarComposites fonts (over 40% speedup).
	  (Behdad Esfahbod)
	- Speedup instancing some fonts (over 20% speedup in instancing RobotoFlex).
	  (Behdad Esfahbod)
	- Speedup shaping some fonts (over 30% speedup in shaping Roboto).
	  (Behdad Esfahbod)
	- Support subsetting VarComposites and beyond-64k fonts. (Behdad Esfahbod)
	- New configuration macro HB_MINIMIZE_MEMORY_USAGE to favor optimizing memory
	  usage over speed. (Behdad Esfahbod)
	- Supporting setting the mapping between old and new glyph indices during
	  subsetting. (Garret Rieger)
	- Various fixes and improvements.
	  (Behdad Esfahbod, Denis Rochette, Garret Rieger, Han Seung Min, Qunxin Liu)
	- New API:
		+hb_subset_input_old_to_new_glyph_mapping()

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/harfbuzz | 7 ++++---
 lfs/harfbuzz                     | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz
index 4798653a2..a03367254 100644
--- a/config/rootfiles/common/harfbuzz
+++ b/config/rootfiles/common/harfbuzz
@@ -44,15 +44,15 @@
 #usr/lib/libharfbuzz-cairo.la
 #usr/lib/libharfbuzz-cairo.so
 usr/lib/libharfbuzz-cairo.so.0
-usr/lib/libharfbuzz-cairo.so.0.60720.0
+usr/lib/libharfbuzz-cairo.so.0.60730.0
 #usr/lib/libharfbuzz-subset.la
 #usr/lib/libharfbuzz-subset.so
 usr/lib/libharfbuzz-subset.so.0
-usr/lib/libharfbuzz-subset.so.0.60720.0
+usr/lib/libharfbuzz-subset.so.0.60730.0
 #usr/lib/libharfbuzz.la
 #usr/lib/libharfbuzz.so
 usr/lib/libharfbuzz.so.0
-usr/lib/libharfbuzz.so.0.60720.0
+usr/lib/libharfbuzz.so.0.60730.0
 #usr/lib/pkgconfig/harfbuzz-cairo.pc
 #usr/lib/pkgconfig/harfbuzz-subset.pc
 #usr/lib/pkgconfig/harfbuzz.pc
@@ -128,6 +128,7 @@ usr/lib/libharfbuzz.so.0.60720.0
 #usr/share/gtk-doc/html/harfbuzz/api-index-6-0-0.html
 #usr/share/gtk-doc/html/harfbuzz/api-index-7-0-0.html
 #usr/share/gtk-doc/html/harfbuzz/api-index-7-1-0.html
+#usr/share/gtk-doc/html/harfbuzz/api-index-7-3-0.html
 #usr/share/gtk-doc/html/harfbuzz/api-index-full.html
 #usr/share/gtk-doc/html/harfbuzz/apple-advanced-typography-api.html
 #usr/share/gtk-doc/html/harfbuzz/buffers-language-script-and-direction.html
diff --git a/lfs/harfbuzz b/lfs/harfbuzz
index 15cc9ff13..bfc40dba3 100644
--- a/lfs/harfbuzz
+++ b/lfs/harfbuzz
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.2.0
+VER        = 7.3.0
 
 THISAPP    = harfbuzz-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 247746d6a0f132a0d6b0c461d9e96a4fe76bc08bca4d05b28a034de60afee8e049d798fdf3962b892b33424245d8f00a63d6068b034e80ad9d7733180e8533c1
+$(DL_FILE)_BLAKE2 = 7b1f6fb0c4c7483ff7a7c27f613b8579af30a304432e1a4e157aec4344449aed93e68443df1f2bc741be6780a6b2214d54804e2df9a20d83c8256b5f98c7fcda
 
 install : $(TARGET)
 
-- 
2.40.1

[PATCH] libcap: Update to version 2.69

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 5017 bytes --]

- Update from version 2.67 to 2.69
- Update of rootfile
- Changelog
Release notes for 2.69
	2023-05-14 19:10:04 -0700
	    An audit was performed on libcap and friends by https://x41-dsec.de/
             https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/
             The audit (final report, 2023-05-10)
              https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh2C/view?usp=sharing
              was sponsored by the the Open Source Technology Improvement Fund,
              https://ostif.org/ (blog). Five issues were found. Four of them are
              addressed in this release. Each issue was labeled in the audit results as
              follows:
	        LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
	        LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger
	        LCAP-CR-23-100 (SEVERITY) NONE
	        LCAP-CR-23-101 (SEVERITY) NONE
	    Man page style improvement from Emanuele Torre
	    Partially revive the ability to build the binaries fully statically.
	        This was needed to make bleeding edge kernel debugging/testing via
                 qemu+busybox work again. Addressing an issue I realized only when I
                 tried to answer this stackexchange question.
                 https://unix.stackexchange.com/questions/741532/launch-process-with-limited-capabilities-on-minimal-busybox-based-system
Release notes for 2.68
	2023-03-25 17:03:17 -0700
	    Force libcap internal functions to be hidden outside the library (Bug 217014)
	    Expanded the list of man page (links) to all of the supported API functions.
	        fixed some formatting issues with the libpsx(3) manpage.
	    Add support for a markdown preamble and postscript when generating .md
             versions of the man pages (Bug 217007)
	    psx package clean up
	        fix some copy-paste errors with TestShared()
	        added a more complete psx testing into this test as well
	    cap package clean up
	        drop an unnecessary use of ", _" in the sources
	        cleaned up cap.NamedCount documentation
	    Converted goapps/web/README to .md format and fixed the instructions to
             indicate go mod tidy is needed.
	    cap_compare test binary now cleans up after itself (Bug 217018)
	    Figured out how to cross compile Go programs for arm (i.e. RPi) that use C
             code, don't use cgo but do use the psx package (all part of investigating
             bug 216610).
	    Eliminate use of vendor directory

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/libcap | 8 ++++++--
 lfs/libcap                     | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap
index af1c22e83..f331e2a43 100644
--- a/config/rootfiles/common/libcap
+++ b/config/rootfiles/common/libcap
@@ -6,20 +6,22 @@ sbin/setcap
 #usr/include/sys/psx_syscall.h
 usr/lib/libcap.so
 usr/lib/libcap.so.2
-usr/lib/libcap.so.2.67
+usr/lib/libcap.so.2.69
 #usr/lib/libpsx.so
 #usr/lib/libpsx.so.2
-usr/lib/libpsx.so.2.67
+usr/lib/libpsx.so.2.69
 #usr/lib/pkgconfig/libcap.pc
 #usr/lib/pkgconfig/libpsx.pc
 #usr/lib/security
 usr/lib/security/pam_cap.so
 #usr/share/man/man1/capsh.1
+#usr/share/man/man3/__psx_syscall.3
 #usr/share/man/man3/cap_clear.3
 #usr/share/man/man3/cap_clear_flag.3
 #usr/share/man/man3/cap_compare.3
 #usr/share/man/man3/cap_copy_ext.3
 #usr/share/man/man3/cap_copy_int.3
+#usr/share/man/man3/cap_copy_int_check.3
 #usr/share/man/man3/cap_drop_bound.3
 #usr/share/man/man3/cap_dup.3
 #usr/share/man/man3/cap_fill.3
@@ -71,6 +73,7 @@ usr/lib/security/pam_cap.so
 #usr/share/man/man3/cap_set_nsowner.3
 #usr/share/man/man3/cap_set_proc.3
 #usr/share/man/man3/cap_set_secbits.3
+#usr/share/man/man3/cap_set_syscall.3
 #usr/share/man/man3/cap_setgroups.3
 #usr/share/man/man3/cap_setuid.3
 #usr/share/man/man3/cap_size.3
@@ -80,6 +83,7 @@ usr/lib/security/pam_cap.so
 #usr/share/man/man3/capsetp.3
 #usr/share/man/man3/libcap.3
 #usr/share/man/man3/libpsx.3
+#usr/share/man/man3/psx_load_syscalls.3
 #usr/share/man/man3/psx_set_sensitivity.3
 #usr/share/man/man3/psx_syscall.3
 #usr/share/man/man3/psx_syscall3.3
diff --git a/lfs/libcap b/lfs/libcap
index 63f4ef8b0..951ed80dc 100644
--- a/lfs/libcap
+++ b/lfs/libcap
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.67
+VER        = 2.69
 
 THISAPP    = libcap-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989
+$(DL_FILE)_BLAKE2 = 94d1fef7666a1c383a8b96f1f6092bd242164631532868b628d2f5de71b42a371d041a978ef7fbadfee3eeb433165444995d1078cd790275bc0433a7875a697e
 
 install : $(TARGET)
 
-- 
2.40.1

[PATCH] nettle: Update to version 3.9

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 5818 bytes --]

- Update from version 3.8.1 to 3.9
- Update of rootfile
- Changelog
NEWS for the Nettle 3.9 release
	This release includes bug fixes, several new features, a few
	performance improvements, and one performance regression
	affecting GCM on certain platforms.
	The new version is intended to be fully source and binary
	compatible with Nettle-3.6. The shared library names are
	libnettle.so.8.7 and libhogweed.so.6.7, with sonames
	libnettle.so.8 and libhogweed.so.6.
	This release includes a rewrite of the C implementation of
	GHASH (dating from 2011), as well as the plain x86_64 assembly
	version, to use precomputed tables in a different way, with
	tables always accessed in the same sequential manner.
	This should make Nettle's GHASH implementation side-channel
	silent on all platforms, but considerably slower on platforms
	without carry-less mul instructions. E.g., benchmarks of the C
	implementation on x86_64 showed a slowdown of 3 times.
	Bug fixes:
		* Fix bug in ecdsa and gostdsa signature verify operation, for
		  the unlikely corner case that point addition really is point
		  duplication.
		* Fix for chacha on Power7, nettle's assembly used an
		  instruction only available on later processors. Fixed by
		  Mamone Tarsha.
		* GHASH implementation should now be side-channel silent on
		  all architectures.
		* A few portability fixes for *BSD.
	New features:
		* Support for the SM4 block cipher, contributed by Tianjia
	          Zhang.
		* Support for the Balloon password hash, contributed by Zoltan
	          Fridrich.
		* Support for SIV-GCM authenticated encryption mode,
	          contributed by Daiki Ueno.
		* Support for OCB authenticated encryption mode.
		* New exported functions md5_compress, sha1_compress,
		  sha256_compress, sha512_compress, based on patches from
		  Corentin Labbe.
	Optimizations:
		* Improved sha256 performance, in particular for x86_64 and
		  s390x.
		* Use GMP's mpn_sec_tabselect, which is implemented in
		  assembly on many platforms, and delete the similar nettle
		  function. Gives a modest speedup to all ecc operations.
		* Faster poly1305 for x86_64 and ppc64. New ppc code
		  contributed by Mamone Tarsha.
	Miscellaneous:
		* New ASM_FLAGS variable recognized by configure.
		* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
		  and 64-bit sparc.
	Known issues:
		* Version 6.2.1 of GNU GMP (the most recent GMP release as of
		  this writing) has a known issue for MacOS on 64-bit ARM: GMP
		  assembly files use the reserved x18 register. On this
		  platform it is recommended to use a GMP snapshot where this
		  bug is fixed, and upgrade to a later GMP release when one
		  becomes available.
		* Also on MacOS, Nettle's testsuite may still break due to
		  DYLD_LIBRARY_PATH being discarded under some circumstances.
		  As a workaround, use
		* make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/nettle | 8 ++++++--
 lfs/nettle                     | 6 +++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle
index a9f8aca43..3c0331406 100644
--- a/config/rootfiles/common/nettle
+++ b/config/rootfiles/common/nettle
@@ -8,6 +8,7 @@
 #usr/include/nettle/arcfour.h
 #usr/include/nettle/arctwo.h
 #usr/include/nettle/asn1.h
+#usr/include/nettle/balloon.h
 #usr/include/nettle/base16.h
 #usr/include/nettle/base64.h
 #usr/include/nettle/bignum.h
@@ -48,6 +49,7 @@
 #usr/include/nettle/nettle-meta.h
 #usr/include/nettle/nettle-types.h
 #usr/include/nettle/nist-keywrap.h
+#usr/include/nettle/ocb.h
 #usr/include/nettle/pbkdf2.h
 #usr/include/nettle/pgp.h
 #usr/include/nettle/pkcs1.h
@@ -65,7 +67,9 @@
 #usr/include/nettle/sha2.h
 #usr/include/nettle/sha3.h
 #usr/include/nettle/siv-cmac.h
+#usr/include/nettle/siv-gcm.h
 #usr/include/nettle/sm3.h
+#usr/include/nettle/sm4.h
 #usr/include/nettle/streebog.h
 #usr/include/nettle/twofish.h
 #usr/include/nettle/umac.h
@@ -74,9 +78,9 @@
 #usr/include/nettle/yarrow.h
 usr/lib/libhogweed.so
 usr/lib/libhogweed.so.6
-usr/lib/libhogweed.so.6.6
+usr/lib/libhogweed.so.6.7
 #usr/lib/libnettle.so
 usr/lib/libnettle.so.8
-usr/lib/libnettle.so.8.6
+usr/lib/libnettle.so.8.7
 #usr/lib/pkgconfig/hogweed.pc
 #usr/lib/pkgconfig/nettle.pc
diff --git a/lfs/nettle b/lfs/nettle
index 779b87199..2d01f9557 100644
--- a/lfs/nettle
+++ b/lfs/nettle
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.1
+VER        = 3.9
 
 THISAPP    = nettle-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 22b4ec81645b579504356597ba87b637e46285682020c90e03ecaea386ac9b48eaf91ee76ae3b86b6060be355de20c320ab3b74958074ad23fc08ad9ab6a4cbb
+$(DL_FILE)_BLAKE2 = 80885fa380de58765155a5d4b209e524f4bd0336156ba6f5189702007438998094df0e4e801370fd0a74251b8cf91f46638b0c0139388c2c2098b1207ed3415c
 
 install : $(TARGET)
 
-- 
2.40.1

[PATCH] pam: Update to version 1.5.3

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 4422 bytes --]

- Update from version 1.5.2 to 1.5.3
- Update of rootfile
- Changelog
Release 1.5.3
	* configure: added options to configure stylesheets.
	* configure: added --enable-logind option to use logind instead of utmp
	  in pam_issue and pam_timestamp.
	* pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing
          utmp.
	* Added libeconf support to pam_env and pam_shells.
	* Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock,
	  pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time.
	* pam_limits: changed to not fail on missing config files.
	* pam_pwhistory: added conf= option to specify config file location.
	* pam_pwhistory: added file= option to specify password history file location.
	* pam_shells: added shells.d support when libeconf and vendordir are enabled.
	* Deprecated pam_lastlog: this module is no longer built by default because
	  it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
	  even on 64bit architectures.
	  pam_lastlog will be removed in one of the next releases, consider using
	  pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
	  pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
	* Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros
	  provided by _pam_macros.h; the memory override performed by these macros can
	  be optimized out by the compiler and therefore can no longer be relied upon.
	* Multiple minor bug fixes, portability fixes, documentation improvements,
	  and translation updates.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/pam | 5 ++---
 lfs/pam                     | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam
index 88e155f77..e25fc9c26 100644
--- a/config/rootfiles/common/pam
+++ b/config/rootfiles/common/pam
@@ -10,6 +10,7 @@ etc/security
 #etc/security/namespace.d
 #etc/security/namespace.init
 #etc/security/pam_env.conf
+#etc/security/pwhistory.conf
 #etc/security/time.conf
 #lib/security
 #lib/security/faillock
@@ -42,8 +43,6 @@ lib/security/pam_group.so
 lib/security/pam_issue.so
 #lib/security/pam_keyinit.la
 lib/security/pam_keyinit.so
-#lib/security/pam_lastlog.la
-#lib/security/pam_lastlog.so
 #lib/security/pam_limits.la
 lib/security/pam_limits.so
 #lib/security/pam_listfile.la
@@ -187,6 +186,7 @@ usr/lib/libpamc.so.0.82.1
 #usr/share/man/man5/pam.conf.5
 #usr/share/man/man5/pam.d.5
 #usr/share/man/man5/pam_env.conf.5
+#usr/share/man/man5/pwhistory.conf.5
 #usr/share/man/man5/time.conf.5
 #usr/share/man/man8/PAM.8
 #usr/share/man/man8/faillock.8
@@ -205,7 +205,6 @@ usr/lib/libpamc.so.0.82.1
 #usr/share/man/man8/pam_group.8
 #usr/share/man/man8/pam_issue.8
 #usr/share/man/man8/pam_keyinit.8
-#usr/share/man/man8/pam_lastlog.8
 #usr/share/man/man8/pam_limits.8
 #usr/share/man/man8/pam_listfile.8
 #usr/share/man/man8/pam_localuser.8
diff --git a/lfs/pam b/lfs/pam
index b810f787d..020de981c 100644
--- a/lfs/pam
+++ b/lfs/pam
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.5.2
+VER        = 1.5.3
 
 THISAPP    = Linux-PAM-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a835034cd239bc9377419c13dda45276e8e64a33fcf714a1957ff41112fbb6dce0be8e9773afc82458a04d54bf146a0c26117d7170521fecdc0c98184cef5f4f
+$(DL_FILE)_BLAKE2 = 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb
 
 install : $(TARGET)
 
-- 
2.40.1

Re: [PATCH] dhcpcd: Update to version 10.0.1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3508 bytes --]

Hello Adolf,

Why do we need to disable the privilege separation feature here?

-Michael

> On 19 May 2023, at 12:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Update from version 9.4.1 to 10.0.1
> - Update of rootfile not required
> - Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red
>   successfully made.
> - Changelog is no longer provided. For details of changes you have to look at the commits
>   log - https://github.com/NetworkConfiguration/dhcpcd/commits
> 
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/dhcpcd                                            | 11 ++++++-----
> ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} |  0
> 2 files changed, 6 insertions(+), 5 deletions(-)
> rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)
> 
> diff --git a/lfs/dhcpcd b/lfs/dhcpcd
> index 2373198da..ae1b75053 100644
> --- a/lfs/dhcpcd
> +++ b/lfs/dhcpcd
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
> +# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 9.4.1
> +VER        = 10.0.1
> 
> THISAPP    = dhcpcd-$(VER)
> DL_FILE    = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87
> +$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
> 
> install : $(TARGET)
> 
> @@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
> + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
> cd $(DIR_APP) && ./configure \
> --prefix="" \
> --sysconfdir=/var/ipfire/dhcpc \
> --dbdir=/var/ipfire/dhcpc \
> --libexecdir=/var/ipfire/dhcpc \
> - --mandir=/usr/share/man
> + --mandir=/usr/share/man \
> + --disable-privsep
> cd $(DIR_APP) && make $(MAKETUNING)
> cd $(DIR_APP) && make install
> 
> diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
> similarity index 100%
> rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
> rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
> -- 
> 2.40.1
> 

Re: [PATCH] dhcpcd: Update to version 10.0.1

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 4154 bytes --]

Hi Michael,

On 02/06/2023 11:01, Michael Tremer wrote:
> Hello Adolf,
> 
> Why do we need to disable the privilege separation feature here?
It doesn't but I suspected that some changes would be needed to the 
config file to actually use it and as I don't know what would need to be 
changed if I built it with privilege separation then it might not work 
anymore.

If it is relatively easy to set privilege separation up and someone can 
tell me what changes I need to make in the config file and/or elsewhere 
then I can do a v2 version of the patch, also testing it out to confirm 
it works.

Regards,
Adolf.
> 
> -Michael
> 
>> On 19 May 2023, at 12:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> - Update from version 9.4.1 to 10.0.1
>> - Update of rootfile not required
>> - Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red
>>    successfully made.
>> - Changelog is no longer provided. For details of changes you have to look at the commits
>>    log - https://github.com/NetworkConfiguration/dhcpcd/commits
>>
>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> ---
>> lfs/dhcpcd                                            | 11 ++++++-----
>> ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} |  0
>> 2 files changed, 6 insertions(+), 5 deletions(-)
>> rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)
>>
>> diff --git a/lfs/dhcpcd b/lfs/dhcpcd
>> index 2373198da..ae1b75053 100644
>> --- a/lfs/dhcpcd
>> +++ b/lfs/dhcpcd
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> #                                                                             #
>> # IPFire.org - A linux based firewall                                         #
>> -# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
>> +# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
>> #                                                                             #
>> # This program is free software: you can redistribute it and/or modify        #
>> # it under the terms of the GNU General Public License as published by        #
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER        = 9.4.1
>> +VER        = 10.0.1
>>
>> THISAPP    = dhcpcd-$(VER)
>> DL_FILE    = $(THISAPP).tar.xz
>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87
>> +$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
>>
>> install : $(TARGET)
>>
>> @@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) :
>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
>> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>> + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>> cd $(DIR_APP) && ./configure \
>> --prefix="" \
>> --sysconfdir=/var/ipfire/dhcpc \
>> --dbdir=/var/ipfire/dhcpc \
>> --libexecdir=/var/ipfire/dhcpc \
>> - --mandir=/usr/share/man
>> + --mandir=/usr/share/man \
>> + --disable-privsep
>> cd $(DIR_APP) && make $(MAKETUNING)
>> cd $(DIR_APP) && make install
>>
>> diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>> similarity index 100%
>> rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>> rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>> -- 
>> 2.40.1
>>
> 

-- 
Sent from my laptop

Re: [PATCH] dhcpcd: Update to version 10.0.1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 4863 bytes --]

I thought we were already using it, as dhcpcd runs like this on my system:

 2353 ?        S      0:10 dhcpcd: red0 [ip4]
 2354 ?        S      0:00  \_ dhcpcd: [privileged proxy] red0 [ip4]
 2392 ?        S      0:00  |   \_ dhcpcd: [BPF ARP] red0 100.64.27.48
 3276 ?        S      0:00  |   \_ dhcpcd: [network proxy] 100.64.27.48
 2355 ?        S      0:00  \_ dhcpcd: [control proxy] red0 [ip4]

I thought this is because it has forked different processes with different privileges that cannot be exploited as easily.

-Michael

> On 2 Jun 2023, at 11:33, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 02/06/2023 11:01, Michael Tremer wrote:
>> Hello Adolf,
>> Why do we need to disable the privilege separation feature here?
> It doesn't but I suspected that some changes would be needed to the config file to actually use it and as I don't know what would need to be changed if I built it with privilege separation then it might not work anymore.
> 
> If it is relatively easy to set privilege separation up and someone can tell me what changes I need to make in the config file and/or elsewhere then I can do a v2 version of the patch, also testing it out to confirm it works.
> 
> Regards,
> Adolf.
>> -Michael
>>> On 19 May 2023, at 12:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>> 
>>> - Update from version 9.4.1 to 10.0.1
>>> - Update of rootfile not required
>>> - Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red
>>>   successfully made.
>>> - Changelog is no longer provided. For details of changes you have to look at the commits
>>>   log - https://github.com/NetworkConfiguration/dhcpcd/commits
>>> 
>>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>> ---
>>> lfs/dhcpcd                                            | 11 ++++++-----
>>> ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} |  0
>>> 2 files changed, 6 insertions(+), 5 deletions(-)
>>> rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)
>>> 
>>> diff --git a/lfs/dhcpcd b/lfs/dhcpcd
>>> index 2373198da..ae1b75053 100644
>>> --- a/lfs/dhcpcd
>>> +++ b/lfs/dhcpcd
>>> @@ -1,7 +1,7 @@
>>> ###############################################################################
>>> #                                                                             #
>>> # IPFire.org - A linux based firewall                                         #
>>> -# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
>>> +# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
>>> #                                                                             #
>>> # This program is free software: you can redistribute it and/or modify        #
>>> # it under the terms of the GNU General Public License as published by        #
>>> @@ -24,7 +24,7 @@
>>> 
>>> include Config
>>> 
>>> -VER        = 9.4.1
>>> +VER        = 10.0.1
>>> 
>>> THISAPP    = dhcpcd-$(VER)
>>> DL_FILE    = $(THISAPP).tar.xz
>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>> 
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>> 
>>> -$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87
>>> +$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
>>> 
>>> install : $(TARGET)
>>> 
>>> @@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) :
>>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>> @$(PREBUILD)
>>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
>>> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>>> + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>> cd $(DIR_APP) && ./configure \
>>> --prefix="" \
>>> --sysconfdir=/var/ipfire/dhcpc \
>>> --dbdir=/var/ipfire/dhcpc \
>>> --libexecdir=/var/ipfire/dhcpc \
>>> - --mandir=/usr/share/man
>>> + --mandir=/usr/share/man \
>>> + --disable-privsep
>>> cd $(DIR_APP) && make $(MAKETUNING)
>>> cd $(DIR_APP) && make install
>>> 
>>> diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>> similarity index 100%
>>> rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>>> rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>> -- 
>>> 2.40.1
>>> 
> 
> -- 
> Sent from my laptop

Re: [PATCH] dhcpcd: Update to version 10.0.1

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 5395 bytes --]

Hi Michael,

On 02/06/2023 12:40, Michael Tremer wrote:
> I thought we were already using it, as dhcpcd runs like this on my system:
> 
>   2353 ?        S      0:10 dhcpcd: red0 [ip4]
>   2354 ?        S      0:00  \_ dhcpcd: [privileged proxy] red0 [ip4]
>   2392 ?        S      0:00  |   \_ dhcpcd: [BPF ARP] red0 100.64.27.48
>   3276 ?        S      0:00  |   \_ dhcpcd: [network proxy] 100.64.27.48
>   2355 ?        S      0:00  \_ dhcpcd: [control proxy] red0 [ip4]
> 
> I thought this is because it has forked different processes with different privileges that cannot be exploited as easily.

My bad. For some reason, and I can't figure out why now, I came to the conclusion that privilege separation had come in new with the 10.0.0 series
Searching now I can see it has been there for some time, certainly already there with 9.4.1

Apologies for the confusion.

I will submit a v2 version removing the disable-privsep option.

Regards,

Adolf.

> 
> -Michael
> 
>> On 2 Jun 2023, at 11:33, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> On 02/06/2023 11:01, Michael Tremer wrote:
>>> Hello Adolf,
>>> Why do we need to disable the privilege separation feature here?
>> It doesn't but I suspected that some changes would be needed to the config file to actually use it and as I don't know what would need to be changed if I built it with privilege separation then it might not work anymore.
>>
>> If it is relatively easy to set privilege separation up and someone can tell me what changes I need to make in the config file and/or elsewhere then I can do a v2 version of the patch, also testing it out to confirm it works.
>>
>> Regards,
>> Adolf.
>>> -Michael
>>>> On 19 May 2023, at 12:47, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>
>>>> - Update from version 9.4.1 to 10.0.1
>>>> - Update of rootfile not required
>>>> - Tested on vm testbed and confirmed that dhcpcd worked as expected. Connection on red
>>>>    successfully made.
>>>> - Changelog is no longer provided. For details of changes you have to look at the commits
>>>>    log - https://github.com/NetworkConfiguration/dhcpcd/commits
>>>>
>>>> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>>> ---
>>>> lfs/dhcpcd                                            | 11 ++++++-----
>>>> ...0.1-Allow-free-selection-of-MTU-by-the-user.patch} |  0
>>>> 2 files changed, 6 insertions(+), 5 deletions(-)
>>>> rename src/patches/{dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch => dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch} (100%)
>>>>
>>>> diff --git a/lfs/dhcpcd b/lfs/dhcpcd
>>>> index 2373198da..ae1b75053 100644
>>>> --- a/lfs/dhcpcd
>>>> +++ b/lfs/dhcpcd
>>>> @@ -1,7 +1,7 @@
>>>> ###############################################################################
>>>> #                                                                             #
>>>> # IPFire.org - A linux based firewall                                         #
>>>> -# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
>>>> +# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
>>>> #                                                                             #
>>>> # This program is free software: you can redistribute it and/or modify        #
>>>> # it under the terms of the GNU General Public License as published by        #
>>>> @@ -24,7 +24,7 @@
>>>>
>>>> include Config
>>>>
>>>> -VER        = 9.4.1
>>>> +VER        = 10.0.1
>>>>
>>>> THISAPP    = dhcpcd-$(VER)
>>>> DL_FILE    = $(THISAPP).tar.xz
>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>>
>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>
>>>> -$(DL_FILE)_BLAKE2 = 847c7451918ac89fe384e180ec52ee4624c0f2dc73354ecb4c63b02d8d9cf0a6d164b33e5d083a05d4868079dcf6208a820b4263c80337a12be40a27517ecf87
>>>> +$(DL_FILE)_BLAKE2 = f1e93285d040b98bede86bb2e87e372afc0d1d124e7a6580c23d8d228a34ee17001fc3c2d9091b16fb082fe2f2ad7ba50c0dd7b0db2b2237ab1cff9ca152100a
>>>>
>>>> install : $(TARGET)
>>>>
>>>> @@ -70,13 +70,14 @@ $(subst %,%_BLAKE2,$(objects)) :
>>>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>>> @$(PREBUILD)
>>>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
>>>> - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>>>> + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>>> cd $(DIR_APP) && ./configure \
>>>> --prefix="" \
>>>> --sysconfdir=/var/ipfire/dhcpc \
>>>> --dbdir=/var/ipfire/dhcpc \
>>>> --libexecdir=/var/ipfire/dhcpc \
>>>> - --mandir=/usr/share/man
>>>> + --mandir=/usr/share/man \
>>>> + --disable-privsep
>>>> cd $(DIR_APP) && make $(MAKETUNING)
>>>> cd $(DIR_APP) && make install
>>>>
>>>> diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>>> similarity index 100%
>>>> rename from src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
>>>> rename to src/patches/dhcpcd-10.0.1-Allow-free-selection-of-MTU-by-the-user.patch
>>>> -- 
>>>> 2.40.1
>>>>
>>
>> -- 
>> Sent from my laptop
> 
>