[PATCH] attr: Update to version 2.5.2

[PATCH] attr: Update to version 2.5.2

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2931 bytes --]

- Update from version 2.5.1 to 2.5.2
- Update of rootfile
- Changelog is no longer updated in the source tarball. Only source for changes is the git
   repository commits from https://git.savannah.nongnu.org/cgit/attr.git/log/

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/attr | 5 ++---
 lfs/attr                     | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/common/attr b/config/rootfiles/common/attr
index 536cfb9fc..a968063b4 100644
--- a/config/rootfiles/common/attr
+++ b/config/rootfiles/common/attr
@@ -1,7 +1,6 @@
 usr/bin/attr
 usr/bin/getfattr
 usr/bin/setfattr
-#usr/etc
 #usr/etc/xattr.conf
 #usr/include/attr
 #usr/include/attr/attributes.h
@@ -11,13 +10,12 @@ usr/bin/setfattr
 #usr/lib/libattr.la
 #usr/lib/libattr.so
 usr/lib/libattr.so.1
-usr/lib/libattr.so.1.1.2501
+usr/lib/libattr.so.1.1.2502
 #usr/lib/pkgconfig/libattr.pc
 #usr/share/doc/attr
 #usr/share/doc/attr/CHANGES
 #usr/share/doc/attr/COPYING
 #usr/share/doc/attr/COPYING.LGPL
-#usr/share/doc/attr/PORTING
 #usr/share/locale/cs/LC_MESSAGES/attr.mo
 #usr/share/locale/de/LC_MESSAGES/attr.mo
 #usr/share/locale/en(a)boldquot
@@ -29,6 +27,7 @@ usr/lib/libattr.so.1.1.2501
 #usr/share/locale/es/LC_MESSAGES/attr.mo
 #usr/share/locale/fr/LC_MESSAGES/attr.mo
 #usr/share/locale/gl/LC_MESSAGES/attr.mo
+#usr/share/locale/ka/LC_MESSAGES/attr.mo
 #usr/share/locale/nl/LC_MESSAGES/attr.mo
 #usr/share/locale/pl/LC_MESSAGES/attr.mo
 #usr/share/locale/sv/LC_MESSAGES/attr.mo
diff --git a/lfs/attr b/lfs/attr
index 3b370ef37..8a85b109e 100644
--- a/lfs/attr
+++ b/lfs/attr
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.5.1
+VER        = 2.5.2
 
 THISAPP    = attr-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 876dcbd802ea79b7851640f208820ffdfb73dc46065af673037c6dd50ad2af158f9f74b34cf45728baf9d0cc5572b40c3f102aa2907245a877db0d3879e38f04
+$(DL_FILE)_BLAKE2 = cf26348c3a96622e4f62493ac7655e14b6580d36a5784ef4c3750178856eceabd33192fd58516be21c8aa1ad41d56c024ad440ef4bc922bed8f7a4984ea16c63
 
 install : $(TARGET)
 
-- 
2.43.0

[PATCH] gnutls: Update to version 3.8.3

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2622 bytes --]

- Update from version 3.8.2 to 3.8.3
- Update of rootfile
- Changelog
    3.8.3
	- libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
	   [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]
	- libgnutls: Fix assertion failure when verifying a certificate chain with a
	   cycle of cross signatures
	   [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]
	- libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token
	   certtool was unable to handle Ed25519 keys generated on PKCS#11
	   with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/gnutls | 2 +-
 lfs/gnutls                     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index cc6c90194..6cdaeb151 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1
 #usr/lib/libgnutls.la
 #usr/lib/libgnutls.so
 usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.37.0
+usr/lib/libgnutls.so.30.37.1
 #usr/lib/libgnutlsxx.la
 #usr/lib/libgnutlsxx.so
 usr/lib/libgnutlsxx.so.30
diff --git a/lfs/gnutls b/lfs/gnutls
index 19f79c6db..39e1d0bd1 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.2
+VER        = 3.8.3
 
 THISAPP    = gnutls-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = d70524f17919bc02fefc610ede948d209e50e3276fc1e2d40aaed5c208265455da220d948f4a3f21db57f9d253c103f3a1b9a6daa2229d02c7c224448acc2777
+$(DL_FILE)_BLAKE2 = 27a4bb4d8a5697e2187113351b2ad1e849bca7bcfb556c1b54fc2d02bef16e2789e7c437ac8db8fe6d2bcfc0e3e3467bbff2dd5d2fc0adb9bf8bda81cb89e452
 
 install : $(TARGET)
 
-- 
2.43.0

[PATCH] iproute2: Update to version 6.7.0

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2172 bytes --]

- Update from version 6.6.0 to 6.7.0
- Update of rootfile not required
- Changelog only available from git repo commits
   https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/iproute2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/iproute2 b/lfs/iproute2
index 0ed19414a..ce2ee1f81 100644
--- a/lfs/iproute2
+++ b/lfs/iproute2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.6.0
+VER        = 6.7.0
 #		https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/
 
 THISAPP    = iproute2-$(VER)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE)             = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 9d20f19c04c2bbde7a3ae53e61e4623b119570c8446f34b93ddadd64677caa432e00ee085498bc277e0842cc2124340c7100925106d0ef2c11dd8002aacac08f
+$(DL_FILE)_BLAKE2 = df55dffc54ed196d43a86ce40e887dca6390b91289a492266568ff31aa8b2827fbd91c18676e14706df844fbfe3a5c50bf927ed4401e098e385d401ec3d5c116
 
 install : $(TARGET)
 
@@ -74,7 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING) SBINDIR=/sbin
 	cd $(DIR_APP) && make SBINDIR=/sbin install
 	cd $(DIR_APP) && mv -v /sbin/arpd /usr/sbin
-	cd $(DIR_APP) && mv -v /usr/lib/iproute2 /etc/iproute2
+	cd $(DIR_APP) && mv -v /usr/share/iproute2 /etc/iproute2
 
 	# Add table for static routing
 	echo "200	static" >> /etc/iproute2/rt_tables
-- 
2.43.0

[PATCH] iputils: Update to version 20240117

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1939 bytes --]

- Update from version 20231222 to 20240117
- Update of rootfile not required
- Changelog
    20240117
	* ping
		- fix: Restore -i0 (commit: 7a51494, PR: #519, regression from 2a63b94)
	* localization
		- Updated Turkish and Indonesian
		- 100% translated: Chinese (Simplified), Czech, French, Georgian, German,
		  Korean, Portuguese (Brazil), Turkish, Ukrainian
		- > 90% translated: Finnish, Indonesian, Japanese

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/iputils | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/iputils b/lfs/iputils
index 3343623cf..6055e51ed 100644
--- a/lfs/iputils
+++ b/lfs/iputils
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 20231222
+VER        = 20240117
 
 THISAPP    = iputils-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a76d4e9741c4ce8d2a2b6337873400543c5bb51d61a794fdfed8c8f4228c41020f5203c8af7ca44a36877d246d4f67019d31f1a58e48c6fca7964d6ebc9d764b
+$(DL_FILE)_BLAKE2 = 635943e12010aef8c1291b407bfbe284e0179391fca76197b77037ae1ffc219fa1d8e36abcea5fb7fff10d55ab40eed7c081e5d92b29f0916a4b4dd806945491
 
 install : $(TARGET)
 
-- 
2.43.0

[PATCH] libidn: Update to version 1.42

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3961 bytes --]

- Update from version 1.41 to 1.42
- Update of rootfile
- Changelog
    1.42
	** Bump required gettext version to 0.19.8 for musl-libc.
	** Compiler warning improvements.
		As before, compiler warnings are enabled by default.  You may disable
		them using ./configure --disable-gcc-warnings or turn them into fatal
		errors using ./configure --enable-gcc-warnings=error to add -Werror
		and sensible -Wno-error='s.  Based on gnulib's manywarnings, see
		<https://www.gnu.org/software/gnulib//manual/html_node/manywarnings.html>.
	** Fix type confusion on LLP64/Windows platforms.
		While libidn has worked using cygwin libc, it has never worked on
		ucrt/msvcrt libc.  Report and tiny patch by Francesco Pretto in
		<https://lists.gnu.org/archive/html/help-libidn/2022-02/msg00000.html>.
	** tests: Added script tests/standalone.sh suitable for integrators.
		The main purpose is to test a system-installed libidn, suitable for
		distributor checking (a'la Debian's autopkgtest/debci).  It may also
		be used to test a newly built libidn outside the usual 'make check'
		infrastructure.  To check that your system libidn is working, invoke
		the script with `srcdir` as an environment variable indicating where
		it can be find the source code for libidn's tests/ directory (it will
		use the directory name where the script is by default):
			tests/standalone.sh
			 To check that a newly built static libidn behaves, invoke:
				env STANDALONE_CFLAGS="-Ilib lib/.libs/libidn.a"
				 tests/standalone.sh
			 To check that a newly built shared libidn behaves, invoke:
				env srcdir=tests STANDALONE_CFLAGS="-Ilib -Wl,-rpath
				 lib/.libs lib/.libs/libidn.so" tests/standalone.sh
			 If the libidn under testing is too old and has known bugs, that
			  should cause tests to fail, which is intentional.
	** Updated translations.
	** Update gnulib files and build fixes.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/libidn | 4 +---
 lfs/libidn                     | 6 +++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/common/libidn b/config/rootfiles/common/libidn
index e2e2cd96a..3d0d3a97c 100644
--- a/config/rootfiles/common/libidn
+++ b/config/rootfiles/common/libidn
@@ -9,9 +9,7 @@ usr/bin/idn
 #usr/lib/libidn.la
 #usr/lib/libidn.so
 usr/lib/libidn.so.12
-usr/lib/libidn.so.12.6.4
+usr/lib/libidn.so.12.6.5
 #usr/lib/pkgconfig/libidn.pc
-#usr/share/emacs
-#usr/share/emacs/site-lisp
 #usr/share/emacs/site-lisp/idna.el
 #usr/share/emacs/site-lisp/punycode.el
diff --git a/lfs/libidn b/lfs/libidn
index 4ce55a0a4..068fefe40 100644
--- a/lfs/libidn
+++ b/lfs/libidn
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.41
+VER        = 1.42
 
 THISAPP    = libidn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 6c632c2010f024792fd55d3c8e6f68e81152fa7421a4f65b6835d0dfd788707727381270c57bf46c6e252777e07ead501fdabdc55961c5c1604e81c53be5ab2b
+$(DL_FILE)_BLAKE2 = 8f16d388884ad2ac9aafc46ec5eae144508ca86135184f625761c82c02ec9f99400bd4db65c9c9df54d315502cd5e2d37893d171abc6d76abe0a70f29acdb68e
 
 install : $(TARGET)
 
-- 
2.43.0

[PATCH] lvm2: Update to version 2.03.23

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3505 bytes --]

- Update from version 2.03.22 to 2.03.23
- Update of rootfile not required
- Changelog
    2.03.23
	  Set the first lv_attr flag for raid integrity images to i or I.
	  Add -A option for pvs and pvscan to show PVs outside devices file.
	  Improve searched_devnames temp file usage to prevent redundant scanning.
	  Change default search_for_devnames from auto to all.
	  Add lvmdevices --refresh to search for missing PVIDs on all devices.
	  Add comparison between old and new entries in lvmdevices --check.
	  Fix device_id matching order - match non-devname first.
	  Fix "lvconvert -m 0" when there is other than first in-sync leg.
	  Use system.devices as default for dmeventd when dmeventd.devices is undefined.
	  Accept WWIDs containing QEMU HARDDISK for device_id.
	  Improve handling of non-standard WWID prefixes used for device_id.
	  Configure automatically enables cmdlib for dmeventd and notify-dbus for dbus.
	  Fix hint calculation for pools with zero or error segment.
	  Configure supports --disable-shared to build only static binaries.
	  Configure supports --without-{blkid|systemd|udev} for easier static build.
	  Refresh device ids if the system changes.
	  Fix pvmove when specifying raid components as moved LVs.
	  Enhance error detection for lvm_import_vdo.
	  Support PV lists with thin lvconvert.
	  Fix support for lvm_import_vdo with SCSI VDO volumes.
	  Fix locking issue leading to hanging concurrent vgchange --refresh.
	  Recognize lvm.conf report/headings=2 for full column names in report headings.
	  Add --headings none|abbrev|full cmd line option to set report headings type.
	  Fix conversion to thin pool using lvmlockd.
	  Fix conversion from thick into thin volume using lvmlockd.
	  Require writable LV for conversion to vdo pool.
	  Fix return value from lvconvert integrity remove.
	  Preserve UUID for pool metadata spare.
	  Preserve UUID for swapped pool metadata.
	  Rewrite validation of device name entries used as device_id.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/lvm2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/lvm2 b/lfs/lvm2
index 7dedadcac..4e8cf6614 100644
--- a/lfs/lvm2
+++ b/lfs/lvm2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.03.22
+VER        = 2.03.23
 
 THISAPP    = LVM2.$(VER)
 DL_FILE    = $(THISAPP).tgz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 79bbea84bd82f111c1bb5de336e6a9f1368b2c9e43f075dccaa90c7746a364259ad278adf650379eca75f2803ed74e74dd372be2cca8518462182657f96a0033
+$(DL_FILE)_BLAKE2 = 00d215d395d92fa23743fc77d91a6bd14df29bc4fb334e1e8c4deb8d34007bfdb4e188821ec1789b5f0bca39fe944923050e401ddae0d25e4932cffb109a0dda
 
 install : $(TARGET)
 
-- 
2.43.0

[PATCH] pam: Update to version 1.6.0

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 6544 bytes --]

- Update from version 1.5.3 to 1.6.0
- Update of rootfile
- A build bug was found with 1.6.0 if --enable-read-both-confs was set in the configure.
   A commit fixing this has been released and converted into a patch for IPFire. This
   will end up in the next pam release version and the IPFire patch can then be removed.
- Changelog
    1.6.0
	* Added support of configuration files with arbitrarily long lines.
	* build: fixed build outside of the source tree.
	* libpam: added use of getrandom(2) as a source of randomness if available.
	* libpam: fixed calculation of fail delay with very long delays.
	* libpam: fixed potential infinite recursion with includes.
	* libpam: implemented string to number conversions validation when parsing
	  controls in configuration.
	* pam_access: added quiet_log option.
	* pam_access: fixed truncation of very long group names.
	* pam_canonicalize_user: new module to canonicalize user name.
	* pam_echo: fixed file handling to prevent overflows and short reads.
	* pam_env: added support of '\' character in environment variable values.
	* pam_exec: allowed expose_authtok for password PAM_TYPE.
	* pam_exec: fixed stack overflow with binary output of programs.
	* pam_faildelay: implemented parameter ranges validation.
	* pam_listfile: changed to treat \r and \n exactly the same in configuration.
	* pam_mkhomedir: hardened directory creation against timing attacks.
	  Please note that using *at functions leads to more open file handles
	  during creation.
	* pam_namespace: fixed potential local DoS (CVE-2024-22365).
	* pam_nologin: fixed file handling to prevent short reads.
	* pam_pwhistory: helper binary is now built only if SELinux support is enabled.
	* pam_pwhistory: implemented reliable usernames handling when remembering
	  passwords.
	* pam_shells: changed to allow shell entries with absolute paths only.
	* pam_succeed_if: fixed treating empty strings as numerical value 0.
	* pam_unix: added support of disabled password aging.
	* pam_unix: synchronized password aging with shadow.
	* pam_unix: implemented string to number conversions validation.
	* pam_unix: fixed truncation of very long user names.
	* pam_unix: corrected rounds retrieval for configured encryption method.
	* pam_unix: implemented reliable usernames handling when remembering passwords.
	* pam_unix: changed to always run the helper to obtain shadow password entries.
	* pam_unix: unix_update helper binary is now built only if SELinux support
	  is enabled.
	* pam_unix: added audit support to unix_update helper.
	* pam_userdb: added gdbm support.
	* Multiple minor bug fixes, portability fixes, documentation improvements,
	  and translation updates.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/common/pam                           |  3 +++
 lfs/pam                                               |  7 ++++---
 ...pam:_fix_build_with_--enable-read-both-confs.patch | 11 +++++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch

diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam
index e25fc9c26..de5c5b466 100644
--- a/config/rootfiles/common/pam
+++ b/config/rootfiles/common/pam
@@ -17,6 +17,8 @@ etc/security
 #lib/security/mkhomedir_helper
 #lib/security/pam_access.la
 lib/security/pam_access.so
+#lib/security/pam_canonicalize_user.la
+#lib/security/pam_canonicalize_user.so
 #lib/security/pam_debug.la
 #lib/security/pam_debug.so
 #lib/security/pam_deny.la
@@ -193,6 +195,7 @@ usr/lib/libpamc.so.0.82.1
 #usr/share/man/man8/mkhomedir_helper.8
 #usr/share/man/man8/pam.8
 #usr/share/man/man8/pam_access.8
+#usr/share/man/man8/pam_canonicalize_user.8
 #usr/share/man/man8/pam_debug.8
 #usr/share/man/man8/pam_deny.8
 #usr/share/man/man8/pam_echo.8
diff --git a/lfs/pam b/lfs/pam
index 020de981c..5e315a027 100644
--- a/lfs/pam
+++ b/lfs/pam
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.5.3
+VER        = 1.6.0
 
 THISAPP    = Linux-PAM-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb
+$(DL_FILE)_BLAKE2 = 8ad3ed2d58b48cf43d065f15669788c113eee2aa3fc86cf38565a0e4835b142564ff1af5bcd3377db08af77141d25b4e93752a387ff7eabc00b4a826aa9ea39d
 
 install : $(TARGET)
 
@@ -70,6 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch
 	$(UPDATE_AUTOMAKE)
 	cd $(DIR_APP) && ./configure --libdir=/usr/lib \
 		--sbindir=/lib/security \
diff --git a/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch b/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch
new file mode 100644
index 000000000..1736c5f35
--- /dev/null
+++ b/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch
@@ -0,0 +1,11 @@
+--- Linux-PAM-1.6.0/libpam/pam_handlers.c.orig	2024-01-17 11:29:36.000000000 +0100
++++ Linux-PAM-1.6.0/libpam/pam_handlers.c	2024-01-22 16:02:45.546376172 +0100
+@@ -500,7 +500,7 @@
+ 
+ 		if (pamh->confdir == NULL
+ 		    && (f = fopen(PAM_CONFIG,"r")) != NULL) {
+-		    retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1);
++		    retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 0, 1);
+ 		    fclose(f);
+ 		} else
+ #endif /* PAM_READ_BOTH_CONFS */
-- 
2.43.0

[PATCH] shadow: Updated to version 4.14.3

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2748 bytes --]

- Updated from version 4.14.2 to 4.14.3
- Update of rootfile not required
- Patch renamed to new version number
- Changelog
    4.14.3
	libshadow:
	    Avoid null pointer dereference.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/shadow                                                | 8 ++++----
 ...> shadow-4.14.3-suppress_installation_of_groups.patch} | 0
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename src/patches/{shadow-4.14.2-suppress_installation_of_groups.patch => shadow-4.14.3-suppress_installation_of_groups.patch} (100%)

diff --git a/lfs/shadow b/lfs/shadow
index 1c0afc088..a3495474a 100644
--- a/lfs/shadow
+++ b/lfs/shadow
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.14.2
+VER        = 4.14.3
 
 THISAPP    = shadow-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 419f0a516753616ef691f71ec9002eef6fd7568c013ac71900d7481eff1bd9165c69d9587b7ca25800543a2eac58cfb7ce4224063e8af7b278f589640485c28f
+$(DL_FILE)_BLAKE2 = 6707cae41a0f8478cadd94ea5eaba95cdc6b1b23896b8dd903c62c931839a82b0538f04f8c12433f148da5b23c12a033963380be81f6fc97fa0e3f9399e51b21
 
 install : $(TARGET)
 
@@ -70,7 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.14.2-suppress_installation_of_groups.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.14.3-suppress_installation_of_groups.patch
 	$(UPDATE_AUTOMAKE)
 	cd $(DIR_APP) && ./configure \
 		--libdir=/lib \
diff --git a/src/patches/shadow-4.14.2-suppress_installation_of_groups.patch b/src/patches/shadow-4.14.3-suppress_installation_of_groups.patch
similarity index 100%
rename from src/patches/shadow-4.14.2-suppress_installation_of_groups.patch
rename to src/patches/shadow-4.14.3-suppress_installation_of_groups.patch
-- 
2.43.0

[PATCH] sqlite: Update to version 3450000

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3782 bytes --]

- Update from version 3440100 to 3450000
- Update of rootfile not required
- Does IPFire have apopliocation defined SQL functions that invoke sqlite3_result_subtype()
   as per the first part of the below Changelog.
- Changelog
    3.45.0
	Added the SQLITE_RESULT_SUBTYPE property for application-defined SQL functions.
	 All application defined SQL functions that invokes sqlite3_result_subtype() must
	 be registered with this new property. Failure to do so might cause the call to
	 sqlite3_result_subtype() to behave as a no-op. Compile with
	 -DSQLITE_STRICT_SUBTYPE=1 to cause an SQL error to be raised if a function that
	 is not SQLITE_RESULT_SUBTYPE tries invokes sqlite3_result_subtype(). The use of
	 -DSQLITE_STRICT_SUBTYPE=1 is a recommended compile-time option for every
	 application that makes use of subtypes.
	Enhancements to the JSON SQL functions:
	    All JSON functions are rewritten to use a new internal parse tree format
		called JSONB. The new parse-tree format is serializable and hence can be
		stored in the database to avoid unnecessary re-parsing whenever the JSON
		value is used.
	    New versions of JSON-generating functions generate binary JSONB instead of
		JSON text.
	    The json_valid() function adds an optional second argument that specifies
		what it means for the first argument to be "well-formed".
	Add the FTS5 tokendata option to the FTS5 virtual table.
	The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. Disable
		it at compile-time using -DSQLITE_DIRECT_OVERFLOW_READ=0.
	Query planner improvements:
	    Do not allow the transitive constraint optimization to trick the query
		planner into using a range constraint when a better equality constraint
		is available. (Forum post 2568d1f6e6.)
	    The query planner now does a better job of disregarding indexes that ANALYZE
		identifies as low-quality. (Forum post 6f0958b03b.)
	Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294.
	Enhancements to the CLI:
	    Improvements to the display of UTF-8 content on Windows
	    Automatically detect playback of ".dump" scripts and make appropriate changes
		to settings such as ".dbconfig defensive off" and ".dbconfig dqs_dll on".

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/sqlite | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/sqlite b/lfs/sqlite
index a03731a10..3ca4e45ff 100644
--- a/lfs/sqlite
+++ b/lfs/sqlite
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3440100
+VER        = 3450000
 
 THISAPP    = sqlite-autoconf-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 8b0aa4b2fd36099e68502705d0187cf30b8755f61577942e9b8709d3ca3e56dfd64cf256d0b70a75e987f2894076cb32c170dd52cd278579a646b06b90140e9d
+$(DL_FILE)_BLAKE2 = 04ba8522be5fa8c0a0a101824f90030f83ad131b53dff622e0449d31b3ee3e50888ed0d8a663c5be3f7338d5d5b6efef1b828374fa599a675ab892bbbb3abec9
 
 install : $(TARGET)
 
-- 
2.43.0