[PATCH] clamav: Update to version 1.3.1

[PATCH] clamav: Update to version 1.3.1

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2965 bytes --]

- Update from version 1.3.0 to 1.3.1
- Update of rootfile not required
- As we can not upgrade currently to version 1.4.0 due to the rust/ruby issue we need to
   update to 1.3.1 as it has a CVE fix in it.
- There are three rust dependencies that have been updated but all have a rust-1.57
   requirement so have no problem with our current rust-1.67.0 version
- Changelog
    1.3.1
      This is a critical patch release with the following fixes:
	- [CVE-2024-20380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20380):
	  Fixed a possible crash in the HTML file parser that could cause a
	  denial-of-service (DoS) condition.
	  This issue affects version 1.3.0 only and does not affect prior versions.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1242)
	- Updated select Rust dependencies to the latest versions.
	  This resolved Cargo audit complaints and included PNG parser bug fixes.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1227)
	- Fixed a bug causing some text to be truncated when converting from UTF-16.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1230)
	- Fixed assorted complaints identified by Coverity static analysis.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1235)
	- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam
	  config option to be pruned and then re-downloaded with every update.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238)
	- Added the new 'valhalla' database name to the list of optional databases in
	  preparation for future work.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238)
	- Added symbols to the `libclamav.map` file to enable additional build
	  configurations.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1244)

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/clamav | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/clamav b/lfs/clamav
index 5a1089187..32b4aa4f9 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Antivirus Toolkit
 
-VER        = 1.3.0
+VER        = 1.3.1
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 71
+PAK_VER    = 72
 
 DEPS       =
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282
+$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362
 
 
 install : $(TARGET)
-- 
2.46.0

[PATCH] iotop: Update to version 1.26

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2347 bytes --]

- Update from version 1.22 to 1.26
- Update of rootfile not required
- Changelog
    1.26
	Add clock in upper right corner
    1.25

	Fix bug when iotop busy loops after pressing ESC key
	Change the condition of displaying processes in only mode
    1.24

	Fix a bug with graphs in ASCII mode
	Show the status of the configuration in the help window
	Support ancient compilers by @bbonev in #52
    1.23

	Changes by @bbonev in #43
	Fix some issues reported by lintian by @debian-janitor in #42
	Revert syscall count stuff by @bbonev in #44
	Fix empty archlinux package by @bokunodev in #46

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/iotop | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/iotop b/lfs/iotop
index 1dc44eaef..d869386ea 100644
--- a/lfs/iotop
+++ b/lfs/iotop
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Top Like UI to Show Per-Process I/O Going on
 
-VER        = 1.22
+VER        = 1.26
 
 THISAPP    = iotop-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 PROG       = iotop
-PAK_VER    = 5
+PAK_VER    = 6
 DEPS       =
 
 SERVICES   =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 59ceff92600f6f9ff080d02ea10a796a2b6f05ccbb663ac2eed9a7d5c7f6a44de329307bc45605b3415804ef3b2d0699afdaeb1c22604276ce15fc606304ef70
+$(DL_FILE)_BLAKE2 = 90ca8706809952c1523c01b1cb4fa2728934277d80145ab6d90e10cb624361fd4089c527c6093b4733b954f874598c33c7892369ef98e96cbc0bb173a0f8c986
 
 install : $(TARGET)
 
-- 
2.46.0

[PATCH] libvirt: Update to version 10.7.0

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 22555 bytes --]

- Update from version 10.0.0 to 10.7.0
- Update of rootfile
- 1 CVE fix in 10.7.0 and 1 in 10.1.0
- Changelog
    10.7.0
	* **Security**
	  * CVE-2024-8235: Crash of ``virtinterfaced`` via ``virConnectListInterfaces()``
	    A refactor of the code fetching the list of interfaces for multiple APIs
	    introduced corner case on platforms where allocating 0 bytes of memory
	    results in a NULL pointer.
	    This corner case would lead to a NULL-pointer dereference and subsequent
	    crash of ``virtinterfaced`` if ``virConnectListInterfaces()`` is called
	    requesting 0 networks to be filled.
	    The bug was introduced in libvirt-10.4.0
	* **New features**
	  * qemu: Introduce the ability to disable the built-in PS/2 controller
	    It is now possible to control the state of the ``ps2`` feature in the
	    domain XML for descendants of the generic PC machine type (``i440fx``,
	    ``q35``, ``xenfv`` and ``isapc``).
	* **Improvements**
	  * ch: support restore with network devices
	    Cloud-Hypervisor starting from V40.0 supports restoring file descriptor
	    backed network devices. So, create new net fds and pass them via
	    SCM_RIGHTS to CH during restore operation.
	  * ch: support basic networking modes
	    Cloud-Hypervisor driver now supports Ethernet, Network (NAT) and Bridge
	    networking modes.
    10.6.0
	* **Removed features**
	  * qemu: Require QEMU-5.2.0 or newer
	    The minimal required version of QEMU was bumped to 5.2.0.
	* **New features**
	  * qemu: Add support for the 'pauth' Arm CPU feature
	  * Introduce pstore device
	    The aim of pstore device is to provide a bit of NVRAM storage for guest
	    kernel to record oops/panic logs just before it crashes. Typical usage
	    includes usage in combination with a watchdog so that the logs can be
	    inspected after the watchdog rebooted the machine.
	* **Improvements**
	  * qemu: Set 'passt' net backend if 'default' is unsupported
	    If QEMU is compiled without SLIRP support, and if domain XML allows it,
	    starting from this release libvirt will use passt as the default backend
	    instead. Also, supported backends are now reported in the domain
	    capabilities XML.
	  * qemu: add a monitor to /proc/$pid when killing times out
	    In cases when a QEMU process takes longer to be killed, libvirt might have
	    skipped cleaning up after it. But now a /proc/$pid watch is installed so
	    this does not happen ever again.
	* **Bug fixes**
	  * virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf
	    When binary version of edk2 is distributed, the files reside under
	    /usr/share/edk2-ovmf. Allow virt-aa-helper to generate paths under that
	    directory.
	  * virt-host-validate: Allow longer list of CPU flags
	    During its run, virt-host-validate parses /proc/cpuinfo to learn about CPU
	    flags. But due to a bug it parsed only the first 1024 bytes worth of CPU
	    flags leading to unexpected results. The file is now parsed properly.
	  * capabilities: Be more forgiving when decoding OEM strings
	    On some systems, OEM strings are scattered in multiple sections. This
	    confused libvirt when generating capabilities XML. Not anymore.
    10.5.0
	* **New features**
	  * Introduce SEV-SNP support
	    SEV-SNP is introduced as another type of ``<launchSecurity/>``. Its support
	    is reported in both domain capabilities and ``virt-host-validate``.
	* **Improvements**
	  * tools: virt-pki-validate has been rewritten in C
	    The ``virt-pki-validate`` shell script has been rewritten as a C program,
	    providing an output format that matches ``virt-host-validate``, removing
	    the dependency on ``certtool`` and providing more comprehensive checks
	    of the certificate properties.
	  * qemu: implement iommu coldplug/unplug
	    The ``<iommu/>`` device can be now cold plugged and/or cold unplugged.
	  * Pass shutoff reason to release hook
	    Sometimes in release hook it is useful to know if the VM shutdown was
	    graceful or not. This is especially useful to do cleanup based on the VM
	    shutdown failure reason in release hook. Starting with this release the
	    last argument 'extra' is used to pass VM shutoff reason in the call to
	    release hook.
	  * nodedev: improve DASD detection
	    In newer DASD driver versions the ID_TYPE tag is supported. This tag is
	    missing after a system reboot but when the ccw device is set offline and
	    online the tag is included. To fix this version independently we need to
	    check if a device detected as type disk is actually a DASD to maintain the
	    node object consistency and not end up with multiple node objects for
	    DASDs.
	* **Bug fixes**
	  * remote_daemon_dispatch: Unref sasl session when closing client connection
	    A memory leak was identified when a client started SASL but then suddenly
	    closed connection. This is now fixed.
	  * qemu: Fix migration with disabled vmx-* CPU features
	    Migrating a domain with some vmx-* CPU features marked as disabled could
	    have failed as the destination would incorrectly expect those features to
	    be enabled after starting QEMU.
	  * qemu: Fix ``libvirtd``/``virtqemud`` crash when VM shuts down during migration
	    The libvirt daemon could crash when a VM was shut down while being migrated
	    to another host.
    10.4.0
	* **New features**
	  * qemu: Support for ras feature for virt machine type
	    It is now possible to set on/off ``ras`` feature in the domain XML for virt
	    (Arm) machine type as ``<ras state='on'/>``.
	  * SSH proxy for VM
	    Libvirt now installs a binary helper that allows connecting to QEMU domains
	    via SSH using the following scheme: ``ssh user(a)qemu/virtualMachine``.
	  * qemu: Support for ``virtio`` sound model
	    Sound devices can now be configured to use the virtio model with
	    ``<sound model='virtio'/>``. This model is available from QEMU 8.2.0
	    onwards.
	  * network: use nftables to setup virtual network firewall rules
	    The network driver can now use nftables rules for the virtual
	    network firewalls, rather than iptables. With the standard build
	    options, nftables is preferred over iptables (with fallback to
	    iptables if nftables isn't installed), but this can be modified at
	    build time, or at runtime via the firewall_backend setting in
	    network.conf. (NB: the nwfilter driver still uses
	    ebtables/iptables).
	* **Improvements**
	  * qemu: add zstd to supported compression formats
	    Extend the list of supported formats of QEMU save image by adding zstd
	    compression.
	  * qemu: Implement support for hotplugging evdev input devices
	    As of this release, hotplug and hotunplug of evdev ``<input/>`` devices is
	    supported.
	* **Bug fixes**
	  * virsh/virt-admin: Fix ``--help`` option for all commands
	    A bug introduced in `v10.3.0 (2024-05-02)`_ caused that the attempt to print
	    help for any command by using the ``--help`` option in ``virsh`` and
	    ``virt-admin`` would print::
	      $ virsh list --help
	      error: command 'list' doesn't support option --help
	    instead of the help output. A workaround for the affected version is to use
	    the help command::
	      $ virsh help list
	  * qemu: Fix ``virsh save`` and migration when storage in question is root_squashed NFS
	    Attempting to save a VM to a root_squash NFS mount or migrating with disks
	    hosted on such mount could, in some scenarios, result in error stating::
	      'Unknown error 255'
	    The bug was introduced in `v10.1.0 (2024-03-01)`_.
	  * qemu: Don't set affinity for isolcpus unless explicitly requested
	    When starting a domain, by default libvirt sets affinity of QEMU process to
	    all online CPUs. This also included isolated CPUs (``isolcpus=``) which is
	    wrong. As of this release, isolated CPUs are left untouched, unless
	    explicitly configured in domain XML.
	  * qemu_hotplug: Properly assign USB address to hotplugged usb-net device
	    Previously, the network device hotplug logic would try to ensure only CCW
	    or PCI addresses. With recent support for the usb-net model, USB addresses
	    for usb-net network devices are assigned automatically.
	  * qemu: Fix hotplug of ``virtiofs`` filesystem device with ``<boot order=`` set
	    The bug was introduced in `v10.3.0 (2024-05-02)`_ when attempting to reject
	    unsupported configurations. During hotplug the addresses are
	    assigned after validation and thus errorneously reject valid configs.
    10.3.0
	* **New features**
	  * qemu: Proper support for USB network device
	    USB address is now automatically assigned to USB network devices thus they
	    can be used without manual configuration.
	  * conf: Introduce memReserve attribute to <controller/>
	    Some PCI devices have large non-prefetchable memory. This can be a problem
	    in case when such device needs to be hotplugged as the firmware can't
	    foresee such situation. The user thus can override the value calculated at
	    start to accomodate for such devices.
	* **Improvements**
	  * Improve validation of USB devices
	    Certain USB device types ('sound', 'fs', 'chr', 'ccid' and 'net') were not
	    properly handled in the check whether the VM config supports USB and thus
	    would result in poor error messages.
	  * virsh: Fix behaviour of ``--name`` and ``--parent`` used together when listing checkpoint and snapshots
	    The ``checkpoint-list`` and ``snapshot-list`` commands would ignore the
	    ``--name`` option to print only the name when used with ``--parent``.
	  * Extend libvirt-guests to shutdown only persistent VMs
	    Users can now choose to shutdown only persistent VMs when the host is being
	    shut down.
	* **Bug fixes**
	  * qemu: Fix migration with custom XML
	    Libvirt 10.2.0 would sometimes complain about incompatible CPU definition
	    when trying to migrate or save a domain and passing a custom XML even
	    though such XML was properly generated as migratable. Hitting this bug
	    depends on the guest CPU definition and the host on which a particular
	    domain was running.
	  * qemu: Fix TLS hostname verification failure in certain non-shared storage migration scenarios
	    In certain scenarios (parallel migration, newly also post-copy migration)
	    libvirt would wrongly pass an empty hostname to QEMU to be used for TLS
	    certificate hostname validation, which would result into failure of the
	    non-shared storage migration step::
	     error: internal error: unable to execute QEMU command 'blockdev-add': Certificate does not match the hostname
	  * Create OVS ports as transient
	    Libvirt now creates OVS ports as transient which prevents them from
	    reappearing or going stale on sudden reboots.
	  * Clear OVS QoS settings when domain shuts down
	    Libvirt now clears QoS settings on domain shutdown, so they no longer pile
	    up in OVS database.
    10.2.0
	* **New features**
	  * ch: Basic save and restore support for ch driver
	    The ch driver now supports basic save and restore operations. This is
	    functional on domains without any network, host device config defined.
	    The ``path`` parameter for save and restore should be a directory.
	  * qemu: Support for driver type ``mtp`` in ``<filesystem/>`` devices
	    The ``mtp`` driver type exposes the ``usb-mtp`` device in QEMU. The
	    guest can access files on this driver through the Media Transfer
	    Protocol (MTP).
	  * qemu: Added support for the loongarch64 architecture
	    It is now possible for libvirt to run loongarch64 guests, including on
	    other architectures via TCG. For the best results, it is recommended to
	    use the upcoming QEMU 9.0.0 release together with the development version
	    of edk2.
	  * qemu: Introduce virDomainGraphicsReload API
	    Reloading the graphics display is now supported for QEMU guests using
	    VNC. This is useful to make QEMU reload the TLS certificates without
	    restarting the guest. Available via the ``virDomainGraphicsReload`` API
	    and the ``domdisplay-reload`` virsh command.
	* **Bug fixes**
	  * qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled
	    A domain with vmx feature enabled (which may be even done automatically
	    with ``mode='host-model'``) started by libvirt 9.9.0 or older cannot be
	    migrated to libvirt 9.10.0, 10.0.0, and 10.1.0 as the target host would
	    complain about a lot of extra ``vmx-*`` features. Migration of similar
	    domains started by the affected releases to libvirt 9.9.0 and older
	    does not work either. Since libvirt 10.2.0 migration works again with
	    libvirt 9.9.0 and older in both directions. Migration from the affected
	    releases to 10.2.0 works as well, but the other direction remains broken
	    unless the fix is backported.
	  * node_device: Don't report spurious errors from PCI VPD parsing
	    In last release the PCI Vital Product Data parser was enhanced to report
	    errors but that effort failed as some kernels have the file but don't allow
	    reading it causing logs to be spammed with::
	      libvirtd[21055]: operation failed: failed to read the PCI VPD data
	    Since the data is used only in the node device XML and errors are ignored if
	    the parsing failed, this release removes all the error reporting.
	  * qemu: set correct SELinux label for unprivileged virtiofsd
	    It is now possible to use virtiofsd-based ``<filesystem>`` shares even
	    if the guest is confined using SELinux.
	  * qemu: fix a crash on unprivileged virtiofsd hotplug
	    Hotplugging virtiofsd-based filesystems works now.
	  * virt-admin: Fix segfault when libvirtd dies
	    ``virt-admin`` no longer crashes when ``libvirtd`` unexpectedly closes
	    the connection.
    10.1.0
	* **Security**
	  * ``CVE-2024-1441``: Fix off-by-one error leading to a crash
	    In **libvirt-1.0.0** there were couple of interface listing APIs
	    introduced which had an off-by-one error.  That error could lead to a
	    very rare crash if an array was passed to those functions which did
	    not fit all the interfaces.
	    In **libvirt-5.10** a check for non-NULL arrays has been adjusted to
	    allow for NULL arrays with size 0 instead of rejecting all NULL
	    arrays.  However that made the above issue significantly worse since
	    that off-by-one error now did not write beyond an array, but
	    dereferenced said NULL pointer making the crash certain in a
	    specific scenario in which a NULL array of size 0 was passed to the
	    aforementioned functions.
	* **New features**
	  * nodedev: Support updating mdevs
	    The node device driver has been extended to allow updating mediated node
	    devices. Options are available to target the update against the persistent,
	    active or both configurations of a mediated device.
	    **Note:** The support is only available with at least mdevctl v1.3.0 installed.
	  * qemu: Add support for /dev/userfaultfd
	    On hosts with new enough kernel which supports /dev/userfaultfd libvirt will
	    now automatically grant QEMU access to this device. It's no longer needed to
	    set vm.unprivileged_userfaultfd sysctl.
	  * qemu: Support clusters in CPU topology
	    It is now possible to configure the guest CPU topology to use clusters.
	    Additionally, if CPU clusters are present in the host topology, they will
	    be reported as part of the capabilities XML.
	  * network: Make virtual domains resolvable from the host
	    When starting a virtual network with a new ``register='yes'`` attribute
	    in the ``<domain>`` element, libvirt will configure ``systemd-resolved``
	    to resolve names of the connected guests using the name server started
	    for this network.
	  * qemu: Introduce dynamicMemslots attribute for virtio-mem
	    QEMU now allows setting ``.dynamic-memslots`` attribute for virtio-mem-pci
	    devices. When turned on, it allows memory exposed to guest to be split into
	    multiple memory slots and thus smaller memory footprint (see the original
	    commit for detailed explanation).
	* **Improvements**
	  * nodedev: Add ability to update persistent mediated devices by defining them
	    Existing persistent mediated devices can now also be updated by
	    ``virNodeDeviceDefineXML()`` as long as parent and UUID remain unchanged.
	  * ch: Enable ``ethernet`` interface mode support
	    ``<interface type='ethernet'/>`` can now be used for CH domains.
	  * viraccessdriverpolkit: Add missing vtpm case
	    Secrets with ``<usage type='vtpm'>`` were left unable to be checked for in
	    the access driver, i.e. in ACL rules. Missing code was provided.
	  * virt-admin: Notify users to use explicit URI if connection fails
	    ``virt-admin`` doesn't try to guess the URI of the daemon to manage so a
	    failure to connect may be confusing for users if modular daemons are used.
	    Add a hint to use the URI of the dameon to manage.
	* **Bug fixes**
	  * qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter
	    If ``trustGuestRxFilters`` is enabled for a vNIC that doesn't support it,
	    libvirt may throw an error when such domain is being started, loaded from a
	    saved state, migrated, etc. These errors are now silenced, but make sure to
	    fix such configurations (after previous release it is even possible to
	    change ``trustGuestRxFilters`` value on live domains via
	    ``virDomainUpdateDeviceFlags()`` or ``virsh device-update``).
	  * domain: Fix check for overlapping ``<memory/>`` devices
	    A bug was identified which caused libvirt to report two NVDIMMs as
	    overlapping even though they weren't. This now fixed.
	  * vmx: Accept empty fileName for cdrom-image
	    Turns out, ``fileName`` attribute (which contains path to CDROM image) can
	    be set to an empty string (``""``) to denote a state in which the CDROM has
	    no medium in it. Libvirt used to reject such configuration file, but not
	    anymore.
	  * qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet()
	    When starting a domain, libvirt tracks what resources it created for it and
	    which were pre-existing and uses this information to preserve pre-existing
	    resources when cleaning up after said domain is shut off. But for macvtaps
	    this information was lost after the macvtap device was changed (e.g. via
	    ``virsh update-device``).
	  * Fix virStream hole handling
	    When a client sent multiple holes into a virStream it may have caused
	    daemon hangup as the daemon stopped processing RPC from the client
	    temporarily. This is now fixed.
	  * nodedev: Don't generate broken XML with certain hardware
	    A broken node device XML would be generated in a rare case when a hardware
	    device had certain characters in the VPD fields.
	  * qemu: Fix reservation of manually specified port for disk migration
	    A manually specified port would not be relased after disk migration making
	    it impossible to use it again.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/libvirt | 14 ++++++++++----
 lfs/libvirt                       |  6 +++---
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt
index f1031b079..32fdd5cce 100644
--- a/config/rootfiles/packages/libvirt
+++ b/config/rootfiles/packages/libvirt
@@ -52,6 +52,8 @@ etc/logrotate.d/libvirtd.qemu
 etc/rc.d/init.d/libvirt-guests
 etc/rc.d/init.d/libvirtd
 etc/rc.d/init.d/virtlogd
+#etc/ssh/ssh_config.d
+etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
 usr/bin/virsh
 usr/bin/virt-admin
 usr/bin/virt-host-validate
@@ -85,16 +87,16 @@ usr/bin/virt-xml-validate
 #usr/lib/libvirt
 #usr/lib/libvirt-admin.so
 usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.10000.0
+usr/lib/libvirt-admin.so.0.10007.0
 #usr/lib/libvirt-lxc.so
 usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.10000.0
+usr/lib/libvirt-lxc.so.0.10007.0
 #usr/lib/libvirt-qemu.so
 usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.10000.0
+usr/lib/libvirt-qemu.so.0.10007.0
 #usr/lib/libvirt.so
 usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.10000.0
+usr/lib/libvirt.so.0.10007.0
 #usr/lib/libvirt/connection-driver
 usr/lib/libvirt/connection-driver/libvirt_driver_ch.so
 usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
@@ -118,6 +120,9 @@ usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so
 #usr/lib/sysctl.d
 usr/lib/sysctl.d/60-libvirtd.conf
 usr/lib/sysctl.d/60-qemu-postcopy-migration.conf
+#usr/lib/sysusers.d
+usr/lib/sysusers.d/libvirt-qemu.conf
+usr/libexec/libvirt-ssh-proxy
 usr/libexec/libvirt_iohelper
 usr/libexec/virt-login-shell-helper
 usr/sbin/libvirtd
@@ -253,6 +258,7 @@ usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml
 usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml
 usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml
 usr/share/libvirt/cpu_map/x86_EPYC.xml
+usr/share/libvirt/cpu_map/x86_GraniteRapids.xml
 usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml
 usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml
 usr/share/libvirt/cpu_map/x86_Haswell-noTSX.xml
diff --git a/lfs/libvirt b/lfs/libvirt
index ef122cfa7..4ac7dbf90 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY	   = Server side daemon and supporting files for libvirt
 
-VER        = 10.0.0
+VER        = 10.7.0
 
 THISAPP    = libvirt-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   = x86_64 aarch64
 PROG       = libvirt
-PAK_VER    = 34
+PAK_VER    = 35
 
 DEPS       = ebtables libpciaccess libyajl ncat qemu
 
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bfbea7805a949999481293a31e52a5511bcf86db2c96486cbc3b9cb776719ec973b1208cfcb4a8ae2c9220d1d68053980eaf68893f7919c3ef354efbd1abf642
+$(DL_FILE)_BLAKE2 = 331f8c01395c70536ac094a156810f93cd85aab9f25bdde40633698a27f5863cb5c88c520199a5182318f376cb1a3484f3c487da74a41925a521c4a305c51f13
 
 install : $(TARGET)
 check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-- 
2.46.0

[PATCH] mcelog: Update to version 200

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1997 bytes --]

- Update from version 196 to 200
- Update of rootfile not required
- Changelog is not provided. The git log,
   https://git.kernel.org/cgit/utils/cpu/mce/mcelog.git/log/, should be viewed for changes.
   The changes are mostly bug fixes.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/mcelog | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/mcelog b/lfs/mcelog
index 619cf025a..fa10eb374 100644
--- a/lfs/mcelog
+++ b/lfs/mcelog
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Log Machine Check Events
 
-VER        = 196
+VER        = 200
 
 THISAPP    = mcelog-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mcelog
-PAK_VER    = 4
+PAK_VER    = 5
 SUP_ARCH   = x86_64
 
 DEPS       =
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 50871cd7a3c4dd6f4c4d613c7db4528d972ca37ba17b0a5aa4876d8fc92d4478c2247ea65748310ad6d4b950d1abc9bd0ea40193e72b36d38334547382477849
+$(DL_FILE)_BLAKE2 = 66b6f25720d09760aab79d0b410287e73087551ab54eaf7dc31c0f7f5c56a40583e933f9e6dae9b91c5594f5bdf51701c37328e76f930c937b448aaac7acd262
 
 install : $(TARGET)
 
-- 
2.46.0

[PATCH] observium-agent: Update to version 24.4

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2231 bytes --]

- Update from version 23.1 to 24.4
- Update of rootfile not required
- Changelog is not provided in the source tarbal. Ther is a text changelog at
   https://www.observium.org/svn.log but it is not clear if this is for the community
   version used here or for the subscription based version. There is also no reference
   to any version numbers so you can't easily tell which changes are in this version and
   which not.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/observium-agent | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/observium-agent b/lfs/observium-agent
index 7df6996ba..bbf3bfcda 100644
--- a/lfs/observium-agent
+++ b/lfs/observium-agent
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Observium agent
 
-VER        = 23.1
+VER        = 24.4
 
 THISAPP    = observium-community-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/observium
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = observium-agent
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       = xinetd
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = d89e8bd454bff4dfcf56bb95619747de53ee6b84d7f4f201058d654494252f3bc725013a5f08b6d635be30234474a4de9379275b593e031efb9a3f216641cd7c
+$(DL_FILE)_BLAKE2 = 1ef34e7bb6ce43ea7e0a122deb5031d555d942d4f79be0596fc0e2c63a2f92321aa22f34a21e6fa559a8a76e744770f9d74676955acdd76dc4d410e1107636a2
 
 install : $(TARGET)
 
-- 
2.46.0

[PATCH] shairport-sync: Update to version 4.3.4

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 5499 bytes --]

- Update from version 4.3.2 to 4.3.4
- Update of rootfile
- Changelog is only defined for 4.3, 4.2 etc so the below changelog is for all of 4.3
   Cannot determine which things were alreday fixed in 4.3.2 and earlier and which are
   from 4.3.3 onwards.
    4.3
**Security Updates**
	* A crashing bug in NQPTP has been fixed.
	* The communications protocol used between NQPTP and Shairport Sync has been
	  revised and made more resilient to attempted misuse.
	* In Linux systems, NQPTP no longer runs as `root` -- instead it runs as the
	  restriced user `nqptp`, with access to ports 319 and 320 set by the installer
	  via the `setcap` utility.
**Enhancements**
	* A new volume control profile called `dasl-tapered` has been added in which
	  halving the volume control setting halves the output level.
	  For example, moving the volume slider from full to half reduces the output
	  level by 10dB, which roughly corresponds with a perceived halving of the audio
	  volume level.
	  Moving the volume slider from half to a quarter reduces the output level by a
	  a further 10dB.
	  The tapering rate is slightly modified at the lower end of the range if the
	  device's attenuation range is restricted (less than about 55dB).
	  To activate the `dasl-tapered` profile, set the `volume_control_profile` to
	  `"dasl_tapered"` in the configuration file and restart Shairport Sync.
	  Many thanks to David Leibovic, aka [dasl-](https://github.com/dasl-), for this.
	* On graceful shutdown, an `active_end` signal should now be generated if the
	  system was in the active state. Addresses issue
	  [#1647](https://github.com/mikebrady/shairport-sync/issues/1647). Thanks to
	  [Tucker Kern](https://github.com/mill1000) for raising the issue.
**Bug Fixes**
	* Fixed a bug that causes the Docker image to crash occasionally when OwnTone
	  interrupted an existing iOS session. Thanks to
	  [aaronk6](https://github.com/aaronk6) for the report.
	* Fixed a cross-compliation error caused by not looking for the correct version
	  of the `ar` tool. The fix was to substitute the correct version during the
	  `autoreconf` phase. Thanks to
	  [sternenseemann](https://github.com/sternenseemann) for raising the
	  [issue](https://github.com/mikebrady/shairport-sync/issues/1705) and the
	  [PR](https://github.com/mikebrady/shairport-sync/pull/1706) containing the fix.
	* Updated the mDNS strings for the Classic AirPlay feature of AP2, so that it
	  does not appear to provide MFi authentication. Addresses
	  [this discussion](https://github.com/mikebrady/shairport-sync/discussions/1691).
	* Always uses a revision number of 1 when looking for status updates on the DACP
	  remote control port. This follows a suggestion in
	  [Issue #1658](https://github.com/mikebrady/shairport-sync/issues/1658). Thanks
	  to [ejurgensen](https://github.com/ejurgensen), as ever, for the report and
	  the suggested fix.
	* Fixed a `statistics` bug (the minimum buffer size was incorrectly logged) and
	  also tidy up the statistics logging interval logic for resetting min and max
	  counters.
	* Added an important missing format string argument to a call in the Jack Audio
	  backend. Many thanks to [michieldwitte] for their
	  [PR](https://github.com/mikebrady/shairport-sync/pull/1693).
**Maintenance**
	* Stopped using a deprecated FFmpeg data structure reference.
	* Stopped using deprecated OpenSSL calls. Thanks to [yubiuser] for their
	  [PR](https://github.com/mikebrady/shairport-sync/pull/1684) -- which did some
	  of the updating -- and for their guidance.
	* Run workflow-based tests on PRs automatically. Thanks to [yubiuser]
	  for their [PR](https://github.com/mikebrady/shairport-sync/pull/1687).

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/shairport-sync | 2 +-
 lfs/shairport-sync                       | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/packages/shairport-sync b/config/rootfiles/packages/shairport-sync
index a0cd5c859..4fb1d3f48 100644
--- a/config/rootfiles/packages/shairport-sync
+++ b/config/rootfiles/packages/shairport-sync
@@ -2,5 +2,5 @@ etc/rc.d/init.d/shairport-sync
 etc/shairport-sync.conf
 #etc/shairport-sync.conf.sample
 usr/bin/shairport-sync
-#usr/share/man/man7/shairport-sync.7
+#usr/share/man/man1/shairport-sync.1
 var/ipfire/backup/addons/includes/shairport-sync
diff --git a/lfs/shairport-sync b/lfs/shairport-sync
index 4ade1ab99..f7136bc70 100644
--- a/lfs/shairport-sync
+++ b/lfs/shairport-sync
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = An AirPlay audio player
 
-VER        = 4.3.2
+VER        = 4.3.4
 
 THISAPP    = shairport-sync-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = shairport-sync
-PAK_VER    = 15
+PAK_VER    = 16
 
 DEPS       = alac alsa avahi ffmpeg libdaemon libplist nqptp soxr
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bed3228874e7ca1bf6e7d8cc21d6d750533d0bdd103bbd1f49412bab06da099adbecfa689d8f733084a1a5519391a01b5b47a527597e1dbf6ab151badda18284
+$(DL_FILE)_BLAKE2 = 298f836f924dde30ac7563f431d8c657efdc0bc4bb3a0a55fb500591a6eab4801f904a0a61bfb325e0ebe62b68b935926c4fb18a9a574c78d6f8249503bb828f
 
 install : $(TARGET)
 
-- 
2.46.0

[PATCH] taglib: Update to version 2.0.2

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2080 bytes --]

- Update from version 2.0.1 to 2.0.2
- Update of rootfile
- Changelog
    2.0.2
	* Fix parsing of ID3v2.2 frames.
	* Tolerate MP4 files with unknown atom types as generated by Android tools.
	* Support setting properties with arbitrary names in MP4 tags.
	* Windows: Fix "-p" option in tagwriter example.
	* Support building with older utfcpp versions.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/taglib | 4 ++--
 lfs/taglib                       | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/packages/taglib b/config/rootfiles/packages/taglib
index 1341d11ed..1dbab71e1 100644
--- a/config/rootfiles/packages/taglib
+++ b/config/rootfiles/packages/taglib
@@ -120,9 +120,9 @@ usr/bin/taglib-config
 #usr/lib/cmake/taglib/taglib-targets.cmake
 #usr/lib/libtag.so
 usr/lib/libtag.so.2
-usr/lib/libtag.so.2.0.1
+usr/lib/libtag.so.2.0.2
 #usr/lib/libtag_c.so
 usr/lib/libtag_c.so.2
-usr/lib/libtag_c.so.2.0.1
+usr/lib/libtag_c.so.2.0.2
 #usr/lib/pkgconfig/taglib.pc
 #usr/lib/pkgconfig/taglib_c.pc
diff --git a/lfs/taglib b/lfs/taglib
index a211df139..527ae9e3f 100644
--- a/lfs/taglib
+++ b/lfs/taglib
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Audio Meta-Data Library
 
-VER        = 2.0.1
+VER        = 2.0.2
 
 THISAPP    = taglib-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = taglib
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a39997b3185609b47b4d20c12b9d131eee32a2846627799d83df98eaaf5b909514fd97667e779715b940f0866252d02a523fa9d87534ea3cdefbd27449cbe714
+$(DL_FILE)_BLAKE2 = 389af213bd467d68e2b0ca4485f51c35e660439baf2ecb7165069e5cb73589f5cf6c92d56e25780cea60e082b6fa51c5dde320dd25b8c5ef0e3b738ff0a6d4ea
 install : $(TARGET)
 
 check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-- 
2.46.0