Development

development@lists.ipfire.org

2 participants
6278 discussions

Re: IPFire 2.29 - Core Update 190 is available for testing
by Adolf Belka 03 Dec '24

03 Dec '24

Hi All, First feedback on CU190 Testing. I have not found any problems so far. I have tested the OpenVPN roadwarrior and net2net connections and all worked well. I also cleared the x509 certificate set and created from new (as there were problems in the past with that) and a new x509 set could be created without any issues. Restore from previous backup also worked without any issues. All graphs look to be running okay. Bug13029 - IPSec problem when PSK had a comma in it was tested and the base64 encoding is working as intended. Existing PSK's stay as they are. If a new PSK is defined or an existing one edited then the PSK is base64 encoded. In all cases the operation continues with the base64 encoding changes being totally transparent. A PSK with any character, except the single quotation mark, can now be used in the PSK. Tested out with a PSK with back ticks, hash symbol and double quotation marks and the IPSec PSK connection was made without any issues. Bug13074 verified to now have the collectd.d directory for custom variations. Actual custom variations not tested so far. Bug13762 ssh login details not being shown in system logs verified to be fixed. Both sshd and sshd-session lines from the logs are now included in the system logs display. Will continue testing but so far looks very good to me. Regards, Adolf. On 30/11/2024 15:37, IPFire Project wrote: > Dear Community, It is time for the last push of the year: The upcoming > release of IPFire is ready to be tested by you, our awesome community. > It comes with a refreshed kernel and includes a lot of changes that have > been developed at the recent IPFire Developer Meetup. It is scheduled to > be the last update for the year, so let's make it an extra special one > before we all sign off for the holidays. > ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ > > > IPFire_ > > > IPFire 2.29 - Core Update 190 is available for testing > > Dear Community, It is time for the last push of the year: The upcoming > release of IPFire is ready to be tested by you, our awesome community. > It comes with a refreshed kernel and includes a lot of changes that have > been developed at the recent IPFire Developer Meetup. It is scheduled to > be the last update for the year, so let's make it an extra special one > before we all sign off for the holidays. > > Read The Full Post On Our Blog <https://www.ipfire.org/blog/ipfire-2-29- > core-update-190-is-available-for-testing? > utm_medium=email&utm_source=blog-announcement> > > The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8, 45711 > Datteln, Germany > > Unsubscribe <https://www.ipfire.org/unsubscribe> > -- Sent from my laptop

1 0

Changing date for the upcoming December Video Call
by Michael Tremer 02 Dec '24

02 Dec '24

Hello everyone, Next week we have the monthly video call scheduled for December 2nd. Sadly I have a conflict at that time and won’t be able to make it, so I would like to propose the 3rd or 4th as an alternative date. Could we have a quick round of raising hands who is available on these alternative dates? Best, -Michael

2 2

Failure building collectd when autoconf has been updated to 2.72
by Adolf Belka 29 Nov '24

29 Nov '24

Hi All, I did an update run with autoconf taking it from 2.71 to 2.72 autoconf built without any problems, however collectd then failed for a syntax error in the configure file. Confirmed that this was due to autoconf by changing the versions back and forward and the problem went away and then came back again. The collectd build error message is checking for size_t... yes checking for uid_t... yes checking for gid_t... yes ./configure: line 18710: syntax error near unexpected token `newline' ./configure: line 18710: `yes:' make: *** [collectd:120: /usr/src/log/collectd-4.10.9] Error 2 The section around line 18710 in the configure file is 18707 do : 18708 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` 18709 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" 18710 if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : 18711 cat >>confdefs.h <<_ACEOF 18712 #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 18713 _ACEOF 18714 18715 else 18716 with_libiptc="no (header file missing)" 18717 fi However there are 15 occurrences of the exact same text as line 18710 in the configure file so I am not convinced if that line is the root cause for the syntax error but some other earlier error that causes a knock-on effect. However, my knowledge of the coding syntax is definitely not enough to figure out what needs to be fixed/changed. As collectd is a very old version it is likely that some structural coding or syntax was fine in the past but now with the change from autoconf-2.71 to 2.72 it is no longer allowed, or is flagged up when in the past it was just ignored. There are quite a few changes in autoconf-2.72 with some being marked as backwards compatibilities. All of them except one say that existing configure scripts will continue working. The one that doesn't mention that is the following change:- Configure scripts no longer support pre-1989 C compilers. Specifically, compilers that *only* implement the original “K&R” function definition syntax, and not the newer “prototyped” syntax, will not be able to parse the test programs now emitted by AC_CHECK_FUNC, AC_LANG_CALL, and similar macros. AC_PROG_CC still accepts such compilers, but this may change in the near future. This change was necessary in order to support the upcoming 2024 edition of the C standard (often referred to as “C23”), which will officially remove the function declaration syntax used by AC_CHECK_FUNC in Autoconf 2.71 and earlier. We feel that support for compilers that support only C 2024 is more useful, nowadays, than support for compilers that don’t implement a core feature of C 1989. However I am unable to figure out from this if the problem I am experiencing is related to this or not. I would not have thought so as I don't believe we are using a pre-1989 C compiler. Any ideas from anyone on how to fix this issue? There is nothing critical from a security or other vulnerability aspect in autoconf-2.72 but it would be nice to figure this out before we get to a stage where it has to be made to work. Regards, Adolf.

2 10

Testing of rapid_commit patch
by Adolf Belka 29 Nov '24

29 Nov '24

Hi Michael, I had previously tested your rapid_commit patch on my vm network system. However as that network does not have a problem with the rapid_commit option it was not the best test. I said that i would test it out on my production system after the visit to my family. I have now got around to that. My new ISP, that bought out the very good technically based ISP I used to have, is one of the ones that has a DHCP server that just times out if you have the rapid_commit option in the dhcpcd config file. So I updated my production IPFire to Core-Update 190 Development Build: master/1e2abd66 After rebooting the connection was lost as the rapid_commit option is on by default. I then ran the setup program and unchecked the rapid commit box on the red interface and then rebooted and the connection was running. Another reboot still had the connection running. So I can confirm that the patch is working . The only thing that came to mind is when we do the update people who have removed or commented out the rapid_commit option in dhcpcd.conf will lose their connection. So either * we need to have the update check if the rapid_commit option has been commented out or has been removed and then disable the rapid commit option for the red interface. or * we need to make sure that it is well communicated that anyone who has disabled the rapid_commit option needs to run the setup program after the upgrade (maybe before the reboot) to disable the option for the red interface. We can discuss this at our next conf call meeting on 3rd or 4th Dec. Regards, Adolf.

3 6

[PATCH v2] sudo: Update to version 1.9.16p2
by Adolf Belka 29 Nov '24

29 Nov '24

- Update fromn version 1.9.16 to 1.9.16p2 - This v2 version replaces the one that went from 1.9.16 to 1.9.16p1 - The previous version has been marked as superceded in Patchwork. - Update of rootfile not required 1.9.16p2 * Sudo now passes the terminal device number to the policy plugin even if it cannot resolve it to a path name. This allows sudo to run without warnings in a chroot jail when the terminal device files are not present. GitHub issue #421. * On Linux systems, sudo will now attempt to use the symbolic links in /proc/self/fd/{0,1,2} when resolving the terminal device number. This can allow sudo to map a terminal device to its path name even when /dev/pts is not mounted in a chroot jail. * Fixed compilation errors with gcc and clang in C23 mode. C23 no longer supports functions with unspecified arguments. 1.9.16p1 * Fixed the test for cross-compiling when checking for C99 snprintf(). The changes made to the test in sudo 1.9.16 resulted in a different problem. GitHub issue #386. * Fixed the date used by the exit record in sudo-format log files. This was a regression introduced in sudo 1.9.16 and only affected file-based logs, not syslog. GitHub issue #405. * Fixed the root cause of the "unable to find terminal name for device" message when running sudo on AIX when no terminal is present. In sudo 1.9.16 this was turned from a debug message into a warning. GitHub issue #408 * When a duplicate alias is found in the sudoers file, the warning message now includes the file and line number of the previous definition. * Added support for the --with-secure-path-value=no configure option to allow packagers to ship the default sudoers file with the secure path line commented out. * Sudo no longer sends mail when a user runs "sudo -nv" or "sudo -nl", even if "mail_badpass" or "mail_always" are set. Sudo already avoids logging to a file or syslog in this case. Bug #1072. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/sudo | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/sudo b/lfs/sudo index cac540be0..852f6c8cf 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@ include Config -VER = 1.9.16 +VER = 1.9.16p2 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12 +$(DL_FILE)_BLAKE2 = ef9f1c2cd4044454a808d1dff5f865355e1bd061d1b5c93a005207e28e9b9df7c267cf01358ce60dd2c98f6844b51dab00eac4e7a08bade1d621235c3a4774bf install : $(TARGET) -- 2.47.1

1 0

Re "linux-firmware: ship needed config txt files." commit
by Adolf Belka 29 Nov '24

29 Nov '24

Hi Arne, That was me I am afraid. I remember seeing all the text files in the rootfile and thought that those are not firmware files and so would not be needed. Obviously my assumption about those files not being needed was very wrong. I will make sure not to do the same thing again. It should be unlikely to happen again as @Michael has added the find-linux-firmware-changes tool to the system now which should help make sure I don't remove needed files. Apologies for my error. I hope it didn't cause you too many problems with the builds and testing before you discovered it. Regards, Adolf.

2 1

[PATCH] chkconfig: Update to version 1.30
by Adolf Belka 28 Nov '24

28 Nov '24

- Update from version 1.5 (2015) to 1.30 (Aug 2024) - Fedora now have a github site for chkconfig which has had releases since 2023 - Update of rootfile not required - Changelog 1.30 ostree: move admindir to /etc/alternatives.admindir by @vrothberg in #135 1.29 Translations update from Fedora Weblate by @weblate in #133 Avoid possible leaks in readConfig() by @dtardon in #128 fix issues found by static analyzers by @lnykryn in #125 Mkosi by @lnykryn in #127 1.28 test: return failures from the test suite by @lnykryn in #130 Prepare for bin-sbin merge by @jamacku in #131 1.27 Translations update from Fedora Weblate by @weblate in #124 Alternatives: Fix issues found by static analyzers by @lnykryn in #126 1.26 build(deps): bump actions/checkout from 3 to 4 by @dependabot in #113 Translations update from Fedora Weblate by @weblate in #114 build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 4 to 5 by @dependabot in #115 Fix systemdActive() by @marcosfrm in #117 build(deps): bump github/codeql-action from 2 to 3 by @dependabot in #119 build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #120 Translations update from Fedora Weblate by @weblate in #121 Add support for running using tmt by @jamacku in #123 1.25 Translations update from Fedora Weblate by @weblate in #110 Translations update from Fedora Weblate by @weblate in #111 alternatives: fix possible buffer overrun by @lnykryn in #112 1.24 Revert recent rpmautospec and Packit changes by @jamacku in #107 Fix way how we generate next version by @jamacku in #108 1.23 Remove changelog and update translations by @jamacku in #100 Translations update from Fedora Weblate by @weblate in #101 Fix --keep-foreign when the target is missing completely by @lnykryn in #104 Translations update from Fedora Weblate by @weblate in #103 Translations update from Fedora Weblate by @weblate in #105 1.22 Fedora release process (Packit, rpmautospec) by @jamacku in #91 releng: Packit remove extra job trigger by @jamacku in #92 Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4 by @dependabot in #94 test: fix ShellCheck error[SC2070] by @jamacku in #95 Add Locale linter (Weblate) by @jamacku in #98 Translations update from Fedora Weblate by @weblate in #96 migrate to SPDX license by @lzaoral in #99 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/chkconfig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lfs/chkconfig b/lfs/chkconfig index f602924cf..86a13ef27 100644 --- a/lfs/chkconfig +++ b/lfs/chkconfig @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@ include Config -VER = 1.5 +VER = 1.30 THISAPP = chkconfig-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5a2f9e3bb03a502dc7efa25ab2f2b78835db801af2fd352ba8c993b5d6e9695ea4956124f04214b3cbe406910a61316be5f51862e930de98dcd5ffc0f9d1877f +$(DL_FILE)_BLAKE2 = ac9164196570fd35ac6ed3167e918ee40f4c4dde8c2ca17d710501d28758be0b43892e6f0e1d0de39cbfa8b81bddb4a48d8cb14f4398ed623092f6c16698ad27 install : $(TARGET) @@ -69,7 +69,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make alternatives cd $(DIR_APP) && install -v -m 755 alternatives /usr/sbin ln -svf alternatives /usr/sbin/update-alternatives -- 2.47.0

1 6

Logging Locationblock packets
by Rob Brewer 25 Nov '24

25 Nov '24

As a contributor to the SANS ISC, I email my IPTABLES logs hourly to the Dshield database, however the default IPFire IPTABLES logs are incomplete since packets dropped by Locationblock are not logged to syslog. As a workaround I edit the locationblock function of rules.pl to add a IPTABLES rule to log the dropped packets. This edit does not of course survive any Core-Updates that upgrade rules.pl and the edit needs to be re-applied. In addition, unless the Locationblock packets are logged to syslog the data displayed in the Firewall logs sections are incomplete as the packets dropped by Location Block are not displayed. I understand that the original intension of the Location Block feature was to reduce the amount of log messages on installations running on extremely cheap flash storage. I suspect that these installations are now almost zero especially since IPFire no longer supports 32 bit versions. The obvious solution to this to make Location Block logging selectable as a firewall option and my quick look at making a patches for this would seem to be fairly simple task to rules.pl and and optionsfw.cgi. I would be happy to provide the necessary patches should this be acceptable.

3 11

[PATCH] pam: Update to version 1.7.0
by Adolf Belka 24 Nov '24

24 Nov '24

- Update from version 1.6.1 to 1.7.0 - Update of rootfile - pam is now only built via meson. Therefore meson and ninja had to be moved to before pam. This required python3 and python3-setuptools, expta, libffi, gdbm & sqlite to also be moved before meson to ensure build was successful and that the python3 rootfile had all the required python files included. - Changelog 1.7.0 * build: changed build system from autotools to meson. * libpam_misc: use ECHOCTL in the terminal input * pam_access: support UID and GID in access.conf * pam_env: install environment file in vendordir if vendordir is enabled * pam_issue: only count class user if logind support is enabled * pam_limits: use systemd-logind instead of utmp if logind support is enabled * pam_unix: compare password hashes in constant time * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/common/pam | 300 ++++++++++++++++++------------------ lfs/pam | 26 ++-- make.sh | 16 +- 3 files changed, 172 insertions(+), 170 deletions(-) diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam index c38cb9ea5..b98913526 100644 --- a/config/rootfiles/common/pam +++ b/config/rootfiles/common/pam @@ -15,92 +15,52 @@ etc/security #lib/security #lib/security/faillock #lib/security/mkhomedir_helper -#lib/security/pam_access.la lib/security/pam_access.so -#lib/security/pam_canonicalize_user.la #lib/security/pam_canonicalize_user.so -#lib/security/pam_debug.la #lib/security/pam_debug.so -#lib/security/pam_deny.la lib/security/pam_deny.so -#lib/security/pam_echo.la #lib/security/pam_echo.so -#lib/security/pam_env.la lib/security/pam_env.so -#lib/security/pam_exec.la lib/security/pam_exec.so -#lib/security/pam_faildelay.la lib/security/pam_faildelay.so -#lib/security/pam_faillock.la #lib/security/pam_faillock.so #lib/security/pam_filter -#lib/security/pam_filter.la #lib/security/pam_filter.so #lib/security/pam_filter/upperLOWER -#lib/security/pam_ftp.la #lib/security/pam_ftp.so -#lib/security/pam_group.la lib/security/pam_group.so -#lib/security/pam_issue.la lib/security/pam_issue.so -#lib/security/pam_keyinit.la lib/security/pam_keyinit.so -#lib/security/pam_limits.la lib/security/pam_limits.so -#lib/security/pam_listfile.la #lib/security/pam_listfile.so -#lib/security/pam_localuser.la #lib/security/pam_localuser.so -#lib/security/pam_loginuid.la lib/security/pam_loginuid.so -#lib/security/pam_mail.la lib/security/pam_mail.so -#lib/security/pam_mkhomedir.la #lib/security/pam_mkhomedir.so -#lib/security/pam_motd.la #lib/security/pam_motd.so -#lib/security/pam_namespace.la #lib/security/pam_namespace.so #lib/security/pam_namespace_helper -#lib/security/pam_nologin.la lib/security/pam_nologin.so -#lib/security/pam_permit.la lib/security/pam_permit.so -#lib/security/pam_pwhistory.la lib/security/pam_pwhistory.so -#lib/security/pam_rhosts.la lib/security/pam_rhosts.so -#lib/security/pam_rootok.la #lib/security/pam_rootok.so -#lib/security/pam_securetty.la #lib/security/pam_securetty.so -#lib/security/pam_setquota.la #lib/security/pam_setquota.so -#lib/security/pam_shells.la lib/security/pam_shells.so -#lib/security/pam_stress.la #lib/security/pam_stress.so -#lib/security/pam_succeed_if.la #lib/security/pam_succeed_if.so -#lib/security/pam_time.la #lib/security/pam_time.so -#lib/security/pam_timestamp.la #lib/security/pam_timestamp.so #lib/security/pam_timestamp_check -#lib/security/pam_umask.la #lib/security/pam_umask.so -#lib/security/pam_unix.la lib/security/pam_unix.so -#lib/security/pam_userdb.la #lib/security/pam_userdb.so -#lib/security/pam_usertype.la #lib/security/pam_usertype.so -#lib/security/pam_warn.la #lib/security/pam_warn.so -#lib/security/pam_wheel.la #lib/security/pam_wheel.so -#lib/security/pam_xauth.la #lib/security/pam_xauth.so +#lib/security/pwhistory_helper lib/security/unix_chkpwd #usr/include/security #usr/include/security/_pam_compat.h @@ -113,15 +73,12 @@ lib/security/unix_chkpwd #usr/include/security/pam_misc.h #usr/include/security/pam_modules.h #usr/include/security/pam_modutil.h -#usr/lib/libpam.la #usr/lib/libpam.so usr/lib/libpam.so.0 usr/lib/libpam.so.0.85.1 -#usr/lib/libpam_misc.la #usr/lib/libpam_misc.so usr/lib/libpam_misc.so.0 usr/lib/libpam_misc.so.0.82.1 -#usr/lib/libpamc.la #usr/lib/libpamc.so usr/lib/libpamc.so.0 usr/lib/libpamc.so.0.82.1 @@ -131,108 +88,153 @@ usr/lib/libpamc.so.0.82.1 #usr/lib/systemd #usr/lib/systemd/system #usr/lib/systemd/system/pam_namespace.service -#usr/share/doc/Linux-PAM -#usr/share/doc/Linux-PAM/draft-morgan-pam-current.txt -#usr/share/doc/Linux-PAM/index.html -#usr/share/doc/Linux-PAM/rfc86.0.txt -#usr/share/man/man3/misc_conv.3 -#usr/share/man/man3/pam.3 -#usr/share/man/man3/pam_acct_mgmt.3 -#usr/share/man/man3/pam_authenticate.3 -#usr/share/man/man3/pam_chauthtok.3 -#usr/share/man/man3/pam_close_session.3 -#usr/share/man/man3/pam_conv.3 -#usr/share/man/man3/pam_end.3 -#usr/share/man/man3/pam_error.3 -#usr/share/man/man3/pam_fail_delay.3 -#usr/share/man/man3/pam_get_authtok.3 -#usr/share/man/man3/pam_get_authtok_noverify.3 -#usr/share/man/man3/pam_get_authtok_verify.3 -#usr/share/man/man3/pam_get_data.3 -#usr/share/man/man3/pam_get_item.3 -#usr/share/man/man3/pam_get_user.3 -#usr/share/man/man3/pam_getenv.3 -#usr/share/man/man3/pam_getenvlist.3 -#usr/share/man/man3/pam_info.3 -#usr/share/man/man3/pam_misc_drop_env.3 -#usr/share/man/man3/pam_misc_paste_env.3 -#usr/share/man/man3/pam_misc_setenv.3 -#usr/share/man/man3/pam_open_session.3 -#usr/share/man/man3/pam_prompt.3 -#usr/share/man/man3/pam_putenv.3 -#usr/share/man/man3/pam_set_data.3 -#usr/share/man/man3/pam_set_item.3 -#usr/share/man/man3/pam_setcred.3 -#usr/share/man/man3/pam_sm_acct_mgmt.3 -#usr/share/man/man3/pam_sm_authenticate.3 -#usr/share/man/man3/pam_sm_chauthtok.3 -#usr/share/man/man3/pam_sm_close_session.3 -#usr/share/man/man3/pam_sm_open_session.3 -#usr/share/man/man3/pam_sm_setcred.3 -#usr/share/man/man3/pam_start.3 -#usr/share/man/man3/pam_strerror.3 -#usr/share/man/man3/pam_syslog.3 -#usr/share/man/man3/pam_verror.3 -#usr/share/man/man3/pam_vinfo.3 -#usr/share/man/man3/pam_vprompt.3 -#usr/share/man/man3/pam_vsyslog.3 -#usr/share/man/man3/pam_xauth_data.3 -#usr/share/man/man5/access.conf.5 -#usr/share/man/man5/environment.5 -#usr/share/man/man5/faillock.conf.5 -#usr/share/man/man5/group.conf.5 -#usr/share/man/man5/limits.conf.5 -#usr/share/man/man5/namespace.conf.5 -#usr/share/man/man5/pam.conf.5 -#usr/share/man/man5/pam.d.5 -#usr/share/man/man5/pam_env.conf.5 -#usr/share/man/man5/pwhistory.conf.5 -#usr/share/man/man5/time.conf.5 -#usr/share/man/man8/PAM.8 -#usr/share/man/man8/faillock.8 -#usr/share/man/man8/mkhomedir_helper.8 -#usr/share/man/man8/pam.8 -#usr/share/man/man8/pam_access.8 -#usr/share/man/man8/pam_canonicalize_user.8 -#usr/share/man/man8/pam_debug.8 -#usr/share/man/man8/pam_deny.8 -#usr/share/man/man8/pam_echo.8 -#usr/share/man/man8/pam_env.8 -#usr/share/man/man8/pam_exec.8 -#usr/share/man/man8/pam_faildelay.8 -#usr/share/man/man8/pam_faillock.8 -#usr/share/man/man8/pam_filter.8 -#usr/share/man/man8/pam_ftp.8 -#usr/share/man/man8/pam_group.8 -#usr/share/man/man8/pam_issue.8 -#usr/share/man/man8/pam_keyinit.8 -#usr/share/man/man8/pam_limits.8 -#usr/share/man/man8/pam_listfile.8 -#usr/share/man/man8/pam_localuser.8 -#usr/share/man/man8/pam_loginuid.8 -#usr/share/man/man8/pam_mail.8 -#usr/share/man/man8/pam_mkhomedir.8 -#usr/share/man/man8/pam_motd.8 -#usr/share/man/man8/pam_namespace.8 -#usr/share/man/man8/pam_namespace_helper.8 -#usr/share/man/man8/pam_nologin.8 -#usr/share/man/man8/pam_permit.8 -#usr/share/man/man8/pam_pwhistory.8 -#usr/share/man/man8/pam_rhosts.8 -#usr/share/man/man8/pam_rootok.8 -#usr/share/man/man8/pam_securetty.8 -#usr/share/man/man8/pam_setquota.8 -#usr/share/man/man8/pam_shells.8 -#usr/share/man/man8/pam_stress.8 -#usr/share/man/man8/pam_succeed_if.8 -#usr/share/man/man8/pam_time.8 -#usr/share/man/man8/pam_timestamp.8 -#usr/share/man/man8/pam_timestamp_check.8 -#usr/share/man/man8/pam_umask.8 -#usr/share/man/man8/pam_unix.8 -#usr/share/man/man8/pam_userdb.8 -#usr/share/man/man8/pam_usertype.8 -#usr/share/man/man8/pam_warn.8 -#usr/share/man/man8/pam_wheel.8 -#usr/share/man/man8/pam_xauth.8 -#usr/share/man/man8/unix_chkpwd.8 +#usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/am +#usr/share/locale/am/LC_MESSAGES +#usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ar +#usr/share/locale/ar/LC_MESSAGES +#usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/as +#usr/share/locale/as/LC_MESSAGES +#usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/az +#usr/share/locale/az/LC_MESSAGES +#usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bn +#usr/share/locale/bn/LC_MESSAGES +#usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bn_IN +#usr/share/locale/bn_IN/LC_MESSAGES +#usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/bs +#usr/share/locale/bs/LC_MESSAGES +#usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/cy +#usr/share/locale/cy/LC_MESSAGES +#usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/de_CH +#usr/share/locale/de_CH/LC_MESSAGES +#usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fa +#usr/share/locale/fa/LC_MESSAGES +#usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/gu +#usr/share/locale/gu/LC_MESSAGES +#usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/he +#usr/share/locale/he/LC_MESSAGES +#usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hi +#usr/share/locale/hi/LC_MESSAGES +#usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/is +#usr/share/locale/is/LC_MESSAGES +#usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/km +#usr/share/locale/km/LC_MESSAGES +#usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kn +#usr/share/locale/kn/LC_MESSAGES +#usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/kw_GB +#usr/share/locale/kw_GB/LC_MESSAGES +#usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mk +#usr/share/locale/mk/LC_MESSAGES +#usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ml +#usr/share/locale/ml/LC_MESSAGES +#usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mn +#usr/share/locale/mn/LC_MESSAGES +#usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/mr +#usr/share/locale/mr/LC_MESSAGES +#usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/my +#usr/share/locale/my/LC_MESSAGES +#usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ne +#usr/share/locale/ne/LC_MESSAGES +#usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/nn +#usr/share/locale/nn/LC_MESSAGES +#usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/or +#usr/share/locale/or/LC_MESSAGES +#usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pa +#usr/share/locale/pa/LC_MESSAGES +#usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/si +#usr/share/locale/si/LC_MESSAGES +#usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sr@latin +#usr/share/locale/sr@latin/LC_MESSAGES +#usr/share/locale/sr(a)latin/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/te +#usr/share/locale/te/LC_MESSAGES +#usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/tg +#usr/share/locale/tg/LC_MESSAGES +#usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/ur +#usr/share/locale/ur/LC_MESSAGES +#usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/yo +#usr/share/locale/yo/LC_MESSAGES +#usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_HK +#usr/share/locale/zh_HK/LC_MESSAGES +#usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo +#usr/share/locale/zu +#usr/share/locale/zu/LC_MESSAGES +#usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo diff --git a/lfs/pam b/lfs/pam index 8e5b6f602..8f3d144f8 100644 --- a/lfs/pam +++ b/lfs/pam @@ -24,7 +24,7 @@ include Config -VER = 1.6.1 +VER = 1.7.0 THISAPP = Linux-PAM-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 649b4ff892fbd3eb90adcbd9ccc5b3f5df51bf1c79b9084c7a1613c432587b13b81761d1eb4f31ef12d58843d16af24a3c441d0b6f5d2f2a1db9c8da15a61e2f +$(DL_FILE)_BLAKE2 = 39c8c2ccc6f7d125d12d49439ae44cb8fe115f0529549269246e54f4b4de0b3b24c1099e4d3fa39d4e477af8a92b66dd6dc2cb93f0643ab7b56bcaabdd3b8539 install : $(TARGET) @@ -71,17 +71,17 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --libdir=/usr/lib \ - --sbindir=/lib/security \ - --enable-securedir=/lib/security \ - --enable-read-both-confs \ - --disable-nls - - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - + cd $(DIR_APP) && meson setup \ + --libdir=/usr/lib \ + --sbindir=/lib/security \ + -D securedir=/lib/security \ + -D read-both-confs=true \ + -D nis=disabled \ + -D docs=disabled \ + builddir/ + cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) + cd $(DIR_APP) && ninja -C builddir/ install # Install configuration - -mkdir -p /etc/pam.d - + -mkdir -p /etc/pam.d @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index 35a602f62..abeb1dd88 100755 --- a/make.sh +++ b/make.sh @@ -1479,6 +1479,14 @@ build_system() { lfsmake2 openssl lfsmake2 popt lfsmake2 libedit + lfsmake2 expat + lfsmake2 libffi + lfsmake2 gdbm + lfsmake2 sqlite + lfsmake2 python3 + lfsmake2 python3-setuptools + lfsmake2 ninja + lfsmake2 meson lfsmake2 pam lfsmake2 libcap lfsmake2 libcap-ng @@ -1501,22 +1509,14 @@ build_system() { lfsmake2 iproute2 lfsmake2 screen lfsmake2 elfutils - lfsmake2 expat lfsmake2 libconfig lfsmake2 curl lfsmake2 libarchive lfsmake2 cmake lfsmake2 json-c lfsmake2 tcl - lfsmake2 libffi - lfsmake2 gdbm - lfsmake2 sqlite - lfsmake2 python3 - lfsmake2 python3-setuptools lfsmake2 python3-MarkupSafe lfsmake2 python3-Jinja2 - lfsmake2 ninja - lfsmake2 meson lfsmake2 kmod lfsmake2 udev lfsmake2 libusb -- 2.47.0

1 9

[PATCH] tshark: Update to version 4.4.2
by Adolf Belka 22 Nov '24

22 Nov '24

- Update from version 4.4.1 to 4.4.2 - Update of rootfile - Changelog 4.4.2 vulnerabilities fixed: wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. Issue 20176. wnpa-sec-2024-15 ECMP dissector crash. Issue 20214. bugs fixed: CIP I/O is not detected by "enip" filter anymore. Issue 19517. Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041. OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal. Issue 20065. JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000. Issue 20066. Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring. Issue 20082. PTP analysis loses track of message associations in case of sequence number resets. Issue 20099. USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed. Issue 20107. dumpcap crashes when run from TShark with a capture filter. Issue 20108. SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating. Issue 20113. Ghost error message on POP3 packets. Issue 20124. Building against c-ares 1.34 fails. Issue 20125. D-Bus is not optional anymore. Issue 20126. macOS Intel DMGs aren’t fully notarized. Issue 20129. Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture. Issue 20134. CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142. Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156. BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached. Issue 20159. Statistics→I/O Graph crashes when using simple moving average. Issue 20163. HTTP2 body decompression fails on DATA with a single padded frame. Issue 20167. Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169. SIP dissector bug due to "be-route" param in VIA header. Issue 20173. Coredump after trying to open 'Follow TCP stream' Issue 20174. Protobuf JSON mapping error. Issue 20182. Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183. Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1. Issue 20184. IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame. Issue 20187. Wireshark 4.4.1 does not decode RTCP packets. Issue 20188. Qt: Display filter sub-menu can only be opened on the triangle, not the full name. Issue 20190. Qt: Changing the display filter does not update the Conversations or Endpoints dialogs. Issue 20191. MODBUS Dissector bug. Issue 20192. Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval field. Issue 20193. Wireshark crashes when a field is dragged from packet details towards the find input. Issue 20204. Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with comma as decimal separator. Issue 20216. The TCP dissector no longer falls back to using the client port as a criterion for selecting a payload dissector when the server port does not select a payload dissector (except for port 20, active FTP). This behavior can be changed using the "Client port dissectors" preference. Display filters now correctly handle floating point conversion errors. The Lua API now has better support for comma-separated ranges in different locales. New and Updated Features The TShark syntax for dumping only fields with a certain prefix has changed from -G fields prefix to -G fields,prefix. This allows tshark -G fields to again support also specifying the configuration profile to use. Updated Protocol Support ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP, Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS, MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog, TCP, UMTS RLC, USB CCID, Wi-SUN, and ZigBee ZCL New and Updated Capture File Support BLF Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/packages/tshark | 4 ++-- lfs/tshark | 18 ++++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/tshark b/config/rootfiles/packages/tshark index 1a2df8938..73b63bda4 100644 --- a/config/rootfiles/packages/tshark +++ b/config/rootfiles/packages/tshark @@ -12,10 +12,10 @@ usr/bin/dumpcap usr/bin/tshark #usr/lib/libwireshark.so usr/lib/libwireshark.so.18 -usr/lib/libwireshark.so.18.0.1 +usr/lib/libwireshark.so.18.0.2 #usr/lib/libwiretap.so usr/lib/libwiretap.so.15 -usr/lib/libwiretap.so.15.0.1 +usr/lib/libwiretap.so.15.0.2 #usr/lib/libwsutil.so usr/lib/libwsutil.so.16 usr/lib/libwsutil.so.16.0.0 diff --git a/lfs/tshark b/lfs/tshark index de079aa8d..a567f03ea 100644 --- a/lfs/tshark +++ b/lfs/tshark @@ -26,7 +26,7 @@ include Config SUMMARY = A Network Traffic Analyser -VER = 4.4.1 +VER = 4.4.2 THISAPP = wireshark-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tshark DEPS = c-ares -PAK_VER = 19 +PAK_VER = 20 SERVICES = @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 747ffe14a7b30c4d7bb435bff1fded11efcf03a8bfcacd48d36141fae7a9cfb7965076b1a807d7f095f66bb99148732c090493d2c3654b4a20355f8dbeac3972 +$(DL_FILE)_BLAKE2 = ea5c48f06c2aeb5b51f6ba62fd57214e9dd79917f978867d3ae31ffec74eb82ba7c8a2e2dcba415e53d051e531f9f9907aac88c6f29b6746222cf812bb43c85b install : $(TARGET) @@ -80,15 +80,13 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && mkdir build - cd $(DIR_APP)/build && cmake .. \ - -DBUILD_wireshark=OFF \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_mmdbresolve=OFF + cd $(DIR_APP)/build && cmake .. \ + -DBUILD_wireshark=OFF \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_mmdbresolve=OFF cd $(DIR_APP)/build && make $(MAKETUNING) cd $(DIR_APP)/build && make install - @rm -rf $(DIR_APP) @$(POSTBUILD) -- 2.47.0

1 0

Jump to page: