Hello development folks,
being responsible for upcoming Core Update 167, I would like to close this update roughly at the beginning of next week. This is because it contains several security-relevant updates (such as Apache, Bind [might need another one?], zlib [again], OpenSSH, and so on) which I think should be available to our userbase as soon as possible.
To have CVE-2022-1015 and CVE-2022-1016 covered, I will submit a patch for an updated kernel later this day, since we have enough space to ship one as the linux-firmware changes were reverted (see 8a4780de645a5b3ab42054eaf022c57d6849ae9a).
Looking at Patchwork, it would be great if we could clarify the status of these patches and patch series, and whether they should go into Core Update 167 or not: - https://patchwork.ipfire.org/project/ipfire/list/?series=2684 - https://patchwork.ipfire.org/project/ipfire/list/?series=2698 - https://patchwork.ipfire.org/project/ipfire/patch/66e4978d-6ba4-6c14-329c-6f...
If there are any patches sitting around in your local/private repositories you want to have in Core Update 167, kindly post them. As always, drop me a line in case of questions or comments.
Thanks, and best regards, Peter Müller