This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core169 has been created
at 8000bc0a4375ee7afdc1d56023681b8ac9502c3d (commit)
- Log -----------------------------------------------------------------
commit 8000bc0a4375ee7afdc1d56023681b8ac9502c3d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 29 20:28:38 2022 +0000
Core Update 169: Drop entropy.cgi
Since the kernel now always reports 256 bits of entropy to be available,
this CGI does not show any useful information anymore. To avoid
confusions, it will hereby be removed entirely.
Fixes: #12893
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b55842c26a94e9ff42d4f9010bdfcc51cd311dea
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 29 20:13:11 2022 +0000
Core Update 169: Delete "random" initscript
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 255873a5f9a564036092a20e4bec7f4965cbd149
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 29 18:32:17 2022 +0000
random: Drop busy-loop script
This is no longer required because the kernel will now try to
generate some randomness in an easier way when needed.
This has been added in: b923dd3de0acbf415cee193191250347b733fab8
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5086ed681da4784474f0f71aaa70ec1d4940897c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 29 19:43:08 2022 +0000
sysctl: Permit ptrace usage for processes with CAP_SYS_PTRACE
https://lists.ipfire.org/pipermail/development/2022-June/013763.html
Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2fcfe2e1f339c868b5800b61433c803023686371
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 29 18:34:01 2022 +0000
core169: Add initramdisks for armv6l, too
Looks like I have been ahead of time.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 636cf631c925a1492ad49edbc69e5dac32927eda
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 29 18:11:26 2022 +0000
core169: Ship initramdisks
Those were not part of the update which renders any machine that
installs it unbootable.
Fixes: #12892
Reported-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5991f392827b3f50958a97b20b50767033276165
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 17:30:47 2022 +0000
linux: Update rootfiles to reflect /dev mount option change
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f5117ab51d8ebb5325b3d6cbae8764b88ae917cb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 11:02:32 2022 +0000
python3-msgpack: Add rootfile for 32-bit ARM
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d76e142f7c4a43f2ab851671f813e3df6d6a2576
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 07:34:16 2022 +0000
Revert "U-Boot: Update to 2022.04"
Arne reported that this introduced regressions on some NanoPi models.
This reverts commit b8a9c9e70a0ff84401e53f1481f3c1eafab76a29.
commit b1217522771c466eaff0ea859499bef70396c403
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 07:34:10 2022 +0000
Revert "Core Update 169: Ship U-Boot"
This reverts commit 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a.
commit 498ea59524c410d6e7dea9c4f923e18947be587b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 07:33:59 2022 +0000
Revert "u-boot: Clarify source URLs and add missing rk3399 firmware"
This reverts commit be5703ef78b6244dcf06b72e6f34ab72b2e7fc55.
commit 706d825587bd152366973c163dde085e937540f5
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 07:33:48 2022 +0000
Revert "u-boot: .xz != .gz"
This reverts commit 01b3a62a35a38db9d67121e66f983c0e0a38ca46.
commit 7d5a7fea48ca883f19ad604a7a51820671de82a0
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 27 07:33:40 2022 +0000
Revert "u-boot: Sigh, fix another .xz != .gz"
This reverts commit 480202725b872018667ce0cdc337c25c94cef72b.
commit 0664b1720d2d32f01ad9b9126450e35aa4d357df
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 25 22:20:48 2022 +0000
linux: Amend upstream patch to harden mount points of /dev
This patch, which has been merged into the mainline Linux kernel, but
not yet backported to the 5.15.x tree, precisely addresses our
situation: IPFire does not use systemd, but CONFIG_DEVTMPFS_MOUNT.
The only explanation I have for bug #12889 arising _now_ is that some
component (dracut, maybe) changed its behaviour regarding remounting of
already mounted special file systems. As current dracut won't (re)mount
any file system already found to be mounted, this means that the mount
options decided by the kernel remained untouched for /dev, hence being
weak in terms of options hardening possible.
As CONFIG_DEVTMPFS_SAFE would not show up in "make menuconfig", changes
to kernel configurations have been simulated.
Fixes: #12889
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 617bb64f6315b93f7b6dbbe7304ae634ca4fad78
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 25 09:15:17 2022 +0000
Core Update 169: Ship general-functions.pl
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0b4618f9a3817e6d2c76a96b0db00f50fc8e0b57
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jun 24 23:58:57 2022 +0200
general-functions.pl: Fix for bug #12865 - Static IP address pools - Add network - Name wit>
- The fix for bug #12428 removed spaces from the validhostname subroutine as hostnames are
not supposed to have spaces
- This resulted in spaces no longer being allowed for the Static IP Address Pools names
- New subroutine created called validccdname. This allows letters, upper and lower case,
numbers, spaces and dashes
Fixes: Bug #12865
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit dcc2f7e0f2887e6c15e29971a4d27ecccac884f4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jun 24 23:58:56 2022 +0200
ovpnmain.cgi: Fix for bug #12865 - Static IP address pools - Add network - Name with space
- The fix for bug #12428 removed spaces from the validhostname subroutine as hostnames are
not supposed to have spaces
- This resulted in spaces no longer being allowed for the Static IP Address Pools names
- New subroutine created called validccdname in general-functions.pl
Fixes: Bug #12865
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit de6ef4d40adec7e1093b73c4397f042e830db15e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jun 24 14:14:26 2022 +0200
python3-msgpack: Required for build and execution of borgbackup 1.2.0
- New python module required for borgbackup. In borgbackup version 1.1.18 or 1.1.19
the old bundled msgpack in borgbackup was removed and a specified version range
of python3-msgpack required.
- This patch adds the lfs and rootfiles for this module
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 006309eaafb66136193356fc73bf0e5a63ab199e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jun 24 14:14:25 2022 +0200
python3-packaging: Moved to rootfiles/packages/ directory
- Required for borgbackup execution
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit c9336f7a1f7f8293012b4a23db941039f9572b4c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jun 24 14:14:24 2022 +0200
borgbackup: Fix bug #12884 - borgbackup 1.2.0 crashes on running any borg command
- When borgbackup was upgraded from version 1.1.17 to 1.2.0 the build was sucessfully
completed but there was no testing feedback till after full release. It turned out
that it did not successfully run.
- python3-packaging which had been installed for the build of borgbackup needed to also
be available for the execution.
- When borgbackup was upgraded to 1.2.0 it was noticed that the old python3-msgpack was
no longer needed as borgbackup used its own bundled msgpack since around version 1.1.10
What was not seen was that in version 1.1.19 or 1.1.18 the bundled version of msgpack
had been removed and that the newer version of python3-msgpack now needed to be
installed but the version number has to meet the borgbackup requirements which currently
require it to be =<1.0.3
- This patch adds the python3-packaging and python3-msgpack modules as dependencies for
borgbackup
- The egg-info files are uncommented in the rootfile so that the borgbackup metadata can
be found by python.
- The updated borgbackup build together with the python3-packaging and python3-msgpack
modules were installed into a vm system using the .ipfire packages.
Successfully initialised a borgbackup repo and ran two backups to the repo and checked
the stats for the backup. Everything ran fine.
Fixes: Bug #12884
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 2a4b5f0ab415e326cb1e5d55327867e440c9d7fc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 13:27:46 2022 +0000
python3-botocore: Bump package version
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit de9ae56f4b35e57bfd62b56aa767e7b58a7e72b9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 23 12:31:41 2022 +0000
python3-botocore: Ship interface descriptions
botocore parses any interface descriptions and exposes them to Python.
For that to work, we need to ship them.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 92d1e94069a6b3969855786e985d775108694a33
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 23 12:31:40 2022 +0000
python3-botocore: Add httpchecksum module
It looks like this has been commented out by mistake
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 68307a76970af612bafcf9354d99f5bd9147b9aa
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 13:25:00 2022 +0000
Core Update 169: Ship ruleset-sources
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b77b41a579982fd6ee524f1c8ee45fea03bb9b76
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jun 23 08:03:19 2022 +0200
ruleset-sources: Update download URL for Talos rulesets.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f158e71e20867a072d1c1795bea874e68c58c93b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Jun 22 22:22:36 2022 +0200
ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted
- Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c…
from May 2021 put the variable containing the .p12 content into double quotes which
causes the contents to be treated as text whereas the .p12 file is an application file.
- Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
the problem was not noticed till now and flagged up in the forum.
https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
- The problem does not occur for the .p12 file in the zip file as the downloading of the
zip file does not have the variable name in double quotes.
- Putting the zip file variable into double quotes caused the downloaded zip file to be
corrupt and not able to be opened as an archive.
- Removing the double quotes from the .p12 variable name caused the separate .p12 file
download to be able to be correctly opened.
- The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
and ta.key file downloads. To be consistent the same change has been applied to these.
Fixes: Bug #2883
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 49471f05d53c3df70c47e98d068edb745cf3a816
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 23 11:43:56 2022 +0000
misc-progs: Fix passing argument list
The run() function expects all arguments without the basename of the
program.
This regression was introduced in a609195a26f2666a177b988a6691bc27b10e6d64.
Fixes: #12886
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit df9ebc6bbe25b2337927cef9351a1a9d60989f92
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 07:42:27 2022 +0000
linux: Align kernel configurations on ARM
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a924020ea83bad4802ff59dbbcb3bb7d32b29cc2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 07:27:19 2022 +0000
Core Update 169: Restart ntpd to apply configuration changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d9aece2af988012a16a7f446e6f65f4d112744df
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 06:44:09 2022 +0000
linux: Update rootfile
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d86d3f223181ab4f98a8925d273942f696a90ea5
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 23 06:38:41 2022 +0000
OpenSSL: Fix rootfile
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4b9b85215fed1ea4af23100ec51827a059021c1c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 18:11:56 2022 +0000
Core Update 169: Ship vulnerabilities.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 34798dcd50451bd7d5993964385e47f6270468b1
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 18:11:11 2022 +0000
vulnerabilities.cgi: Add MMIO Stale Data
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 765da09d4162766f9c63e48c27af748ea2e65afb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 15:10:01 2022 +0000
linux: Update to 5.15.49
Changelog can be retrieved from https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.49 .
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit e84497de672c38d17bace334ef6c67dde54c49ff
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 14:32:39 2022 +0000
Crap, OpenSSL download server returned a corrputed file :-/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2f52d27a829a891b3cff549f2b0a0763915f8311
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 12:27:02 2022 +0000
Core Update 169: Ship changed initscripts
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 54bd60b67b477e5d5814293a74086dff1c21ac69
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 12:23:10 2022 +0000
Explicitly harden mount options of sensitive file systems
These were found to got lost after upgrading to Core Update 169, so we
set them explicitly to avoid accidential security downgrades.
https://lists.ipfire.org/pipermail/development/2022-June/013714.html
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 29cf82e6fcdc4019901f9fb170abe44c131764be
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 12:17:48 2022 +0000
Core Update 169: Ship OpenSSL
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 70c969e94188247bcf3979be248e51806013d242
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 12:16:37 2022 +0000
OpenSSL: Update to 1.1.1p
Please refer to https://www.openssl.org/news/openssl-1.1.1-notes.html
for the release notes regarding this version.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2bebb556dc068952a657eba389f5ac8c6a8f5253
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Jun 22 12:12:52 2022 +0000
Update French translation
Signed-off-by: Stéphane Pautrel <stephane.pautrel(a)acb78.com>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 95530b3edb1e42eb1a68988272916c033fc2cd57
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 20 20:44:58 2022 +0000
Core Update 169: Ship NTP configuration changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2234e8aacac2e0d0b06dac4513585c15c2b3b440
Author: Jon Murphy <jon.murphy(a)ipfire.org>
Date: Thu May 26 19:40:31 2022 -0500
Ship NTP changes
- Device time more accurate. (e.g., +/- 10 seconds per day to < 100 ms on some devices)
( I know we don't need the perfect time server )
- NTP and time will be accurate in manual mode (setting on Time Server > NTP Configuration WebGUI)
- Change NTP "prefer" server:
- The current preferred NTP server in an Undisciplined Local Clock.
- This is intended when no outside source of synchronized time is available.
- Change the "prefer" server from 127.127.1.0 to the Primary NTP server specified on
the Time Server > NTP Configuration WebGUI page.
- Change allows the drift file (located at /etc/ntp/drift) to be populated by ntpd.
- The drift file is updated about once per hour which helps correct the device time.
Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
commit f62b488f82b5eb6bbbc1b57d90a919d61346ef5f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 20 20:10:47 2022 +0000
sysctl: Actually arm YAMA
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2c38893da43383ffb57022575fa56a255b012a93
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 20 19:50:16 2022 +0000
Core Update 169: Ship keyutils
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2bbfa1b72c32712997183e4813f813d443a48d81
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 20 19:48:55 2022 +0000
Core Update 169: Ship poppler
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1452738c2e22562d84a7c6af683a2f9bce88fd55
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jun 19 09:41:05 2022 +0000
Tor: Update to 0.4.7.8
Changes in version 0.4.7.8 - 2022-06-17
This version fixes several bugfixes including a High severity security issue
categorized as a Denial of Service. Everyone running an earlier version
should upgrade to this version.
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 43b9482a26e7bb265f464180d20cb3beee91b8f4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jun 19 09:42:20 2022 +0000
Postfix: Update to 3.7.2
Please refer to https://www.postfix.org/announcements/postfix-3.7.2.html
for this versions' release announcement.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 480202725b872018667ce0cdc337c25c94cef72b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 18 14:42:10 2022 +0000
u-boot: Sigh, fix another .xz != .gz
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9f94dc123ae84d9d839ada0808c91c9eb0704650
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 18 14:40:29 2022 +0000
Update rootfiles to reflect OpenVPN 2FA changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 01b3a62a35a38db9d67121e66f983c0e0a38ca46
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 18 10:38:40 2022 +0000
u-boot: .xz != .gz
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit be5703ef78b6244dcf06b72e6f34ab72b2e7fc55
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 18 08:16:03 2022 +0000
u-boot: Clarify source URLs and add missing rk3399 firmware
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 39c9a6940625017f0b35fb43453475b9c3f5729f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:49:57 2022 +0000
Run ./make.sh update-contributors
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 531f57d71cec4d2d7564e4c35fc1df187a42349d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:48:44 2022 +0000
Zut alors, uniq 'files' as well
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 609f41867d11619d9996509f6be05d004b2ccb1c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:48:13 2022 +0000
Sort 'files'
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3cf7a3b15386010871f15256c4f97dce97d9841d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:47:44 2022 +0000
Core Update 169: Ship OpenVPN 2FA changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 75c49d6bec65ec865b37f7a44bdb7c46cf264b4c
Merge: a0d395668 29df9f89c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:39:40 2022 +0000
Merge branch 'temp-ms-ovpn-2fa' into next
commit 29df9f89c9168e4248076cf9c7e294384c0fd6ae
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:30:51 2022 +0000
Core Update 169: Ship libtiff and krb5
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4c4669041168fa6c8b20d4906c37813820969285
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:29:55 2022 +0000
Core Update 169: Remove pakfire metadata for krb5 and libtiff
Both packages have become part of the core system, so these files
are not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8d920449d27fe5816fc157f5d101aab0855e76e4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:20 2022 +0200
libtiff: Move into core system.
pango and the PDF tools as core parts are linked against
libtiff, therefore this library has to become a part of the
core distribution too.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c13e562b6e403808f90703e90b717a2193a2592f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:19 2022 +0200
krb5: Move package into core system.
On one hand, the key.dns_resolver binary is linked against libkrb5, so this
library at least is required by the base system.
On the other hand this easily allows different services on the firewall
to use kerberos for authentication (ssh etc).
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit fa30456c5e4bc6ff7b735ecbc10dd3deaa8a16e0
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:27:42 2022 +0000
kernel: Align x86_64 rootfile for kernel update
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 65264b3ba6358d78d70c2cc7b9e1c883b0b4af4a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:54:10 2022 +0000
Core Update 169: Ship U-Boot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b8a9c9e70a0ff84401e53f1481f3c1eafab76a29
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:52:45 2022 +0000
U-Boot: Update to 2022.04
https://wiki.ipfire.org/devel/telco/2022-06-13
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ed5572536f5fbd3af2383555a87a634fd257a88f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 11:01:06 2022 +0000
Core Update 169: Ship misc-progs
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a609195a26f2666a177b988a6691bc27b10e6d64
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 15 09:53:20 2022 +0000
misc-progs: Add path to executable to argv
Otherwise, the first argument would always be swollowed :(
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b9196b9d62b3c85d11e99c08e720e1007eeb3e7a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:31:59 2022 +0200
samba: Ship with CU169
- samba is linked to liblber from openldap. openldap was updated in CU168 but
I missed that samba had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the samba PAK_VER so that it will be shipped and therefore
have the library links updated.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 015ea59a4d3ead64fd84276e9be8d453e96eb1f1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:16:36 2022 +0200
netatalk: Ship with CU169 - Fixes bug #12878
- netatalk is linked to liblber from openldap. openldap was updated in CU168 but
I missed that netatalk had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the netatalk PAK_VER so that it will be shipped and therefore
have the library links updated.
Fixes: Bug #12878
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a0d3956686f64744d06a5d2f9911a4987d9129ec
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:30:51 2022 +0000
Core Update 169: Ship libtiff and krb5
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3356af4e5c87886388384d703f4b59a8df78aaec
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:29:55 2022 +0000
Core Update 169: Remove pakfire metadata for krb5 and libtiff
Both packages have become part of the core system, so these files
are not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9aa2c4cc2969bcd32d49399098091fcd05befda3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:20 2022 +0200
libtiff: Move into core system.
pango and the PDF tools as core parts are linked against
libtiff, therefore this library has to become a part of the
core distribution too.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 4fdd3558802b971bad882eea3abea3de90052d9c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 15 18:02:19 2022 +0200
krb5: Move package into core system.
On one hand, the key.dns_resolver binary is linked against libkrb5, so this
library at least is required by the base system.
On the other hand this easily allows different services on the firewall
to use kerberos for authentication (ssh etc).
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 02882db3022fe56c3b55fa0e1c5592f8ab31b26d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 16:27:42 2022 +0000
kernel: Align x86_64 rootfile for kernel update
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 99763943424cdd2e6d5855c8c9dcaf2d70f763ba
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:54:10 2022 +0000
Core Update 169: Ship U-Boot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c16b1b1ab3a5a8378f99e4e7d2810b12178ac54d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 15:52:45 2022 +0000
U-Boot: Update to 2022.04
https://wiki.ipfire.org/devel/telco/2022-06-13
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6b0e6c1b84cbe0cad9b94e779ab28089da909e23
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 11:01:06 2022 +0000
Core Update 169: Ship misc-progs
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9dc534ddc16203c9033aa99fa8bac46400ee75c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 15 09:53:20 2022 +0000
misc-progs: Add path to executable to argv
Otherwise, the first argument would always be swollowed :(
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 377ffa081183d1f7eadffd434df4bef64116f811
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:31:59 2022 +0200
samba: Ship with CU169
- samba is linked to liblber from openldap. openldap was updated in CU168 but
I missed that samba had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the samba PAK_VER so that it will be shipped and therefore
have the library links updated.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a5cdf05acc0e638ff544e1b31f6a0cda5c043985
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jun 16 23:16:36 2022 +0200
netatalk: Ship with CU169 - Fixes bug #12878
- netatalk is linked to liblber from openldap. openldap was updated in CU168 but
I missed that netatalk had a dependency to one of its libraries.
- find-dependencies was not run on openldap liblber although looking at the openldap
rootfile it is clear that an sobump occurred.
- This patch increments the netatalk PAK_VER so that it will be shipped and therefore
have the library links updated.
Fixes: Bug #12878
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3740b7ad3ade3ff9d645bc3dca709791d012bbc2
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Thu Jun 16 12:39:45 2022 +0200
ovpnmain.cgi: URI encode OTPAuth String in QRCode
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 6a53c26cf71c49113a1a2d4b810f35ebfa240464
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Thu Jun 16 12:38:48 2022 +0200
perl-URI-Encode: New package
Simple percent Encoding/Decoding
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 209d62f0058c88e038760bc07773072fed0050da
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 14 20:56:12 2022 +0200
ovpnmain.cgi: Remove trailing newline from OTP secret
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit c9dc7fdec09ceec217534cf4a9832338ac9be671
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 14 15:57:03 2022 +0000
openvpn-authenticator: Always return general connection data
The function returned different output when TOTP was configured and not
which is not what it should do.
This version will now try to add the TOTP configuration, or will add
nothing it if fails to do so.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b6f9fff2bcec35a98c4b01a4bab3038ee7813ee2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 14 15:53:19 2022 +0000
openvpn-authenticator: Don't process configuration when row is too short
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 59f9e413611e6724a039429020fd528b782a5017
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 17:53:23 2022 +0200
openvpn-authenticator: Change event and environment handling
Move reading of environment in it's own function because not all
events have a ENV block following and thus always reading the ENV
will cause RuntimeError("Unexpected environment line ...").
commit 472cd78269a8d03cfa1447b3c80bed6dd3fd0897
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:20:14 2022 +0200
openvpn-authenticator: Fix call of _client_auth_successful
commit a4a42daeeaefed48dd9b40d7001f1fc613978f85
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:14:12 2022 +0200
openvpn-authenticator: Return only available data
For connections which have not enabled OTP return
connection name and common_name attributes only.
commit 74ab6f9fc03dab8dae8d63c86e036f2b96162f25
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 12:12:20 2022 +0200
openvpn-authenticator: Generate TOTP instead of HOTP codes
commit 10b32d3895e7ca2134d403b2445f9569b1f7f36a
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 11:20:56 2022 +0200
ovpnmain.cgi: Fix OTP secret handling
Convert stored hex OTP secret to binary prior to converting to base32.
commit 16d4a5c264d7deec49e3c1ee84541a231c31b5bb
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Tue Jun 7 11:16:31 2022 +0200
ovpnmain.cgi: Fix comparison operators
commit a999886759f360f4747084f1c69768a991766df3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:58:18 2022 +0100
openvpn-2fa: Configure fake authentication credentials
These configuration option are required to make the client authenticate
itself against the server.
The server may then accept those credentials without any further ado or
ask for a OTP.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5111dc3df3233720235f40269c2655d6b7e125a0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:51:51 2022 +0100
openvpn-2fa: Enable management socket for RW server
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6834749d223458d5ee95302732227bea0df62d60
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:49:32 2022 +0100
openvpn-2fa: Drop the previous authentication handler
This has been replaced by the newer authenticator
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 339b84d50910b1c258304bff68d1f875e8b2a25a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 4 14:46:41 2022 +0100
openvpn-2fa: Import a prototype of an authenticator
This script runs aside of OpenVPN and connects to the management socket.
On the socket, OpenVPN will post any new clients trying to authenticate
which will be handled by the authenticator.
If a client has 2FA enabled, it will be challanged for the current token
which will then be checked in a second pass.
Clients which do not have 2FA enabled will just be authenticated no
matter what and tls-verify will have handled the rest.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c63a54f0908f8dcce2fde30d4476e82dbc2c3bfd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 3 11:54:17 2022 +0000
ovpnmain.cgi: Load all modules at the beginning
Although Perl modules tend to take a long time to load, it is better to
do this at the beginning so that loading the script will show any
errors.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2050be20e1600377914736531307d3fab863285e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 3 11:51:11 2022 +0000
ovpnmain.cgi: Disable sending any error messages to the browser again
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f27d021470fb31731844ee2c70d142c6651da0f0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 15 07:29:10 2022 +0000
openpvn-2fa: Fix rootfiles
Some rootfiles where in the wrong location, some others had some
architecture hard-coded.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4b519aa8b0a3314e5cb01c953a517b3da354ea53
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 21:02:04 2022 +0000
perl-YAML-Tiny: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2d44871aa1363990b2f1416d1be65c7e51020c0b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:59:10 2022 +0000
perl-Module-ScanDeps: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ede67fb5aa54ea5ba9e806f31c3e35077aa71ba
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:57:33 2022 +0000
perl-Module-Install: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d7772284a1f9cd82c7672c35ad0b22fb988d1859
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:55:27 2022 +0000
perl-Module-Build: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 89bdc5563cc6f829add64b62231349be2912c5ef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:53:31 2022 +0000
perl-MIME-Base32: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4f3f7f57847312aec2d406d9165950faf50d9099
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:52:12 2022 +0000
perl-Imager-QRCode: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 42a2a93911fb8bd96f7878dd48eec4a3eab5aa68
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:50:12 2022 +0000
perl-Imager: Update checksum and remove unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit aeff5e3fee7f1a0c5816ff47918fce1feb693d6a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:48:39 2022 +0000
perl-File-Remove: Update checksum and drop unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit baf62b83cbf5300055d4bd0fc8073874794a5197
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 20:48:20 2022 +0000
oauth-toolkit: Update checksum and drop unnecessary fields
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e0fa8c25e88860df2f1dd9e60a212d9f3a4fbb4d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 14 19:15:42 2022 +0000
qrencode: Rename package and update checksum
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e1e10515ece3bbe51936d572f32b14f02db6750d
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Fri Apr 8 10:50:20 2022 +0200
OpenVPN: Add support for 2FA / One-Time Password
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.
The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.
When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.
This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Fri Apr 8 08:11:07 2022 +0200
perl-MIME-Base32: New package
Base32 encoder and decoder
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit e97759c292d49a5c397e52fe46a17e4674623f29
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:58:19 2022 +0200
perl-Imager-QRCode: New package
Generate QR Code with Imager using libqrencode
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit bc8bea129cbd85a8921b1fe47b07da5452f8ed6a
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:56:44 2022 +0200
perl-Imager: New package
Perl extension for Generating 24 bit Images
Required by perl-Imager-QRCode.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit cb36c0929c6aab35e6c78d90d58e53d2ffc6010d
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:54:36 2022 +0200
perl-Module-Install: New package
Module::Install configuration system
Required by perl-Imager-QRCode.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 3aeadfd8bda88ca123cb0bfffc3c6d55c0fb3fdc
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:49:42 2022 +0200
perl-YAML-Tiny: New package
Read/Write YAML files with as little code as possible
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit bfc889a70ac4e2ef2f7a126611aa927c0efd6c40
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:48:32 2022 +0200
perl-Module-ScanDeps: New package
Recursively scan Perl code for dependencies
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit a102cdbae1243c8dd113a0a118ce891e43850ab5
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:46:56 2022 +0200
perl-Module-Build: New package
Build and install Perl modules
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 6f8b1c534ecdb9dd9f8042da5ac7778c5574b154
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 17:45:01 2022 +0200
perl-File-Remove: New package
Remove files and directories
Required by perl-Module-Install.
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 3780b7a4ace485be68c874185ee5dacddd824f9e
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 12:47:37 2022 +0200
libqrcode: New package
A fast and compact QR Code encoding library.
Homepage: https://fukuchi.org/works/qrencode/
Source: https://fukuchi.org/works/qrencode/qrencode-4.1.1.tar.gz
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 7e4af6eb54bcbd1fa651610d8f0a99d86270042c
Author: Timo Eissler <timo.eissler(a)ipfire.org>
Date: Mon Apr 4 11:38:43 2022 +0200
oath-toolkit: New package
OATH Toolkit provide components to build one-time password
authentication systems.
Homepage: https://www.nongnu.org/oath-toolkit/index.html
Source: https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6…
Signed-off-by: Timo Eissler <timo.eissler(a)ipfire.org>
commit 0ffba7d4f6dd4e4e3b67c9e35f10cc495d2db3d9
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 06:59:50 2022 +0000
linux: Update to 5.15.48
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.48
for the changelog of this version.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 961e253e1ada56573f6f79d9901e1dd489e15fa7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Jun 17 06:56:05 2022 +0000
Core Update 169: Ship bind
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 07bd97edf7cc0be808b5dc215416bbb11b79d6bc
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jun 16 14:49:09 2022 +0200
bind: Update to 9.16.30
For details see:
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-f…
"Bug Fixes
The fetches-per-server quota is designed to adjust itself downward
automatically when an authoritative server times out too frequently.
Due to a coding error, that adjustment was applied incorrectly,
so that the quota for a congested server was always set to 1. This
has been fixed. [GL #3327]
DNSSEC-signed catalog zones were not being processed correctly. This
has been fixed. [GL #3380]
Key files were updated every time the dnssec-policy key manager ran,
whether the metadata had changed or not. named now checks whether
changes were applied before writing out the key files. [GL #3302]"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit bf7bfc3df6a3fc4e55908a9b80bcf06e51e3b46b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 15 09:51:48 2022 +0000
dnsdist: Update to 1.7.2
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f391d8628b2a608a7b6f3151ef04d9d34c879d34
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 10:52:04 2022 +0000
linux-firmware: Update to 20220610
No changelog is provided, please refer to
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
for all activity since the previous version.
This patch includes necessary directives for shipping added or modified
firmware files with Core Update 169, and deleting appropriate files on
existing installations.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 310ad69dc10b5f9db61f693f13e217b875604f8d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 10:55:19 2022 +0000
lynis: Update to 3.0.8
Full changelog as retrived from https://cisofy.com/changelog/lynis/#308:
- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
- PKGS-7346 Check Alpine Package Keeper (apk)
- PKGS-7395 Check Alpine upgradeable packages
- EOL for Alpine Linux 3.14 and 3.15
- AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2)
- FILE-7524 - Test enhanced to support symlinks
- HTTP-6643 - Support ModSecurity version 2 and 3
- KRNL-5788 - Only run relevant tests and improved logging
- KRNL-5820 - Additional path for security/limits.conf
- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
- KRNL-5830 - Add a presence check for /boot/vmlinuz
- PRNT-2308 - Bugfix that prevented test from storing values correctly
- Extended location of PAM files for AARCH64
- Some messages in log improved
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d819a62b14179854ac95dd444eea4be39233e6fb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 20:45:51 2022 +0000
linux: Update rootfiles
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c0c8a0899200d2e147a60b601e7eb438236bb706
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 20:42:07 2022 +0000
linux: Run make oldconfig for x86_64
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6d084eb8b1f3364a241a9b33bc701f3b73defe0a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 20:36:13 2022 +0000
xfsprogs: Fix rootfile
For some reason, this particular file's name always comprises of x86_64.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d462422cc389870eec0184e8bcfa256f367b56aa
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 15:52:19 2022 +0000
Core Update 169: Ship tzdata
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0371726e94c1e82aa11192a285715b1e1061f499
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 17:15:31 2022 +0000
tzdata: Update to 2022a
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 80745fb58f832ce4cd7476ab9d7aaf96dd8c8203
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 20:22:30 2022 +0000
unbound.conf: Aggressive NSEC is enabled by default since Unbound 1.15.0
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0360d235c8c4ab2d672b40d745c1b1dc14becadb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 15:49:40 2022 +0000
Core Update 169: Ship and apply sysctl changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 84d6e931508cf0c2b31a0b1b7923d6bda84414c2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 20:09:07 2022 +0000
sysctl: For the sake of completeness, do not accept IPv6 redirects
While IPFire 2.x' web interface does not support IPv6, users can
technically run it with IPv6 by conducting the necessary configuration
changes manually.
To provide these systems as well, we should disable acceptance of ICMPv6
redirect packets - which is apparently not default in Linux, yet. :-/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d90b39982baff221ff52ac97cdc9acb1f29e3d82
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 15:48:13 2022 +0000
Core Update 169: Ship localnet initscript
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit cf7f5004ac116d90be07e4da36887efc8ef69552
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 19:31:57 2022 +0000
localnet: Add "edns0" to /etc/resolv.conf options for RFC 2671 support
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b41631c1904690c3a6075dc5572a24f39aee2dd4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 13 15:46:50 2022 +0000
Core Updatw 169: Ship and apply updated Linux kernel
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 17aaad5d968e8486dc83cd65cddb1cc1a7ff5211
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 06:47:49 2022 +0000
flash-images: Harden mount options of /boot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1fad035a1f20771740faf0dd5e0802d779370b94
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 18:42:08 2022 +0000
Kernel: Mitigate Straight-Line-Speculation on x86_64
See https://lwn.net/Articles/877845/ for the rationale behind this. The
feature is currently only available on the x86_64 platform.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 883e29630cb1f5b16c8508b585c32d7f54a86e1a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 18:47:31 2022 +0000
Kernel: Disable support for RPC dprintk debugging
This is solely needed for debugging of NFS issues. Due to the attack
surface it introduces, grsecurity recommends to disable it; as we do not
have a strict necessity for this feature, it is best to follow that
recommendation for security reasons.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9b28e9d02be9c0e0c488434cfd731d47bb227838
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 18:53:10 2022 +0000
Kernel: Enable YAMA support
See https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html for
the upstream rationale. Enabling YAMA gives us the benefit of additional
hardening options available, without any obvious downsides.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit db8639bbfa41f34fcc33345648d3100ac5da001d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 18:13:57 2022 +0000
linux: Update to 5.15.46
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
for the changelog of this version.
Due to operational constraints, ARM rootfile changes are simulated.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0d84103c04f67d913ee5cd0187f49ab178fb33e1
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 18:59:36 2022 +0000
Delete orphaned libcap patch
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3e7e92652e836c199dc33cfe571bd084d27097a8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 11 14:35:23 2022 +0000
Core Update 169: Ship ovpnmain.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 574f4538533bb78a7daea1b7212bc3a80a67b382
Author: Jon Murphy <jon.murphy(a)ipfire.org>
Date: Thu Jun 9 16:27:23 2022 -0500
ovpnmain.cgi: correct spelling
- change "coment" to "comment"
Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a56d36b07804b31c555fa5241036c592e682adf8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jun 9 19:56:13 2022 +0000
Core Update 169: Ship and restart Apache
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 86f22bc9ba5d364aa082320b53d4df007e669ae7
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jun 9 19:46:41 2022 +0200
apache: Update to 2.4.54
Huge changelog, for details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.54
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0f5b48467f29149e6e494b6b40471ac25dd5268c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 16:52:15 2022 +0000
Core Update 169: Ship toolchain changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7dd292543e2d9c7d1f19071939cc28fdbe64303e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 16:46:37 2022 +0000
Core Update 169: Ship and restart Squid
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 19f6c5996613f69ae218498fa33f340b19e4148f
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jun 7 17:35:22 2022 +0200
squid: Update to 5.6
For details see:
https://github.com/squid-cache/squid/commits/v5
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3f8263b80a160b9f14bd7015498c61b565029214
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Jun 7 16:44:26 2022 +0000
boost: Fix ARM rootfiles as well
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b8939e48831fa18bea1360b6b332c5338ac310db
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Jun 6 19:04:14 2022 +0200
boost: Fix rootfile for x86_64
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 053189a4c3e61444b173c5dffab18172cd43f43c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 6 12:11:51 2022 +0000
Core Update 169: Ship lmdb
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 836832af26a954acd298e66f2bf2c4aa3cac71cb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:31:12 2022 +0200
lmdb: Update to version 0.9.29
- Update from version 0.9.24 to 0.9.29
- Update of rootfile not required
- Changelog - there is no changelog in the source tarball or on the Symas website or in
the github repository.
The following are extracted from the short log of the git commits
https://github.com/LMDB/lmdb/commits/LMDB_0.9.29/libraries/liblmdb
Release (0.9.29)
ITS#9500
ITS#9500 fix regression from ITS#8662
ITS#9376 simplify
ITS#9469 - Typo fixes
ITS#9461 fix typo
ITS#9461 refix ITS#9376
Release (0.9.28)
ITS#8662 Add -a append option to mdb_load
Return to RE
Release (0.9.27)
ITS#9376 Fixes for repeated deletes with xcursor
Return to engineering
Release 0.9.26
ITS#9278
Silence stupid fallthru warning
ITS#9278 fix robust mutex cleanup for FreeBSD
Return to engineering
Release 0.9.25
ITS#9155 lmdb: free mt_spill_pgs in non-nested txn on end
ITS#9118 - Fix typo in prev commit
ITS#9118 add MAP_NOSYNC for FreeBSD
return to release engineering, ITS#9068
ITS#9068 fix backslash escaping
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7567e71c074e4c8d9901607686340f70088cc0ec
Merge: 6a11476c2 4a4fc8f19
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jun 5 16:48:54 2022 +0000
Merge branch 'next' into temp-c169-development
commit 6a11476c282fb86d6d0336f86001a46fe81cf2a4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 4 09:24:56 2022 +0000
Core Update 169: Ship changes related to manualpages in the webIF
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 64db1faf67c608943a6e045ffdd0c283ecf053fa
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Mon Apr 25 21:12:45 2022 +0200
manualpages: Add path and file extension to the configuration
This allows to correctly assign an URL to a file without relying
on unique base names.
A custom read function is required because General::readhash()
doesn't allow paths as hash keys. Modifying the existing functions
could affect other CGIs and was therefore dismissed.
Fixes: #12806
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
commit 5f8a1acfe94af5cb15bf3d97ae5a1f566d5fed7c
Author: Jon Murphy <jon.murphy(a)ipfire.org>
Date: Mon May 30 18:50:31 2022 -0500
make.sh-usage: Ship changes to make files
In make.sh-usage document:
- updated with descriptions for various commands
- removed descriptions for old commands
In make.sh script:
- updated make.sh usage line "Usage: $0 [OPTIONS] {build|check-manualpages|..."
- removed make.sh clear screen commands in build area and toolchain area
Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9152d4e453788400c308b20e8fc5695e942407f9
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 4 08:38:41 2022 +0000
Core Update 169: Ship and restart Unbound
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ba4f3d9a233c8e3fbb461849cd2fa11c8c0ed28b
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jun 2 20:44:09 2022 +0200
unbound: Update to 1.16.0
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0585ca7cfdb693156c3aff35b859924f52af63ed
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue May 31 11:26:19 2022 +0000
cdrom: Drop menu option for HDT
The Hardware Detection Tool does not work and I do not think it is worth
to investigate. It is an ancient piece of software which does not work
on EFI systems which are becoming more and more common.
Since this has presumably been broken for a long time which nobody has
reported I assume that nobody is using it. There are indeed lots better
live CDs out there with much better diagnostic tools.
Fixes: #12870
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 63243696ac46764c58ed18db63c6ea0eadc60ce7
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jun 2 17:14:37 2022 +0200
tmux: Update to 3.3
For details see:
https://raw.githubusercontent.com/tmux/tmux/3.3/CHANGES
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b2b0bb7d82060a0af9b1aa04ce0769284f6687dd
Merge: 8065ec210 de5896985
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 4 08:36:10 2022 +0000
Merge branch 'next' into temp-c169-development
commit 8065ec2108a016f03270d3328d09dafec621ecc2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:46:45 2022 +0000
Core Update 169: Ship libxslt
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9bee4ce9156c3cd5a3cf342761c941f3c585c57f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:30:44 2022 +0200
libxslt: Update to version 1.1.35
- Update from version 1.1.34 to 1.1.35
- Update of rootfile
- Changelog
v1.1.35: Feb 16 2022:
- Security:
[CVE-2021-30560] Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
- Fixed regressions:
Fix performance regression with predicates in patterns
Fix regression in xsltComputeSortResult
- Bug fixes:
Fix conflict resolution for templates with same priority
Fix xsl:number generating invalid UTF-8
Support attribute value templates in xsl:sort lang attributes
Don't pass first <xsl:sort> in <xsl:apply-templates> twice
Fix quadratic runtime with text and <xsl:message>
Don't allow empty EXSLT durations
- Improvements:
Add xsltproc --huge Argument via libxml XML_PARSE_HUGE (William N. Braswell, Jr.)
- Tests, code quality, fuzzing:
Remove .travis.yml
Fix some misleading indentation (David King)
Use actual types for templates in struct _xsltStylesheet
Add CI for CMake on MSVC (Markus Rickert)
Check for null pointer before calling freelocale
Add CI test for Python 3
Don't set maxDepth in XPath contexts
Transfer XPath limits to XPtr context
Stop using maxParserDepth XPath limit
Make long-to-double cast explicit in date.c
Disable LeakSanitizer
Run clang CI tests with -Wimplicit-int-conversion
Fix implicit-int-conversion warning in exslt/crypto.c
Fix clang -Wimplicit-int-conversion warning (David Kilzer)
Fix clang -Wconditional-uninitialized warning in libxslt/numbers.c (David Kilzer)
Fix -Wshadow warnings in libexslt/dynamic.c (David Kilzer)
Also search parent dir for source XML when fuzzing
- Build system, portability:
Add CMake build files (Markus Rickert)
Initial support for Python 3 (Suleyman Poyraz)
Call ANSI versions of WinAPI functions explicitly
Remove redundant flags from pkg-config files
Suppress automake warning in tests/XSLTMark
Fix linking libexslt dynamic library when using MinGW (Vadim Zeitlin)
Added platform specific path separators (Dmitriy Korovkin)
win32: allow passing *FLAGS on command line
Fix export of xsltExtMarker on Windows (David Kilzer)
Fix redundant includes already in libexslt.h (David Kilzer)
Minor fixes to configure.js
Fix variable syntax in Python configuration
Add new EXSLT string tests to EXTRA_DIST
Fix xml2-config check in configure script
win32: Add configuration for profiler (Chun-wei Fan)
Check whether 'xml2-config --dynamic' is supported
- Documentation:
Add Makefile rule to regenerate xsltproc.html
Update links
Remove MAINTAINERS
Upload documentation to GitLab Pages
Add documentation in devhelp format
Add --enable-rebuild-docs configure option
Fix libexslt header summaries
Fix validity of tutorial XML (David King)
Use DocBook URL for tutorial DTD (David King)
Update libxslt.doap
Add missing options to xsltproc man page
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5d03d99e4cfc83c4fe395ad238ea6573a8c48c37
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:45:55 2022 +0000
Core Update 169: Ship libxml2
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d30da847cf5d73fb85ccf7c79b39b26bba466031
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:30:32 2022 +0200
libxml2: Update to version 2.9.14
- Update from version 2.9.12 to 2.9.14
- Update of rootfile
- Changelog
v2.9.14: May 02 2022:
- Security:
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
(David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
- Bug fixes:
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
- Improvements:
Fix recovery from invalid HTML start tags
- Build system, portability:
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
v2.9.13: Feb 19 2022:
- Security:
[CVE-2022-23308] Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
- Fixed regressions:
Fix regression in RelaxNG pattern matching
Properly handle nested documents in xmlFreeNode
Fix regression with PEs in external DTD
Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi)
Revert "Make schema validation fail with multiple top-level elements"
Fix regression when parsing invalid HTML tags in push mode
Fix regression parsing public IDs literals in HTML
Fix buffering in xmlOutputBufferWrite
Fix whitespace when serializing empty HTML documents
Fix XPath recursion limit
Fix regression in xmlNodeDumpOutputInternal
Work around lxml API abuse
- Bug fixes:
Fix xmlSetTreeDoc with entity references
Fix double counting of CRLF in comments
Make sure to grow input buffer in xmlParseMisc
Don't ignore xmllint options after "-"
Don't normalize namespace URIs in XPointer xmlns() scheme
Fix handling of XSD with empty namespace
Also register HTML document nodes
Make xmllint return an error if arguments are missing
Fix handling of ctxt->base in xmlXPtrEvalXPtrPart
Fix xmllint --maxmem
Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber)
Move current position before possible calling of ctxt->sax->characters (Yulin Li)
Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer)
Patch to forbid epsilon-reduction of final states (Arne Becker)
Avoid segfault at exit when using custom memory functions (Mike Dalessio)
- Tests, code quality, fuzzing:
Remove .travis.yml
Make xmlFuzzReadString return a zero size in error case
Fix unused function warning in testapi.c
Update NewsML DTD in test suite
Add more checks for malloc failures in xmllint.c
Avoid potential integer overflow in xmlstring.c
Run CI tests with UBSan implicit-conversion checks
Fix casting of line numbers in SAX2.c
Fix integer conversion warnings in hash.c
Add explicit casts in runtest.c
Fix integer conversion warning in xmlIconvWrapper
Add suffix to unsigned constant in xmlmemory.c
Add explicit casts in testchar.c
Fix integer conversion warnings in xmlstring.c
Add explicit cast in xmlURIUnescapeString
Remove unused variable in xmlCharEncOutFunc (David King)
- Build system, portability:
Remove xmlwin32version.h
Fix fuzzer test with VPATH build
Support custom prefix when installing Python module
Remove Makefile.win
Remove CVS and SVN-related code
Port python 3.x module to Windows and improve distutils (Chun-wei Fan)
Correctly install the HTML examples into their subdirectory (Mattia Rizzolo)
Refactor the settings of $docdir (Mattia Rizzolo)
Remove unused configure checks (Ben Boeckel)
python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James)
Fix check for libtool in autogen.sh
Use version in configure.ac for CMake (Timothy Lyanguzov)
Add CMake alias targets for embedded projects (Markus Rickert)
- Documentation:
Remove SVN keyword anchors
Rework README
Remove README.cvs-commits
Remove old ChangeLog
Update hyperlinks
Remove README.docs
Remove MAINTAINERS
Remove xmltutorial.pdf
Upload documentation to GitLab pages
Document how to escape XML_CATALOG_FILES
Fix libxml2.doap
Update URL for libxml++ C++ binding (Kjell Ahlstedt)
Generate devhelp2 index file (Emmanuele Bassi)
Mention XML_CATALOG_FILES is space-separated (Jan Tojnar)
Add documentaiton for xmllint exit code 10 (Rainer Canavan)
Fix some validation errors in the FAQ (David King)
Add instructions on how to use CMake to compile libxml (Markus Rickert)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1e09fe9b2dc6017298f0f3786af6b83c751247f4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:30:14 2022 +0200
libvorbis: Update to version 1.3.7
- Update from version 1.3.6 to 1.3.7
- Update of rootfile
- Changelog
libvorbis 1.3.7 (2020-07-04)
* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Update Visual Studio projects for ogg library filename change.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add gitlab CI support.
* Add OSS-Fuzz support.
* Build system and integration updates.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 071e31535c0d131233764cc82abd05e2dcc81007
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:34:47 2022 +0000
Core Update 169: Ship libyang
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a173ac37ef35daedcfb5db144e2b18cbfd9606ed
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:30:58 2022 +0200
libyang: Update to version 2.0.194
- Update from version 2.0.7 to 2.0.194
- Update of rootfile
- Changelog
Version 2.0.194 Latest
major yanglint improvements
minor XPath fixes
nested extension handling fixes
other minor bugfixes
RPM scripts updated
Version 2.0.164
Windows support (thanks to @jktjkt)
Schema Mount support
schema compilation fixes
minor schema printer fixes
user-ordered list diff bugfix
JSON anyxml/anydata format fixed
XML parser CDATA support
module caching improvements
doc improvements
many other various bugfixes
Version 2.0.112
support for XPath variables
minor doxygen improvements
LYB format bugfixes
many other bugfixes
Version 2.0.97
LYB format data length limit of 64kB lifted
YANG error-app-tag and error-message improved support
XPath * evaluation fix
other minor XPath fixes
Version 2.0.88
changed compilation to pedantic and use C11 standard
major JSON parser fixes
LYB format updated and performance improved
LYB big-endian fixes
opaque node fixes
major identity handling fixes
schema compilation refactorization and fixes
data validation fixes
NETCONF RPC filter attribute support
many other minor fixes
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit b93304aa019f8d27aba86e2c838cb724643cc92c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:33:43 2022 +0000
Core Update 169: Ship sqlite
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit efb7528e3ff2a0cf8f1a6f6eec4bcb20b3ae7986
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 11 10:40:17 2022 +0200
sqlite: Update to version 3380500
- Update from version 3380300 to 3380500
- Update of rootfile not required
- Changelog
Version 3.38.5
The 3.38.4 patch release included a minor change to the CLI source code that did not
work. The release manager only ran a subset of the normal release tests, and hence
did not catch the problem. As a result, the CLI will segfault when using columnar
output modes in version 3.38.4. This blunder did not affect the core SQLite library.
It only affected the CLI.
Take-away lesson: Always run all of your tests prior to a release - even a trival
patch release. Always.
The 3.38.5 patch release fixes the 3.38.4 blunder.
Version 3.38.4
Another user-discovered problem in the new Bloom filter optimization is fixed in this
patch release. Without the fix, it is possible for a multi-way join that uses a
Bloom filters for two or more tables in the join to enter an infinite loop if the
key constraint on one of those tables contains a NULL value.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c31e6689eaacc4539fbbac19ecfa7a12e8c4c993
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:26:59 2022 +0000
Core Update 169: Ship gcc
Further changes are necessary due to toolchain update.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 89be2a0b3b46a63ff9852bbab37c0fd02f208b86
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed May 25 15:39:13 2022 +0000
gcc: Update to 11.3.0
This is just a bug fix release that we should be using.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9c51f71f2f915372b755c0e53998c0595b8bc463
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 22 23:43:00 2022 +0200
gdb: Update to version 12.1
- Update from version 11.2 to 12.1
- Update of rootfile
- Changelog
GDB 12.1 Released!
This version of GDB includes the following changes and enhancements:
New support for the following native configuration:
GNU/Linux/OpenRISC or1k*-*-linux*
New support for the following targets:
GNU/Linux/LoongArch loongarch*-*-linux*
New GDBserver support on the following configuration:
GNU/Linux/OpenRISC or1k*-*-linux*
Support for the following target has been removed:
S+core score-*-*
Multithreaded symbol loading is now enabled by default
Deprecation Notices:
GDB 12 is the last release of GDB that will support building against Python 2
DBX mode is deprecated, and will be removed in GDB 13
GDB/MI changes:
The '-add-inferior' with no option flags now inherits the connection of the
current inferior, this restores the behaviour of GDB as it was prior to
GDB 10.
The '-add-inferior' command now accepts a '--no-connection' option, which
causes the new inferior to start without a connection.
Python API enhancements:
It is now possible to add GDB/MI commands implemented in Python
New function gdb.Architecture.integer_type()
New gdb.events.gdb_exiting event
New 'gdb.events.connection_removed' event registry
New gdb.TargetConnection object
New gdb.Inferior.connection property
New read-only attribute gdb.InferiorThread.details
New gdb.RemoteTargetConnection.send_packet method
New read-only attributes gdb.Type.is_scalar and gdb.Type.is_signed
The gdb.Value.format_string method now takes a 'styling' argument
Various new function in the "gdb" module
Miscellaneous:
The FreeBSD native target now supports async mode
Improved C++ template support
Support for disabling source highlighting through GNU of the Pygments
library instead.
The "print" command has been changed so as to print floating-point values
with a base-modifying formats such as "/x" to display the underlying bytes
of the value in the desired base.
The "clone-inferior" command now ensures that the TTY, CMD and ARGS settings
are copied from the original inferior to the new one. All modifications to
the environment variables done using the 'set environment' or 'unset
environment' commands are also copied to the new inferior.
Various new commands have been introduced
GDB 11.2 Released!
This is a minor corrective release over GDB 11.1, fixing the following issues:
PR sim/28302 (gdb fails to build with glibc 2.34)
PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
PR gdb/28405 (arm-none-eabi: internal-error: ptid_t
remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*):
Assertion `first_resumed_thread != nullptr' failed)
PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
PR build/28555 (uclibc compile failure since commit
4655f8509fd44e6efabefa373650d9982ff37fd6)
PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR
(.relr.dyn) section)
PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 75d3718b2443cd0498965f77f5f1de67f2a1a3a7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:24:02 2022 +0000
Core Update 169: Ship changed cloud initscripts
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7154d8bfa60a8a18f7cfb827c31bf148d69902bd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 19 09:40:27 2022 +0000
aws-cli: Update to 1.23.12
This package and python3-botocore have to match exactly. Amazon does not
seem to care too much about compatibility between different versions
which is why we need to keep both in sync.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 15194dcc3964265a2e64e9bea155989d96ddf326
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 19 09:40:26 2022 +0000
python3-botocore: Update to 1.25.12
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9e413732132a382a55c4af51a548d329185de56b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 19 09:40:25 2022 +0000
cloud: Execute user-data scripts at the end of initialization
This is useful when the user-data needs to reboot an instance.
Previously, some initialization did not happen which is now being done
first before the user-data script is being executed.
This gives users more flexibility about what they are doing in those
scripts.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4aab717c073e3ed3cc05f14f0669988f5a0b937c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:21:25 2022 +0000
Core Update 169: Ship xfsprogs
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2e4c8a2163d8dd4308329fef4c0b8ca48147c8f5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 11 10:40:30 2022 +0200
xfsprogs: Update to version 5.16.0
- Update from 5.14.2 to 5.16.0
- Update of rootfile
- Changelog
5.16.0
This release is almost 100% a libxfs sync. I'm trying to catch up, and the
next release will be 5.18.0-rc0, with both 5.17 and 5.18 libxfs changes synced.
(there are very few).
At that point I'll finally start pulling in more functional changes.
xfsprogs-5.16.0 (04 May 2022)
- libxfs: remove kernel stubs from xfs_shared.h (Eric Sandeen)
- debian: Generate .gitcensus instead of .census (Bastian Germann))
xfsprogs-5.16.0-rc0 (28 Apr 2022)
- libxfs changes merged from kernel 5.16
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1ebf40b37b3d9dcabe5ca40a327b1d55fa66b225
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:20:40 2022 +0000
Core Update 169: Ship OpenVPN due to lzip update
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 42ceefc743f6d4d212720fd5c25e753c468f30bb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:20:27 2022 +0000
Core Update 169: Ship lzip
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a742c7f58876497e3956bbc01e6b6bd64f794701
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue May 10 12:31:55 2022 +0200
lzip: Update to version 1.23
- Update from 1.22 to 1.23
- Update of rootfile not required
- Changelog
Version 1.23 released.
* Decompression time has been reduced by 5-12% depending on the file.
* main.cc (getnum): Show option name and valid range if error.
* Improve several descriptions in manual, '--help', and man page.
* lzip.texi: Change GNU Texinfo category to 'Compression'.
(Reported by Alfred M. Szmidt).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit bfd00e341fe94418a7fd3d5269b8ae96788624d1
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:19:52 2022 +0000
Core Update 169: Ship libnetfilter_cthelper
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 79e203acc95c6b4fc1a5da5b22b5ec4f1d6d8220
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 11 10:39:35 2022 +0200
libnetfilter_cthelper: Update to version 1.0.1
- Update from version 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Allow build on uclinux
* Use after free in nfct_helper_free()
* Double free in nfct-helper-add example
* Invalid argument error in nftc-helper-add
* Incorrect netlink message building with multiple nfct helper policies
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3307507a4ac4e8ea1bdfe2be51d6a20a2288f297
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:19:34 2022 +0000
Core Update 169: Ship libnetfilter_cttimeout
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit e83cac87ecf5ad6763b16e704011f1faa559ae8c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 11 10:40:02 2022 +0200
libnetfilter_cttimeout: Update to version 1.0.1
- Update from 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Warnings with automake-1.12
* Allow building on uclinux
* Fix building with clang
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit e53b89a0a01df81f7aa22ba143a439af53685d80
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 22 23:43:15 2022 +0200
git: Update to version 2.36.1
- Update from version 2.36.0 to 2.36.1
- Update of rootfile not required
- Changelog
Git v2.36.1 Release Notes
Fixes since v2.36
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
* Get rid of a bogus and over-eager coccinelle rule.
* Correct choices of C compilers used in various CI jobs.
Also contains minor documentation updates and code clean-ups.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6bea701c49d2130ba53d968746a552f420515e37
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon May 16 15:59:57 2022 +0200
clamav: Update to 0.105.0
For details see:
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit c3810f44e533175945fd31b3dc8de5c6eaa1f3a2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:14:28 2022 +0000
Core Update 169: Ship logrotate
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 99516d5836d6d36d9ed00053937adf63ee0d4746
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu May 26 17:25:38 2022 +0200
logrotate: Update to 3.20.1
For details since v3.18.0 see:
https://github.com/logrotate/logrotate/releases/tag/3.20.1https://github.com/logrotate/logrotate/releases/tag/3.20.0https://github.com/logrotate/logrotate/releases/tag/3.19.0
logrotate-3.20.1
drop world-readable permission on state file even when ACLs are enabled (#446)
logrotate-3.20.0
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
logrotate-3.19.0
continue on EINTR in compressLogFile() (#430)
enforce stricter parsing of configuration files (#427, #431)
avoid confusing error message in debug mode (#426)
fix full_write() on incomplete write (#415)
do not use alloca() any more (#412)
do not rotate hard links unless allowhardlink is used (#407)
change directory after dropping privileges (#397)
add defence in depth when dropping privileges (#400)
remove invalid configuration on error (#408)
do not open symbolic link log files by accident (#399)
do not write state if state file is /dev/null (#395)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 73bac85db4c06ee01b758b580d10c76dc347e796
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:13:29 2022 +0000
Core Update 169: Restart firewall engine and require a reboot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b86439a2217148814a856758e4ded420a8f5a5fa
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:13:08 2022 +0000
Core Update 169: Ship iptables
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2cc3995bc5132e66fcd97570307f00dca34f1e9a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 22 23:43:28 2022 +0200
iptables: Update to version 1.8.8
- Update from version 1.8.7 to 1.8.8
- Update of rootfile
- Changelog
Version 1.8.8
extensions: libxt_conntrack: use bitops for state negation
extensions: libxt_conntrack: use bitops for status negation
xtables: Call init_extensions6() for static builds
xtables: Call init_extensions{,a,b}() for static builds
iptables-nft: fix -Z option
libxtables: exit if called by setuid executeable
iptables-nft: allow removal of empty builtin chains
extensions: tcpmss: add iptables-translate support
nft-shared: set correct register value
nft-shared: support native tcp port delinearize
nft-shared: support native tcp port range delinearize
nft-shared: support native udp port delinearize
nft: prefer native expressions instead of udp match
nft: prefer native expressions instead of tcp match
nft-shared: add tcp flag dissection
nft: add support for native tcp flag matching
tests: shell: fix bashism
nft: fix indentation error.
tests: iptables-test: correct misspelt variable
extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
extensions: libxt_NFLOG: fix typo
tests: iptables-test: rename variable
tests: add `NOMATCH` test result
tests: support explicit variant test result
tests: NFLOG: enable `--nflog-range` tests
xshared: Implement xtables lock timeout using signals
extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
extensions: libxt_NFLOG: don't truncate log prefix on print/save
extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
fix build for missing ETH_ALEN definition
libxtables: extend xlate infrastructure
tests: xlate-test: support multiline expectation
extensions: libxt_connlimit: add translation
extensions: libxt_tcp: rework translation to use flags match representation
extensions: libxt_conntrack: simplify translation using negation
extensions: libxt_multiport: add translation for -m multiport --ports
nft-shared: update context register for bitwise expression
nft: pass struct nft_xt_ctx to parse_meta()
nft: native mark matching support
nft: pass handle to helper functions to build netlink payload
nft: prepare for dynamic register allocation
nft: split gen_payload() to allocate register and initialize expression
configure: bump version for 1.8.8 release
ip6tables: masquerade: use fully-random so that nft can understand the rule
ebtables: Exit gracefully on invalid table names
include: Drop libipulog.h
nft: Fix bitwise expression avoidance detection
xtables-translate: Fix translation of odd netmasks
libxtables: Simplify xtables_ipmask_to_cidr() a bit
nft: cache: Sort chains on demand only
nft: Increase BATCH_PAGE_SIZE to support huge rulesets
extensions: sctp: Explain match types in man page
Eliminate inet_aton() and inet_ntoa()
nft-arp: Make use of ipv4_addr_to_string()
extensions: SECMARK: Implement revision 1
xtables: Make invflags 16bit wide
xshared: Eliminate iptables_command_state->invert
xshared: Merge invflags handling code
ebtables-translate: Use shared ebt_get_current_chain() function
Use proto_to_name() from xshared in more places
extensions: sctp: Fix nftables translation
extensions: sctp: Translate --chunk-types option
libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
extensions: libebt_ip6: Drop unused variables
libxtables: Fix memleak in xtopt_parse_hostmask()
nft: Avoid memleak in error path of nft_cmd_new()
nft: Avoid buffer size warnings copying iface names
iptables-apply: Drop unused variable
extensions: libebt_ip6: Use xtables_ip6parse_any()
libxtables: Introduce xtables_strdup() and use it everywhere
extensions: libxt_string: Avoid buffer size warning for strncpy()
doc: ebtables-nft.8: Adjust for missing atomic-options
ebtables: Dump atomic waste
nft: Fix for non-verbose check command
tests/shell: Assert non-verbose mode is silent
extensions: hashlimit: Fix tests with HZ=100
iptables-test: Make netns spawning more robust
extensions: libxt_mac: Fix for missing space in listing
nft: Use xtables_malloc() in mnl_err_list_node_add()
nft: Use xtables_{m,c}alloc() everywhere
tests: iptables-test: Fix missing chain case
tests: xlate-test: Don't skip any input after the first empty line
tests: xlate-test: Print errors to stderr
tests: iptables-test: Print errors to stderr
tests: xlate-test: Exit non-zero on error
tests: iptables-test: Exit non-zero on error
tests: shell: Return non-zero on error
ebtables: Avoid dropping policy when flushing
tests: iptables-test: Fix conditional colors on stderr
nft: cache: Avoid double free of unrecognized base-chains
nft: Check base-chain compatibility when adding to cache
nft-chain: Introduce base_slot field
nft: Delete builtin chains compatibly
nft: Introduce builtin_tables_lookup()
xshared: Store optstring in xtables_globals
nft-shared: Introduce init_cs family ops callback
xtables: Simplify addr_mask freeing
nft: Add family ops callbacks wrapping different nft_cmd_* functions
xtables-standalone: Drop version number from init errors
libxtables: Introduce xtables_globals print_help callback
arptables: Use standard data structures when parsing
nft-arp: Introduce post_parse callback
nft-shared: Make nft_check_xt_legacy() family agnostic
xtables: Derive xtables_globals from family
xtables: arptables accepts empty interface names
nft: Merge xtables-arp-standalone.c into xtables-standalone.c
Unbreak xtables-translate
xlate-test: Print full path if testing all files
extensions: hashlimit: Fix tests with HZ=1000
xshared: Merge and share parse_chain()
nft: Change whitespace printing in save_rule callback
xshared: Share print_iface() function
xshared: Share save_rule_details() with legacy
xshared: Share save_ipv{4,6}_addr() with legacy
xshared: Share print_rule_details() with legacy
xshared: Share print_fragment() with legacy
xshared: Share print_header() with legacy iptables
nft-shared: Drop unused function print_proto()
xshared: Make load_proto() static
xshared: Share print_match_save() between legacy ip*tables
xshared: Share a common printhelp function
xshared: Share exit_tryhelp()
xtables_globals: Embed variant name in .program_version
libxtables: Extend basic_exit_err()
iptables-*-restore: Drop pointless line reference
xtables: Drop xtables' family on demand feature
xtables: Pull table validity check out of do_parse()
xtables: Move struct nft_xt_cmd_parse to xshared.h
xtables: Pass xtables_args to check_empty_interface()
xtables: Pass xtables_args to check_inverse()
xtables: Do not pass nft_handle to do_parse()
xshared: Move do_parse to shared space
xshared: Store parsed wait and wait_interval in xtables_args
nft: Move proto_parse and post_parse callbacks to xshared
iptables: Use xtables' do_parse() function
ip6tables: Use the shared do_parse, too
extensions: *NAT: Kill multiple IPv4 range support
xshared: Fix response to unprivileged users
nft: Use verbose flag to toggle debug output
iptables-restore: Support for extra debug output
nft: Set NFTNL_CHAIN_FAMILY in new chains
ebtables: Support verbose mode
nft: Add debug output to table creation
nft: cache: Dump rules if debugging
tests: iptables-test: Support variant deviation
iptables.8: Describe the effect of multiple -v flags
libxtables: Register only the highest revision extension
Improve error messages for unsupported extensions
nft: Simplify immediate parsing
nft: Speed up immediate parsing
xshared: Prefer xtables_chain_protos lookup over getprotoent
nft: Don't pass command state opaque to family ops callbacks
libxtables: Fix for warning in xtables_ipmask_to_numeric
Simplify static build extension loading
nft: Review static extension loading
tests: shell: Fix 0004-return-codes_0 for static builds
nft: Reject standard targets as chain names when restoring
libxtables: Implement notargets hash table
libxtables: Boost rule target checks by announcing chain names
xlate-test: Fix for empty source line on failure
man: DNAT: Describe shifted port range feature
Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
extensions: ipt_DNAT: Merge v1 and v2 parsers
extensions: ipt_DNAT: Merge v1/v2 print/save code
extensions: ipt_DNAT: Combine xlate functions also
extensions: DNAT: Rename from libipt to libxt
extensions: Merge IPv4 and IPv6 DNAT targets
extensions: Merge REDIRECT into DNAT
extensions: man: Document service name support in DNAT and REDIRECT
extensions: MARK: Drop extra newline at end of help
xshared: Move arp_opcodes into shared space
xshared: Extend xtables_printhelp() for arptables
libxtables: Drop xtables_globals 'optstring' field
libxtables: Revert change to struct xtables_pprot
extensions: DNAT: Merge core printing functions
man: *NAT: Review --random* option descriptions
extensions: LOG: Document --log-macdecode in man page
nft: Fix EPERM handling for extensions without rev 0
xtables-translate: add missing argument and option to usage
Fix a few doc typos
iptables-test.py: print with color escapes only when stdout isatty
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 922013ca2adeb19d1d79e98fb3736b9ca2fac365
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:11:22 2022 +0000
Core Update 169: Ship fuse
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 37ddc46691899bd95f781bfcdf3a836ea4d3f51c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 22 23:42:40 2022 +0200
fuse: Update to version 3.11.0
- Update from 3.10.4 to 3.11.0
- Update of rootfile
- Changelog
fuse 3.11.0 (2022-05-02)
* Add support for flag FOPEN_NOFLUSH for avoiding flush on close.
* Fixed returning an error condition to ioctl(2)
fuse 3.10.5 (2021-09-06)
* Various improvements to make unit tests more robust.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8cd9c344393f5a1b56acfe55f669f4230faad9db
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:10:53 2022 +0000
Core Update 169: Ship curl
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 247d9e685e4c49d22446443a9064902987c50fef
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 22 23:42:17 2022 +0200
curl: Update to version 7.83.1
- Update from version 7.83.0 to 7.83.1
- Update of rootfile not required
- Changelog
version 7.83.1
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3f6238f7c1ed0dfb8804ae8ddc6af2147e5ac2ca
Merge: 690d42084 71d53192d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 19:09:46 2022 +0000
Merge branch 'next' into temp-c169-development
commit 690d420840754fc6f2518d5d2f0be38df471a718
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed May 18 14:32:32 2022 +0000
Start Core 169
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree