IPFire-SCM September 2024

ipfire-scm@lists.ipfire.org

1 participants
40 discussions

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7ad12edfb0d233498410f2afc09753e70de50f80
by Michael Tremer 11 Sep '24

11 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 7ad12edfb0d233498410f2afc09753e70de50f80 (commit) from 07f6a51a20cacad8cbfa933ab2af4365cdd30505 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ad12edfb0d233498410f2afc09753e70de50f80 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Wed Sep 11 09:31:43 2024 +0000 make.sh: Bind-mount all loop devices There seems to be a different way how to create loop devices. On my Debian system, the first loop device is a block device with major=7 and minor=0, the second device is major=7 and minor=1, and so on. On a system running Grml, the second loop device has major=7 and minor=32, and all following ones are increasing their minor by 32 as well instead of one. Since I don't have an easy way to detect this, we will simply bind-mount all available loop devices in to the build environment. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: make.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) Difference in files: diff --git a/make.sh b/make.sh index 21543c667..e8c3b0827 100755 --- a/make.sh +++ b/make.sh @@ -447,14 +447,19 @@ prepareenv() { # Create loop devices mknod -m 666 "${BUILD_DIR}/dev/loop-control" c 10 237 - mknod -m 666 "${BUILD_DIR}/dev/loop0" b 7 0 - mknod -m 666 "${BUILD_DIR}/dev/loop1" b 7 1 - mknod -m 666 "${BUILD_DIR}/dev/loop2" b 7 2 - mknod -m 666 "${BUILD_DIR}/dev/loop3" b 7 3 - mknod -m 666 "${BUILD_DIR}/dev/loop4" b 7 4 - mknod -m 666 "${BUILD_DIR}/dev/loop5" b 7 5 - mknod -m 666 "${BUILD_DIR}/dev/loop6" b 7 6 - mknod -m 666 "${BUILD_DIR}/dev/loop7" b 7 7 + + local loop + + # Copy all loop devices from the host + for loop in /dev/loop*; do + if [ -b "${loop}" ]; then + # Create the mountpoint + : > "${BUILD_DIR}${loop}" + + # Bind-mount the device + mount --bind "${loop}" "${BUILD_DIR}${loop}" + fi + done # Create directories mkdir -p "${BUILD_DIR}/dev/pts" hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 07f6a51a20cacad8cbfa933ab2af4365cdd30505
by Michael Tremer 10 Sep '24

10 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 07f6a51a20cacad8cbfa933ab2af4365cdd30505 (commit) from af4a2049ab5607ac1c72dc915520c16d438ab335 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07f6a51a20cacad8cbfa933ab2af4365cdd30505 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 10 16:30:31 2024 +0000 make.sh: Copy the proxy configuration whenever we enable networking Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: make.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) Difference in files: diff --git a/make.sh b/make.sh index 737ad1161..21543c667 100755 --- a/make.sh +++ b/make.sh @@ -571,19 +571,12 @@ prepareenv() { } entershell() { - local environ=( - # HTTP(S) Proxy - "https_proxy=${https_proxy}" - "http_proxy=${http_proxy}" - ) - echo "Entering to a shell inside the build environment, go out with exit" local PS1="ipfire build chroot (${BUILD_ARCH}) \u:\w\$ " # Run an interactive shell - execute --chroot --interactive --network \ - "${environ[@]}" bash -i + execute --chroot --interactive --network bash -i } lfsmakecommoncheck() { @@ -760,6 +753,12 @@ execute() { --network) network="true" + + # Export the proxy configuration + environ+=( + [https_proxy]="${https_proxy}" + [http_proxy]="${http_proxy}" + ) ;; --timer=*) hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. af4a2049ab5607ac1c72dc915520c16d438ab335
by Michael Tremer 09 Sep '24

09 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via af4a2049ab5607ac1c72dc915520c16d438ab335 (commit) via 91c0e2735d137630a867aef40c9e1bde2a95f69e (commit) via 6c6813283a643025f0032ba1f7398a906d8b348a (commit) via ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac (commit) via 50ef8eb544e7604c78942916458dcabd91d268d0 (commit) via 656e3b79ca6e25ae518025914e20876c4576f793 (commit) from 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit af4a2049ab5607ac1c72dc915520c16d438ab335 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Sep 9 15:42:59 2024 +0000 core189: Ship OpenVPN Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 91c0e2735d137630a867aef40c9e1bde2a95f69e Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Sat Sep 7 19:29:27 2024 +0200 openvpn: Update to version 2.5.10 - Update from version 2.5.9 to 2.5.10 - Update of rootfile not required - 3 CVE Fixes in this version but all are for Windows installations. - Changelog 2.5.10 Security fixes - CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com> - CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com> - CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com> User visible changes - License amendment: all NEW commits fall under a modified license that explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - see COPYING for details. Existing code in the release/2.5 branch will not been relicensed (only in release/2.6 and later branches). Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 6c6813283a643025f0032ba1f7398a906d8b348a Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Fri Sep 6 10:42:27 2024 +0000 core189: Ship sudo Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Thu Sep 5 15:28:50 2024 +0200 sudo: Update to version 1.9.16 - Update from version 1.9.15p5 to 1.9.16 - Update of rootfile - Changelog 1.9.16 * Added the "cmddenial_message" sudoers option to provide additional information to the user when a command is denied by the sudoers policy. The default message is still displayed. * The time stamp used for file-based logs is now more consistent with the time stamp produced by syslog. GitHub issues #327. * Sudo will now warn the user if it can detect the user's terminal but cannot determine the path to the terminal device. The sudoers time stamp file will now use the terminal device number directly. GitHub issue #329. * The embedded copy of zlib has been updated to version 1.3.1. * Improved error handling if generating the list of signals and signal names fails at build time. * Fixed a compilation issue on Linux systems without process_vm_readv(). * Fixed cross-compilation with WolfSSL. * Added a "json_compact" value for the sudoers "log_format" option which can be used when logging to a file. The existing "json" value has been aliased to "json_pretty". In a future release, "json" will be an alias for "json_compact". GitHub issue #357. * A new "pam_silent" sudoers option has been added which may be negated to avoid suppressing output from PAM authentication modules. GitHub issue #216. * Fixed several cvtsudoers JSON output problems. GitHub issues #369, #370, #371, #373, #381. * When sudo runs a command in a pseudo-terminal and the user's terminal is revoked, the pseudo-terminal's foreground process group will now receive SIGHUP before the terminal is revoked. This emulates the behavior of the session leader exiting and is consistent with what happens when, for example, an ssh session is closed. GitHub issue #367. * Fixed "make test" with Python 3.12. GitHub issue #374. * In schema.ActiveDirectory, fixed the quoting in the example command. GitHub issue #376. * Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may now be double-quoted. * Sudo insults are now included by default, but disabled unless the --with-insults configure option is specified or the "insults" sudoers option is enabled. * The default sudoers file now enables the "secure_path" option by default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment variables when running visudo. The new --with-secure-path-value configure option can be used to set the value of "secure_path" in the default sudoers file. GitHub issue #387. * A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory Server, IBM Security Directory Server, and IBM Security Verify Directory) is now included. * When cross-compiling sudo, the configure script now assumes that the snprintf() function is C99-compliant if the C compiler supports the C99 standard. Previously, configure would use sudo's own snprintf() when cross-compiling. GitHub issue #386. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 50ef8eb544e7604c78942916458dcabd91d268d0 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Fri Sep 6 10:41:23 2024 +0000 grub: Fix build on riscv64 https://savannah.gnu.org/bugs/?65909 Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 656e3b79ca6e25ae518025914e20876c4576f793 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Sep 5 09:50:59 2024 +0000 make.sh: Silence an error when we have low space in a fresh environment Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/sudo | 1 + .../{oldcore/100 => core/189}/filelists/openvpn | 0 .../{oldcore/112 => core/189}/filelists/sudo | 0 config/rootfiles/core/189/update.sh | 4 +++ lfs/grub | 1 + lfs/openvpn | 6 ++-- lfs/sudo | 6 ++-- make.sh | 2 +- ...e-medany-instead-of-large-model-for-RISCV.patch | 36 ++++++++++++++++++++++ 9 files changed, 49 insertions(+), 7 deletions(-) copy config/rootfiles/{oldcore/100 => core/189}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/112 => core/189}/filelists/sudo (100%) create mode 100644 src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch Difference in files: diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo index a09f06b38..651a284e3 100644 --- a/config/rootfiles/common/sudo +++ b/config/rootfiles/common/sudo @@ -75,6 +75,7 @@ usr/sbin/visudo #usr/share/locale/hu/LC_MESSAGES/sudo.mo #usr/share/locale/hu/LC_MESSAGES/sudoers.mo #usr/share/locale/id/LC_MESSAGES/sudo.mo +#usr/share/locale/id/LC_MESSAGES/sudoers.mo #usr/share/locale/it/LC_MESSAGES/sudo.mo #usr/share/locale/it/LC_MESSAGES/sudoers.mo #usr/share/locale/ja/LC_MESSAGES/sudo.mo diff --git a/config/rootfiles/core/189/filelists/openvpn b/config/rootfiles/core/189/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/189/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/189/filelists/sudo b/config/rootfiles/core/189/filelists/sudo new file mode 120000 index 000000000..0d3c45e04 --- /dev/null +++ b/config/rootfiles/core/189/filelists/sudo @@ -0,0 +1 @@ +../../../common/sudo \ No newline at end of file diff --git a/config/rootfiles/core/189/update.sh b/config/rootfiles/core/189/update.sh index 2c9fb0974..3972f3507 100644 --- a/config/rootfiles/core/189/update.sh +++ b/config/rootfiles/core/189/update.sh @@ -325,6 +325,8 @@ rm -vrf \ /lib/firmware/RTL8192E # Stop services +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n # Extract files extract_files @@ -347,6 +349,8 @@ ldconfig telinit u # Start services +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n # This update needs a reboot... touch /var/run/need_reboot diff --git a/lfs/grub b/lfs/grub index bcc6ac4ab..91dda242c 100644 --- a/lfs/grub +++ b/lfs/grub @@ -94,6 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_APP_EFI) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.06-remove_os_prober_disabled_warning.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.02_disable_vga_fallback.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch cd $(DIR_APP) && [ ! -e grub-core/extra_deps.lst ] && echo 'depends bli part_gpt' > grub-core/extra_deps.lst cd $(DIR_APP) && autoreconf -vfi diff --git a/lfs/openvpn b/lfs/openvpn index b686cc930..807019f0a 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.5.9 +VER = 2.5.10 THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e5110ebb9149121c11de45f085f66d30a89fb674ad96c5792d83b16dc29c95215a91e682adb3c800b91ed4d88d6d24b5bcae0799cdb855a284832f0668ffcb82 +$(DL_FILE)_BLAKE2 = 7f4ae82162e2e48e66df2da8008f45a2db53a22483730808b873948f1dc13a2e5582c79e4469f9d794f8b0f87f08d627e8d1bd070b088ea33444af31779f5479 install : $(TARGET) diff --git a/lfs/sudo b/lfs/sudo index 129e41e9f..cac540be0 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.9.15p5 +VER = 1.9.16 THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 +$(DL_FILE)_BLAKE2 = 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12 install : $(TARGET) diff --git a/make.sh b/make.sh index bba35de41..737ad1161 100755 --- a/make.sh +++ b/make.sh @@ -391,7 +391,7 @@ prepareenv() { # Add any consumed space while read -r consumed_space path; do (( free_space += consumed_space / 1024 / 1024 )) - done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}")" + done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}" 2>/dev/null)" fi # Check that we have the required space diff --git a/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch new file mode 100644 index 000000000..4bfd46856 --- /dev/null +++ b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jason Montleon <jason(a)montleon.com> +Date: Fri, 3 May 2024 13:18:37 -0400 +Subject: [PATCH] Use medany instead of large model for RISCV + +Signed-off-by: Jason Montleon <jason(a)montleon.com> +--- + configure.ac | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d223fe3ef6e..6a6688e362a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1313,7 +1313,7 @@ AC_SUBST(TARGET_LDFLAGS_OLDMAGIC) + + LDFLAGS="$TARGET_LDFLAGS" + +-if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 ; then ++if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 ; then + # Use large model to support 4G memory + AC_CACHE_CHECK([whether option -mcmodel=large works], grub_cv_cc_mcmodel, [ + CFLAGS="$TARGET_CFLAGS -mcmodel=large" +@@ -1323,9 +1323,11 @@ if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_ + ]) + if test "x$grub_cv_cc_mcmodel" = xyes; then + TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=large" +- elif test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64; then ++ elif test "$target_cpu" = sparc64; then + TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany" + fi ++elif test "$target_cpu" = riscv64 ; then ++ TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany" + fi + + if test "$target_cpu"-"$platform" = x86_64-efi; then hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127
by Michael Tremer 05 Sep '24

05 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit) via 4eae0fae0bfd5002fab4c719bd369f0200d624cf (commit) via 4c672e3b9692927d4d3319cb25283098b9075a46 (commit) via ea1d59e31e45fe598280d62449ba157ac8926f70 (commit) via dbaba25987706f0fe451705a908b5e6b98b95809 (commit) from f91d2f48c032221a9cc4ce5d9ca0aea9334ab1c1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Sep 5 09:31:40 2024 +0000 core189: Ship dhcpcd Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 4eae0fae0bfd5002fab4c719bd369f0200d624cf Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Thu Sep 5 10:44:49 2024 +0200 dhcpcd: Update to version 10.0.10 - Update from version 10.0.8 to 10.0.10 - Update of rootfile not required - Patch for free selection of MTU has been removed as in version 10.0.9 the MTU code was changed to not apply limits to it. - Changelog 10.0.10 Reversion of commit "linux: make if_getnetworknamespace static" 10.0.9 Option 2: Fix stdin parsing by @holmanb in #289 IPv4LL: Restart ARP probling on address conflict by @LeoRuan in #340 DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER by @taoyl-g in #342 DHCP: No longer set interface mtu by @rsmarples in #346 Update privsep-linux.c to allow statx by @Jabrwock in #349 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 4c672e3b9692927d4d3319cb25283098b9075a46 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Thu Sep 5 10:31:53 2024 +0200 clamav: Update to version 1.3.2 - Update from version 1.3.1 to 1.3.2 - Update of rootfile - 2 CVE Fixes - Changelog 1.3.2 - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-205…: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-205…: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. - Fix unit test caused by expiring signing certificate. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305) - Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) - Fixes to Jenkins CI pipeline. For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1330) Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit ea1d59e31e45fe598280d62449ba157ac8926f70 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Sep 5 08:56:52 2024 +0000 core189: Ship expat Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit dbaba25987706f0fe451705a908b5e6b98b95809 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Wed Sep 4 23:49:24 2024 +0200 expat: Update to version 2.6.3 - Update from version 2.6.2 to 2.6.3 - Update of rootfile - 3 CVE Fixes in this release. - Changelog 2.6.3 Security fixes: #887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. #888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. #889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Other changes: #851 #879 Autotools: Sync CMake templates with CMake 3.28 #853 Autotools: Always provide path to find(1) for portability #861 Autotools: Ensure that the m4 directory always exists. #870 Autotools: Simplify handling of SIZEOF_VOID_P #869 Autotools: Support non-GNU sed #856 Autotools|CMake: Fix main() to main(void) #865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM #863 Autotools|CMake: Stop requiring dos2unix #854 #855 CMake: Fix check for symbols size_t and off_t #864 docs|tests: Convert README to Markdown and update #741 Windows: Drop support for Visual Studio <=15.0/2017 #886 Drop needless XML_DTD guards around is_param access #885 Fix typo in a code comment #894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Infrastructure: #880 Readme: Promote the call for help #868 CI: Fix various issues #849 CI: Allow triggering GitHub Actions workflows manually #851 #872 .. #873 #879 CI: Adapt to breaking changes in GitHub Actions Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/expat | 21 +++++------ .../{oldcore/125 => core/189}/filelists/dhcpcd | 0 .../{oldcore/106 => core/189}/filelists/expat | 0 config/rootfiles/packages/clamav | 4 +- lfs/clamav | 6 +-- lfs/dhcpcd | 5 +-- lfs/expat | 4 +- ...2-Allow-free-selection-of-MTU-by-the-user.patch | 44 ---------------------- 8 files changed, 19 insertions(+), 65 deletions(-) copy config/rootfiles/{oldcore/125 => core/189}/filelists/dhcpcd (100%) copy config/rootfiles/{oldcore/106 => core/189}/filelists/expat (100%) delete mode 100644 src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch Difference in files: diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 2ab49e910..51a4de2f7 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,21 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake -#usr/lib/cmake/expat-2.6.2 -#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake -#usr/lib/cmake/expat-2.6.2/expat-config.cmake -#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake -#usr/lib/cmake/expat-2.6.2/expat.cmake +#usr/lib/cmake/expat-2.6.3 +#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake +#usr/lib/cmake/expat-2.6.3/expat-config.cmake +#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake +#usr/lib/cmake/expat-2.6.3/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.9.2 +usr/lib/libexpat.so.1.9.3 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.6.2 -#usr/share/doc/expat-2.6.2/ok.min.css -#usr/share/doc/expat-2.6.2/reference.html -#usr/share/doc/expat-2.6.2/style.css +#usr/share/doc/expat-2.6.3 +#usr/share/doc/expat-2.6.3/ok.min.css +#usr/share/doc/expat-2.6.3/reference.html +#usr/share/doc/expat-2.6.3/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/config/rootfiles/core/189/filelists/dhcpcd b/config/rootfiles/core/189/filelists/dhcpcd new file mode 120000 index 000000000..1e799dabb --- /dev/null +++ b/config/rootfiles/core/189/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/189/filelists/expat b/config/rootfiles/core/189/filelists/expat new file mode 120000 index 000000000..e1923cf63 --- /dev/null +++ b/config/rootfiles/core/189/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 2c7242d7e..f8deb9479 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -105,14 +105,13 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/images #usr/share/doc/ClamAV/html/images/change-fork-name.png #usr/share/doc/ClamAV/html/images/cisco.png +#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png #usr/share/doc/ClamAV/html/images/clone-your-fork.png #usr/share/doc/ClamAV/html/images/create-a-fork.png #usr/share/doc/ClamAV/html/images/demon.png #usr/share/doc/ClamAV/html/images/flamegraph.svg #usr/share/doc/ClamAV/html/images/fork-is-behind.png #usr/share/doc/ClamAV/html/images/logo.png -#usr/share/doc/ClamAV/html/images/new-git-workflow.png -#usr/share/doc/ClamAV/html/images/old-git-workflow.png #usr/share/doc/ClamAV/html/index.html #usr/share/doc/ClamAV/html/manual #usr/share/doc/ClamAV/html/manual/Development @@ -163,6 +162,7 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/manual/Usage/Scanning.html #usr/share/doc/ClamAV/html/manual/Usage/Services.html #usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html +#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg #usr/share/doc/ClamAV/html/mark.min.js #usr/share/doc/ClamAV/html/mode-rust.js #usr/share/doc/ClamAV/html/print.html diff --git a/lfs/clamav b/lfs/clamav index 32b4aa4f9..f98d52532 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.3.1 +VER = 1.3.2 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 72 +PAK_VER = 73 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362 +$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8 install : $(TARGET) diff --git a/lfs/dhcpcd b/lfs/dhcpcd index 3bac681d8..10b7b0212 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -24,7 +24,7 @@ include Config -VER = 10.0.8 +VER = 10.0.10 THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1bf27387c13f192c6216e2f1ecad06bfa82267d5d6e08ddaa123789699fe9154222c33b1aa1f603e65ae8dce510cb24d48e72701494e0793c766e81f024f8bc5 +$(DL_FILE)_BLAKE2 = 2ecf52009f3fd4442863e1927a8d9e777ee6f34ff4d50a6f1e67821fb23fd12221df1e3a0a04ea0874df8feac15785772b4aa75af407f74448e442db36410e30 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch cd $(DIR_APP) && ./configure \ --prefix="" \ --sysconfdir=/var/ipfire/dhcpc \ diff --git a/lfs/expat b/lfs/expat index 3a37bf2d2..91e4f32af 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@ include Config -VER = 2.6.2 +VER = 2.6.3 THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4 +$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a install : $(TARGET) diff --git a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch deleted file mode 100644 index 69a35daf5..000000000 --- a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1acff721a3874a74efc9921a1e07bd48bd7efab0 Mon Sep 17 00:00:00 2001 -From: Michael Tremer <michael.tremer(a)ipfire.org> -Date: Tue, 22 Feb 2022 12:07:15 +0000 -Subject: [PATCH] Allow free selection of MTU by the user - -Various ISPs (or equipment?) seem to hand out an MTU of only 576 bytes. -Hwoever, this does not seem to be intentional which is why we would like -to manually overwrite this in the configuration. - -dhcpcd only allows setting a maximum MTU of 1472 bytes which does not -seem to have any rationale (any more). Although Ethernet might limit any -MTU to less, IPv6 and IPv4 support MTUs of up to 64KiB. - -This patch allows the user to configure the MTU freely with providing -some sanity check. - -Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ---- - src/dhcp-common.h | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/dhcp-common.h b/src/dhcp-common.h -index a82fcd4c..d6620822 100644 ---- a/src/dhcp-common.h -+++ b/src/dhcp-common.h -@@ -46,10 +46,11 @@ - #define NS_MAXLABEL MAXLABEL - #endif - --/* Max MTU - defines dhcp option length */ --#define IP_UDP_SIZE 28 --#define MTU_MAX 1500 - IP_UDP_SIZE --#define MTU_MIN 576 + IP_UDP_SIZE -+/* Max/Min MTU */ -+#define MTU_MAX 65536 -+#define MTU_MIN 576 -+ -+#define IP_UDP_SIZE 28 - - #define OT_REQUEST (1 << 0) - #define OT_UINT8 (1 << 1) --- -2.30.2 - hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. f91d2f48c032221a9cc4ce5d9ca0aea9334ab1c1
by Michael Tremer 04 Sep '24

04 Sep '24

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 199ac34d56980b8baf42f23f4b0447986e2d5764
by Michael Tremer 03 Sep '24

03 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 199ac34d56980b8baf42f23f4b0447986e2d5764 (commit) via 0dbab7806670583f7fd1427bd0921227104e3e17 (commit) via a54da99100ebb067490042a9aad1fcd3a86a98a7 (commit) via a50bd44c440efd126175d08db57e4274abdb5316 (commit) from 4ac5f13f1e5358ceddc83343c52738ea73c40f9a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 199ac34d56980b8baf42f23f4b0447986e2d5764 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 19:55:42 2024 +0200 qemu-ga: Update to version 9.0.0 - Follow the qemu update version Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 0dbab7806670583f7fd1427bd0921227104e3e17 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 19:55:41 2024 +0200 qemu: Update to version 9.0.0 - Update from version 8.1.2 to 9.0.0 - Update of rootfile - Version 9.0.1 and 9.0.2 no longer have the bundled dtc package to provide the libfdt library and require a system version but identify the 1.7.1 version of dtc as being older than 1.5.1. So currently qemu has only been updated to 9.0.0 until the reason for this is identified and can be fixed. It has been raised as an issue on the qemu gitlab site. - Changelog is only available at x.0 level 9.0 https://wiki.qemu.org/ChangeLog/9.0 8.2 https://wiki.qemu.org/ChangeLog/8.2 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit a54da99100ebb067490042a9aad1fcd3a86a98a7 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 18:42:41 2024 +0000 make.sh: Require at least 8 GiB of space for the build Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit a50bd44c440efd126175d08db57e4274abdb5316 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 18:42:25 2024 +0000 make.sh: Subtract any used space for the space check Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/packages/qemu | 5 +---- lfs/qemu | 10 +++------- lfs/qemu-ga | 6 +++--- make.sh | 15 ++++++++++++--- 4 files changed, 19 insertions(+), 17 deletions(-) Difference in files: diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index efc0cbd2e..b4c3a752d 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -2,10 +2,8 @@ lib/udev/rules.d/65-kvm.rules usr/bin/elf2dmp usr/bin/qemu usr/bin/qemu-aarch64 -usr/bin/qemu-arm usr/bin/qemu-edid #usr/bin/qemu-ga -usr/bin/qemu-i386 usr/bin/qemu-img usr/bin/qemu-io usr/bin/qemu-nbd @@ -13,8 +11,6 @@ usr/bin/qemu-pr-helper usr/bin/qemu-riscv64 usr/bin/qemu-storage-daemon usr/bin/qemu-system-aarch64 -usr/bin/qemu-system-arm -usr/bin/qemu-system-i386 usr/bin/qemu-system-riscv64 usr/bin/qemu-system-x86_64 usr/bin/qemu-x86_64 @@ -77,6 +73,7 @@ usr/share/qemu/firmware/60-edk2-arm.json usr/share/qemu/firmware/60-edk2-i386.json usr/share/qemu/firmware/60-edk2-x86_64.json #usr/share/qemu/hppa-firmware.img +#usr/share/qemu/hppa-firmware64.img usr/share/qemu/keymaps usr/share/qemu/keymaps/ar usr/share/qemu/keymaps/bepo diff --git a/lfs/qemu b/lfs/qemu index d65282743..caa7c1bc2 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -27,7 +27,7 @@ include Config SUMMARY = Machine emulator and virtualizer # If you update the version also qemu-ga !!! -VER = 8.1.2 +VER = 9.0.0 THISAPP = qemu-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,21 +35,17 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = qemu -PAK_VER = 42 +PAK_VER = 43 DEPS = alsa libusbredir spice libseccomp libslirp SERVICES = TARGETS = \ - i386-linux-user \ x86_64-linux-user \ - arm-linux-user \ aarch64-linux-user \ riscv64-linux-user \ - i386-softmmu \ x86_64-softmmu \ - arm-softmmu \ aarch64-softmmu \ riscv64-softmmu @@ -61,7 +57,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8f48638cd1f0285356aae2d14862f56cc79da09bb9ff9f09e90221fdca851e9c3f8a3d940039f578d24d0b4435baf19cb52a3e927e97bf978ea674d148ecd746 +$(DL_FILE)_BLAKE2 = d92acb859d9ce5097fee27a4689c71869aa38f65eb0308547956d54bd8caf29efe5389d9009f334f109ad228e0ef1f1fd1444d26360f03fac4320b204b657081 install : $(TARGET) diff --git a/lfs/qemu-ga b/lfs/qemu-ga index ff85ca1cc..00ca8c0a0 100644 --- a/lfs/qemu-ga +++ b/lfs/qemu-ga @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,11 +26,11 @@ include Config SUMMARY = Guest agent for QEMU -VER = 8.1.2 +VER = 9.0.0 THISAPP = qemu-ga-$(VER) TARGET = $(DIR_INFO)/$(THISAPP) PROG = qemu-ga -PAK_VER = 7 +PAK_VER = 8 DEPS = diff --git a/make.sh b/make.sh index 966e5bc2e..9b2e0ee70 100755 --- a/make.sh +++ b/make.sh @@ -378,6 +378,7 @@ prepareenv() { # Do we need to check the required space? if [ -n "${required_space}" ]; then local free_space free_blocks block_size + local consumed_space path # Fetch free blocks read -r free_blocks block_size <<< "$(stat --file-system --format="%a %S" "${BASEDIR}")" @@ -385,9 +386,17 @@ prepareenv() { # Calculate free space (( free_space = free_blocks * block_size / 1024 / 1024 )) - # Check if we have at least 4GB of space + # If we don't have the total space free, we need to check how much we have consumed already... if [ "${free_space}" -lt "${required_space}" ]; then - exiterror "Not enough temporary space available, need at least ${required_space}MiB" + # Add any consumed space + while read -r consumed_space path; do + (( free_space += consumed_space / 1024 / 1024 )) + done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}")" + fi + + # Check that we have the required space + if [ "${free_space}" -lt "${required_space}" ]; then + exiterror "Not enough temporary space available, need at least ${required_space}MiB, but only have ${free_space}MiB" fi fi @@ -2464,7 +2473,7 @@ build) exec_in_namespace "$@" # Prepare the environment - prepareenv --required-space=2048 + prepareenv --required-space=8192 # Check if the toolchain is available if [ ! -e "${BUILD_DIR}${TOOLS_DIR}/.toolchain-successful" ]; then hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, master, updated. a80d817716406d88b8c7e82397f4618d64e499a9
by Michael Tremer 03 Sep '24

03 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via a80d817716406d88b8c7e82397f4618d64e499a9 (commit) via 74a02d3372fe99bfa5dee8bfed6b64670d99775f (commit) from 3ce4d238d255477a240c3b1479cb34828c87fb59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a80d817716406d88b8c7e82397f4618d64e499a9 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 18:02:34 2024 +0000 core188: Ship OpenSSL Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 74a02d3372fe99bfa5dee8bfed6b64670d99775f Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 18:00:17 2024 +0000 openssl: Update to 3.3.2 Possible denial of service in X.509 name checks (CVE-2024-6119) =============================================================== Severity: Moderate Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a "reference identifier" (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.1.1 and 1.0.2 are also not affected by this issue. OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/{oldcore/100 => core/188}/filelists/openssl | 0 lfs/openssl | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/100 => core/188}/filelists/openssl (100%) Difference in files: diff --git a/config/rootfiles/core/188/filelists/openssl b/config/rootfiles/core/188/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/188/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/lfs/openssl b/lfs/openssl index d6333f7a4..22a670118 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 3.3.1 +VER = 3.3.2 THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -72,7 +72,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e +$(DL_FILE)_BLAKE2 = cc53d45418673bc2a406d6697b8bd17ff6c726463c4ccc87bb2fa5a6592d0d178dc8cfeb2fbb980ea354a5dc2c86f31c48453427c6937896c7221273e623c9b5 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 4ac5f13f1e5358ceddc83343c52738ea73c40f9a
by Michael Tremer 03 Sep '24

03 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 4ac5f13f1e5358ceddc83343c52738ea73c40f9a (commit) from 5c83f229397327dd6b82e85695bcaffeeb26c26a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ac5f13f1e5358ceddc83343c52738ea73c40f9a Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 18:00:17 2024 +0000 openssl: Update to 3.3.2 Possible denial of service in X.509 name checks (CVE-2024-6119) =============================================================== Severity: Moderate Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a "reference identifier" (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.1.1 and 1.0.2 are also not affected by this issue. OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: lfs/openssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Difference in files: diff --git a/lfs/openssl b/lfs/openssl index d6333f7a4..22a670118 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 3.3.1 +VER = 3.3.2 THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -72,7 +72,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e +$(DL_FILE)_BLAKE2 = cc53d45418673bc2a406d6697b8bd17ff6c726463c4ccc87bb2fa5a6592d0d178dc8cfeb2fbb980ea354a5dc2c86f31c48453427c6937896c7221273e623c9b5 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 5c83f229397327dd6b82e85695bcaffeeb26c26a
by Michael Tremer 03 Sep '24

03 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 5c83f229397327dd6b82e85695bcaffeeb26c26a (commit) via 4c24b80d92a7416e3260266781fe70bc55f91d3f (commit) via fffd31c14969e8f203c7659e9db068fff288e49a (commit) via f676c4c95bc6a4f03d931b3906a0fbbb971734ab (commit) via ff974eeb17339968f6e065496fe82190f960d615 (commit) via 2261d072e562d3aed601fe627f47b67f9e890fa2 (commit) via ac06f70716429318e739d6e1ff2b477cc61e6b39 (commit) via 53eeed5a81970d93889b144f08efee1406bee0b0 (commit) from 4aba01cbc823aefa1cbc1c2729e8d910422f6b74 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5c83f229397327dd6b82e85695bcaffeeb26c26a Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:25 2024 +0200 taglib: Update to version 2.0.2 - Update from version 2.0.1 to 2.0.2 - Update of rootfile - Changelog 2.0.2 * Fix parsing of ID3v2.2 frames. * Tolerate MP4 files with unknown atom types as generated by Android tools. * Support setting properties with arbitrary names in MP4 tags. * Windows: Fix "-p" option in tagwriter example. * Support building with older utfcpp versions. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 4c24b80d92a7416e3260266781fe70bc55f91d3f Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:24 2024 +0200 shairport-sync: Update to version 4.3.4 - Update from version 4.3.2 to 4.3.4 - Update of rootfile - Changelog is only defined for 4.3, 4.2 etc so the below changelog is for all of 4.3 Cannot determine which things were alreday fixed in 4.3.2 and earlier and which are from 4.3.3 onwards. 4.3 **Security Updates** * A crashing bug in NQPTP has been fixed. * The communications protocol used between NQPTP and Shairport Sync has been revised and made more resilient to attempted misuse. * In Linux systems, NQPTP no longer runs as `root` -- instead it runs as the restriced user `nqptp`, with access to ports 319 and 320 set by the installer via the `setcap` utility. **Enhancements** * A new volume control profile called `dasl-tapered` has been added in which halving the volume control setting halves the output level. For example, moving the volume slider from full to half reduces the output level by 10dB, which roughly corresponds with a perceived halving of the audio volume level. Moving the volume slider from half to a quarter reduces the output level by a a further 10dB. The tapering rate is slightly modified at the lower end of the range if the device's attenuation range is restricted (less than about 55dB). To activate the `dasl-tapered` profile, set the `volume_control_profile` to `"dasl_tapered"` in the configuration file and restart Shairport Sync. Many thanks to David Leibovic, aka [dasl-](https://github.com/dasl-), for this. * On graceful shutdown, an `active_end` signal should now be generated if the system was in the active state. Addresses issue [#1647](https://github.com/mikebrady/shairport-sync/issues/1647). Thanks to [Tucker Kern](https://github.com/mill1000) for raising the issue. **Bug Fixes** * Fixed a bug that causes the Docker image to crash occasionally when OwnTone interrupted an existing iOS session. Thanks to [aaronk6](https://github.com/aaronk6) for the report. * Fixed a cross-compliation error caused by not looking for the correct version of the `ar` tool. The fix was to substitute the correct version during the `autoreconf` phase. Thanks to [sternenseemann](https://github.com/sternenseemann) for raising the [issue](https://github.com/mikebrady/shairport-sync/issues/1705) and the [PR](https://github.com/mikebrady/shairport-sync/pull/1706) containing the fix. * Updated the mDNS strings for the Classic AirPlay feature of AP2, so that it does not appear to provide MFi authentication. Addresses [this discussion](https://github.com/mikebrady/shairport-sync/discussions/1691). * Always uses a revision number of 1 when looking for status updates on the DACP remote control port. This follows a suggestion in [Issue #1658](https://github.com/mikebrady/shairport-sync/issues/1658). Thanks to [ejurgensen](https://github.com/ejurgensen), as ever, for the report and the suggested fix. * Fixed a `statistics` bug (the minimum buffer size was incorrectly logged) and also tidy up the statistics logging interval logic for resetting min and max counters. * Added an important missing format string argument to a call in the Jack Audio backend. Many thanks to [michieldwitte] for their [PR](https://github.com/mikebrady/shairport-sync/pull/1693). **Maintenance** * Stopped using a deprecated FFmpeg data structure reference. * Stopped using deprecated OpenSSL calls. Thanks to [yubiuser] for their [PR](https://github.com/mikebrady/shairport-sync/pull/1684) -- which did some of the updating -- and for their guidance. * Run workflow-based tests on PRs automatically. Thanks to [yubiuser] for their [PR](https://github.com/mikebrady/shairport-sync/pull/1687). Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit fffd31c14969e8f203c7659e9db068fff288e49a Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:23 2024 +0200 observium-agent: Update to version 24.4 - Update from version 23.1 to 24.4 - Update of rootfile not required - Changelog is not provided in the source tarbal. Ther is a text changelog at https://www.observium.org/svn.log but it is not clear if this is for the community version used here or for the subscription based version. There is also no reference to any version numbers so you can't easily tell which changes are in this version and which not. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit f676c4c95bc6a4f03d931b3906a0fbbb971734ab Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:22 2024 +0200 mcelog: Update to version 200 - Update from version 196 to 200 - Update of rootfile not required - Changelog is not provided. The git log, https://git.kernel.org/cgit/utils/cpu/mce/mcelog.git/log/, should be viewed for changes. The changes are mostly bug fixes. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit ff974eeb17339968f6e065496fe82190f960d615 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:20 2024 +0200 iotop: Update to version 1.26 - Update from version 1.22 to 1.26 - Update of rootfile not required - Changelog 1.26 Add clock in upper right corner 1.25 Fix bug when iotop busy loops after pressing ESC key Change the condition of displaying processes in only mode 1.24 Fix a bug with graphs in ASCII mode Show the status of the configuration in the help window Support ancient compilers by @bbonev in #52 1.23 Changes by @bbonev in #43 Fix some issues reported by lintian by @debian-janitor in #42 Revert syscall count stuff by @bbonev in #44 Fix empty archlinux package by @bokunodev in #46 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 2261d072e562d3aed601fe627f47b67f9e890fa2 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:21 2024 +0200 libvirt: Update to version 10.7.0 - Update from version 10.0.0 to 10.7.0 - Update of rootfile - 1 CVE fix in 10.7.0 and 1 in 10.1.0 - Changelog 10.7.0 * **Security** * CVE-2024-8235: Crash of ``virtinterfaced`` via ``virConnectListInterfaces()`` A refactor of the code fetching the list of interfaces for multiple APIs introduced corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of ``virtinterfaced`` if ``virConnectListInterfaces()`` is called requesting 0 networks to be filled. The bug was introduced in libvirt-10.4.0 * **New features** * qemu: Introduce the ability to disable the built-in PS/2 controller It is now possible to control the state of the ``ps2`` feature in the domain XML for descendants of the generic PC machine type (``i440fx``, ``q35``, ``xenfv`` and ``isapc``). * **Improvements** * ch: support restore with network devices Cloud-Hypervisor starting from V40.0 supports restoring file descriptor backed network devices. So, create new net fds and pass them via SCM_RIGHTS to CH during restore operation. * ch: support basic networking modes Cloud-Hypervisor driver now supports Ethernet, Network (NAT) and Bridge networking modes. 10.6.0 * **Removed features** * qemu: Require QEMU-5.2.0 or newer The minimal required version of QEMU was bumped to 5.2.0. * **New features** * qemu: Add support for the 'pauth' Arm CPU feature * Introduce pstore device The aim of pstore device is to provide a bit of NVRAM storage for guest kernel to record oops/panic logs just before it crashes. Typical usage includes usage in combination with a watchdog so that the logs can be inspected after the watchdog rebooted the machine. * **Improvements** * qemu: Set 'passt' net backend if 'default' is unsupported If QEMU is compiled without SLIRP support, and if domain XML allows it, starting from this release libvirt will use passt as the default backend instead. Also, supported backends are now reported in the domain capabilities XML. * qemu: add a monitor to /proc/$pid when killing times out In cases when a QEMU process takes longer to be killed, libvirt might have skipped cleaning up after it. But now a /proc/$pid watch is installed so this does not happen ever again. * **Bug fixes** * virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf When binary version of edk2 is distributed, the files reside under /usr/share/edk2-ovmf. Allow virt-aa-helper to generate paths under that directory. * virt-host-validate: Allow longer list of CPU flags During its run, virt-host-validate parses /proc/cpuinfo to learn about CPU flags. But due to a bug it parsed only the first 1024 bytes worth of CPU flags leading to unexpected results. The file is now parsed properly. * capabilities: Be more forgiving when decoding OEM strings On some systems, OEM strings are scattered in multiple sections. This confused libvirt when generating capabilities XML. Not anymore. 10.5.0 * **New features** * Introduce SEV-SNP support SEV-SNP is introduced as another type of ``<launchSecurity/>``. Its support is reported in both domain capabilities and ``virt-host-validate``. * **Improvements** * tools: virt-pki-validate has been rewritten in C The ``virt-pki-validate`` shell script has been rewritten as a C program, providing an output format that matches ``virt-host-validate``, removing the dependency on ``certtool`` and providing more comprehensive checks of the certificate properties. * qemu: implement iommu coldplug/unplug The ``<iommu/>`` device can be now cold plugged and/or cold unplugged. * Pass shutoff reason to release hook Sometimes in release hook it is useful to know if the VM shutdown was graceful or not. This is especially useful to do cleanup based on the VM shutdown failure reason in release hook. Starting with this release the last argument 'extra' is used to pass VM shutoff reason in the call to release hook. * nodedev: improve DASD detection In newer DASD driver versions the ID_TYPE tag is supported. This tag is missing after a system reboot but when the ccw device is set offline and online the tag is included. To fix this version independently we need to check if a device detected as type disk is actually a DASD to maintain the node object consistency and not end up with multiple node objects for DASDs. * **Bug fixes** * remote_daemon_dispatch: Unref sasl session when closing client connection A memory leak was identified when a client started SASL but then suddenly closed connection. This is now fixed. * qemu: Fix migration with disabled vmx-* CPU features Migrating a domain with some vmx-* CPU features marked as disabled could have failed as the destination would incorrectly expect those features to be enabled after starting QEMU. * qemu: Fix ``libvirtd``/``virtqemud`` crash when VM shuts down during migration The libvirt daemon could crash when a VM was shut down while being migrated to another host. 10.4.0 * **New features** * qemu: Support for ras feature for virt machine type It is now possible to set on/off ``ras`` feature in the domain XML for virt (Arm) machine type as ``<ras state='on'/>``. * SSH proxy for VM Libvirt now installs a binary helper that allows connecting to QEMU domains via SSH using the following scheme: ``ssh user@qemu/virtualMachine``. * qemu: Support for ``virtio`` sound model Sound devices can now be configured to use the virtio model with ``<sound model='virtio'/>``. This model is available from QEMU 8.2.0 onwards. * network: use nftables to setup virtual network firewall rules The network driver can now use nftables rules for the virtual network firewalls, rather than iptables. With the standard build options, nftables is preferred over iptables (with fallback to iptables if nftables isn't installed), but this can be modified at build time, or at runtime via the firewall_backend setting in network.conf. (NB: the nwfilter driver still uses ebtables/iptables). * **Improvements** * qemu: add zstd to supported compression formats Extend the list of supported formats of QEMU save image by adding zstd compression. * qemu: Implement support for hotplugging evdev input devices As of this release, hotplug and hotunplug of evdev ``<input/>`` devices is supported. * **Bug fixes** * virsh/virt-admin: Fix ``--help`` option for all commands A bug introduced in `v10.3.0 (2024-05-02)`_ caused that the attempt to print help for any command by using the ``--help`` option in ``virsh`` and ``virt-admin`` would print:: $ virsh list --help error: command 'list' doesn't support option --help instead of the help output. A workaround for the affected version is to use the help command:: $ virsh help list * qemu: Fix ``virsh save`` and migration when storage in question is root_squashed NFS Attempting to save a VM to a root_squash NFS mount or migrating with disks hosted on such mount could, in some scenarios, result in error stating:: 'Unknown error 255' The bug was introduced in `v10.1.0 (2024-03-01)`_. * qemu: Don't set affinity for isolcpus unless explicitly requested When starting a domain, by default libvirt sets affinity of QEMU process to all online CPUs. This also included isolated CPUs (``isolcpus=``) which is wrong. As of this release, isolated CPUs are left untouched, unless explicitly configured in domain XML. * qemu_hotplug: Properly assign USB address to hotplugged usb-net device Previously, the network device hotplug logic would try to ensure only CCW or PCI addresses. With recent support for the usb-net model, USB addresses for usb-net network devices are assigned automatically. * qemu: Fix hotplug of ``virtiofs`` filesystem device with ``<boot order=`` set The bug was introduced in `v10.3.0 (2024-05-02)`_ when attempting to reject unsupported configurations. During hotplug the addresses are assigned after validation and thus errorneously reject valid configs. 10.3.0 * **New features** * qemu: Proper support for USB network device USB address is now automatically assigned to USB network devices thus they can be used without manual configuration. * conf: Introduce memReserve attribute to <controller/> Some PCI devices have large non-prefetchable memory. This can be a problem in case when such device needs to be hotplugged as the firmware can't foresee such situation. The user thus can override the value calculated at start to accomodate for such devices. * **Improvements** * Improve validation of USB devices Certain USB device types ('sound', 'fs', 'chr', 'ccid' and 'net') were not properly handled in the check whether the VM config supports USB and thus would result in poor error messages. * virsh: Fix behaviour of ``--name`` and ``--parent`` used together when listing checkpoint and snapshots The ``checkpoint-list`` and ``snapshot-list`` commands would ignore the ``--name`` option to print only the name when used with ``--parent``. * Extend libvirt-guests to shutdown only persistent VMs Users can now choose to shutdown only persistent VMs when the host is being shut down. * **Bug fixes** * qemu: Fix migration with custom XML Libvirt 10.2.0 would sometimes complain about incompatible CPU definition when trying to migrate or save a domain and passing a custom XML even though such XML was properly generated as migratable. Hitting this bug depends on the guest CPU definition and the host on which a particular domain was running. * qemu: Fix TLS hostname verification failure in certain non-shared storage migration scenarios In certain scenarios (parallel migration, newly also post-copy migration) libvirt would wrongly pass an empty hostname to QEMU to be used for TLS certificate hostname validation, which would result into failure of the non-shared storage migration step:: error: internal error: unable to execute QEMU command 'blockdev-add': Certificate does not match the hostname * Create OVS ports as transient Libvirt now creates OVS ports as transient which prevents them from reappearing or going stale on sudden reboots. * Clear OVS QoS settings when domain shuts down Libvirt now clears QoS settings on domain shutdown, so they no longer pile up in OVS database. 10.2.0 * **New features** * ch: Basic save and restore support for ch driver The ch driver now supports basic save and restore operations. This is functional on domains without any network, host device config defined. The ``path`` parameter for save and restore should be a directory. * qemu: Support for driver type ``mtp`` in ``<filesystem/>`` devices The ``mtp`` driver type exposes the ``usb-mtp`` device in QEMU. The guest can access files on this driver through the Media Transfer Protocol (MTP). * qemu: Added support for the loongarch64 architecture It is now possible for libvirt to run loongarch64 guests, including on other architectures via TCG. For the best results, it is recommended to use the upcoming QEMU 9.0.0 release together with the development version of edk2. * qemu: Introduce virDomainGraphicsReload API Reloading the graphics display is now supported for QEMU guests using VNC. This is useful to make QEMU reload the TLS certificates without restarting the guest. Available via the ``virDomainGraphicsReload`` API and the ``domdisplay-reload`` virsh command. * **Bug fixes** * qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled A domain with vmx feature enabled (which may be even done automatically with ``mode='host-model'``) started by libvirt 9.9.0 or older cannot be migrated to libvirt 9.10.0, 10.0.0, and 10.1.0 as the target host would complain about a lot of extra ``vmx-*`` features. Migration of similar domains started by the affected releases to libvirt 9.9.0 and older does not work either. Since libvirt 10.2.0 migration works again with libvirt 9.9.0 and older in both directions. Migration from the affected releases to 10.2.0 works as well, but the other direction remains broken unless the fix is backported. * node_device: Don't report spurious errors from PCI VPD parsing In last release the PCI Vital Product Data parser was enhanced to report errors but that effort failed as some kernels have the file but don't allow reading it causing logs to be spammed with:: libvirtd[21055]: operation failed: failed to read the PCI VPD data Since the data is used only in the node device XML and errors are ignored if the parsing failed, this release removes all the error reporting. * qemu: set correct SELinux label for unprivileged virtiofsd It is now possible to use virtiofsd-based ``<filesystem>`` shares even if the guest is confined using SELinux. * qemu: fix a crash on unprivileged virtiofsd hotplug Hotplugging virtiofsd-based filesystems works now. * virt-admin: Fix segfault when libvirtd dies ``virt-admin`` no longer crashes when ``libvirtd`` unexpectedly closes the connection. 10.1.0 * **Security** * ``CVE-2024-1441``: Fix off-by-one error leading to a crash In **libvirt-1.0.0** there were couple of interface listing APIs introduced which had an off-by-one error. That error could lead to a very rare crash if an array was passed to those functions which did not fit all the interfaces. In **libvirt-5.10** a check for non-NULL arrays has been adjusted to allow for NULL arrays with size 0 instead of rejecting all NULL arrays. However that made the above issue significantly worse since that off-by-one error now did not write beyond an array, but dereferenced said NULL pointer making the crash certain in a specific scenario in which a NULL array of size 0 was passed to the aforementioned functions. * **New features** * nodedev: Support updating mdevs The node device driver has been extended to allow updating mediated node devices. Options are available to target the update against the persistent, active or both configurations of a mediated device. **Note:** The support is only available with at least mdevctl v1.3.0 installed. * qemu: Add support for /dev/userfaultfd On hosts with new enough kernel which supports /dev/userfaultfd libvirt will now automatically grant QEMU access to this device. It's no longer needed to set vm.unprivileged_userfaultfd sysctl. * qemu: Support clusters in CPU topology It is now possible to configure the guest CPU topology to use clusters. Additionally, if CPU clusters are present in the host topology, they will be reported as part of the capabilities XML. * network: Make virtual domains resolvable from the host When starting a virtual network with a new ``register='yes'`` attribute in the ``<domain>`` element, libvirt will configure ``systemd-resolved`` to resolve names of the connected guests using the name server started for this network. * qemu: Introduce dynamicMemslots attribute for virtio-mem QEMU now allows setting ``.dynamic-memslots`` attribute for virtio-mem-pci devices. When turned on, it allows memory exposed to guest to be split into multiple memory slots and thus smaller memory footprint (see the original commit for detailed explanation). * **Improvements** * nodedev: Add ability to update persistent mediated devices by defining them Existing persistent mediated devices can now also be updated by ``virNodeDeviceDefineXML()`` as long as parent and UUID remain unchanged. * ch: Enable ``ethernet`` interface mode support ``<interface type='ethernet'/>`` can now be used for CH domains. * viraccessdriverpolkit: Add missing vtpm case Secrets with ``<usage type='vtpm'>`` were left unable to be checked for in the access driver, i.e. in ACL rules. Missing code was provided. * virt-admin: Notify users to use explicit URI if connection fails ``virt-admin`` doesn't try to guess the URI of the daemon to manage so a failure to connect may be confusing for users if modular daemons are used. Add a hint to use the URI of the dameon to manage. * **Bug fixes** * qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter If ``trustGuestRxFilters`` is enabled for a vNIC that doesn't support it, libvirt may throw an error when such domain is being started, loaded from a saved state, migrated, etc. These errors are now silenced, but make sure to fix such configurations (after previous release it is even possible to change ``trustGuestRxFilters`` value on live domains via ``virDomainUpdateDeviceFlags()`` or ``virsh device-update``). * domain: Fix check for overlapping ``<memory/>`` devices A bug was identified which caused libvirt to report two NVDIMMs as overlapping even though they weren't. This now fixed. * vmx: Accept empty fileName for cdrom-image Turns out, ``fileName`` attribute (which contains path to CDROM image) can be set to an empty string (``""``) to denote a state in which the CDROM has no medium in it. Libvirt used to reject such configuration file, but not anymore. * qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet() When starting a domain, libvirt tracks what resources it created for it and which were pre-existing and uses this information to preserve pre-existing resources when cleaning up after said domain is shut off. But for macvtaps this information was lost after the macvtap device was changed (e.g. via ``virsh update-device``). * Fix virStream hole handling When a client sent multiple holes into a virStream it may have caused daemon hangup as the daemon stopped processing RPC from the client temporarily. This is now fixed. * nodedev: Don't generate broken XML with certain hardware A broken node device XML would be generated in a rare case when a hardware device had certain characters in the VPD fields. * qemu: Fix reservation of manually specified port for disk migration A manually specified port would not be relased after disk migration making it impossible to use it again. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit ac06f70716429318e739d6e1ff2b477cc61e6b39 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Tue Sep 3 11:17:19 2024 +0200 clamav: Update to version 1.3.1 - Update from version 1.3.0 to 1.3.1 - Update of rootfile not required - As we can not upgrade currently to version 1.4.0 due to the rust/ruby issue we need to update to 1.3.1 as it has a CVE fix in it. - There are three rust dependencies that have been updated but all have a rust-1.57 requirement so have no problem with our current rust-1.67.0 version - Changelog 1.3.1 This is a critical patch release with the following fixes: - [CVE-2024-20380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-203…: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. This issue affects version 1.3.0 only and does not affect prior versions. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1242) - Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1227) - Fixed a bug causing some text to be truncated when converting from UTF-16. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1230) - Fixed assorted complaints identified by Coverity static analysis. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1235) - Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam config option to be pruned and then re-downloaded with every update. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238) - Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238) - Added symbols to the `libclamav.map` file to enable additional build configurations. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1244) Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> commit 53eeed5a81970d93889b144f08efee1406bee0b0 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Mon Sep 2 14:25:59 2024 +0200 tshark: Update to version 4.2.7 - Update from version 4.2.6 to 4.2.7 - Update of rootfile - Version 4.4.0 is out but is a major change version. I have therefore decided to wait for a few update versions before looking at changing to it. Most of the changes appear to be more for the gui wireshark than for the cli tshark that IPFire nis using. - The version 4.2.x branch will still have ongoing bug and security fixes anyway. - CVE fix in this version update. - Changelog 4.2.7 Bug Fixes The following vulnerability has been fixed: • wnpa-sec-2024-11[2] NTLMSSP dissector crash. Issue 19943[3]. CVE-2024-8250[4]. The following bugs have been fixed: • Fuzz job issue: fuzz-2024-01-31-7745.pcap. Issue 19627[5]. • OSS-Fuzz 70534: wireshark:fuzzshark_ip_proto-udp: Stack-overflow in dissect_cbor_main_type. Issue 19935[6]. • SOME/IP Protocol heuristic dissector fails to parse. Issue 19670[7]. • 6loWPAN: Page Number Field Incorrect Registration. Issue 19934[8]. • PacketBB incorrectly reports "Malformed Packet" Issue 19972[9]. Updated Protocol Support 6LoWPAN, BGP, CAN-ETH, CBOR, IEEE 802.11, LBMSRS, NTLMSSP, PacketBB, PN-MRP, SOME/IP, USBLL, X.75, and Zabbix Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/packages/libvirt | 14 ++++++++++---- config/rootfiles/packages/shairport-sync | 2 +- config/rootfiles/packages/taglib | 4 ++-- config/rootfiles/packages/tshark | 4 ++-- lfs/clamav | 6 +++--- lfs/iotop | 8 ++++---- lfs/libvirt | 6 +++--- lfs/mcelog | 8 ++++---- lfs/observium-agent | 8 ++++---- lfs/shairport-sync | 6 +++--- lfs/taglib | 6 +++--- lfs/tshark | 6 +++--- 12 files changed, 42 insertions(+), 36 deletions(-) Difference in files: diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index f1031b079..32fdd5cce 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -52,6 +52,8 @@ etc/logrotate.d/libvirtd.qemu etc/rc.d/init.d/libvirt-guests etc/rc.d/init.d/libvirtd etc/rc.d/init.d/virtlogd +#etc/ssh/ssh_config.d +etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf usr/bin/virsh usr/bin/virt-admin usr/bin/virt-host-validate @@ -85,16 +87,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.10000.0 +usr/lib/libvirt-admin.so.0.10007.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.10000.0 +usr/lib/libvirt-lxc.so.0.10007.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.10000.0 +usr/lib/libvirt-qemu.so.0.10007.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.10000.0 +usr/lib/libvirt.so.0.10007.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -118,6 +120,9 @@ usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so #usr/lib/sysctl.d usr/lib/sysctl.d/60-libvirtd.conf usr/lib/sysctl.d/60-qemu-postcopy-migration.conf +#usr/lib/sysusers.d +usr/lib/sysusers.d/libvirt-qemu.conf +usr/libexec/libvirt-ssh-proxy usr/libexec/libvirt_iohelper usr/libexec/virt-login-shell-helper usr/sbin/libvirtd @@ -253,6 +258,7 @@ usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml usr/share/libvirt/cpu_map/x86_EPYC.xml +usr/share/libvirt/cpu_map/x86_GraniteRapids.xml usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml usr/share/libvirt/cpu_map/x86_Haswell-noTSX.xml diff --git a/config/rootfiles/packages/shairport-sync b/config/rootfiles/packages/shairport-sync index a0cd5c859..4fb1d3f48 100644 --- a/config/rootfiles/packages/shairport-sync +++ b/config/rootfiles/packages/shairport-sync @@ -2,5 +2,5 @@ etc/rc.d/init.d/shairport-sync etc/shairport-sync.conf #etc/shairport-sync.conf.sample usr/bin/shairport-sync -#usr/share/man/man7/shairport-sync.7 +#usr/share/man/man1/shairport-sync.1 var/ipfire/backup/addons/includes/shairport-sync diff --git a/config/rootfiles/packages/taglib b/config/rootfiles/packages/taglib index 1341d11ed..1dbab71e1 100644 --- a/config/rootfiles/packages/taglib +++ b/config/rootfiles/packages/taglib @@ -120,9 +120,9 @@ usr/bin/taglib-config #usr/lib/cmake/taglib/taglib-targets.cmake #usr/lib/libtag.so usr/lib/libtag.so.2 -usr/lib/libtag.so.2.0.1 +usr/lib/libtag.so.2.0.2 #usr/lib/libtag_c.so usr/lib/libtag_c.so.2 -usr/lib/libtag_c.so.2.0.1 +usr/lib/libtag_c.so.2.0.2 #usr/lib/pkgconfig/taglib.pc #usr/lib/pkgconfig/taglib_c.pc diff --git a/config/rootfiles/packages/tshark b/config/rootfiles/packages/tshark index 9f40dbc2e..a177b7b31 100644 --- a/config/rootfiles/packages/tshark +++ b/config/rootfiles/packages/tshark @@ -12,10 +12,10 @@ usr/bin/dumpcap usr/bin/tshark #usr/lib/libwireshark.so usr/lib/libwireshark.so.17 -usr/lib/libwireshark.so.17.0.6 +usr/lib/libwireshark.so.17.0.7 #usr/lib/libwiretap.so usr/lib/libwiretap.so.14 -usr/lib/libwiretap.so.14.1.6 +usr/lib/libwiretap.so.14.1.7 #usr/lib/libwsutil.so usr/lib/libwsutil.so.15 usr/lib/libwsutil.so.15.0.0 diff --git a/lfs/clamav b/lfs/clamav index 5a1089187..32b4aa4f9 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.3.0 +VER = 1.3.1 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 71 +PAK_VER = 72 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282 +$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362 install : $(TARGET) diff --git a/lfs/iotop b/lfs/iotop index 1dc44eaef..d869386ea 100644 --- a/lfs/iotop +++ b/lfs/iotop @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Top Like UI to Show Per-Process I/O Going on -VER = 1.22 +VER = 1.26 THISAPP = iotop-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = iotop -PAK_VER = 5 +PAK_VER = 6 DEPS = SERVICES = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 59ceff92600f6f9ff080d02ea10a796a2b6f05ccbb663ac2eed9a7d5c7f6a44de329307bc45605b3415804ef3b2d0699afdaeb1c22604276ce15fc606304ef70 +$(DL_FILE)_BLAKE2 = 90ca8706809952c1523c01b1cb4fa2728934277d80145ab6d90e10cb624361fd4089c527c6093b4733b954f874598c33c7892369ef98e96cbc0bb173a0f8c986 install : $(TARGET) diff --git a/lfs/libvirt b/lfs/libvirt index ef122cfa7..4ac7dbf90 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -26,7 +26,7 @@ include Config SUMMARY = Server side daemon and supporting files for libvirt -VER = 10.0.0 +VER = 10.7.0 THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 34 +PAK_VER = 35 DEPS = ebtables libpciaccess libyajl ncat qemu @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = bfbea7805a949999481293a31e52a5511bcf86db2c96486cbc3b9cb776719ec973b1208cfcb4a8ae2c9220d1d68053980eaf68893f7919c3ef354efbd1abf642 +$(DL_FILE)_BLAKE2 = 331f8c01395c70536ac094a156810f93cd85aab9f25bdde40633698a27f5863cb5c88c520199a5182318f376cb1a3484f3c487da74a41925a521c4a305c51f13 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) diff --git a/lfs/mcelog b/lfs/mcelog index 619cf025a..fa10eb374 100644 --- a/lfs/mcelog +++ b/lfs/mcelog @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Log Machine Check Events -VER = 196 +VER = 200 THISAPP = mcelog-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mcelog -PAK_VER = 4 +PAK_VER = 5 SUP_ARCH = x86_64 DEPS = @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 50871cd7a3c4dd6f4c4d613c7db4528d972ca37ba17b0a5aa4876d8fc92d4478c2247ea65748310ad6d4b950d1abc9bd0ea40193e72b36d38334547382477849 +$(DL_FILE)_BLAKE2 = 66b6f25720d09760aab79d0b410287e73087551ab54eaf7dc31c0f7f5c56a40583e933f9e6dae9b91c5594f5bdf51701c37328e76f930c937b448aaac7acd262 install : $(TARGET) diff --git a/lfs/observium-agent b/lfs/observium-agent index 7df6996ba..bbf3bfcda 100644 --- a/lfs/observium-agent +++ b/lfs/observium-agent @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Observium agent -VER = 23.1 +VER = 24.4 THISAPP = observium-community-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/observium TARGET = $(DIR_INFO)/$(THISAPP) PROG = observium-agent -PAK_VER = 2 +PAK_VER = 3 DEPS = xinetd @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d89e8bd454bff4dfcf56bb95619747de53ee6b84d7f4f201058d654494252f3bc725013a5f08b6d635be30234474a4de9379275b593e031efb9a3f216641cd7c +$(DL_FILE)_BLAKE2 = 1ef34e7bb6ce43ea7e0a122deb5031d555d942d4f79be0596fc0e2c63a2f92321aa22f34a21e6fa559a8a76e744770f9d74676955acdd76dc4d410e1107636a2 install : $(TARGET) diff --git a/lfs/shairport-sync b/lfs/shairport-sync index 4ade1ab99..f7136bc70 100644 --- a/lfs/shairport-sync +++ b/lfs/shairport-sync @@ -26,7 +26,7 @@ include Config SUMMARY = An AirPlay audio player -VER = 4.3.2 +VER = 4.3.4 THISAPP = shairport-sync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = shairport-sync -PAK_VER = 15 +PAK_VER = 16 DEPS = alac alsa avahi ffmpeg libdaemon libplist nqptp soxr @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = bed3228874e7ca1bf6e7d8cc21d6d750533d0bdd103bbd1f49412bab06da099adbecfa689d8f733084a1a5519391a01b5b47a527597e1dbf6ab151badda18284 +$(DL_FILE)_BLAKE2 = 298f836f924dde30ac7563f431d8c657efdc0bc4bb3a0a55fb500591a6eab4801f904a0a61bfb325e0ebe62b68b935926c4fb18a9a574c78d6f8249503bb828f install : $(TARGET) diff --git a/lfs/taglib b/lfs/taglib index a211df139..527ae9e3f 100644 --- a/lfs/taglib +++ b/lfs/taglib @@ -26,7 +26,7 @@ include Config SUMMARY = Audio Meta-Data Library -VER = 2.0.1 +VER = 2.0.2 THISAPP = taglib-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = taglib -PAK_VER = 4 +PAK_VER = 5 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a39997b3185609b47b4d20c12b9d131eee32a2846627799d83df98eaaf5b909514fd97667e779715b940f0866252d02a523fa9d87534ea3cdefbd27449cbe714 +$(DL_FILE)_BLAKE2 = 389af213bd467d68e2b0ca4485f51c35e660439baf2ecb7165069e5cb73589f5cf6c92d56e25780cea60e082b6fa51c5dde320dd25b8c5ef0e3b738ff0a6d4ea install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) diff --git a/lfs/tshark b/lfs/tshark index 7156476d1..c4d29c8e1 100644 --- a/lfs/tshark +++ b/lfs/tshark @@ -26,7 +26,7 @@ include Config SUMMARY = A Network Traffic Analyser -VER = 4.2.6 +VER = 4.2.7 THISAPP = wireshark-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tshark DEPS = c-ares -PAK_VER = 17 +PAK_VER = 18 SERVICES = @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 880acf82c7e535b89ce8b41293c90197825ffe1132720337e77b3dcee0eaf476cb3faa6f9b42d3864e9f6892e624d0b286afdaf6bbe7e6b60483296d087a4bc3 +$(DL_FILE)_BLAKE2 = ab82c4ff9afa0fecb3cddbabc7441c3f457c2ccfc39f8a1e65f5d4df752bbdf7cb3d892db5a3de86ec055b12c512f4d067f6d98626ecd2f58f31052e10415be8 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 4aba01cbc823aefa1cbc1c2729e8d910422f6b74
by Michael Tremer 03 Sep '24

03 Sep '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 4aba01cbc823aefa1cbc1c2729e8d910422f6b74 (commit) from eb8b141b635606af1d71399fe1e3d842e400ba4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4aba01cbc823aefa1cbc1c2729e8d910422f6b74 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Tue Sep 3 07:54:04 2024 +0000 binutils: Update rootfile for riscv64 Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/riscv64/binutils | 144 ++++++++++++++++++++++++++++++- 1 file changed, 142 insertions(+), 2 deletions(-) Difference in files: diff --git a/config/rootfiles/common/riscv64/binutils b/config/rootfiles/common/riscv64/binutils index 88dadbe6b..141af7cde 100644 --- a/config/rootfiles/common/riscv64/binutils +++ b/config/rootfiles/common/riscv64/binutils @@ -3,7 +3,13 @@ #usr/bin/as #usr/bin/c++filt #usr/bin/elfedit +#usr/bin/gp-archive +#usr/bin/gp-collect-app +#usr/bin/gp-display-html +#usr/bin/gp-display-src +#usr/bin/gp-display-text #usr/bin/gprof +#usr/bin/gprofng #usr/bin/ld #usr/bin/ld.bfd #usr/bin/nm @@ -14,13 +20,18 @@ usr/bin/readelf #usr/bin/size usr/bin/strings #usr/bin/strip +#usr/etc +#usr/etc/gprofng.rc #usr/include/ansidecl.h #usr/include/bfd.h #usr/include/bfdlink.h +#usr/include/collectorAPI.h #usr/include/ctf-api.h #usr/include/ctf.h #usr/include/diagnostics.h #usr/include/dis-asm.h +#usr/include/libcollector.h +#usr/include/libfcollector.h #usr/include/libiberty.h #usr/include/plugin-api.h #usr/include/sframe-api.h @@ -28,273 +39,389 @@ usr/bin/strings #usr/include/symcat.h #usr/lib/bfd-plugins #usr/lib/bfd-plugins/libdep.so +#usr/lib/gprofng +#usr/lib/gprofng/libgp-collector.so +#usr/lib/gprofng/libgp-collectorAPI.a +#usr/lib/gprofng/libgp-collectorAPI.la +#usr/lib/gprofng/libgp-collectorAPI.so +#usr/lib/gprofng/libgp-heap.so +#usr/lib/gprofng/libgp-iotrace.so +#usr/lib/gprofng/libgp-sync.so #usr/lib/ldscripts #usr/lib/ldscripts/elf32briscv.x #usr/lib/ldscripts/elf32briscv.xbn #usr/lib/ldscripts/elf32briscv.xc #usr/lib/ldscripts/elf32briscv.xce +#usr/lib/ldscripts/elf32briscv.xcer #usr/lib/ldscripts/elf32briscv.xd #usr/lib/ldscripts/elf32briscv.xdc #usr/lib/ldscripts/elf32briscv.xdce +#usr/lib/ldscripts/elf32briscv.xdcer #usr/lib/ldscripts/elf32briscv.xde +#usr/lib/ldscripts/elf32briscv.xder #usr/lib/ldscripts/elf32briscv.xdw #usr/lib/ldscripts/elf32briscv.xdwe +#usr/lib/ldscripts/elf32briscv.xdwer #usr/lib/ldscripts/elf32briscv.xe +#usr/lib/ldscripts/elf32briscv.xer #usr/lib/ldscripts/elf32briscv.xn #usr/lib/ldscripts/elf32briscv.xr #usr/lib/ldscripts/elf32briscv.xs #usr/lib/ldscripts/elf32briscv.xsc #usr/lib/ldscripts/elf32briscv.xsce +#usr/lib/ldscripts/elf32briscv.xscer #usr/lib/ldscripts/elf32briscv.xse +#usr/lib/ldscripts/elf32briscv.xser #usr/lib/ldscripts/elf32briscv.xsw #usr/lib/ldscripts/elf32briscv.xswe +#usr/lib/ldscripts/elf32briscv.xswer #usr/lib/ldscripts/elf32briscv.xu #usr/lib/ldscripts/elf32briscv.xw #usr/lib/ldscripts/elf32briscv.xwe +#usr/lib/ldscripts/elf32briscv.xwer #usr/lib/ldscripts/elf32briscv_ilp32.x #usr/lib/ldscripts/elf32briscv_ilp32.xbn #usr/lib/ldscripts/elf32briscv_ilp32.xc #usr/lib/ldscripts/elf32briscv_ilp32.xce +#usr/lib/ldscripts/elf32briscv_ilp32.xcer #usr/lib/ldscripts/elf32briscv_ilp32.xd #usr/lib/ldscripts/elf32briscv_ilp32.xdc #usr/lib/ldscripts/elf32briscv_ilp32.xdce +#usr/lib/ldscripts/elf32briscv_ilp32.xdcer #usr/lib/ldscripts/elf32briscv_ilp32.xde +#usr/lib/ldscripts/elf32briscv_ilp32.xder #usr/lib/ldscripts/elf32briscv_ilp32.xdw #usr/lib/ldscripts/elf32briscv_ilp32.xdwe +#usr/lib/ldscripts/elf32briscv_ilp32.xdwer #usr/lib/ldscripts/elf32briscv_ilp32.xe +#usr/lib/ldscripts/elf32briscv_ilp32.xer #usr/lib/ldscripts/elf32briscv_ilp32.xn #usr/lib/ldscripts/elf32briscv_ilp32.xr #usr/lib/ldscripts/elf32briscv_ilp32.xs #usr/lib/ldscripts/elf32briscv_ilp32.xsc #usr/lib/ldscripts/elf32briscv_ilp32.xsce +#usr/lib/ldscripts/elf32briscv_ilp32.xscer #usr/lib/ldscripts/elf32briscv_ilp32.xse +#usr/lib/ldscripts/elf32briscv_ilp32.xser #usr/lib/ldscripts/elf32briscv_ilp32.xsw #usr/lib/ldscripts/elf32briscv_ilp32.xswe +#usr/lib/ldscripts/elf32briscv_ilp32.xswer #usr/lib/ldscripts/elf32briscv_ilp32.xu #usr/lib/ldscripts/elf32briscv_ilp32.xw #usr/lib/ldscripts/elf32briscv_ilp32.xwe +#usr/lib/ldscripts/elf32briscv_ilp32.xwer #usr/lib/ldscripts/elf32briscv_ilp32f.x #usr/lib/ldscripts/elf32briscv_ilp32f.xbn #usr/lib/ldscripts/elf32briscv_ilp32f.xc #usr/lib/ldscripts/elf32briscv_ilp32f.xce +#usr/lib/ldscripts/elf32briscv_ilp32f.xcer #usr/lib/ldscripts/elf32briscv_ilp32f.xd #usr/lib/ldscripts/elf32briscv_ilp32f.xdc #usr/lib/ldscripts/elf32briscv_ilp32f.xdce +#usr/lib/ldscripts/elf32briscv_ilp32f.xdcer #usr/lib/ldscripts/elf32briscv_ilp32f.xde +#usr/lib/ldscripts/elf32briscv_ilp32f.xder #usr/lib/ldscripts/elf32briscv_ilp32f.xdw #usr/lib/ldscripts/elf32briscv_ilp32f.xdwe +#usr/lib/ldscripts/elf32briscv_ilp32f.xdwer #usr/lib/ldscripts/elf32briscv_ilp32f.xe +#usr/lib/ldscripts/elf32briscv_ilp32f.xer #usr/lib/ldscripts/elf32briscv_ilp32f.xn #usr/lib/ldscripts/elf32briscv_ilp32f.xr #usr/lib/ldscripts/elf32briscv_ilp32f.xs #usr/lib/ldscripts/elf32briscv_ilp32f.xsc #usr/lib/ldscripts/elf32briscv_ilp32f.xsce +#usr/lib/ldscripts/elf32briscv_ilp32f.xscer #usr/lib/ldscripts/elf32briscv_ilp32f.xse +#usr/lib/ldscripts/elf32briscv_ilp32f.xser #usr/lib/ldscripts/elf32briscv_ilp32f.xsw #usr/lib/ldscripts/elf32briscv_ilp32f.xswe +#usr/lib/ldscripts/elf32briscv_ilp32f.xswer #usr/lib/ldscripts/elf32briscv_ilp32f.xu #usr/lib/ldscripts/elf32briscv_ilp32f.xw #usr/lib/ldscripts/elf32briscv_ilp32f.xwe +#usr/lib/ldscripts/elf32briscv_ilp32f.xwer #usr/lib/ldscripts/elf32lriscv.x #usr/lib/ldscripts/elf32lriscv.xbn #usr/lib/ldscripts/elf32lriscv.xc #usr/lib/ldscripts/elf32lriscv.xce +#usr/lib/ldscripts/elf32lriscv.xcer #usr/lib/ldscripts/elf32lriscv.xd #usr/lib/ldscripts/elf32lriscv.xdc #usr/lib/ldscripts/elf32lriscv.xdce +#usr/lib/ldscripts/elf32lriscv.xdcer #usr/lib/ldscripts/elf32lriscv.xde +#usr/lib/ldscripts/elf32lriscv.xder #usr/lib/ldscripts/elf32lriscv.xdw #usr/lib/ldscripts/elf32lriscv.xdwe +#usr/lib/ldscripts/elf32lriscv.xdwer #usr/lib/ldscripts/elf32lriscv.xe +#usr/lib/ldscripts/elf32lriscv.xer #usr/lib/ldscripts/elf32lriscv.xn #usr/lib/ldscripts/elf32lriscv.xr #usr/lib/ldscripts/elf32lriscv.xs #usr/lib/ldscripts/elf32lriscv.xsc #usr/lib/ldscripts/elf32lriscv.xsce +#usr/lib/ldscripts/elf32lriscv.xscer #usr/lib/ldscripts/elf32lriscv.xse +#usr/lib/ldscripts/elf32lriscv.xser #usr/lib/ldscripts/elf32lriscv.xsw #usr/lib/ldscripts/elf32lriscv.xswe +#usr/lib/ldscripts/elf32lriscv.xswer #usr/lib/ldscripts/elf32lriscv.xu #usr/lib/ldscripts/elf32lriscv.xw #usr/lib/ldscripts/elf32lriscv.xwe +#usr/lib/ldscripts/elf32lriscv.xwer #usr/lib/ldscripts/elf32lriscv_ilp32.x #usr/lib/ldscripts/elf32lriscv_ilp32.xbn #usr/lib/ldscripts/elf32lriscv_ilp32.xc #usr/lib/ldscripts/elf32lriscv_ilp32.xce +#usr/lib/ldscripts/elf32lriscv_ilp32.xcer #usr/lib/ldscripts/elf32lriscv_ilp32.xd #usr/lib/ldscripts/elf32lriscv_ilp32.xdc #usr/lib/ldscripts/elf32lriscv_ilp32.xdce +#usr/lib/ldscripts/elf32lriscv_ilp32.xdcer #usr/lib/ldscripts/elf32lriscv_ilp32.xde +#usr/lib/ldscripts/elf32lriscv_ilp32.xder #usr/lib/ldscripts/elf32lriscv_ilp32.xdw #usr/lib/ldscripts/elf32lriscv_ilp32.xdwe +#usr/lib/ldscripts/elf32lriscv_ilp32.xdwer #usr/lib/ldscripts/elf32lriscv_ilp32.xe +#usr/lib/ldscripts/elf32lriscv_ilp32.xer #usr/lib/ldscripts/elf32lriscv_ilp32.xn #usr/lib/ldscripts/elf32lriscv_ilp32.xr #usr/lib/ldscripts/elf32lriscv_ilp32.xs #usr/lib/ldscripts/elf32lriscv_ilp32.xsc #usr/lib/ldscripts/elf32lriscv_ilp32.xsce +#usr/lib/ldscripts/elf32lriscv_ilp32.xscer #usr/lib/ldscripts/elf32lriscv_ilp32.xse +#usr/lib/ldscripts/elf32lriscv_ilp32.xser #usr/lib/ldscripts/elf32lriscv_ilp32.xsw #usr/lib/ldscripts/elf32lriscv_ilp32.xswe +#usr/lib/ldscripts/elf32lriscv_ilp32.xswer #usr/lib/ldscripts/elf32lriscv_ilp32.xu #usr/lib/ldscripts/elf32lriscv_ilp32.xw #usr/lib/ldscripts/elf32lriscv_ilp32.xwe +#usr/lib/ldscripts/elf32lriscv_ilp32.xwer #usr/lib/ldscripts/elf32lriscv_ilp32f.x #usr/lib/ldscripts/elf32lriscv_ilp32f.xbn #usr/lib/ldscripts/elf32lriscv_ilp32f.xc #usr/lib/ldscripts/elf32lriscv_ilp32f.xce +#usr/lib/ldscripts/elf32lriscv_ilp32f.xcer #usr/lib/ldscripts/elf32lriscv_ilp32f.xd #usr/lib/ldscripts/elf32lriscv_ilp32f.xdc #usr/lib/ldscripts/elf32lriscv_ilp32f.xdce +#usr/lib/ldscripts/elf32lriscv_ilp32f.xdcer #usr/lib/ldscripts/elf32lriscv_ilp32f.xde +#usr/lib/ldscripts/elf32lriscv_ilp32f.xder #usr/lib/ldscripts/elf32lriscv_ilp32f.xdw #usr/lib/ldscripts/elf32lriscv_ilp32f.xdwe +#usr/lib/ldscripts/elf32lriscv_ilp32f.xdwer #usr/lib/ldscripts/elf32lriscv_ilp32f.xe +#usr/lib/ldscripts/elf32lriscv_ilp32f.xer #usr/lib/ldscripts/elf32lriscv_ilp32f.xn #usr/lib/ldscripts/elf32lriscv_ilp32f.xr #usr/lib/ldscripts/elf32lriscv_ilp32f.xs #usr/lib/ldscripts/elf32lriscv_ilp32f.xsc #usr/lib/ldscripts/elf32lriscv_ilp32f.xsce +#usr/lib/ldscripts/elf32lriscv_ilp32f.xscer #usr/lib/ldscripts/elf32lriscv_ilp32f.xse +#usr/lib/ldscripts/elf32lriscv_ilp32f.xser #usr/lib/ldscripts/elf32lriscv_ilp32f.xsw #usr/lib/ldscripts/elf32lriscv_ilp32f.xswe +#usr/lib/ldscripts/elf32lriscv_ilp32f.xswer #usr/lib/ldscripts/elf32lriscv_ilp32f.xu #usr/lib/ldscripts/elf32lriscv_ilp32f.xw #usr/lib/ldscripts/elf32lriscv_ilp32f.xwe +#usr/lib/ldscripts/elf32lriscv_ilp32f.xwer #usr/lib/ldscripts/elf64briscv.x #usr/lib/ldscripts/elf64briscv.xbn #usr/lib/ldscripts/elf64briscv.xc #usr/lib/ldscripts/elf64briscv.xce +#usr/lib/ldscripts/elf64briscv.xcer #usr/lib/ldscripts/elf64briscv.xd #usr/lib/ldscripts/elf64briscv.xdc #usr/lib/ldscripts/elf64briscv.xdce +#usr/lib/ldscripts/elf64briscv.xdcer #usr/lib/ldscripts/elf64briscv.xde +#usr/lib/ldscripts/elf64briscv.xder #usr/lib/ldscripts/elf64briscv.xdw #usr/lib/ldscripts/elf64briscv.xdwe +#usr/lib/ldscripts/elf64briscv.xdwer #usr/lib/ldscripts/elf64briscv.xe +#usr/lib/ldscripts/elf64briscv.xer #usr/lib/ldscripts/elf64briscv.xn #usr/lib/ldscripts/elf64briscv.xr #usr/lib/ldscripts/elf64briscv.xs #usr/lib/ldscripts/elf64briscv.xsc #usr/lib/ldscripts/elf64briscv.xsce +#usr/lib/ldscripts/elf64briscv.xscer #usr/lib/ldscripts/elf64briscv.xse +#usr/lib/ldscripts/elf64briscv.xser #usr/lib/ldscripts/elf64briscv.xsw #usr/lib/ldscripts/elf64briscv.xswe +#usr/lib/ldscripts/elf64briscv.xswer #usr/lib/ldscripts/elf64briscv.xu #usr/lib/ldscripts/elf64briscv.xw #usr/lib/ldscripts/elf64briscv.xwe +#usr/lib/ldscripts/elf64briscv.xwer #usr/lib/ldscripts/elf64briscv_lp64.x #usr/lib/ldscripts/elf64briscv_lp64.xbn #usr/lib/ldscripts/elf64briscv_lp64.xc #usr/lib/ldscripts/elf64briscv_lp64.xce +#usr/lib/ldscripts/elf64briscv_lp64.xcer #usr/lib/ldscripts/elf64briscv_lp64.xd #usr/lib/ldscripts/elf64briscv_lp64.xdc #usr/lib/ldscripts/elf64briscv_lp64.xdce +#usr/lib/ldscripts/elf64briscv_lp64.xdcer #usr/lib/ldscripts/elf64briscv_lp64.xde +#usr/lib/ldscripts/elf64briscv_lp64.xder #usr/lib/ldscripts/elf64briscv_lp64.xdw #usr/lib/ldscripts/elf64briscv_lp64.xdwe +#usr/lib/ldscripts/elf64briscv_lp64.xdwer #usr/lib/ldscripts/elf64briscv_lp64.xe +#usr/lib/ldscripts/elf64briscv_lp64.xer #usr/lib/ldscripts/elf64briscv_lp64.xn #usr/lib/ldscripts/elf64briscv_lp64.xr #usr/lib/ldscripts/elf64briscv_lp64.xs #usr/lib/ldscripts/elf64briscv_lp64.xsc #usr/lib/ldscripts/elf64briscv_lp64.xsce +#usr/lib/ldscripts/elf64briscv_lp64.xscer #usr/lib/ldscripts/elf64briscv_lp64.xse +#usr/lib/ldscripts/elf64briscv_lp64.xser #usr/lib/ldscripts/elf64briscv_lp64.xsw #usr/lib/ldscripts/elf64briscv_lp64.xswe +#usr/lib/ldscripts/elf64briscv_lp64.xswer #usr/lib/ldscripts/elf64briscv_lp64.xu #usr/lib/ldscripts/elf64briscv_lp64.xw #usr/lib/ldscripts/elf64briscv_lp64.xwe +#usr/lib/ldscripts/elf64briscv_lp64.xwer #usr/lib/ldscripts/elf64briscv_lp64f.x #usr/lib/ldscripts/elf64briscv_lp64f.xbn #usr/lib/ldscripts/elf64briscv_lp64f.xc #usr/lib/ldscripts/elf64briscv_lp64f.xce +#usr/lib/ldscripts/elf64briscv_lp64f.xcer #usr/lib/ldscripts/elf64briscv_lp64f.xd #usr/lib/ldscripts/elf64briscv_lp64f.xdc #usr/lib/ldscripts/elf64briscv_lp64f.xdce +#usr/lib/ldscripts/elf64briscv_lp64f.xdcer #usr/lib/ldscripts/elf64briscv_lp64f.xde +#usr/lib/ldscripts/elf64briscv_lp64f.xder #usr/lib/ldscripts/elf64briscv_lp64f.xdw #usr/lib/ldscripts/elf64briscv_lp64f.xdwe +#usr/lib/ldscripts/elf64briscv_lp64f.xdwer #usr/lib/ldscripts/elf64briscv_lp64f.xe +#usr/lib/ldscripts/elf64briscv_lp64f.xer #usr/lib/ldscripts/elf64briscv_lp64f.xn #usr/lib/ldscripts/elf64briscv_lp64f.xr #usr/lib/ldscripts/elf64briscv_lp64f.xs #usr/lib/ldscripts/elf64briscv_lp64f.xsc #usr/lib/ldscripts/elf64briscv_lp64f.xsce +#usr/lib/ldscripts/elf64briscv_lp64f.xscer #usr/lib/ldscripts/elf64briscv_lp64f.xse +#usr/lib/ldscripts/elf64briscv_lp64f.xser #usr/lib/ldscripts/elf64briscv_lp64f.xsw #usr/lib/ldscripts/elf64briscv_lp64f.xswe +#usr/lib/ldscripts/elf64briscv_lp64f.xswer #usr/lib/ldscripts/elf64briscv_lp64f.xu #usr/lib/ldscripts/elf64briscv_lp64f.xw #usr/lib/ldscripts/elf64briscv_lp64f.xwe +#usr/lib/ldscripts/elf64briscv_lp64f.xwer #usr/lib/ldscripts/elf64lriscv.x #usr/lib/ldscripts/elf64lriscv.xbn #usr/lib/ldscripts/elf64lriscv.xc #usr/lib/ldscripts/elf64lriscv.xce +#usr/lib/ldscripts/elf64lriscv.xcer #usr/lib/ldscripts/elf64lriscv.xd #usr/lib/ldscripts/elf64lriscv.xdc #usr/lib/ldscripts/elf64lriscv.xdce +#usr/lib/ldscripts/elf64lriscv.xdcer #usr/lib/ldscripts/elf64lriscv.xde +#usr/lib/ldscripts/elf64lriscv.xder #usr/lib/ldscripts/elf64lriscv.xdw #usr/lib/ldscripts/elf64lriscv.xdwe +#usr/lib/ldscripts/elf64lriscv.xdwer #usr/lib/ldscripts/elf64lriscv.xe +#usr/lib/ldscripts/elf64lriscv.xer #usr/lib/ldscripts/elf64lriscv.xn #usr/lib/ldscripts/elf64lriscv.xr #usr/lib/ldscripts/elf64lriscv.xs #usr/lib/ldscripts/elf64lriscv.xsc #usr/lib/ldscripts/elf64lriscv.xsce +#usr/lib/ldscripts/elf64lriscv.xscer #usr/lib/ldscripts/elf64lriscv.xse +#usr/lib/ldscripts/elf64lriscv.xser #usr/lib/ldscripts/elf64lriscv.xsw #usr/lib/ldscripts/elf64lriscv.xswe +#usr/lib/ldscripts/elf64lriscv.xswer #usr/lib/ldscripts/elf64lriscv.xu #usr/lib/ldscripts/elf64lriscv.xw #usr/lib/ldscripts/elf64lriscv.xwe +#usr/lib/ldscripts/elf64lriscv.xwer #usr/lib/ldscripts/elf64lriscv_lp64.x #usr/lib/ldscripts/elf64lriscv_lp64.xbn #usr/lib/ldscripts/elf64lriscv_lp64.xc #usr/lib/ldscripts/elf64lriscv_lp64.xce +#usr/lib/ldscripts/elf64lriscv_lp64.xcer #usr/lib/ldscripts/elf64lriscv_lp64.xd #usr/lib/ldscripts/elf64lriscv_lp64.xdc #usr/lib/ldscripts/elf64lriscv_lp64.xdce +#usr/lib/ldscripts/elf64lriscv_lp64.xdcer #usr/lib/ldscripts/elf64lriscv_lp64.xde +#usr/lib/ldscripts/elf64lriscv_lp64.xder #usr/lib/ldscripts/elf64lriscv_lp64.xdw #usr/lib/ldscripts/elf64lriscv_lp64.xdwe +#usr/lib/ldscripts/elf64lriscv_lp64.xdwer #usr/lib/ldscripts/elf64lriscv_lp64.xe +#usr/lib/ldscripts/elf64lriscv_lp64.xer #usr/lib/ldscripts/elf64lriscv_lp64.xn #usr/lib/ldscripts/elf64lriscv_lp64.xr #usr/lib/ldscripts/elf64lriscv_lp64.xs #usr/lib/ldscripts/elf64lriscv_lp64.xsc #usr/lib/ldscripts/elf64lriscv_lp64.xsce +#usr/lib/ldscripts/elf64lriscv_lp64.xscer #usr/lib/ldscripts/elf64lriscv_lp64.xse +#usr/lib/ldscripts/elf64lriscv_lp64.xser #usr/lib/ldscripts/elf64lriscv_lp64.xsw #usr/lib/ldscripts/elf64lriscv_lp64.xswe +#usr/lib/ldscripts/elf64lriscv_lp64.xswer #usr/lib/ldscripts/elf64lriscv_lp64.xu #usr/lib/ldscripts/elf64lriscv_lp64.xw #usr/lib/ldscripts/elf64lriscv_lp64.xwe +#usr/lib/ldscripts/elf64lriscv_lp64.xwer #usr/lib/ldscripts/elf64lriscv_lp64f.x #usr/lib/ldscripts/elf64lriscv_lp64f.xbn #usr/lib/ldscripts/elf64lriscv_lp64f.xc #usr/lib/ldscripts/elf64lriscv_lp64f.xce +#usr/lib/ldscripts/elf64lriscv_lp64f.xcer #usr/lib/ldscripts/elf64lriscv_lp64f.xd #usr/lib/ldscripts/elf64lriscv_lp64f.xdc #usr/lib/ldscripts/elf64lriscv_lp64f.xdce +#usr/lib/ldscripts/elf64lriscv_lp64f.xdcer #usr/lib/ldscripts/elf64lriscv_lp64f.xde +#usr/lib/ldscripts/elf64lriscv_lp64f.xder #usr/lib/ldscripts/elf64lriscv_lp64f.xdw #usr/lib/ldscripts/elf64lriscv_lp64f.xdwe +#usr/lib/ldscripts/elf64lriscv_lp64f.xdwer #usr/lib/ldscripts/elf64lriscv_lp64f.xe +#usr/lib/ldscripts/elf64lriscv_lp64f.xer #usr/lib/ldscripts/elf64lriscv_lp64f.xn #usr/lib/ldscripts/elf64lriscv_lp64f.xr #usr/lib/ldscripts/elf64lriscv_lp64f.xs #usr/lib/ldscripts/elf64lriscv_lp64f.xsc #usr/lib/ldscripts/elf64lriscv_lp64f.xsce +#usr/lib/ldscripts/elf64lriscv_lp64f.xscer #usr/lib/ldscripts/elf64lriscv_lp64f.xse +#usr/lib/ldscripts/elf64lriscv_lp64f.xser #usr/lib/ldscripts/elf64lriscv_lp64f.xsw #usr/lib/ldscripts/elf64lriscv_lp64f.xswe +#usr/lib/ldscripts/elf64lriscv_lp64f.xswer #usr/lib/ldscripts/elf64lriscv_lp64f.xu #usr/lib/ldscripts/elf64lriscv_lp64f.xw #usr/lib/ldscripts/elf64lriscv_lp64f.xwe +#usr/lib/ldscripts/elf64lriscv_lp64f.xwer #usr/lib/ldscripts/stamp -usr/lib/libbfd-2.42.so +usr/lib/libbfd-2.43.so #usr/lib/libbfd.a #usr/lib/libbfd.la #usr/lib/libbfd.so @@ -308,7 +435,12 @@ usr/lib/libctf-nobfd.so.0.0.0 #usr/lib/libctf.so usr/lib/libctf.so.0 usr/lib/libctf.so.0.0.0 -usr/lib/libopcodes-2.42.so +#usr/lib/libgprofng.a +#usr/lib/libgprofng.la +#usr/lib/libgprofng.so +#usr/lib/libgprofng.so.0 +#usr/lib/libgprofng.so.0.0.0 +usr/lib/libopcodes-2.43.so #usr/lib/libopcodes.a #usr/lib/libopcodes.la #usr/lib/libopcodes.so @@ -322,6 +454,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/info/binutils.info #usr/share/info/ctf-spec.info #usr/share/info/gprof.info +#usr/share/info/gprofng.info #usr/share/info/ld.info #usr/share/info/ldint.info #usr/share/info/sframe-spec.info @@ -394,6 +527,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/pt_BR/LC_MESSAGES/opcodes.mo #usr/share/locale/ro/LC_MESSAGES/bfd.mo #usr/share/locale/ro/LC_MESSAGES/binutils.mo +#usr/share/locale/ro/LC_MESSAGES/gas.mo #usr/share/locale/ro/LC_MESSAGES/gprof.mo #usr/share/locale/ro/LC_MESSAGES/ld.mo #usr/share/locale/ro/LC_MESSAGES/opcodes.mo @@ -448,7 +582,13 @@ usr/lib/libsframe.so.1.0.0 #usr/share/man/man1/c++filt.1 #usr/share/man/man1/dlltool.1 #usr/share/man/man1/elfedit.1 +#usr/share/man/man1/gp-archive.1 +#usr/share/man/man1/gp-collect-app.1 +#usr/share/man/man1/gp-display-html.1 +#usr/share/man/man1/gp-display-src.1 +#usr/share/man/man1/gp-display-text.1 #usr/share/man/man1/gprof.1 +#usr/share/man/man1/gprofng.1 #usr/share/man/man1/ld.1 #usr/share/man/man1/nm.1 #usr/share/man/man1/objcopy.1 hooks/post-receive -- IPFire 2.x development tree

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

IPFire-SCM September 2024