This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via af4a2049ab5607ac1c72dc915520c16d438ab335 (commit) via 91c0e2735d137630a867aef40c9e1bde2a95f69e (commit) via 6c6813283a643025f0032ba1f7398a906d8b348a (commit) via ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac (commit) via 50ef8eb544e7604c78942916458dcabd91d268d0 (commit) via 656e3b79ca6e25ae518025914e20876c4576f793 (commit) from 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit af4a2049ab5607ac1c72dc915520c16d438ab335 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Sep 9 15:42:59 2024 +0000
core189: Ship OpenVPN
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 91c0e2735d137630a867aef40c9e1bde2a95f69e Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Sep 7 19:29:27 2024 +0200
openvpn: Update to version 2.5.10
- Update from version 2.5.9 to 2.5.10 - Update of rootfile not required - 3 CVE Fixes in this version but all are for Windows installations. - Changelog 2.5.10 Security fixes - CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. Reported-by: Vladimir Tokarev vtokarev@microsoft.com - CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. Reported-by: Vladimir Tokarev vtokarev@microsoft.com - CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. Reported-by: Vladimir Tokarev vtokarev@microsoft.com User visible changes - License amendment: all NEW commits fall under a modified license that explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - see COPYING for details. Existing code in the release/2.5 branch will not been relicensed (only in release/2.6 and later branches).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6c6813283a643025f0032ba1f7398a906d8b348a Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Sep 6 10:42:27 2024 +0000
core189: Ship sudo
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Sep 5 15:28:50 2024 +0200
sudo: Update to version 1.9.16
- Update from version 1.9.15p5 to 1.9.16 - Update of rootfile - Changelog 1.9.16 * Added the "cmddenial_message" sudoers option to provide additional information to the user when a command is denied by the sudoers policy. The default message is still displayed. * The time stamp used for file-based logs is now more consistent with the time stamp produced by syslog. GitHub issues #327. * Sudo will now warn the user if it can detect the user's terminal but cannot determine the path to the terminal device. The sudoers time stamp file will now use the terminal device number directly. GitHub issue #329. * The embedded copy of zlib has been updated to version 1.3.1. * Improved error handling if generating the list of signals and signal names fails at build time. * Fixed a compilation issue on Linux systems without process_vm_readv(). * Fixed cross-compilation with WolfSSL. * Added a "json_compact" value for the sudoers "log_format" option which can be used when logging to a file. The existing "json" value has been aliased to "json_pretty". In a future release, "json" will be an alias for "json_compact". GitHub issue #357. * A new "pam_silent" sudoers option has been added which may be negated to avoid suppressing output from PAM authentication modules. GitHub issue #216. * Fixed several cvtsudoers JSON output problems. GitHub issues #369, #370, #371, #373, #381. * When sudo runs a command in a pseudo-terminal and the user's terminal is revoked, the pseudo-terminal's foreground process group will now receive SIGHUP before the terminal is revoked. This emulates the behavior of the session leader exiting and is consistent with what happens when, for example, an ssh session is closed. GitHub issue #367. * Fixed "make test" with Python 3.12. GitHub issue #374. * In schema.ActiveDirectory, fixed the quoting in the example command. GitHub issue #376. * Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may now be double-quoted. * Sudo insults are now included by default, but disabled unless the --with-insults configure option is specified or the "insults" sudoers option is enabled. * The default sudoers file now enables the "secure_path" option by default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment variables when running visudo. The new --with-secure-path-value configure option can be used to set the value of "secure_path" in the default sudoers file. GitHub issue #387. * A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory Server, IBM Security Directory Server, and IBM Security Verify Directory) is now included. * When cross-compiling sudo, the configure script now assumes that the snprintf() function is C99-compliant if the C compiler supports the C99 standard. Previously, configure would use sudo's own snprintf() when cross-compiling. GitHub issue #386.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 50ef8eb544e7604c78942916458dcabd91d268d0 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Sep 6 10:41:23 2024 +0000
grub: Fix build on riscv64
https://savannah.gnu.org/bugs/?65909
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 656e3b79ca6e25ae518025914e20876c4576f793 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 5 09:50:59 2024 +0000
make.sh: Silence an error when we have low space in a fresh environment
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/sudo | 1 + .../{oldcore/100 => core/189}/filelists/openvpn | 0 .../{oldcore/112 => core/189}/filelists/sudo | 0 config/rootfiles/core/189/update.sh | 4 +++ lfs/grub | 1 + lfs/openvpn | 6 ++-- lfs/sudo | 6 ++-- make.sh | 2 +- ...e-medany-instead-of-large-model-for-RISCV.patch | 36 ++++++++++++++++++++++ 9 files changed, 49 insertions(+), 7 deletions(-) copy config/rootfiles/{oldcore/100 => core/189}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/112 => core/189}/filelists/sudo (100%) create mode 100644 src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
Difference in files: diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo index a09f06b38..651a284e3 100644 --- a/config/rootfiles/common/sudo +++ b/config/rootfiles/common/sudo @@ -75,6 +75,7 @@ usr/sbin/visudo #usr/share/locale/hu/LC_MESSAGES/sudo.mo #usr/share/locale/hu/LC_MESSAGES/sudoers.mo #usr/share/locale/id/LC_MESSAGES/sudo.mo +#usr/share/locale/id/LC_MESSAGES/sudoers.mo #usr/share/locale/it/LC_MESSAGES/sudo.mo #usr/share/locale/it/LC_MESSAGES/sudoers.mo #usr/share/locale/ja/LC_MESSAGES/sudo.mo diff --git a/config/rootfiles/core/189/filelists/openvpn b/config/rootfiles/core/189/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/189/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/189/filelists/sudo b/config/rootfiles/core/189/filelists/sudo new file mode 120000 index 000000000..0d3c45e04 --- /dev/null +++ b/config/rootfiles/core/189/filelists/sudo @@ -0,0 +1 @@ +../../../common/sudo \ No newline at end of file diff --git a/config/rootfiles/core/189/update.sh b/config/rootfiles/core/189/update.sh index 2c9fb0974..3972f3507 100644 --- a/config/rootfiles/core/189/update.sh +++ b/config/rootfiles/core/189/update.sh @@ -325,6 +325,8 @@ rm -vrf \ /lib/firmware/RTL8192E
# Stop services +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n
# Extract files extract_files @@ -347,6 +349,8 @@ ldconfig telinit u
# Start services +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n
# This update needs a reboot... touch /var/run/need_reboot diff --git a/lfs/grub b/lfs/grub index bcc6ac4ab..91dda242c 100644 --- a/lfs/grub +++ b/lfs/grub @@ -94,6 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_APP_EFI) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.06-remove_os_prober_disabled_warning.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.02_disable_vga_fallback.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch cd $(DIR_APP) && [ ! -e grub-core/extra_deps.lst ] && echo 'depends bli part_gpt' > grub-core/extra_deps.lst cd $(DIR_APP) && autoreconf -vfi
diff --git a/lfs/openvpn b/lfs/openvpn index b686cc930..807019f0a 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.5.9 +VER = 2.5.10
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e5110ebb9149121c11de45f085f66d30a89fb674ad96c5792d83b16dc29c95215a91e682adb3c800b91ed4d88d6d24b5bcae0799cdb855a284832f0668ffcb82 +$(DL_FILE)_BLAKE2 = 7f4ae82162e2e48e66df2da8008f45a2db53a22483730808b873948f1dc13a2e5582c79e4469f9d794f8b0f87f08d627e8d1bd070b088ea33444af31779f5479
install : $(TARGET)
diff --git a/lfs/sudo b/lfs/sudo index 129e41e9f..cac540be0 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.9.15p5 +VER = 1.9.16
THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720 +$(DL_FILE)_BLAKE2 = 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12
install : $(TARGET)
diff --git a/make.sh b/make.sh index bba35de41..737ad1161 100755 --- a/make.sh +++ b/make.sh @@ -391,7 +391,7 @@ prepareenv() { # Add any consumed space while read -r consumed_space path; do (( free_space += consumed_space / 1024 / 1024 )) - done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}")" + done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}" 2>/dev/null)" fi
# Check that we have the required space diff --git a/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch new file mode 100644 index 000000000..4bfd46856 --- /dev/null +++ b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jason Montleon jason@montleon.com +Date: Fri, 3 May 2024 13:18:37 -0400 +Subject: [PATCH] Use medany instead of large model for RISCV + +Signed-off-by: Jason Montleon jason@montleon.com +--- + configure.ac | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d223fe3ef6e..6a6688e362a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1313,7 +1313,7 @@ AC_SUBST(TARGET_LDFLAGS_OLDMAGIC) + + LDFLAGS="$TARGET_LDFLAGS" + +-if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 ; then ++if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 ; then + # Use large model to support 4G memory + AC_CACHE_CHECK([whether option -mcmodel=large works], grub_cv_cc_mcmodel, [ + CFLAGS="$TARGET_CFLAGS -mcmodel=large" +@@ -1323,9 +1323,11 @@ if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_ + ]) + if test "x$grub_cv_cc_mcmodel" = xyes; then + TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=large" +- elif test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64; then ++ elif test "$target_cpu" = sparc64; then + TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany" + fi ++elif test "$target_cpu" = riscv64 ; then ++ TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany" + fi + + if test "$target_cpu"-"$platform" = x86_64-efi; then
hooks/post-receive -- IPFire 2.x development tree