This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via ceb5733c595b99c3f23e1c0b18cd315babb6afeb (commit) via 0e734ef7a8198fa851442f858095c4004975c677 (commit) via a9fb87809eccdc7ea7736659ceec929a028761d4 (commit) via 97c76ea56fff5de5ff40e0435c741f109b12835d (commit) via f8513e6f57edb2a8f30471143b536aca6804f815 (commit) via 8c06bb2df9e37c290848975e7d3b8a7afff164e1 (commit) via abcabf673ec70c2086816166553b83b77580fc8f (commit) via 5423f3338577e30e3c4d100445804fc763363eb7 (commit) via b9714c0eee9516a884718f5a389a7f5dfe5779ff (commit) via 2a2219ae9b652644a37fc0435bd056e933df2158 (commit) via 69d65dee13353a92ca94c8ee68dbb8641918dc70 (commit) via 66c55e6cb0760cb76b0772892b0f58bc6d50cae5 (commit) via 05f1889aa8af11057cab6f05d643a4299652648d (commit) via a0112ac028ff2e6a5103bb517de619c2dd9de314 (commit) via 567e5e85e5b14704e2dd9dd73eaf05147a132397 (commit) via c12f3d9726787bbc269b14a255e6bbee64334e63 (commit) via 7966faf398cc3cd298e5a9749932c88288577bab (commit) from df85d2dca849f513441f5c953cf87310a9c9d1af (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit ceb5733c595b99c3f23e1c0b18cd315babb6afeb Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun May 30 16:21:20 2021 +0200
Deleted no longer used 'if' clauses (ALG) from firewall init
In https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=ffafaa71a6970a8c3d094224... all ALGs were removed from UI.
But they remained - somehow - in the initscript (firewall).
I tried to remove the remnants - hopefully in the correct way.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0e734ef7a8198fa851442f858095c4004975c677 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:41:41 2021 +0000
core158: Ship sshd_config
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a9fb87809eccdc7ea7736659ceec929a028761d4 Author: Peter Müller peter.mueller@ipfire.org Date: Sun May 30 12:33:31 2021 +0200
OpenSSH: restrict file permissions for sshd_config to 0600
This file does not have to be readable by anybody else than the user running an OpenSSH server. While it does not really contain confidential information, exposing it to the rest of the world makes no sense either.
This will silence a Lynis warning. :-)
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 97c76ea56fff5de5ff40e0435c741f109b12835d Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:41:00 2021 +0000
core158: Ship expat
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f8513e6f57edb2a8f30471143b536aca6804f815 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat May 29 18:41:31 2021 +0200
expat: Update to 2.4.1
- Update from 2.3.0 to 2.4.1 - Update rootfile - Changelog (URL in changelog changed to https://verbump(dot)de as mail was rejected by IPFire mail system due to policy violation because URL was highlighted as a blacklisted addresss Release 2.4.1 Sun May 23 2021 Bug fixes: #488 #490 Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 Other changes: #491 #492 Version info bumped from 9:0:8 to 9:1:8; see https://verbump(dot)de/ for what these numbers do Special thanks to: Gentoo's QA check "multilib_check_headers" Release 2.4.0 Sun May 23 2021 Security fixes: #34 #466 #484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor (<amplification> := (<direct> + <indirect>) / <direct>). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (=<direct> + <indirect>) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. Bug fixes: #332 #470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. #485 #486 Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 Other changes: #468 #469 xmlwf: Improve help output and the xmlwf man page #463 xmlwf: Improve maintainability through some refactoring #477 xmlwf: Fix man page DocBook validity #458 #459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR #471 #481 CMake: Add support for standard variable BUILD_SHARED_LIBS #457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters #467 Resolve macro HAVE_EXPAT_CONFIG_H #472 Delete unused legacy helper file "conftools/PrintPath" #473 #483 Improve attribution #464 #465 #477 doc/reference.html: Fix XHTML validity #475 #478 doc/reference.html: Replace the 90s look by OK.css #479 Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump(dot)de/ for what these numbers do Infrastructure: #456 CI: Enable periodic runs #457 CI: Start covering the list of exported symbols #474 CI: Isolate coverage task #476 #482 CI: Adapt to breaking changes in image "ubuntu-18.04" #477 CI: Cover well-formedness and DocBook/XHTML validity of doc/reference.html and doc/xmlwf.xml Special thanks to: Dimitry Andric Eero Helenius Nick Wellnhofer Rhodri James Tomas Korbar Yury Gribov and Clang LeakSan JetBrains OSS-Fuzz
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8c06bb2df9e37c290848975e7d3b8a7afff164e1 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:40:34 2021 +0000
core158: Ship curl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit abcabf673ec70c2086816166553b83b77580fc8f Author: Adolf Belka adolf.belka@ipfire.org Date: Sat May 29 18:02:43 2021 +0200
curl: Update to 7.77.0
- Update from 7.76.1 to 7.77.0 - Update rootfile - Changelog is too large to include here. It can be accesed at https://curl.se/changes.html There are 5 changes and 133 bug fixes of which 3 are related to CVE's
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5423f3338577e30e3c4d100445804fc763363eb7 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat May 29 18:02:22 2021 +0200
cmake: Update to 3.20.3
- Update from 3.20.2 to 3.20.3 - Update of rootfile not required - Changelog Changes made since CMake 3.20.2: Brad King (7): Help: Use relative path for IDE Integration guide link to preset schema BinUtils: Use more-private temporary variable names ObjectiveC: Respect OSX_ARCHITECTURES for OBJC FindBoost: Add support for Boost 1.76 Ninja: Restore support for Fortran in a symlinked build tree Utilities/Sphinx: Update man page config for Sphinx 4 CMake 3.20.3 Craig Scott (2): ExternalProject: Ensure git fetch if updating to hash we don’t have yet ExternalProject: Only add git config setting with git 1.7.7 or later Kyle Edwards (2): Ninja Multi-Config: Split long command lines by config CMP0082: Check EXCLUDE_FROM_ALL property at generate time Raul Tambre (3): GNU: C++17 default version GNU: Final C++20 flags GNU: C++23 support Robert Maynard (6): CUDA: improve regex for CUDA Toolkit root from nvcc verbose output cmCommandLineArgument: Correctly record parsing failures cmake: --build and --install error out when encountering bad flags cmCommandLineArgument: Provide more information syntax error messages NVHPC: Support explicit language flags NVHPC: Support Ninja dependency scanning
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b9714c0eee9516a884718f5a389a7f5dfe5779ff Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:39:47 2021 +0000
core158: Ship zstd
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2a2219ae9b652644a37fc0435bd056e933df2158 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 25 21:34:56 2021 +0200
zstd: Update to 1.5.0
- Update from 1.4.9 to 1.5.0 - Update of rootfile - Changelog v1.5.0 (May 11, 2021) api: Various functions promoted from experimental to stable API: (#2579-2581, @senhuang42) `ZSTD_defaultCLevel()` `ZSTD_getDictID_fromCDict()` api: Several experimental functions have been deprecated and will emit a compiler warning (#2582, @senhuang42) `ZSTD_compress_advanced()` `ZSTD_compress_usingCDict_advanced()` `ZSTD_compressBegin_advanced()` `ZSTD_compressBegin_usingCDict_advanced()` `ZSTD_initCStream_srcSize()` `ZSTD_initCStream_usingDict()` `ZSTD_initCStream_usingCDict()` `ZSTD_initCStream_advanced()` `ZSTD_initCStream_usingCDict_advanced()` `ZSTD_resetCStream()` api: ZSTDMT_NBWORKERS_MAX reduced to 64 for 32-bit environments (@Cyan4973) perf: Significant speed improvements for middle compression levels (#2494, @senhuang42 @terrelln) perf: Block splitter to improve compression ratio, enabled by default for high compression levels (#2447, @senhuang42) perf: Decompression loop refactor, speed improvements on `clang` and for `--long` modes (#2614 #2630, @Cyan4973) perf: Reduced stack usage during compression and decompression entropy stage (#2522 #2524, @terrelln) bug: Improve setting permissions of created files (#2525, @felixhandte) bug: Fix large dictionary non-determinism (#2607, @terrelln) bug: Fix non-determinism test failures on Linux i686 (#2606, @terrelln) bug: Fix various dedicated dictionary search bugs (#2540 #2586, @senhuang42 @felixhandte) bug: Ensure `ZSTD_estimateCCtxSize*() `monotonically increases with compression level (#2538, @senhuang42) bug: Fix --patch-from mode parameter bound bug with small files (#2637, @occivink) bug: Fix UBSAN error in decompression (#2625, @terrelln) bug: Fix superblock compression divide by zero bug (#2592, @senhuang42) bug: Make the number of physical CPU cores detection more robust (#2517, @PaulBone) doc: Improve `zdict.h` dictionary training API documentation (#2622, @terrelln) doc: Note that public `ZSTD_free*()` functions accept NULL pointers (#2521, @animalize) doc: Add style guide docs for open source contributors (#2626, @Cyan4973) tests: Better regression test coverage for different dictionary modes (#2559, @senhuang42) tests: Better test coverage of index reduction (#2603, @terrelln) tests: OSS-Fuzz coverage for seekable format (#2617, @senhuang42) tests: Test coverage for ZSTD threadpool API (#2604, @senhuang42) build: Dynamic library built multithreaded by default (#2584, @senhuang42) build: Move `zstd_errors.h` and `zdict.h` to `lib/` root (#2597, @terrelln) build: Allow `ZSTDMT_JOBSIZE_MIN` to be configured at compile-time, reduce default to 512KB (#2611, @Cyan4973) build: Single file library build script moved to `build/` directory (#2618, @felixhandte) build: `ZBUFF_*()` is no longer built by default (#2583, @senhuang42) build: Fixed Meson build (#2548, @SupervisedThinking @kloczek) build: Fix excessive compiler warnings with clang-cl and CMake (#2600, @nickhutchinson) build: Detect presence of `md5` on Darwin (#2609, @felixhandte) build: Avoid SIGBUS on armv6 (#2633, @bmwiedmann) cli: `--progress` flag added to always display progress bar (#2595, @senhuang42) cli: Allow reading from block devices with `--force` (#2613, @felixhandte) cli: Fix CLI filesize display bug (#2550, @Cyan4973) cli: Fix windows CLI `--filelist` end-of-line bug (#2620, @Cyan4973) contrib: Various fixes for linux kernel patch (#2539, @terrelln) contrib: Seekable format - Decompression hanging edge case fix (#2516, @senhuang42) contrib: Seekable format - New seek table-only API (#2113 #2518, @mdittmer @Cyan4973) contrib: Seekable format - Fix seek table descriptor check when loading (#2534, @foxeng) contrib: Seekable format - Decompression fix for large offsets, (#2594, @azat) misc: Automatically published release tarballs available on Github (#2535, @felixhandte)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 69d65dee13353a92ca94c8ee68dbb8641918dc70 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 25 21:34:42 2021 +0200
zerofree: Update to 1.1.1
- Update from 1.0.1 (2008) to 1.1.1 (2018) - Update of rootfile not required - Changelog information is not available in the source tarball or in the zerofree website
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 66c55e6cb0760cb76b0772892b0f58bc6d50cae5 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:39:01 2021 +0000
core158: Ship zd1211-firmware
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 05f1889aa8af11057cab6f05d643a4299652648d Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 25 21:34:22 2021 +0200
zd1211-firmware: Update to 1.5
- Update from 1.4 (2007) to 1.5 (2014) - Update of rootfile not required - Changelog Sync to vendor driver v3.0.0.56 Header files taken from LinuxUSB_AR2524-3.0.0.56.tgz
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a0112ac028ff2e6a5103bb517de619c2dd9de314 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:38:23 2021 +0000
core158: Ship perl-XML-Parser
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 567e5e85e5b14704e2dd9dd73eaf05147a132397 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 25 21:33:57 2021 +0200
XML-Parser: Update to 2.46
- Update from 2.34 to 2.46 - Update rootfile - Changelog 2.46 2019-09-24 (by Todd Rinaldo) - use foreach not for for loops - produce README.md so travis will show up on github - remove use vars and switch to our. - travis-ci testing from 5.8..5.28 - Convert XML::Parser to use 3 arg opens with no barewords. - Migrate tracker to github - Switch to XSLoader - Fix a buffer overwrite in parse_stream() 2.44 2015-01-12 (by Todd Rinaldo) - RT 99098 - Revert "Add more useful error message on parse to Expat". It breaks XML::Twig. Calling code will need to do this if it's needed. - RT 100959 - Add use FileHandle to t/astress.t - Make perl 5.10.0 happy. 2.43 2014-12-11 (by Todd Rinaldo) - POD patch to man from Debian via Nicholas Bamber - POD patch from Debian via gregor herrmann. - Add more useful error message on parse to Expat - Fix LWP dependency to be LWP::Useragent - Bump to 2.43 for overdue release to CPAN. 2.42_01 2013-07-12 (by Todd Rinaldo) - Added instructions to README for OSX - XS changes: stop using SvPV(string, PL_na) - Fix documentation typos 2.41 2011-06-01 (by Todd Rinaldo) - Tests are cleaned. promoting to stable. No changes since 2.40_02 2.40_02 2011-05-31 (by Todd Rinaldo) - TODO some tests which fail in Free BSD due to improper expat CVE patch http://www.freebsd.org/cgi/query-pr.cgi?pr=157469 2.40_01 2011-05-24 (by Todd Rinaldo) - better installation instructions - Small spelling patches from Debian package - Thanks Nicholas Bamber - RT 68399 - Upgrade Devel::CheckLib to 0.93 to make it perl 5.14 compliant - qw() - RT 67207 - Stop doing tied on globs - Thanks sprout - RT 31319 - Fix doc links in POD for XML/Parser.pm 2.40 2010-09-16 (by Alexandr Ciornii) - Add windows-1251.enc, ibm866.enc, koi8-r.enc (Russian) - Add windows-1255.enc (Hebrew) - Update iso-8859-7.enc (RT#40712) - Use Devel::CheckLib - Better description of expat packages - Better Perl style in both code and docs 2.36 - Fix for Carp::Heavy bugs 2.35 (mostly by Alexandr Ciornii) - Works in 5.10 (Andreas J. Koenig) - Added license in Makefile.PL (Alexandr Ciornii) - Makefile.PL also searches for expat in C:/lib/Expat-2.0.0 (Alexandr Ciornii) - No longer uses variable named 'namespace' in Expat.xs (Jeff Hunter)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c12f3d9726787bbc269b14a255e6bbee64334e63 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 31 12:37:49 2021 +0000
core158: Ship knot
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7966faf398cc3cd298e5a9749932c88288577bab Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue May 25 17:37:16 2021 +0200
knot: Update to 3.0.6
For details see: https://www.knot-dns.cz/2021-05-12-version-306.html
"Features:
mod-probe: new module for simple traffic logging (Python API not yet included)
Improvements:
keymgr: new mode for listing zones with at least one key stored keymgr: the pregenerate command accepts optional timestamp-from parameter kzonecheck: accept '-' as substitution for standard input #727 knotd: print an error when unable to change owner of a logging file knotd: new warning log if no interface is configured knotd: new signing policy check for NSEC3 iterations higher than 20 knotd: don't allow backup to/restore from the DB storage directory Various code (mostly zone backup/restore), tests, and documentation improvements
Bugfixes:
knotd: secondary fails to load zone file if HTTPS or SVCB record is present #725 knotd: (KSK roll-over) new KSK is not signing DNSKEY long enough before DS submission knotd: (KSK roll-over) old KSK uselessly published after roll-over finished knotd: malformed address in TCP-related logs when listening on a UNIX socket knotd: server responds FORMERR instead of BADTIME if TSIG signed time is zero #730 modules: incorrect local and remote addresses in the XDP mode modules: failed to read configuration from a section without identifiers mod-synthrecord: queries on synthesized empty-non-terminals not answered with NODATA keymgr: confusing error if del-all-old command fails"
For 3.0.5 (skipped): https://www.knot-dns.cz/2021-03-25-version-305.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/XML-Parser | 6 +- config/rootfiles/common/curl | 2 + config/rootfiles/common/expat | 22 ++++---- config/rootfiles/common/zstd | 2 +- .../{oldcore/136 => core/158}/filelists/XML-Parser | 0 .../{oldcore/104 => core/158}/filelists/curl | 0 .../{oldcore/106 => core/158}/filelists/expat | 0 config/rootfiles/core/158/filelists/files | 1 + .../{oldcore/128 => core/158}/filelists/knot | 0 .../51 => core/158}/filelists/zd1211-firmware | 0 .../{oldcore/149 => core/158}/filelists/zstd | 0 lfs/XML-Parser | 4 +- lfs/cmake | 4 +- lfs/curl | 7 ++- lfs/expat | 4 +- lfs/knot | 6 +- lfs/openssh | 2 +- lfs/zd1211-firmware | 4 +- lfs/zerofree | 6 +- lfs/zstd | 4 +- src/initscripts/system/firewall | 65 +--------------------- 21 files changed, 42 insertions(+), 97 deletions(-) copy config/rootfiles/{oldcore/136 => core/158}/filelists/XML-Parser (100%) copy config/rootfiles/{oldcore/104 => core/158}/filelists/curl (100%) copy config/rootfiles/{oldcore/106 => core/158}/filelists/expat (100%) copy config/rootfiles/{oldcore/128 => core/158}/filelists/knot (100%) copy config/rootfiles/{oldcore/51 => core/158}/filelists/zd1211-firmware (100%) copy config/rootfiles/{oldcore/149 => core/158}/filelists/zstd (100%)
Difference in files: diff --git a/config/rootfiles/common/XML-Parser b/config/rootfiles/common/XML-Parser index 8a389c004..3b82a96a7 100644 --- a/config/rootfiles/common/XML-Parser +++ b/config/rootfiles/common/XML-Parser @@ -6,6 +6,8 @@ usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encod #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/README #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/big5.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/euc-kr.enc +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/ibm866.enc +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-15.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-2.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-3.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-4.enc @@ -13,8 +15,11 @@ usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encod #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-7.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-8.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/iso-8859-9.enc +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/koi8-r.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/windows-1250.enc +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/windows-1251.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/windows-1252.enc +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/windows-1255.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/x-euc-jp-jisx0221.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/x-euc-jp-unicode.enc #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Encodings/x-sjis-cp932.enc @@ -33,7 +38,6 @@ usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/XML/Parser/Style #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/XML/Parser #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/XML/Parser/.packlist #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/XML/Parser/Expat -#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/XML/Parser/Expat/Expat.bs usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/XML/Parser/Expat/Expat.so #usr/share/man/man3/XML::Parser.3 #usr/share/man/man3/XML::Parser::Expat.3 diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 83a85d548..b29662977 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -113,6 +113,7 @@ usr/lib/libcurl.so.4.7.0 #usr/share/man/man3/CURLOPT_AWS_SIGV4.3 #usr/share/man/man3/CURLOPT_BUFFERSIZE.3 #usr/share/man/man3/CURLOPT_CAINFO.3 +#usr/share/man/man3/CURLOPT_CAINFO_BLOB.3 #usr/share/man/man3/CURLOPT_CAPATH.3 #usr/share/man/man3/CURLOPT_CERTINFO.3 #usr/share/man/man3/CURLOPT_CHUNK_BGN_FUNCTION.3 @@ -265,6 +266,7 @@ usr/lib/libcurl.so.4.7.0 #usr/share/man/man3/CURLOPT_PROXYUSERNAME.3 #usr/share/man/man3/CURLOPT_PROXYUSERPWD.3 #usr/share/man/man3/CURLOPT_PROXY_CAINFO.3 +#usr/share/man/man3/CURLOPT_PROXY_CAINFO_BLOB.3 #usr/share/man/man3/CURLOPT_PROXY_CAPATH.3 #usr/share/man/man3/CURLOPT_PROXY_CRLFILE.3 #usr/share/man/man3/CURLOPT_PROXY_ISSUERCERT.3 diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 365286f85..4dcfe4a7d 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,22 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.3.0 -#usr/lib/cmake/expat-2.3.0/expat-config-version.cmake -#usr/lib/cmake/expat-2.3.0/expat-config.cmake -#usr/lib/cmake/expat-2.3.0/expat-noconfig.cmake -#usr/lib/cmake/expat-2.3.0/expat.cmake +#usr/lib/cmake/expat-2.4.1 +#usr/lib/cmake/expat-2.4.1/expat-config-version.cmake +#usr/lib/cmake/expat-2.4.1/expat-config.cmake +#usr/lib/cmake/expat-2.4.1/expat-noconfig.cmake +#usr/lib/cmake/expat-2.4.1/expat.cmake #usr/lib/libexpat.a #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.7.0 +usr/lib/libexpat.so.1.8.1 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.3.0 -#usr/share/doc/expat-2.3.0/expat.png -#usr/share/doc/expat-2.3.0/reference.html -#usr/share/doc/expat-2.3.0/style.css -#usr/share/doc/expat-2.3.0/valid-xhtml10.png +#usr/share/doc/expat-2.4.1 +#usr/share/doc/expat-2.4.1/ok.min.css +#usr/share/doc/expat-2.4.1/reference.html +#usr/share/doc/expat-2.4.1/style.css +#usr/share/doc/expat-2.4.1/valid-xhtml10.png #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog diff --git a/config/rootfiles/common/zstd b/config/rootfiles/common/zstd index 923192f0f..83e11e4c8 100644 --- a/config/rootfiles/common/zstd +++ b/config/rootfiles/common/zstd @@ -10,7 +10,7 @@ usr/bin/zstdmt #usr/lib/libzstd.a #usr/lib/libzstd.so usr/lib/libzstd.so.1 -usr/lib/libzstd.so.1.4.9 +usr/lib/libzstd.so.1.5.0 #usr/lib/pkgconfig/libzstd.pc #usr/share/man/man1/unzstd.1 #usr/share/man/man1/zstd.1 diff --git a/config/rootfiles/core/158/filelists/XML-Parser b/config/rootfiles/core/158/filelists/XML-Parser new file mode 120000 index 000000000..4f5be1a8c --- /dev/null +++ b/config/rootfiles/core/158/filelists/XML-Parser @@ -0,0 +1 @@ +../../../common/XML-Parser \ No newline at end of file diff --git a/config/rootfiles/core/158/filelists/curl b/config/rootfiles/core/158/filelists/curl new file mode 120000 index 000000000..4b84bef53 --- /dev/null +++ b/config/rootfiles/core/158/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/158/filelists/expat b/config/rootfiles/core/158/filelists/expat new file mode 120000 index 000000000..e1923cf63 --- /dev/null +++ b/config/rootfiles/core/158/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file diff --git a/config/rootfiles/core/158/filelists/files b/config/rootfiles/core/158/filelists/files index 15ae78624..385056dcd 100644 --- a/config/rootfiles/core/158/filelists/files +++ b/config/rootfiles/core/158/filelists/files @@ -1,4 +1,5 @@ etc/rc.d/init.d/firewall +etc/ssh/sshd_config opt/pakfire/lib/functions.pl opt/pakfire/pakfire srv/web/ipfire/cgi-bin/dhcp.cgi diff --git a/config/rootfiles/core/158/filelists/knot b/config/rootfiles/core/158/filelists/knot new file mode 120000 index 000000000..28e96f878 --- /dev/null +++ b/config/rootfiles/core/158/filelists/knot @@ -0,0 +1 @@ +../../../common/knot \ No newline at end of file diff --git a/config/rootfiles/core/158/filelists/zd1211-firmware b/config/rootfiles/core/158/filelists/zd1211-firmware new file mode 120000 index 000000000..33985ced8 --- /dev/null +++ b/config/rootfiles/core/158/filelists/zd1211-firmware @@ -0,0 +1 @@ +../../../common/zd1211-firmware \ No newline at end of file diff --git a/config/rootfiles/core/158/filelists/zstd b/config/rootfiles/core/158/filelists/zstd new file mode 120000 index 000000000..d6d4a3bf1 --- /dev/null +++ b/config/rootfiles/core/158/filelists/zstd @@ -0,0 +1 @@ +../../../common/zstd \ No newline at end of file diff --git a/lfs/XML-Parser b/lfs/XML-Parser index 98df1d0ec..d6c46d25e 100644 --- a/lfs/XML-Parser +++ b/lfs/XML-Parser @@ -24,7 +24,7 @@
include Config
-VER = 2.34 +VER = 2.46
THISAPP = XML-Parser-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 84d9e0001fe01c14867256c3fe115899 +$(DL_FILE)_MD5 = 80bb18a8e6240fcf7ec2f7b57601c170
install : $(TARGET)
diff --git a/lfs/cmake b/lfs/cmake index 7ce6e7e7d..489513b90 100644 --- a/lfs/cmake +++ b/lfs/cmake @@ -24,7 +24,7 @@
include Config
-VER = 3.20.2 +VER = 3.20.3
THISAPP = cmake-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = cd0e7735f1e51f30ee3b0844390a464a +$(DL_FILE)_MD5 = 57ddb91cd14cb7e58a34f1f1066bf8c2
install : $(TARGET)
diff --git a/lfs/curl b/lfs/curl index cd4cc26d1..ae55d812e 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,7 +24,7 @@
include Config
-VER = 7.76.1 +VER = 7.77.0
THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5296108646ca7f318b468a7a9d4a0eb2 +$(DL_FILE)_MD5 = 3cf78c539cae019cf96ba38571706e06
install : $(TARGET)
@@ -75,7 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --disable-ipv6 \ --disable-static \ --enable-threaded-resolver \ - --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt + --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt \ + --with-openssl cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/expat b/lfs/expat index 92c42bf82..7627447f3 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@
include Config
-VER = 2.3.0 +VER = 2.4.1
THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 54ea624caca3f9003cebcab4f0a75c8f +$(DL_FILE)_MD5 = 476cdf4b5e40280316fff36b2086a390
install : $(TARGET)
diff --git a/lfs/knot b/lfs/knot index 39940a358..ec6ec4deb 100644 --- a/lfs/knot +++ b/lfs/knot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.0.4 +VER = 3.0.6
THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c0a546927ff50db153893de43758cb37 +$(DL_FILE)_MD5 = 0d8aaa8e5214623c12123c67b5f2c460
install : $(TARGET)
diff --git a/lfs/openssh b/lfs/openssh index 3117e996c..ced1a7db9 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install
# install custom OpenSSH server configuration - install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \ + install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \ /etc/ssh/sshd_config
# install custom OpenSSH client configuration diff --git a/lfs/zd1211-firmware b/lfs/zd1211-firmware index e19f1cbb5..0cf2c10a4 100644 --- a/lfs/zd1211-firmware +++ b/lfs/zd1211-firmware @@ -24,7 +24,7 @@
include Config
-VER = 1.4 +VER = 1.5
THISAPP = zd1211-firmware-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 19f28781d76569af8551c9d11294c870 +$(DL_FILE)_MD5 = 3c182ceb9b2fc1d8442cd81c1280d83f
install : $(TARGET)
diff --git a/lfs/zerofree b/lfs/zerofree index b3f20aba6..20a6137a3 100644 --- a/lfs/zerofree +++ b/lfs/zerofree @@ -24,10 +24,10 @@
include Config
-VER = 1.0.1 +VER = 1.1.1
THISAPP = zerofree-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tgz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a8c772fdd134448f25ab4e7e12004595 +$(DL_FILE)_MD5 = 4f2d6bdba4212e54eb7dd22a8fbb6d29
install : $(TARGET)
diff --git a/lfs/zstd b/lfs/zstd index a4549557b..71f09ab40 100644 --- a/lfs/zstd +++ b/lfs/zstd @@ -24,7 +24,7 @@
include Config
-VER = 1.4.9 +VER = 1.5.0
THISAPP = zstd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = eb718b8aae0302cabe20f968e500534d +$(DL_FILE)_MD5 = a6eb7fb1f2c21fa80030a47993853e92
install : $(TARGET)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index dd9f1a484..1e558ee86 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -98,74 +98,11 @@ iptables_init() { iptables -t raw -N CONNTRACK iptables -t raw -A PREROUTING -j CONNTRACK
- # Conntrack helpers (https://home.regit.org/netfilter-en/secure-use-of-helpers/) + # Conntrack helper (https://home.regit.org/netfilter-en/secure-use-of-helpers/)
# GRE (always enabled) modprobe nf_conntrack_proto_gre
- # SIP - if [ "${CONNTRACK_SIP}" = "on" ]; then - modprobe nf_nat_sip - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper sip -j ACCEPT - for proto in udp tcp; do - iptables -t raw -A CONNTRACK -p "${proto}" --dport 5060 -j CT --helper sip - done - fi - - # H.323 - if [ "${CONNTRACK_H323}" = "on" ]; then - modprobe nf_nat_h323 - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper h323 -j ACCEPT - - # Gatekeeper RAS - iptables -t raw -A CONNTRACK -p udp --dport 1719 -j CT --helper RAS - - # Q.931 - iptables -t raw -A CONNTRACK -p tcp --dport 1720 -j CT --helper Q.931 - fi - - # FTP - if [ "${CONNTRACK_FTP}" = "on" ]; then - modprobe nf_nat_ftp - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT - iptables -t raw -A CONNTRACK -p tcp --dport 21 -j CT --helper ftp - fi - - # PPTP - if [ "${CONNTRACK_PPTP}" = "on" ]; then - modprobe nf_nat_pptp - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper pptp -j ACCEPT - iptables -t raw -A CONNTRACK -p tcp --dport 1723 -j CT --helper pptp - fi - - # TFTP - if [ "${CONNTRACK_TFTP}" = "on" ]; then - modprobe nf_nat_tftp - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper tftp -j ACCEPT - iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp - fi - - # IRC - if [ "${CONNTRACK_IRC}" = "on" ]; then - modprobe nf_nat_irc - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper irc -j ACCEPT - iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc - fi - - # Amanda - if [ "${CONNTRACK_AMANDA}" = "on" ]; then - modprobe nf_nat_amanda - iptables -A CONNTRACK -m conntrack --ctstate RELATED \ - -m helper --helper amanda -j ACCEPT - iptables -t raw -A CONNTRACK -p tcp -j CT --helper amanda - fi - # Fix for braindead ISPs iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
hooks/post-receive -- IPFire 2.x development tree