This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via e023c2a4143caa194fb9f270123653c7ec5d01a2 (commit) via 9eb18b34c68c0044f62fc601580f48384496f61b (commit) via e42ea50d7a0bbeb3dcff7083039b4ab3362e6fe5 (commit) via 0a554a474eaa7c610a96811b318ee67176fb0924 (commit) via c6a1970b587faaca0b032a0ac74fc5d66a6f0b64 (commit) via 51c7cfed815b80b60b9d6553fb7cd2cb476e0596 (commit) via 1653034fae0d52f8379278ee8c6cd6be6a5f5d09 (commit) via 24c8b9e0e6abd4dc3587b5181c38967b083ef954 (commit) via 42a2077c72cfc9fc93b638794cb0f370a905d3a3 (commit) via 84c21e12ecfac026dc222417e95a15231bc57c33 (commit) via 4c802a17be2bb5f57b5db6991e727b9312b7930d (commit) via d2130887f727174d0e6416f9023ad0414d5e6536 (commit) via bf043437f8d4bc525758ba6d483b704247433580 (commit) via 5d4a957339caf4a5c5a8647da2f26f9e53987de4 (commit) via 9d0add9f8244b445f6863b4be66f49926249e7e9 (commit) via 3df5187dfc42e0da2578a80057af57ddb37b435b (commit) via 7101e472a0901963ecf4556734633b72473ea09b (commit) via 25ac6657c10f4c8af026ecf5c165e1ddf2768540 (commit) via 827665788bd7700423dd6b9fe277c1277b7cff0e (commit) via 757ed7dbc18ff73c433540d192ad643e24faea32 (commit) via 237b88914d4449388a14474ea64afd90136c1814 (commit) via 0b208a9ccbba9015d4dd9acc01f22890c09556c7 (commit) from 6a0c5ef65a5fb96890c774840ecb24f390437855 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e023c2a4143caa194fb9f270123653c7ec5d01a2 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:54:00 2023 +0200
minidlna: bump PAK_VER due to ffmpeg library sobump
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9eb18b34c68c0044f62fc601580f48384496f61b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:59 2023 +0200
shairport-sync: bump PAK_VER due to ffmpeg library sobump
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e42ea50d7a0bbeb3dcff7083039b4ab3362e6fe5 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:58 2023 +0200
mpd: bump PAK_VER due to ffmpeg library sobump
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0a554a474eaa7c610a96811b318ee67176fb0924 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:57 2023 +0200
ffmpeg: Update to version 6.0
- Update from version 5.1.2 to 6.0 - Update of rootfile - sobump occurs so find-dependencies checked and the addons mpd, shairport-sync & minidlna will be bumped to the next PAK_VER as a patch set with this change. - Changelog version 6.0: - Radiance HDR image support - ddagrab (Desktop Duplication) video capture filter - ffmpeg -shortest_buf_duration option - ffmpeg now requires threading to be built - ffmpeg now runs every muxer in a separate thread - Add new mode to cropdetect filter to detect crop-area based on motion vectors and edges - VAAPI decoding and encoding for 10/12bit 422, 10/12bit 444 HEVC and VP9 - WBMP (Wireless Application Protocol Bitmap) image format - a3dscope filter - bonk decoder and demuxer - Micronas SC-4 audio decoder - LAF demuxer - APAC decoder and demuxer - Media 100i decoders - DTS to PTS reorder bsf - ViewQuest VQC decoder - backgroundkey filter - nvenc AV1 encoding support - MediaCodec decoder via NDKMediaCodec - MediaCodec encoder - oneVPL support for QSV - QSV AV1 encoder - QSV decoding and encoding for 10/12bit 422, 10/12bit 444 HEVC and VP9 - showcwt multimedia filter - corr video filter - adrc audio filter - afdelaysrc audio filter - WADY DPCM decoder and demuxer - CBD2 DPCM decoder - ssim360 video filter - ffmpeg CLI new options: -stats_enc_pre[_fmt], -stats_enc_post[_fmt], -stats_mux_pre[_fmt] - hstack_vaapi, vstack_vaapi and xstack_vaapi filters - XMD ADPCM decoder and demuxer - media100 to mjpegb bsf - ffmpeg CLI new option: -fix_sub_duration_heartbeat - WavArc decoder and demuxer - CrystalHD decoders deprecated - SDNS demuxer - RKA decoder and demuxer - filtergraph syntax in ffmpeg CLI now supports passing file contents as option values, by prefixing option name with '/' - hstack_qsv, vstack_qsv and xstack_qsv filters For more details about the changes you have to review the commits in the git repo https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n6.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c6a1970b587faaca0b032a0ac74fc5d66a6f0b64 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 3 07:53:29 2023 +0000
core175: ship zstd
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 51c7cfed815b80b60b9d6553fb7cd2cb476e0596 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:21 2023 +0200
zstd: Update to version 1.5.5
- Update from version 1.5.4 to 1.5.5 - Update of rootfile - Changelog v1.5.5 (Apr 2023) fix: fix rare corruption bug affecting the high compression mode, reported by @danlark1 (#3517, @terrelln) perf: improve mid-level compression speed (#3529, #3533, #3543, @yoniko and #3552, @terrelln) lib: deprecated bufferless block-level API (#3534) by @terrelln cli: mmap large dictionaries to save memory, by @daniellerozenblit cli: improve speed of --patch-from mode (~+50%) (#3545) by @daniellerozenblit cli: improve i/o speed (~+10%) when processing lots of small files (#3479) by @felixhandte cli: zstd no longer crashes when requested to write into write-protected directory (#3541) by @felixhandte cli: fix decompression into block device using -o, reported by @georgmu (#3583) build: fix zstd CLI compiled with lzma support but not zlib support (#3494) by @Hello71 build: fix cmake does no longer require 3.18 as minimum version (#3510) by @kou build: fix MSVC+ClangCL linking issue (#3569) by @tru build: fix zstd-dll, version of zstd CLI that links to the dynamic library (#3496) by @yoniko build: fix MSVC warnings (#3495) by @embg doc: updated zstd specification to clarify corner cases, by @Cyan4973 doc: document how to create fat binaries for macos (#3568) by @rickmark misc: improve seekable format ingestion speed (~+100%) for very small chunk sizes (#3544) by @Cyan4973 misc: tests/fullbench can benchmark multiple files (#3516) by @dloidolt
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1653034fae0d52f8379278ee8c6cd6be6a5f5d09 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:20 2023 +0200
opus: Update to version 1.4
- Updsate from version 1.3.1 to 1.4 - Update of rootfile - Changelog opus 1.4 major release brings the following improvements and fixes: Improved tuning of the Opus in-band FEC (LBRR). See https://gitlab.xiph.org/xiph/opus/-/issues/2360 for details Added a OPUS_SET_INBAND_FEC(2) option that turns on FEC, but does not force SILK mode (FEC will be disabled in CELT mode) Improved tuning and various fixes to DTX Added Meson support, improved CMake support In addition to the improvements above, this release includes many minor bug fixes.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 24c8b9e0e6abd4dc3587b5181c38967b083ef954 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:19 2023 +0200
nfs: Update to version 2.6.3
- Update from version 2.6.2 to 2.6.3 - Update of rootfile - Changelog is available in sourceforge at the following url https://sourceforge.net/projects/nfs/files/nfs-utils/2.6.3/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 42a2077c72cfc9fc93b638794cb0f370a905d3a3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 3 07:49:30 2023 +0000
core175: ship lvm2
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 84c21e12ecfac026dc222417e95a15231bc57c33 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:18 2023 +0200
lvm2: Update to version 2.03.21
- Update from version 2.02.188 to 2.03.21 - Update of rootfile - Changelog version 2.03.21 - 21st April 2023 Fix activation of vdo-pool for with 0 length headers (converted pools). Avoid printing internal init messages when creation integration devices. Allow (write)cache over raid+integrity LV. version 2.03.20 - 21st March 2023 Fix segfault if using -S|--select with log/report_command_log=1 setting. Configure now fails when requested lvmlockd dependencies are missing. Add some configure Gentoo enhancements for static builds. version 2.03.19 - 21st February 2023 Configure supports --with-systemd-run executed from udev rules. Enhancement for build with MuslC systemd and non-bash system shells (dash). Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices. Ensure udev is processing origin LV before its thick snapshots LVs. Fix and improve runtime memory size detection for VDO volumes. version 2.03.18 - 22nd December 2022 Fix issues reported by coverity scan. Fix warning for thin pool overprovisioning on lvextend (2.03.17). Add support for writecache metadata_only and pause_writeback settings. Fix missing error messages in lvmdbusd. Version 2.03.17 - 10th November 2022 Add new options (--fs, --fsmode) for FS handling when resizing LVs. Fix 'lvremove -S|--select LV' to not also remove its historical LV right away. Fix lv_active field type to binary so --select and --binary applies properly. Switch to use mallinfo2 and use it only with glibc. Error out in lvm shell if using a cmd argument not supported in the shell. Fix lvm shell's lastlog command to report previous pre-command failures. Extend VDO and VDOPOOL without flushing and locking fs. Add --valuesonly option to lvmconfig to print only values without keys. Updates configure with recent autoconf tooling. Fix lvconvert --test --type vdo-pool execution. Add json_std output format for more JSON standard compliant version of output. Fix vdo_slab_size_mb value for converted VDO volume. Fix many corner cases in device_id, including handling of S/N duplicates. Fix various issues in lvmdbusd. Version 2.03.16 - 18th May 2022 Fix segfault when handling selection with historical LVs. Add support --vdosettings with lvcreate, lvconvert, lvchange. Filtering multipath devices respects blacklist setting from multipath configuration. lvmdevices support for removing by device id using --deviceidtype and --deldev. Display writecache block size with lvs -o writecache_block_size. Improve cachesettings description in man lvmcache. Fix lossing of delete message on thin-pool extension. Version 2.03.15 - 07th February 2022 Remove service based autoactivation. global/event_activation = 0 is NOOP. Improve support for metadata profiles for --type writecache. Use cache or active DM device when available with new kernels. Introduce function to utilize UUIDs from DM_DEVICE_LIST. Increase some hash table size to better support large device sets. Version 2.03.14 - 20th October 2021 Device scanning is skipping directories on different filesystems. Print info message with too many or too large archived files. Reduce metadata readings during scanning phase. Optimize computation of crc32 check sum with multiple PVs. Enhance recover path on cache creation failure. Filter out unsupported MQ/SMQ cache policy setting. Fix memleak in mpath filter. Support newer location for VDO statistics. Add support for VDO async-unsafe write policy. Improve lvm_import_vdo script. Support VDO LV with lvcreate -ky. Fix lvconvert for VDO LV bigger then 2T. Create VDO LVs automatically without zeroing. Rename vdoimport to lvm_import_vdo. Version 2.03.13 - 11th August 2021 Changes in udev support: - obtain_device_list_from_udev defaults to 0. - see devices/external_device_info_source, devices/obtain_device_list_from_udev, and devices/multipath_wwids_file help in lvm.conf Fix devices file handling of loop with deleted backing file. Fix devices file handling of scsi_debug WWIDs. Fix many static analysis issues. Support --poolmetadataspare with vgsplit and vgmerge. Fix detection of active components of external origin volume. Add vdoimport tool to support conversion of VDO volumes. Support configurable allocation/vdo_pool_header_size. Fix handling of lvconvert --type vdo-pool --virtualsize. Simplified handling of archive() and backup() internal calls. Add 'idm' locking type for IDM lock manager. Fix load of kvdo target when it is not present in memory (2.03.12). Version 2.03.12 - 07th May 2021 Allow attaching cache to thin data volume. Fix memleak when generating list of outdated pvs. Better hyphenation usage in man pages. Replace use of deprecated security_context_t with char*. Configure supports AIO_LIBS and AIO_CFLAGS. Improve build process for static builds. New --setautoactivation option to modify LV or VG auto activation. New metadata based autoactivation property for LVs and VGs. Improve signal handling with lvmpolld. Signal handler can interrupt command also for SIGTERM. Lvreduce --yes support. Add configure option --with/out-symvers for non-glibc builds. Report error when the filesystem is missing on fsadm resized volume. Handle better blockdev with --getsize64 support for fsadm. Do not include editline/history.h when using editline library. Support error and zero segtype for thin-pool data for testing. Support mixed extension for striped, error and zero segtypes. Support resize also for stacked virtual volumes. Skip dm-zero devices just like with dm-error target. Reduce ioctl() calls when checking target status. Merge polling does not fail, when LV is found to be already merged. Poll volumes with at least 100ms delays. Do not flush dm cache when cached LV is going to be removed. New lvmlockctl_kill_command configuration option. Support interruption while waiting on device close before deactivation. Flush thin-pool messages before removing more thin volumes. Improve hash function with less collisions and make it faster. Reduce ioctl count when deactivating volumes. Reduce number of metadata parsing. Enhance performance of lvremove and vgremove commands. Support interruption when taking archive and backup. Accelerate large lvremoves. Speedup search for cached device nodes. Speedup command initialization. Add devices file feature, off by default for now. Support extension of writecached volumes. Fix problem with unbound variable usage within fsadm. Fix IMSM MD RAID detection on 4k devices. Check for presence of VDO target before starting any conversion. Support metatadata profiles with volume VDO pool conversions. Support -Zn for conversion of already formated VDO pools. Avoid removing LVs on error path of lvconvert during creation volumes. Fix crashing lvdisplay when thin volume was waiting for merge. Support option --errorwhenfull when converting volume to thin-pool. Improve thin-performance profile support conversion to thin-pool. Add workaround to avoid read of internal 'converted' devices. Prohibit merging snapshot into the read-only thick snapshot origin. Restore support for flipping rw/r permissions for thin snapshot origin. Support resize of cached volumes. Disable autoactivation with global/event_activation=0. Check if lvcreate passes read_only_volume_list with tags and skips zeroing. Allocation prints better error when metadata cannot fit on a single PV. Pvmove can better resolve full thin-pool tree move. Limit pool metadata spare to 16GiB. Improves conversion and allocation of pool metadata. Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0. Enhance lvdisplay to report raid available/partial. Support online rename of VDO pools. Improve removal of pmspare when last pool is removed. Fix problem with wiping of converted LVs. Fix memleak in scanning (2.03.11). Fix corner case allocation for thin-pools. Version 2.03.11 - 08th January 2021 Fix pvck handling MDA at offset different from 4096. Partial or degraded activation of writecache is not allowed. Enhance error handling for fsadm and handle correct fsck result. Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values. Support using BLKZEROOUT for clearing devices. Support interruption when wipping LVs. Support interruption for bcache waiting. Fix bcache when device has too many failing writes. Fix bcache waiting for IO completion with failing disks. Configure use own python path name order to prefer using python3. Add configure --enable-editline support as an alternative to readline. Enhance reporting and error handling when creating thin volumes. Enable vgsplit for VDO volumes. Lvextend of vdo pool volumes ensure at least 1 new VDO slab is added. Use revert_lv() on reload error path after vg_revert(). Configure --with-integrity enabled. Restore lost signal blocking while VG lock is held. Improve estimation of needed extents when creating thin-pool. Use extra 1% when resizing thin-pool metadata LV with --use-policy. Enhance --use-policy percentage rounding. Configure --with-vdo and --with-writecache as internal segments. Improving VDO man page examples. Allow pvmove of writecache origin. Report integrity fields. Integrity volumes defaults to journal mode. Switch code base to use flexible array syntax. Fix 64bit math when calculation cachevol size. Preserve uint32_t for seqno handling. Switch from mmap to plain read when loading regular files. Update lvmvdo man page and better explain DISCARD usage. Version 2.03.10 - 09th August 2020 Add writecache and integrity support to lvmdbusd. Generate unique cachevol name when default required from lvcreate. Converting RAID1 volume to one with same number of legs now succeeds with a warning. Fix conversion to raid from striped lagging type. Fix conversion to 'mirrored' mirror log with larger regionsize. Zero pool metadata on allocation (disable with allocation/zero_metadata=0). Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn). Add lvcreate of new cache or writecache lv with single command. Fix running out of free buffers for async writing for larger writes. Add integrity with raid capability. Fix support for lvconvert --repair used by foreign apps (i.e. Docker). Version 2.03.09 - 26th March 2020 Fix formatting of vdopool (vdo_slab_size_mb was smaller by 2 bits). Fix showing of a dm kernel error when uncaching a volume with cachevol. Version 2.03.08 - 11th February 2020 Prevent problematic snapshots of writecache volumes. Add error handling for failing allocation in _reserve_area(). Fix memleak in syncing of internal cache. Fix pvck dump_current_text memleak. Fix lvmlockd result code on error path for _query_lock_lv(). Update pvck man page and help output. Reject invalid writecache high/low_watermark setting. Report writecache status. Accept more output lines from vdo_format. Prohibit reshaping of stacked raid LVs. Avoid running cache input arg validation when creating vdo pool. Prevent raid reshaping of stacked volumes. Added VDO lvmdbusd methods for enable/disable compression & dedupe. Added VDO lvmdbusd method for converting LV to VDO pool. Version 2.03.07 - 30th November 2019 Subcommand in vgck for repairing headers and metadata. Ensure minimum required region size on striped RaidLV creation. Fix resize of thin-pool with data and metadata of different segtype. Improve mirror type leg splitting. Improve error path handling in daemons on shutdown. Fix activation order when removing merged snapshot. Experimental VDO support for lvmdbusd. Version 2.03.06 - 23rd October 2019 Add _cpool suffix to cache-pool LV name when used by caching LV. No longer store extra UUID for cmeta and cdata cachevol layer. Enhance activation of cache devices with cachevols. Add _cvol in list of protected suffixes and start use it with DM UUID. Rename LV converted to cachevol to use _cvol suffix. Use normal LVs for wiping of cachevols. Reload cleanered cache DM only with cleaner policy. Fix cmd return when zeroing of cachevol fails. Extend lvs to show all VDO properties. Preserve VDO write policy with vdopool. Increase default vdo bio threads to 4. Continue report when cache_status fails. Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper. Fix cmirrord usage of header files from device_mapper subdir. Allow standalone activation of VDO pool just like for thin-pools. Activate thin-pool layered volume as 'read-only' device. Ignore crypto devices with UUID signature CRYPT-SUBDEV. Enhance validation for thin and cache pool conversion and swapping. Improve internal removal of cached devices. Synchronize with udev when dropping snapshot. Add missing device synchronization point before removing pvmove node. Correctly set read_ahead for LVs when pvmove is finished. Remove unsupported OPTIONS+="event_timeout" udev rule from 11-dm-lvm.rules. Prevent creating VGs with PVs with different logical block sizes. Fix metadata writes from corrupting with large physical block size. Version 2.03.05 - 15th June 2019 Fix command definition for pvchange -a. Add vgck --updatemetadata command that will repair metadata problems. Improve VG reading to work if one good copy of metadata is found. Report/display/scan commands that read VGs will no longer write/repair. Move metadata repairs from VG reading to VG writing. Add config setting md_component_checks to control MD component checks. Add end of device MD component checks when dev has no udev info. Version 2.03.04 - 10th June 2019 Remove unused_duplicate_devs from cmd causing segfault in dmeventd. Version 2.03.03 - 07th June 2019 Report no_discard_passdown for cache LVs with lvs -o+kernel_discards. Add pvck --dump option to extract metadata. Fix signal delivery checking race in libdaemon (lvmetad). Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering. Skip autoactivation for a PV when PV size does not match device size. Remove first-pvscan-initialization which should no longer be needed. Add remote refresh through lvmlockd/dlm for shared LVs after lvextend. Ignore foreign and shared PVs for pvscan online files. Add config setting to control fields in debug file and verbose output. Add command[pid] and timestamp to debug file and verbose output. Fix missing growth of _pmsmare volume when extending _tmeta volume. Automatically grow thin metadata, when thin data gets too big. Add synchronization with udev before removing cached devices. Add support for caching VDO LVs and VDOPOOL LVs. Add support for vgsplit with cached devices. Query mpath device only once per command for its state. Use device INFO instead of STATUS when checking for mpath device uuid. Change default io_memory_size from 4 to 8 MiB. Add config setting io_memory_size to set bcache size. Fix pvscan autoactivation for concurrent pvscans. Change scan_lvs default to 0 so LVs are not scanned for PVs. Thin-pool selects power-of-2 chunk size by default. Cache selects power-of-2 chunk size by default. Support reszing for VDOPoolLV and VDOLV. Improve -lXXX%VG modifier which improves cache segment estimation. Ensure migration_threshold for cache is at least 8 chunks. Restore missing man info lvcreate --zero for thin-pools. Drop misleadning comment for metadata minimum_io_size for VDO segment. Add device hints to reduce scanning. Introduce LVM_SUPPRESS_SYSLOG to suppress syslog usage by generator. Fix generator quering lvmconfig unpresent config option. Fix memleak on bcache error path code. Fix missing unlock on lvm2 dmeventd plugin error path initialization. Improve Makefile dependency tracking. Move VDO support towards V2 target (6.2) support. Version 2.03.02 - 18th December 2018 Fix missing proper initialization of pv_list struct when adding pv. Fix (de)activation of RaidLVs with visible SubLVs. Prohibit mirrored 'mirror' log via lvcreate and lvconvert. Use sync io if async io_setup fails, or use_aio=0 is set in config. Fix more issues reported by coverity scan. Version 2.03.01 - 31st October 2018 Version 2.03.00 - 10th October 2018 Add hot fix to avoiding locking collision when monitoring thin-pools. Allow raid4 -> linear conversion request. Fix lvconvert striped/raid0/raid0_meta -> raid6 regression. Add 'lvm2-activation-generator:' prefix for kmsg messages logged by generator. Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service. Reduce max concurrent aios to avoid EMFILE with many devices. Fix lvconvert conversion attempts to linear. Fix lvconvert raid0/raid0_meta -> striped regression. Fix lvconvert --splitmirror for mirror type (2.02.178). Do not pair cache policy and cache metadata format. lvconvert: reject conversions on raid1 LVs with split tracked SubLVs lvconvert: reject conversions on raid1 split tracked SubLVs Add basic creation support for VDO target. Never send any discard ioctl with test mode. Fix thin-pool alloc which needs same PV for data and metadata. Extend list of non-memlocked areas with newly linked libs. Enhance vgcfgrestore to check for active LVs in restored VG. Configure supports --disable-silent-rules for verbose builds. Fix unmonitoring of merging snapshots. Cache can uses metadata format 2 with cleaner policy. Fix check if resized PV can also fit metadata area. Avoid showing internal error in lvs output or pvmoved LVs. Remove clvmd Remove lvmlib (api) Remove lvmetad Use versionsort to fix archive file expiry beyond 100000 files.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4c802a17be2bb5f57b5db6991e727b9312b7930d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 3 07:47:09 2023 +0000
core175: ship libxml2
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d2130887f727174d0e6416f9023ad0414d5e6536 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:17 2023 +0200
libxml2: Update to version 2.11.1
- Update from version 2.10.3 to 2.11.1 - Update of rootfile - Changelog There were two CVE's in version 2.10.4 v2.11.1: Apr 30 2023 Fixes build and ABI issues. - cmake: Fix va_copy detection (Luca Niccoli) - libxml.m4: Fix quoting - Link with --undefined-version - libxml2.syms: Revert removal of version information v2.11.0: Apr 28 2023 ### Major changes Protection against entity expansion attacks, also known as "billion laughs" has been greatly improved. Malicious files should be detected reliably now and false positives should be reduced. It is possible though that large documents which make heavy use of entities are rejected now. This release finally fixes symbol visibility on UNIX systems. Internal symbols will now be hidden. While these symbols were never declared in public headers, it was still possible to declare them manually. Now this won't work. All symbol information has been removed from the ELF version script to fix link errors with --no-undefined-version. The version nodes are kept so it should still be possible to run binaries linked against older versions. About 90 memory errors in code paths handling malloc failures have been fixed. While these issues shouldn't impact security, this improves robustness under memory pressure. The XInclude engine has been reworked to properly support nested includes. Several cases of quadratic behavior in the XML push parser have been fixed. Refactoring has begun on some buffering and encoding code with the goal of simplifying this part of the code base and improving error reporting. Other highlights: - Consolidated private header files. - Major rework of the autoconf build. - Deprecated several outdated and internal functions. Special thanks to Google's Open Source Security Subsidies program for sponsoring much of the work on this release! Ongoing work on libxml2 relies on funding. For a list of important open issues see https://gitlab.gnome.org/GNOME/libxml2/-/issues/507 ### Security - Fix use-after-free in xmlParseContentInternal() (David Kilzer) - xmllint: Fix use-after-free with --maxmem - parser: Fix OOB read when formatting error message - entities: Rework entity amplification checks ### Regressions - parser: Fix regression in xmlParserNodeInfo accounting ### Bug fixes - Fix memory errors in code handling malloc failures - encoding: Fix error code in asciiToUTF8 - xpath: number('-') should return NaN - xmlParseStartTag2() contains typo when checking for default definitions for an attribute in a namespace (David Kilzer) - uri: Fix handling of port numbers - error: Make sure that error messages are valid UTF-8 - xinclude: Fix nested includes ### Improvements - xmllint: Validate --maxmem integer option - xmlValidatePopElement() can return invalid value (-1) (David Kilzer) - parser: Rework EBCDIC code page detection - parser: Limit name length in xmlParseEncName - parser: Rework shrinking of input buffers - html: Rely on CUR_CHAR to grow the input buffer - parser: Rely on CUR_CHAR/NEXT to grow the input buffer - valid: Make xmlValidateElement non-recursive - html: Fix quadratic behavior in htmlParseTryOrFinish - xmllint: Fix memory leak with --pattern --stream - parser: Stop calling xmlParserInputShrink - html: Impose some length limits - valid: Allow xmlFreeValidCtxt(NULL) - parser: Stop calling xmlParserInputGrow - xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt - xinclude: Abort immediately if max depth was exceeded - xpath: Only report the first error - error: Don't move past current position - error: Limit number of parser errors - parser: Lower entity nesting limit with XML_PARSE_HUGE - parser: Don't increase depth twice when parsing internal entities - parser: Improve detection of entity loops - parser: Only report a single entity error - libxml.h: Remove dubious definition of LIBXML_STATIC - html: Improve parsing of nested lists - memory: Don't use locks in xmlMemUsed - encoding: Remove unused variable xmlDefaultCharEncodingHandler - Rework initialization code - Add .editorconfig - parser: Merge misc, prolog and epilog cases in push parser - parser: Fix 'consumed' accounting when switching encodings - html: Fix check for end of comment in push parser - parser: Fix push parser with 1-3 byte initial chunk - parser: Rewrite push parser boundary checks - reader: Switch to xmlParserInputBufferCreateMem - html: Don't escape ASCII chars in href attributes - io: Don't shrink memory input buffers - parser: Don't call xmlSHRINK from push parser - parser: Ignore cdata argument in xmlParseCharData - parser: Rework push parser parser progress checks - io: Fix a few integer overflows in I/O statistics - io: Rework xmlParserInputBufferGrow with encodings - io: Remove xmlInputReadCallbackNop - io: Check for memory buffer early in xmlParserInputGrow - parser: Fix error message in xmlParseCommentComplex - Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg) - schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup - threads: Remove check for pthread_equal - xinclude: Rework XInclude cache - xinclude: Remove inefficient refcounting scheme - xmllint: Improve handling of empty XPath node sets - parser: Fix potential memory leak in xmlParseAttValueInternal - error: Don't use initGenericErrorDefaultFunc - xpath: Lower XPath recursion limit on Windows - Stop including sys/types.h - Don't define WIN32 macro - Make xmlNewSAXParserCtx take a const sax handler - Consolidate private header files - Remove internal macros from parserInternals.h - Move some HTML functions to correct header file - xmllint: Stop calling xmlSAXDefaultVersion - Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt - Don't mess with parser options in htmlParseDocument - Remove useless call to htmlDefaultSAXHandlerInit - Remove htmlDefaultSAXHandler from non-SAX1 build - Don't initialize SAX handler in htmlReadMemory - Fix htmlReadMemory mixing up XML and HTML functions - Don't use default SAX handler to report unrelated errors - Create stream with buffer in xmlNewStringInputStream - xmlcatalog: Fix memory leaks ### Code quality - xzlib: Fix implicit sign change in xz_open - parser: Simplify calculation of available buffer space - parser: Use size_t when subtracting input buffer pointers - parser: Check for integer overflow when updating checkIndex - xpath: Fix harmless integer overflow in xmlXPathTranslateFunction - schematron: Use logical and - relaxng: Remove useless if statement - schemas: Remove useless if statement - pattern: Merge identical branches - regexp: Add sanity check in xmlRegCalloc2 - regexp: Simplify xmlRegAtomPush - encoding: Cast toupper argument to unsigned char - uri: Add explicit cast in xmlSaveUri - buf: Fix return value of xmlBufGetInputBase - parser: Fix integer overflow of input ID - parser: Remove useless ent->etype test in xmlParseReference - parser: Remove useless ent->children tests in xmlParseReference - xmlmemory.c: Remove xmlMemContentShow - libxml.h: Add comments and indentation - libxml.h: Don't include stdio.h - xmlexports.h: Disable docs for internal macro XMLPUBLIC - parser: Simplify xmlParseConditionalSections - io: Rearrange code in xmlSwitchInputEncodingInt - warnings: Fix -Wstrict-prototypes warning - warnings: Remove set-but-unused variables - Fix compiler warnings in SAX2.c - Fix unused variable warning in python/types.c - Fix compiler warning in examples - Fix compiler warnings in fuzzing code - Remove unused code in nanohttp.c - Remove or annotate char casts - Don't use sizeof(xmlChar) or sizeof(char) - Remove explicit integer casts ### Deprecations - parser: Deprecate more internal functions - parser: Deprecate some parser input functions - parser: Deprecate xmlString*DecodeEntities - threads: Deprecate some internal functions - buf: Deprecate static/immutable buffers - Deprecate internal parser functions - Deprecate old HTML SAX API - Generate deprecation warnings for old SAX API - Mark more functions setting globals as deprecated - Mark more parser functions as deprecated - Mark most SAX1 functions as deprecated - Deprecate some global variables ### Portability - autoconf: Warn about outdated C compilers - win32: Remove broken libxml2.def.src - Remove symbols from version script - catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr) - libxml.h: Remove ancient LynxOS setup - Use python3 not python (Ross Burton) - xstc/fixup-tests.py: port to Python 3 (Ross Burton) - xstc/fixup-tests.py: unify whitespace (Ross Burton) - Remove hacky heuristic from b2dc5675 (Alex Richardson) - Avoid creating an out-of-bounds pointer by rewriting a check (Alex Richardson) - Hide internal functions - Correctly relocate internal pointers after realloc() (Alex Richardson) - Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan) - Visual Studio: Define XML_DEPRECATED (Chun-wei Fan) - xmllint: Include <io.h> on Windows - warnings: Work around MSVC bug - sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan) - python/setup.py.in: Improve Windows import patching (Chun-wei Fan) - python: Create .pyd on Windows - Fix Python build on Windows - Fix Windows compiler warnings in python/types.c - Fix libxml_PyFileGet - Remove BeOS support - Fix libxml_PyFileGet with stdout on macOS - Migrate from PyEval_ to PyObject_ - Port build_glob.py to Python 3 - Port genChRanges.py to Python 3 - xmlexports.h: Remove LIBXML_FASTCALL optimization - Remove XMLCALL and XMLCDECL macros from public headers - Remove XMLDECL macro from .c files ### Build systems - cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is enabled (Alexander Kutelev) - autotools: Fix make distcheck - Remove RPM build, Makefile.tests, README.tests - libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead (Ross Burton) - libxml.m4: fix -Wstrict-prototypes (Sam James) - cmake: Build static library with -DLIBXML_STATIC - autotools: Don't use version script on Windows - autotools: Fix winsock detection - autotools: Only add network libraries if HTTP/FTP enabled - autotools: Disable parallel Python build - python: Don't output missing generators during build - build: Remove check for broken ss_family - http: Simplify IPv6 checks - autotools: Fix network checks on Windows - Fix detection of GNU libiconv - cmake: Fix Python installation - cmake: Don't check for Python 2 - configure.ac: Also check for MSYS host - Improve network library detection - Detect ws2_32 with AC_SEARCH_LIBS - Rework network configure checks - Remove arg cast configure checks - Fix dlopen check - Remove HAVE_WIN32_THREADS configuration flag - Rework dlopen and pthread detection - Fix test in configure.ac - cmake: Enable GCC compiler warnings - Always link with -no-undefined - Use AM_CFLAGS and AM_LDFLAGS consistently - Remove -Wredundant-decls - Call AC_CHECK_* with multiple arguments - configure.ac: Remove checks for unused programs - Rework library detection in configure.ac - Rearrange configure.ac - Consolidate zlib and lzma detection - Remove "runtime debugging" - Consolidate simple API modules in configure.ac - Fix dependency resolution in configure.ac - Fix --with-valid --without-regexps build - Fix --with-schemas --without-xpath build - Don't build unneeded .c source files - Move xmlIsXHTML to tree.c - Cleanup distribution settings in Makefile.am - Also clean *.pyc files for Python 2 - Don't distribute libxml2.spec ### Tests - testchar: Add test for memory pull parser with encoding - fuzz: Also test init function of URI fuzzer - fuzz: Separate fuzzer for DTD validation - gitlab-ci: Enable all "integer" sanitizers - fuzz: Inject random malloc failures - fuzz: Support variable integer sizes in fuzz data - fuzz: Fix duplicate detection in fuzzEntityRecorder - fuzz: Set filename in xmlFuzzEntityLoader - fuzz: Allow xmlFuzzReadString(NULL) - fuzz: Fix Makefile dependencies - fuzz: Add test/recurse to seed corpus - fuzz: Add separate XInclude fuzzer - runsuite: Some errors are expected - testrecurse: Test entity expansion stats - testapi.c: Initialize catalog early - gentest.py: Fix memory leak in API tests - tests: Enable "runsuite" test - python/tests/reader2: use absolute paths everywhere (Ross Burton) - python/tests/reader2: always exit(1) if a test fails (Ross Burton) - testModule: exit if the module can't be opened (Ross Burton) - CI: disable modules in gcc:static build (Ross Burton) - CI: fix CI on MinGW builds (Ross Burton) - python: Fix memory leak checks - tests: Check that xmlInitParser doesn't allocate memory - tests: Fix use-after-free in Python tests - tests: Remove unneeded #includes - gitlab-ci: Make Test-Msvc exit if ctest fails - gitlab-ci: Treat compiler warnings as errors on MSVC - test: Add test for push parser boundaries - gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan - gitlab-ci: Reenable LeakSanitizer - gitlab-ci: Fix llvm-symbolizer - xinclude: Don't create result doc for test with errors - xinclude: Also test error messages - gitlab-ci: Allow cast-align warnings from clang - gitlab-ci: Fix tar invocation - gitlab-ci: Move MSVC test to separate script - gitlab-ci: Fix SUFFIX, remove MINGW_PATH - gitlab-ci: Consolidate CMake test scripts - gitlab-ci: Only install MinGW autotools if needed - gitlab-ci: Only install cmake MinGW package if needed - gitlab-ci: Install 7-Zip using the .msi - Use $MSYSTEM and 'bash -lc' in MinGW CI - Add CI job for MinGW/Autotools - Consolidate CI scripts - Allow empty MINGW_PACKAGE_PREFIX - Move Dockerfile to .gitlab-ci directory - testapi: Disable on Windows for now - Disable fuzzer tests if glob.h wasn't found - Move automata test to runtest.c - Fix testapi when building --without-sax1 # Documentation - doc: Remove ancient files - Remove ancient TODOs - html: Fix htmlInitAutoClose documentation - doc: Mention new location of XML catalog as breaking change - doc: Mention potentially breaking changes in NEWS - doc: Remove xmlDllMain from documentation and version script - doc: Mention ${sysconfdir} in man pages - doc: Document xmlcatalog --convert - doc: Document xmllint --nodict and --pedantic - doc: Fix indentation in source XML files - xmllint: Document --quiet option - Improve cross-references in API docs - Improve documentation of globals - Fix documentation parser - Support comments for global variables in documentation - Fix update call in apibuild.py - Don't index anything in DOC_DISABLE sections - Fix warnings from apibuild.py - Start with documentation for maintainers v2.10.4: Apr 11 2023 ### Security - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK ### Regressions - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bf043437f8d4bc525758ba6d483b704247433580 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 3 07:44:39 2023 +0000
core175: ship iproute2
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5d4a957339caf4a5c5a8647da2f26f9e53987de4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:15 2023 +0200
iproute2: Update to version 6.3.0
- Update from version 6.2.0 to 6.3.0 - Update of rootfile not required - Changelog can only be reviewed by looking at the commits in the git repo https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9d0add9f8244b445f6863b4be66f49926249e7e9 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue May 2 19:53:14 2023 +0200
harfbuzz: Update to version 7.2.0
- Update from version 7.0.1 to 7.2.0 - Update of rootfile - Changelog Overview of changes leading to 7.2.0 - Add Tifinagh to the list of scripts that can natively be either right-to-left or left-to-right, to improve handling of its glyph positioning. (Simon Cozens) - Return also single substitution from hb_ot_layout_lookup_get_glyph_alternates() (Behdad Esfahbod) - Fix 4.2.0 regression in applying across syllables in syllabic scripts. (Behdad Esfahbod) - Add flag to avoid glyph substitution closure during subsetting, and the corresponding “--no-layout-closure” option to “hb-subset” command line tool. (Garret Rieger) - Support instancing COLRv1 table. (Qunxin Liu) - Don’t drop used user-defined name table entries during subsetting. (Qunxin Liu) - Optimize handling of “gvar” table. (Behdad Esfahbod) - Various subsetter bug fixes and improvements. (Garret Rieger, Qunxin Liu) - Various documentation improvements. (Behdad Esfahbod, Josef Friedrich) - New API: +HB_SUBSET_FLAGS_NO_LAYOUT_CLOSURE +HB_UNICODE_COMBINING_CLASS_CCC132 - Deprecated API: +HB_UNICODE_COMBINING_CLASS_CCC133 Overview of changes leading to 7.1.0 - New experimental hb_shape_justify() API that uses font variations to expand or shrink the text to a given advance. (Behdad Esfahbod) - Various build and bug fixes. (Behdad Esfahbod, Garret Rieger, Qunxin Liu) - New API: +hb_font_set_variation()
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3df5187dfc42e0da2578a80057af57ddb37b435b Author: Jon Murphy jon.murphy@ipfire.org Date: Wed Apr 26 15:37:13 2023 -0500
dbus: Fixes Bug#13094 - Check for existing user before `useradd`
- The dbus install.sh script useradd command causes an error: "failed adding user 'messagebus', exit code: 9" - This patch adds a check to only do the useradd if the user does not exist. - See the bump PAK_VER for dbus that Adolf publised. See this patch: https://lists.ipfire.org/pipermail/development/2023-April/015816.html
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7101e472a0901963ecf4556734633b72473ea09b Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Apr 26 14:32:29 2023 +0200
dbus: Fixes Bug#13094 - dbus daemon continues running after uninstall
- The uninstall.sh script had stop_service ${NAME} but the package name is dbus while the initscript is named messagebus. Therefore the stop_service never stops the dbus daemon. - This patch changes the line to stop_service messagebus - The install.sh script already has start_service messagebus - Bump PAK_VER for dbus
Fixes: Bug#13094 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 25ac6657c10f4c8af026ecf5c165e1ddf2768540 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Apr 26 14:32:28 2023 +0200
cups: Fixes Bug#12924 - Can't access https pages in cups
- Version 2.4.2 had some bugs that caused the self signed certificates to not be read or created properly. The two involved bug fix patches are applied in this submission. - Corrected the configure options related to avahi and TLS. Using Openssl for the TLS. - Built .ipfire package installed into vm testbed and tested. With existing 2.4.2 any https pages come up with an error for the secure connection. With this version the https admin page opens up and config file was able to be successfully modified via it.
Fixes: Bug#12924 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 827665788bd7700423dd6b9fe277c1277b7cff0e Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Apr 19 14:31:41 2023 +0200
sdl2: Update to version 2.26.5
- Update from version 2.26.4 to 2.26.5 - Update of rootfile - Changelog 2.26.5 The minimum deployment target on macOS is now 10.11, due to changes in the latest Xcode update Fixed incorrect modifier keys handling on macOS Fixed occasional duplicate controller visible on macOS Fixed handling of third party PS4 controller input reports Added support for the trigger buttons on the Victrix Pro FS for PS5 Added mapping for Flydigi Vader 2 with the latest firmware (6.0.4.9) Added mapping for DualSense Edge Wireless Controller on Linux Added mapping for Hori Pokken Tournament DX Pro Pad Improved the speed and quality of audio resampling Fixed crash on Linux if dbus can't be initialized
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 757ed7dbc18ff73c433540d192ad643e24faea32 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 3 07:34:21 2023 +0000
core175: ship libpcap
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 237b88914d4449388a14474ea64afd90136c1814 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 14 10:27:26 2023 +0200
libpcap: Update to 1.10.4
For details see: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES#l50
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0b208a9ccbba9015d4dd9acc01f22890c09556c7 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 14 10:27:25 2023 +0200
tcpdump: Update to 4.99.4
For details see: https://git.tcpdump.org/tcpdump/blob/HEAD:/CHANGES#l60
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/harfbuzz | 7 +- config/rootfiles/common/libpcap | 3 +- config/rootfiles/common/libxml2 | 2 +- config/rootfiles/common/lvm2 | 16 +- config/rootfiles/common/zstd | 2 +- .../{oldcore/106 => core/175}/filelists/iproute2 | 0 .../{oldcore/109 => core/175}/filelists/libpcap | 0 .../{oldcore/101 => core/175}/filelists/libxml2 | 0 .../{oldcore/125 => core/175}/filelists/lvm2 | 0 .../{oldcore/149 => core/175}/filelists/zstd | 0 config/rootfiles/packages/ffmpeg | 56 ++-- config/rootfiles/packages/nfs | 3 +- config/rootfiles/packages/opus | 2 +- config/rootfiles/packages/sdl2 | 2 +- lfs/cups | 8 +- lfs/dbus | 2 +- lfs/ffmpeg | 8 +- lfs/harfbuzz | 4 +- lfs/iproute2 | 4 +- lfs/libpcap | 4 +- lfs/libxml2 | 6 +- lfs/lvm2 | 6 +- lfs/minidlna | 4 +- lfs/mpd | 4 +- lfs/nfs | 6 +- lfs/opus | 8 +- lfs/sdl2 | 6 +- lfs/shairport-sync | 4 +- lfs/tcpdump | 6 +- lfs/zstd | 4 +- src/paks/dbus/install.sh | 4 +- src/paks/dbus/uninstall.sh | 2 +- ..._certificate_generation_bugs_with_openssl.patch | 337 +++++++++++++++++++++ ...2_Fix_default_cupsd_keychain_with_OpenSSL.patch | 16 + 34 files changed, 449 insertions(+), 87 deletions(-) copy config/rootfiles/{oldcore/106 => core/175}/filelists/iproute2 (100%) copy config/rootfiles/{oldcore/109 => core/175}/filelists/libpcap (100%) copy config/rootfiles/{oldcore/101 => core/175}/filelists/libxml2 (100%) copy config/rootfiles/{oldcore/125 => core/175}/filelists/lvm2 (100%) copy config/rootfiles/{oldcore/149 => core/175}/filelists/zstd (100%) create mode 100644 src/patches/cups-2.4.2_Fix_TLS_certificate_generation_bugs_with_openssl.patch create mode 100644 src/patches/cups-2.4.2_Fix_default_cupsd_keychain_with_OpenSSL.patch
Difference in files: diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz index b18e30a18..4798653a2 100644 --- a/config/rootfiles/common/harfbuzz +++ b/config/rootfiles/common/harfbuzz @@ -44,15 +44,15 @@ #usr/lib/libharfbuzz-cairo.la #usr/lib/libharfbuzz-cairo.so usr/lib/libharfbuzz-cairo.so.0 -usr/lib/libharfbuzz-cairo.so.0.60701.0 +usr/lib/libharfbuzz-cairo.so.0.60720.0 #usr/lib/libharfbuzz-subset.la #usr/lib/libharfbuzz-subset.so usr/lib/libharfbuzz-subset.so.0 -usr/lib/libharfbuzz-subset.so.0.60701.0 +usr/lib/libharfbuzz-subset.so.0.60720.0 #usr/lib/libharfbuzz.la #usr/lib/libharfbuzz.so usr/lib/libharfbuzz.so.0 -usr/lib/libharfbuzz.so.0.60701.0 +usr/lib/libharfbuzz.so.0.60720.0 #usr/lib/pkgconfig/harfbuzz-cairo.pc #usr/lib/pkgconfig/harfbuzz-subset.pc #usr/lib/pkgconfig/harfbuzz.pc @@ -127,6 +127,7 @@ usr/lib/libharfbuzz.so.0.60701.0 #usr/share/gtk-doc/html/harfbuzz/api-index-5-3-0.html #usr/share/gtk-doc/html/harfbuzz/api-index-6-0-0.html #usr/share/gtk-doc/html/harfbuzz/api-index-7-0-0.html +#usr/share/gtk-doc/html/harfbuzz/api-index-7-1-0.html #usr/share/gtk-doc/html/harfbuzz/api-index-full.html #usr/share/gtk-doc/html/harfbuzz/apple-advanced-typography-api.html #usr/share/gtk-doc/html/harfbuzz/buffers-language-script-and-direction.html diff --git a/config/rootfiles/common/libpcap b/config/rootfiles/common/libpcap index 2371b4601..43c9140ea 100644 --- a/config/rootfiles/common/libpcap +++ b/config/rootfiles/common/libpcap @@ -2,7 +2,6 @@ #usr/include/pcap #usr/include/pcap-bpf.h #usr/include/pcap-namedb.h -#usr/include/pcap-util.h #usr/include/pcap.h #usr/include/pcap/bluetooth.h #usr/include/pcap/bpf.h @@ -22,7 +21,7 @@ #usr/lib/libpcap.a usr/lib/libpcap.so usr/lib/libpcap.so.1 -usr/lib/libpcap.so.1.10.3 +usr/lib/libpcap.so.1.10.4 #usr/lib/pkgconfig/libpcap.pc #usr/share/man/man1/pcap-config.1 #usr/share/man/man3/pcap.3pcap diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2 index e9ecb599b..46def714f 100644 --- a/config/rootfiles/common/libxml2 +++ b/config/rootfiles/common/libxml2 @@ -54,7 +54,7 @@ #usr/lib/libxml2.la #usr/lib/libxml2.so usr/lib/libxml2.so.2 -usr/lib/libxml2.so.2.10.3 +usr/lib/libxml2.so.2.11.1 #usr/lib/pkgconfig/libxml-2.0.pc #usr/share/aclocal/libxml.m4 #usr/share/doc/libxml2 diff --git a/config/rootfiles/common/lvm2 b/config/rootfiles/common/lvm2 index 258f3201f..bd1329e54 100644 --- a/config/rootfiles/common/lvm2 +++ b/config/rootfiles/common/lvm2 @@ -9,15 +9,17 @@ etc/lvm/lvm.conf #etc/lvm/profile/metadata_profile_template.profile #etc/lvm/profile/thin-generic.profile #etc/lvm/profile/thin-performance.profile +#etc/lvm/profile/vdo-small.profile lib/udev/rules.d/10-dm.rules lib/udev/rules.d/11-dm-lvm.rules lib/udev/rules.d/13-dm-disk.rules -lib/udev/rules.d/69-dm-lvm-metad.rules +lib/udev/rules.d/69-dm-lvm.rules lib/udev/rules.d/95-dm-notify.rules #usr/include/libdevmapper.h #usr/lib/libdevmapper.so usr/lib/libdevmapper.so.1.02 #usr/lib/pkgconfig/devmapper.pc +#usr/libexec/lvresize_fs_helper usr/sbin/blkdeactivate usr/sbin/dmsetup usr/sbin/dmstats @@ -28,11 +30,11 @@ usr/sbin/lvcreate usr/sbin/lvdisplay usr/sbin/lvextend usr/sbin/lvm -usr/sbin/lvmconf +usr/sbin/lvm_import_vdo usr/sbin/lvmconfig +usr/sbin/lvmdevices usr/sbin/lvmdiskscan usr/sbin/lvmdump -usr/sbin/lvmetad usr/sbin/lvmsadc usr/sbin/lvmsar usr/sbin/lvreduce @@ -61,6 +63,7 @@ usr/sbin/vgexport usr/sbin/vgextend usr/sbin/vgimport usr/sbin/vgimportclone +usr/sbin/vgimportdevices usr/sbin/vgmerge usr/sbin/vgmknodes usr/sbin/vgreduce @@ -70,11 +73,13 @@ usr/sbin/vgs usr/sbin/vgscan usr/sbin/vgsplit #usr/share/man/man5/lvm.conf.5 +#usr/share/man/man7/lvmautoactivation.7 #usr/share/man/man7/lvmcache.7 #usr/share/man/man7/lvmraid.7 #usr/share/man/man7/lvmreport.7 #usr/share/man/man7/lvmsystemid.7 #usr/share/man/man7/lvmthin.7 +#usr/share/man/man7/lvmvdo.7 #usr/share/man/man8/blkdeactivate.8 #usr/share/man/man8/dmsetup.8 #usr/share/man/man8/dmstats.8 @@ -89,11 +94,11 @@ usr/sbin/vgsplit #usr/share/man/man8/lvm-fullreport.8 #usr/share/man/man8/lvm-lvpoll.8 #usr/share/man/man8/lvm.8 -#usr/share/man/man8/lvmconf.8 +#usr/share/man/man8/lvm_import_vdo.8 #usr/share/man/man8/lvmconfig.8 +#usr/share/man/man8/lvmdevices.8 #usr/share/man/man8/lvmdiskscan.8 #usr/share/man/man8/lvmdump.8 -#usr/share/man/man8/lvmetad.8 #usr/share/man/man8/lvmsadc.8 #usr/share/man/man8/lvmsar.8 #usr/share/man/man8/lvreduce.8 @@ -122,6 +127,7 @@ usr/sbin/vgsplit #usr/share/man/man8/vgextend.8 #usr/share/man/man8/vgimport.8 #usr/share/man/man8/vgimportclone.8 +#usr/share/man/man8/vgimportdevices.8 #usr/share/man/man8/vgmerge.8 #usr/share/man/man8/vgmknodes.8 #usr/share/man/man8/vgreduce.8 diff --git a/config/rootfiles/common/zstd b/config/rootfiles/common/zstd index 235613949..58eb75b3f 100644 --- a/config/rootfiles/common/zstd +++ b/config/rootfiles/common/zstd @@ -10,7 +10,7 @@ usr/bin/zstdmt #usr/lib/libzstd.a #usr/lib/libzstd.so usr/lib/libzstd.so.1 -usr/lib/libzstd.so.1.5.4 +usr/lib/libzstd.so.1.5.5 #usr/lib/pkgconfig/libzstd.pc #usr/share/man/man1/unzstd.1 #usr/share/man/man1/zstd.1 diff --git a/config/rootfiles/core/175/filelists/iproute2 b/config/rootfiles/core/175/filelists/iproute2 new file mode 120000 index 000000000..05f0f71fb --- /dev/null +++ b/config/rootfiles/core/175/filelists/iproute2 @@ -0,0 +1 @@ +../../../common/iproute2 \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/libpcap b/config/rootfiles/core/175/filelists/libpcap new file mode 120000 index 000000000..c7f9f52a8 --- /dev/null +++ b/config/rootfiles/core/175/filelists/libpcap @@ -0,0 +1 @@ +../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/libxml2 b/config/rootfiles/core/175/filelists/libxml2 new file mode 120000 index 000000000..242e69fa3 --- /dev/null +++ b/config/rootfiles/core/175/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/lvm2 b/config/rootfiles/core/175/filelists/lvm2 new file mode 120000 index 000000000..d640870b7 --- /dev/null +++ b/config/rootfiles/core/175/filelists/lvm2 @@ -0,0 +1 @@ +../../../common/lvm2 \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/zstd b/config/rootfiles/core/175/filelists/zstd new file mode 120000 index 000000000..d6d4a3bf1 --- /dev/null +++ b/config/rootfiles/core/175/filelists/zstd @@ -0,0 +1 @@ +../../../common/zstd \ No newline at end of file diff --git a/config/rootfiles/packages/ffmpeg b/config/rootfiles/packages/ffmpeg index fd27ea788..89c48bc0a 100644 --- a/config/rootfiles/packages/ffmpeg +++ b/config/rootfiles/packages/ffmpeg @@ -46,6 +46,7 @@ usr/bin/ffprobe #usr/include/libavutil/adler32.h #usr/include/libavutil/aes.h #usr/include/libavutil/aes_ctr.h +#usr/include/libavutil/ambient_viewing_environment.h #usr/include/libavutil/attributes.h #usr/include/libavutil/audio_fifo.h #usr/include/libavutil/avassert.h @@ -147,29 +148,29 @@ usr/bin/ffprobe #usr/include/libswscale/version.h #usr/include/libswscale/version_major.h #usr/lib/libavcodec.so -usr/lib/libavcodec.so.59 -usr/lib/libavcodec.so.59.37.100 +usr/lib/libavcodec.so.60 +usr/lib/libavcodec.so.60.3.100 #usr/lib/libavdevice.so -usr/lib/libavdevice.so.59 -usr/lib/libavdevice.so.59.7.100 +usr/lib/libavdevice.so.60 +usr/lib/libavdevice.so.60.1.100 #usr/lib/libavfilter.so -usr/lib/libavfilter.so.8 -usr/lib/libavfilter.so.8.44.100 +usr/lib/libavfilter.so.9 +usr/lib/libavfilter.so.9.3.100 #usr/lib/libavformat.so -usr/lib/libavformat.so.59 -usr/lib/libavformat.so.59.27.100 +usr/lib/libavformat.so.60 +usr/lib/libavformat.so.60.3.100 #usr/lib/libavutil.so -usr/lib/libavutil.so.57 -usr/lib/libavutil.so.57.28.100 +usr/lib/libavutil.so.58 +usr/lib/libavutil.so.58.2.100 #usr/lib/libpostproc.so -usr/lib/libpostproc.so.56 -usr/lib/libpostproc.so.56.6.100 +usr/lib/libpostproc.so.57 +usr/lib/libpostproc.so.57.1.100 #usr/lib/libswresample.so usr/lib/libswresample.so.4 -usr/lib/libswresample.so.4.7.100 +usr/lib/libswresample.so.4.10.100 #usr/lib/libswscale.so -usr/lib/libswscale.so.6 -usr/lib/libswscale.so.6.7.100 +usr/lib/libswscale.so.7 +usr/lib/libswscale.so.7.1.100 #usr/lib/pkgconfig/libavcodec.pc #usr/lib/pkgconfig/libavdevice.pc #usr/lib/pkgconfig/libavfilter.pc @@ -216,27 +217,28 @@ usr/lib/libswscale.so.6.7.100 #usr/share/ffmpeg/examples #usr/share/ffmpeg/examples/Makefile #usr/share/ffmpeg/examples/README +#usr/share/ffmpeg/examples/avio_http_serve_files.c #usr/share/ffmpeg/examples/avio_list_dir.c -#usr/share/ffmpeg/examples/avio_reading.c +#usr/share/ffmpeg/examples/avio_read_callback.c #usr/share/ffmpeg/examples/decode_audio.c +#usr/share/ffmpeg/examples/decode_filter_audio.c +#usr/share/ffmpeg/examples/decode_filter_video.c #usr/share/ffmpeg/examples/decode_video.c -#usr/share/ffmpeg/examples/demuxing_decoding.c +#usr/share/ffmpeg/examples/demux_decode.c #usr/share/ffmpeg/examples/encode_audio.c #usr/share/ffmpeg/examples/encode_video.c #usr/share/ffmpeg/examples/extract_mvs.c #usr/share/ffmpeg/examples/filter_audio.c -#usr/share/ffmpeg/examples/filtering_audio.c -#usr/share/ffmpeg/examples/filtering_video.c -#usr/share/ffmpeg/examples/http_multiclient.c #usr/share/ffmpeg/examples/hw_decode.c -#usr/share/ffmpeg/examples/metadata.c -#usr/share/ffmpeg/examples/muxing.c -#usr/share/ffmpeg/examples/qsvdec.c -#usr/share/ffmpeg/examples/remuxing.c -#usr/share/ffmpeg/examples/resampling_audio.c -#usr/share/ffmpeg/examples/scaling_video.c +#usr/share/ffmpeg/examples/mux.c +#usr/share/ffmpeg/examples/qsv_decode.c +#usr/share/ffmpeg/examples/qsv_transcode.c +#usr/share/ffmpeg/examples/remux.c +#usr/share/ffmpeg/examples/resample_audio.c +#usr/share/ffmpeg/examples/scale_video.c +#usr/share/ffmpeg/examples/show_metadata.c +#usr/share/ffmpeg/examples/transcode.c #usr/share/ffmpeg/examples/transcode_aac.c -#usr/share/ffmpeg/examples/transcoding.c #usr/share/ffmpeg/examples/vaapi_encode.c #usr/share/ffmpeg/examples/vaapi_transcode.c #usr/share/ffmpeg/ffprobe.xsd diff --git a/config/rootfiles/packages/nfs b/config/rootfiles/packages/nfs index ff53abec9..e4c3c5219 100644 --- a/config/rootfiles/packages/nfs +++ b/config/rootfiles/packages/nfs @@ -24,13 +24,12 @@ usr/lib/libnfsidmap/static.so #usr/lib/libnfsidmap/umich_ldap.a #usr/lib/libnfsidmap/umich_ldap.la usr/lib/libnfsidmap/umich_ldap.so -#usr/lib/modprobe.d -#usr/lib/modprobe.d/50-nfs.conf #usr/lib/pkgconfig/libnfsidmap.pc #usr/lib/udev/rules.d/99-nfs.rules #usr/libexec/nfsrahead #usr/sbin/blkmapd usr/sbin/exportfs +usr/sbin/fsidd usr/sbin/mountstats usr/sbin/nfsconf usr/sbin/nfsdcld diff --git a/config/rootfiles/packages/opus b/config/rootfiles/packages/opus index a2591f99e..398135c3d 100644 --- a/config/rootfiles/packages/opus +++ b/config/rootfiles/packages/opus @@ -8,6 +8,6 @@ #usr/lib/libopus.la #usr/lib/libopus.so usr/lib/libopus.so.0 -usr/lib/libopus.so.0.8.0 +usr/lib/libopus.so.0.9.0 #usr/lib/pkgconfig/opus.pc #usr/share/aclocal/opus.m4 diff --git a/config/rootfiles/packages/sdl2 b/config/rootfiles/packages/sdl2 index b54783ef8..9a8fc77f5 100644 --- a/config/rootfiles/packages/sdl2 +++ b/config/rootfiles/packages/sdl2 @@ -82,7 +82,7 @@ #usr/lib/cmake/SDL2/sdl2-config-version.cmake #usr/lib/cmake/SDL2/sdl2-config.cmake usr/lib/libSDL2-2.0.so.0 -usr/lib/libSDL2-2.0.so.0.2600.4 +usr/lib/libSDL2-2.0.so.0.2600.5 #usr/lib/libSDL2.la usr/lib/libSDL2.so #usr/lib/libSDL2_test.a diff --git a/lfs/cups b/lfs/cups index 6485f8df4..f1b8df1c7 100644 --- a/lfs/cups +++ b/lfs/cups @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/cups-$(VER) TARGET = $(DIR_INFO)/$(THISAPP) PROG = cups -PAK_VER = 33 +PAK_VER = 34
DEPS = avahi cups-filters dbus ghostscript
@@ -80,6 +80,8 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cups-2.4.2_Fix_default_cupsd_keychain_with_OpenSSL.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cups-2.4.2_Fix_TLS_certificate_generation_bugs_with_openssl.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && \ ./configure \ @@ -87,9 +89,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --sysconfdir=/var/ipfire \ --localstatedir=/var \ --enable-debug \ - --enable-avahi \ + --with-dnssd=avahi \ --enable-dbus \ - --enable-gnutls \ + --with-tls=openssl \ --enable-libusb
cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/dbus b/lfs/dbus index 7d123e4ef..f6f9c90a5 100644 --- a/lfs/dbus +++ b/lfs/dbus @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dbus -PAK_VER = 9 +PAK_VER = 10
DEPS =
diff --git a/lfs/ffmpeg b/lfs/ffmpeg index c9a27397f..d989846d5 100644 --- a/lfs/ffmpeg +++ b/lfs/ffmpeg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Library for working with various multimedia formats
-VER = 5.1.2 +VER = 6.0
THISAPP = ffmpeg-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ffmpeg -PAK_VER = 14 +PAK_VER = 15
DEPS = sdl2 lame libvorbis xvid
@@ -52,7 +52,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4e2682f040205e6344ff1f2cf8ac69c35cac90a14634a2cd4b41fffc0e09264586b014327f7e9cb6417d12210894cdbc180541c07ad02e782bdf79af9f22991f +$(DL_FILE)_BLAKE2 = c70884911f3a3e40fe87473f241a2a56b303f5abe7f1d7fa797d05e29e00971f98cbf37832c1c3dc5fa949a5beddef05a6ec55ae6668091976ea870ad93c0e8d
install : $(TARGET)
diff --git a/lfs/harfbuzz b/lfs/harfbuzz index 17186b203..15cc9ff13 100644 --- a/lfs/harfbuzz +++ b/lfs/harfbuzz @@ -24,7 +24,7 @@
include Config
-VER = 7.0.1 +VER = 7.2.0
THISAPP = harfbuzz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4a8844093b627b8d5d2e6f7b735781334f2715fe5146bb135ba19fb5a38f2a38248028b447d985fbde4505cd66721766a727fa7fe1300efd31259c7cafb8b6f2 +$(DL_FILE)_BLAKE2 = 247746d6a0f132a0d6b0c461d9e96a4fe76bc08bca4d05b28a034de60afee8e049d798fdf3962b892b33424245d8f00a63d6068b034e80ad9d7733180e8533c1
install : $(TARGET)
diff --git a/lfs/iproute2 b/lfs/iproute2 index f9e24fd09..c773291f3 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -24,7 +24,7 @@
include Config
-VER = 6.2.0 +VER = 6.3.0
THISAPP = iproute2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d3bfaecf33ffc7861e983e8db0d6a63f4767b6c01b5346e88f51c65ed6279c4be29412ed18b8f98ed54d60a84455b73fe7745142fd0fc0f3e327a29e8bcce986 +$(DL_FILE)_BLAKE2 = a7b48c59c8a30f56ca810136f4d9f681fe38359999c260227a6229b972ce70b233d2865a6543cf3f70ed586825f9191c22d459a9fc5cc8c7dbf3ab417064c8a7
install : $(TARGET)
diff --git a/lfs/libpcap b/lfs/libpcap index 3f1de9b5a..0dfe562bf 100644 --- a/lfs/libpcap +++ b/lfs/libpcap @@ -24,7 +24,7 @@
include Config
-VER = 1.10.3 +VER = 1.10.4
THISAPP = libpcap-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3614042f7d8cd5a25221f52d2ed09f9f44643cdc0901ff21041ddb7ba85193c667036f7d989c8b59e6e205d630e062da46533110914dd287013a9ff80b31e97f +$(DL_FILE)_BLAKE2 = 05a7eafc1e1817f7844008db89d8fb10cd2525c22f7ee6c9e3d582b14229412f38ccced5e9d80a96dd459ef9eab12eccb5c1dd4978ddc9f66267469212005e4c
install : $(TARGET)
diff --git a/lfs/libxml2 b/lfs/libxml2 index ddcfdbff7..92fe88f2a 100644 --- a/lfs/libxml2 +++ b/lfs/libxml2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.10.3 +VER = 2.11.1
THISAPP = libxml2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aef2cc87e4632ddc478ff719155fdcb17601a8af37ecc1145ca05e01340935b57f07722e016ca2b27e4b269d47bd2fe97db09119a47849e8745e077e42b8bb66 +$(DL_FILE)_BLAKE2 = 4ae2c8583ff2fb590b29ffc250baae8d4d3978c6cb9d1d7fadbd3d9aa1d38a69ed0aeb0c9036efb060f869154e6f6d6ea6464ecbb05c7e788b7d93b1c2fa932d
install : $(TARGET)
diff --git a/lfs/lvm2 b/lfs/lvm2 index 7e327a021..5b39f05f5 100644 --- a/lfs/lvm2 +++ b/lfs/lvm2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.02.188 +VER = 2.03.21
THISAPP = LVM2.$(VER) DL_FILE = $(THISAPP).tgz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bed90c8454cd4b20fdeec6dcbf5a9f97c9310671aea3b2252f8069cfa439fcb050f5ad95f928a7125a1734a4dc5ac985da99a4a570538e377a7205191a505476 +$(DL_FILE)_BLAKE2 = 529bc01b3d1ba6207c9ddc95309b39e6293fcd0286334240b9fdc076da0b7bc7e026338ec0243564ec153f2fb5009014149c3f8e0db0cd47a29418af62068728
install : $(TARGET)
diff --git a/lfs/minidlna b/lfs/minidlna index 82a9d7f38..1ef104743 100644 --- a/lfs/minidlna +++ b/lfs/minidlna @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = minidlna -PAK_VER = 11 +PAK_VER = 12
DEPS = ffmpeg flac libexif libid3tag libogg
diff --git a/lfs/mpd b/lfs/mpd index 053a56ab1..9010e70f8 100644 --- a/lfs/mpd +++ b/lfs/mpd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/${THISAPP} TARGET = $(DIR_INFO)/$(THISAPP) PROG = mpd -PAK_VER = 30 +PAK_VER = 31 SUP_ARCH = aarch64 x86_64
DEPS = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr fmt diff --git a/lfs/nfs b/lfs/nfs index 877b9985e..4df6efa6f 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -26,7 +26,7 @@ include Config
SUMMARY = Support Utilities for Kernel nfsd
-VER = 2.6.2 +VER = 2.6.3
THISAPP = nfs-utils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 19 +PAK_VER = 20
DEPS = rpcbind
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ac5aeec051f10e7cd9593d21ecd07eddc87fd6d98e5aaa0db5c6af5ec223c05d856a877469a340c68364bbb317ec2ee3cfe79b7f9ff444028c8f851838f59853 +$(DL_FILE)_BLAKE2 = 1aafa7d49006a62e862a592e30c4f9ba762d6c1973cacd7b89709706cc69617aae8d23000f78841f3a09bf81140222904976536114f3fb78f6230defb039ae9b
install : $(TARGET)
diff --git a/lfs/opus b/lfs/opus index 8ebb95fc7..e91c6a0e1 100644 --- a/lfs/opus +++ b/lfs/opus @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Opus Audio Codec Library
-VER = 1.3.1 +VER = 1.4
THISAPP = opus-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = opus -PAK_VER = 3 +PAK_VER = 4
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e0aab38518938157a6ef27307f52d9d3f9c12a2fef4c7e5b4168c2f6fc04d79e333ebe477059b3e6a0518fcf6aa089b5eb1c8de68d83474e237c0f73e5a221cb +$(DL_FILE)_BLAKE2 = 21f11df745cb868f4da1586d678901045fd9bd0c0590628015f3adc2522c88b0660df88096abe975051fec3188b76b93762c4a01907c2ab2b23c40fde79cf6ad
install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) diff --git a/lfs/sdl2 b/lfs/sdl2 index 829f959e9..df15c2e02 100644 --- a/lfs/sdl2 +++ b/lfs/sdl2 @@ -24,7 +24,7 @@
include Config
-VER = 2.26.4 +VER = 2.26.5 SUMMARY = Simple DirectMedia Layer Library
THISAPP = SDL2-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = sdl2 -PAK_VER = 10 +PAK_VER = 11
DEPS = alsa
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9843df277d1cd5f4e7ebb89cde6d069e8b635b6d8f10c2104badcc2089fcdd3ca4e620c322a687c1a0346817c17978a7c99729b55a48dc57937bb9df6435b4ff +$(DL_FILE)_BLAKE2 = f0363306ee031d399001259ac32e62cea2130d7aafb4594d8a11b76e073630aa43b7abe288eed54c77c46604f2fd4e4fcd455cccf29e847d963ff50153d8d707
install : $(TARGET)
diff --git a/lfs/shairport-sync b/lfs/shairport-sync index 5ffd085f7..946aedeec 100644 --- a/lfs/shairport-sync +++ b/lfs/shairport-sync @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = shairport-sync -PAK_VER = 10 +PAK_VER = 11
DEPS = alac alsa avahi ffmpeg libdaemon libplist nqptp soxr
diff --git a/lfs/tcpdump b/lfs/tcpdump index a3e9705c7..4015577ce 100644 --- a/lfs/tcpdump +++ b/lfs/tcpdump @@ -26,7 +26,7 @@ include Config
SUMMARY = A Packet Sniffer
-VER = 4.99.3 +VER = 4.99.4
THISAPP = tcpdump-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tcpdump -PAK_VER = 15 +PAK_VER = 16
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8e8adda6df40f3a79cbeb80bd01d43834e0b3ec44c8227bda2260b43ea0852f76beb02199120cca16adae0d793841cf684e7e276e520f49479a1b04ab1dc4821 +$(DL_FILE)_BLAKE2 = f100e10774574ef04a770bc30d4e2d06fd0f1f16a7b2c88848be6e8290cc4838666ff378d9f78fdc418f4ffab9716a11214edc3588c292cb5ff39636cd7cfd2d
install : $(TARGET)
diff --git a/lfs/zstd b/lfs/zstd index 1c2447f54..068f972a3 100644 --- a/lfs/zstd +++ b/lfs/zstd @@ -24,7 +24,7 @@
include Config
-VER = 1.5.4 +VER = 1.5.5
THISAPP = zstd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ffc5fcbbdf4ab04bc14b5037308bf4e879d4cbaaf863462ea1e8af3f1b86b935ee6036e49298c83ac42b00472c003e32c263c977f0ae7d64f31d9ae63c5c28cb +$(DL_FILE)_BLAKE2 = 7680e27a0adacfb809d9fc81e06d3f99bf74df30374d3b5cb2d58f667dd1b7d5c41697e608592709e17c0e32277f20a6d615edee409b5d7cdcb15da2799a2350
install : $(TARGET)
diff --git a/src/paks/dbus/install.sh b/src/paks/dbus/install.sh index bf4e5a6d5..e4f2abda2 100644 --- a/src/paks/dbus/install.sh +++ b/src/paks/dbus/install.sh @@ -17,13 +17,13 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# Copyright (C) 2007-2023 IPFire-Team info@ipfire.org. # # # ############################################################################ # . /opt/pakfire/lib/functions.sh extract_files -useradd messagebus +id -u messagebus &>/dev/null || useradd -r -d /var/empty -s /bin/false messagebus
# Create start links ln -svf ../init.d/messagebus /etc/rc.d/rc3.d/S15messagebus diff --git a/src/paks/dbus/uninstall.sh b/src/paks/dbus/uninstall.sh index 49fc30e30..1c0573735 100644 --- a/src/paks/dbus/uninstall.sh +++ b/src/paks/dbus/uninstall.sh @@ -22,7 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh -stop_service ${NAME} +stop_service messagebus
# Remove start files rm -rf /etc/rc.d/rc*.d/*messagebus diff --git a/src/patches/cups-2.4.2_Fix_TLS_certificate_generation_bugs_with_openssl.patch b/src/patches/cups-2.4.2_Fix_TLS_certificate_generation_bugs_with_openssl.patch new file mode 100644 index 000000000..a356474d2 --- /dev/null +++ b/src/patches/cups-2.4.2_Fix_TLS_certificate_generation_bugs_with_openssl.patch @@ -0,0 +1,337 @@ +--- cups-2.4.2/cups/tls-openssl.c.orig 2022-05-26 08:17:21.000000000 +0200 ++++ cups-2.4.2/cups/tls-openssl.c 2023-04-24 20:13:16.431108315 +0200 +@@ -1,7 +1,7 @@ + /* + * TLS support code for CUPS using OpenSSL/LibreSSL. + * +- * Copyright © 2020-2022 by OpenPrinting ++ * Copyright © 2020-2023 by OpenPrinting + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. + * +@@ -35,7 +35,8 @@ + static time_t http_get_date(X509 *cert, int which); + //static void http_load_crl(void); + static const char *http_make_path(char *buffer, size_t bufsize, const char *dirname, const char *filename, const char *ext); +-static void http_x509_add_san(X509 *cert, const char *name); ++static int http_x509_add_ext(X509 *cert, int nid, const char *value); ++static void http_x509_add_san(GENERAL_NAMES *gens, const char *name); + + + /* +@@ -79,11 +80,15 @@ + cups_lang_t *language; // Default language info + time_t curtime; // Current time + X509_NAME *name; // Subject/issuer name ++ ASN1_INTEGER *serial; // Serial number ++ ASN1_TIME *notBefore, // Initial date ++ *notAfter; // Expiration date + BIO *bio; // Output file + char temp[1024], // Temporary directory name + crtfile[1024], // Certificate filename + keyfile[1024]; // Private key filename + const char *common_ptr; // Pointer into common name ++ GENERAL_NAMES *gens; // Names for SubjectAltName certificate extension + + + DEBUG_printf(("cupsMakeServerCredentials(path="%s", common_name="%s", num_alt_names=%d, alt_names=%p, expiration_date=%d)", path, common_name, num_alt_names, alt_names, (int)expiration_date)); +@@ -104,7 +109,7 @@ + // Create the encryption key... + DEBUG_puts("1cupsMakeServerCredentials: Creating key pair."); + +- if ((rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL)) == NULL) ++ if ((rsa = RSA_generate_key(3072, RSA_F4, NULL, NULL)) == NULL) + { + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create key pair."), 1); + return (0); +@@ -131,25 +136,43 @@ + return (0); + } + +- curtime = time(NULL); +- language = cupsLangDefault(); ++ curtime = time(NULL); ++ ++ notBefore = ASN1_TIME_new(); ++ ASN1_TIME_set(notBefore, curtime); ++ X509_set_notBefore(cert, notBefore); ++ ASN1_TIME_free(notBefore); ++ ++ notAfter = ASN1_TIME_new(); ++ ASN1_TIME_set(notAfter, expiration_date); ++ X509_set_notAfter(cert, notAfter); ++ ASN1_TIME_free(notAfter); ++ ++ serial = ASN1_INTEGER_new(); ++ ASN1_INTEGER_set(serial, (int)curtime); ++ X509_set_serialNumber(cert, serial); ++ ASN1_INTEGER_free(serial); + +- ASN1_TIME_set(X509_get_notBefore(cert), curtime); +- ASN1_TIME_set(X509_get_notAfter(cert), expiration_date); +- ASN1_INTEGER_set(X509_get_serialNumber(cert), (int)curtime); + X509_set_pubkey(cert, pkey); + +- name = X509_get_subject_name(cert); ++ language = cupsLangDefault(); ++ name = X509_NAME_new(); + if (strlen(language->language) == 5) +- X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)language->language + 3, -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_countryName, MBSTRING_ASC, (unsigned char *)language->language + 3, -1, -1, 0); + else +- X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char *)"US", -1, -1, 0); +- X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char *)"Unknown", -1, -1, 0); +- X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)common_name, -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_countryName, MBSTRING_ASC, (unsigned char *)"US", -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_commonName, MBSTRING_ASC, (unsigned char *)common_name, -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_organizationName, MBSTRING_ASC, (unsigned char *)common_name, -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_organizationalUnitName, MBSTRING_ASC, (unsigned char *)"Unknown", -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_stateOrProvinceName, MBSTRING_ASC, (unsigned char *)"Unknown", -1, -1, 0); ++ X509_NAME_add_entry_by_txt(name, SN_localityName, MBSTRING_ASC, (unsigned char *)"Unknown", -1, -1, 0); + + X509_set_issuer_name(cert, name); ++ X509_set_subject_name(cert, name); ++ X509_NAME_free(name); + +- http_x509_add_san(cert, common_name); ++ gens = sk_GENERAL_NAME_new_null(); ++ http_x509_add_san(gens, common_name); + if ((common_ptr = strstr(common_name, ".local")) == NULL) + { + // Add common_name.local to the list, too... +@@ -161,7 +184,7 @@ + *localptr = '\0'; + strlcat(localname, ".local", sizeof(localname)); + +- http_x509_add_san(cert, localname); ++ http_x509_add_san(gens, localname); + } + + if (num_alt_names > 0) +@@ -171,10 +194,22 @@ + for (i = 0; i < num_alt_names; i ++) + { + if (strcmp(alt_names[i], "localhost")) +- http_x509_add_san(cert, alt_names[i]); ++ http_x509_add_san(gens, alt_names[i]); + } + } + ++ // Add extension with DNS names and free buffer for GENERAL_NAME ++ X509_add1_ext_i2d(cert, NID_subject_alt_name, gens, 0, X509V3_ADD_DEFAULT); ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ ++ // Add extensions that are required to make Chrome happy... ++ http_x509_add_ext(cert, NID_basic_constraints, "critical,CA:FALSE,pathlen:0"); ++ http_x509_add_ext(cert, NID_key_usage, "critical,digitalSignature,keyEncipherment"); ++ http_x509_add_ext(cert, NID_ext_key_usage, "1.3.6.1.5.5.7.3.1"); ++ http_x509_add_ext(cert, NID_subject_key_identifier, "hash"); ++ http_x509_add_ext(cert, NID_authority_key_identifier, "keyid,issuer"); ++ X509_set_version(cert, 2); // v3 ++ + X509_sign(cert, pkey, EVP_sha256()); + + // Save them... +@@ -959,6 +994,7 @@ + const char *cn, // Common name to lookup + *cnptr; // Pointer into common name + int have_creds = 0; // Have credentials? ++ int key_status, crt_status; // Key and certificate load status + + context = SSL_CTX_new(TLS_server_method()); + +@@ -1002,6 +1038,8 @@ + else + cn = tls_common_name; + ++ _cupsMutexLock(&tls_mutex); ++ + if (cn) + { + // First look in the CUPS keystore... +@@ -1042,20 +1080,41 @@ + { + DEBUG_printf(("4_httpTLSStart: Auto-create credentials for "%s".", cn)); + +- if (!cupsMakeServerCredentials(tls_keypath, cn, 0, NULL, time(NULL) + 365 * 86400)) ++ if (!cupsMakeServerCredentials(tls_keypath, cn, 0, NULL, time(NULL) + 3650 * 86400)) + { + DEBUG_puts("4_httpTLSStart: cupsMakeServerCredentials failed."); + http->error = errno = EINVAL; + http->status = HTTP_STATUS_ERROR; + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create server credentials."), 1); +- SSL_CTX_free(context); ++ SSL_CTX_free(context); ++ _cupsMutexUnlock(&tls_mutex); + + return (-1); + } + } + +- SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM); +- SSL_CTX_use_certificate_file(context, crtfile, SSL_FILETYPE_PEM); ++ _cupsMutexUnlock(&tls_mutex); ++ ++ DEBUG_printf(("4_httpTLSStart: Using private key file '%s'.", keyfile)); ++ DEBUG_printf(("4_httpTLSStart: Using certificate file '%s'.", crtfile)); ++ ++ crt_status = SSL_CTX_use_certificate_chain_file(context, crtfile); ++ key_status = SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM); ++ ++ if (!key_status || !crt_status) ++ { ++ // Unable to load private key or certificate... ++ DEBUG_puts("4_httpTLSStart: Unable to use private key or certificate chain file."); ++ if ((error = ERR_get_error()) != 0) ++ _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, ERR_error_string(error, NULL), 0); ++ ++ http->status = HTTP_STATUS_ERROR; ++ http->error = EIO; ++ ++ SSL_CTX_free(context); ++ ++ return (-1); ++ } + } + + // Set TLS options... +@@ -1068,6 +1127,8 @@ + strlcat(cipherlist, ":!SHA1:!SHA256:!SHA384", sizeof(cipherlist)); + strlcat(cipherlist, ":@STRENGTH", sizeof(cipherlist)); + ++ DEBUG_printf(("4_httpTLSStart: cipherlist='%s', tls_min_version=%d, tls_max_version=%d", cipherlist, tls_min_version, tls_max_version)); ++ + SSL_CTX_set_min_proto_version(context, versions[tls_min_version]); + SSL_CTX_set_max_proto_version(context, versions[tls_max_version]); + SSL_CTX_set_cipher_list(context, cipherlist); +@@ -1094,7 +1155,8 @@ + + if (http->mode == _HTTP_MODE_CLIENT) + { +- // Negotiate as a server... ++ // Negotiate as a client... ++ DEBUG_puts("4_httpTLSStart: Calling SSL_connect..."); + if (SSL_connect(http->tls) < 1) + { + // Failed +@@ -1109,12 +1171,15 @@ + SSL_free(http->tls); + http->tls = NULL; + ++ DEBUG_printf(("4_httpTLSStart: Returning -1 (%s)", ERR_error_string(error, NULL))); ++ + return (-1); + } + } + else + { + // Negotiate as a server... ++ DEBUG_puts("4_httpTLSStart: Calling SSL_accept..."); + if (SSL_accept(http->tls) < 1) + { + // Failed +@@ -1129,10 +1194,14 @@ + SSL_free(http->tls); + http->tls = NULL; + ++ DEBUG_printf(("4_httpTLSStart: Returning -1 (%s)", ERR_error_string(error, NULL))); ++ + return (-1); + } + } + ++ DEBUG_puts("4_httpTLSStart: Returning 0."); ++ + return (0); + } + +@@ -1152,6 +1221,8 @@ + SSL_shutdown(http->tls); + SSL_CTX_free(context); + SSL_free(http->tls); ++ ++ http->tls = NULL; + } + + +@@ -1564,32 +1635,62 @@ + + + // +-// 'http_x509_add_san()' - Add a subjectAltName extension to an X.509 certificate. ++// 'http_x509_add_ext()' - Add an extension to a certificate. + // + +-static void +-http_x509_add_san(X509 *cert, // I - Certificate +- const char *name) // I - Hostname ++static int // O - 1 on success, 0 on failure ++http_x509_add_ext(X509 *cert, // I - Certificate ++ int nid, // I - Extension ID ++ const char *value) // I - Value + { +- char dns_name[1024]; // DNS: prefixed hostname +- X509_EXTENSION *san_ext; // Extension for subjectAltName +- ASN1_OCTET_STRING *san_asn1; // ASN1 string ++ int ret; // Return value ++ X509_EXTENSION *ex = NULL; // Extension ++ X509V3_CTX ctx; // Certificate context + + +- // The subjectAltName value for DNS names starts with a DNS: prefix... +- snprintf(dns_name, sizeof(dns_name), "DNS: %s", name); ++ DEBUG_printf(("3http_x509_add_ext(cert=%p, nid=%d, value="%s")", (void *)cert, nid, value)); + +- if ((san_asn1 = ASN1_OCTET_STRING_new()) == NULL) +- return; ++ // Don't use a configuration database... ++ X509V3_set_ctx_nodb(&ctx); + +- ASN1_OCTET_STRING_set(san_asn1, (unsigned char *)dns_name, strlen(dns_name)); +- if ((san_ext = X509_EXTENSION_create_by_NID(NULL, NID_subject_alt_name, 0, san_asn1)) == NULL) ++ // Self-signed certificates use the same issuer and subject... ++ X509V3_set_ctx(&ctx, /*issuer*/cert, /*subject*/cert, /*req*/NULL, /*crl*/NULL, /*flags*/0); ++ ++ // Create and add the extension... ++ if ((ex = X509V3_EXT_conf_nid(/*conf*/NULL, &ctx, nid, value)) == NULL) + { +- ASN1_OCTET_STRING_free(san_asn1); +- return; ++ DEBUG_puts("4http_x509_add_ext: Unable to create extension, returning false."); ++ return (0); + } + +- X509_add_ext(cert, san_ext, -1); +- X509_EXTENSION_free(san_ext); +- ASN1_OCTET_STRING_free(san_asn1); ++ ret = X509_add_ext(cert, ex, -1) != 0; ++ ++ DEBUG_printf(("4http_x509_add_ext: X509_add_ext returned %s.", ret ? "true" : "false")); ++ ++ // Free the extension and return... ++ X509_EXTENSION_free(ex); ++ ++ return (ret); ++} ++ ++ ++// ++// 'http_x509_add_san()' - Add a subjectAltName to GENERAL_NAMES used for ++// the extension to an X.509 certificate. ++// ++ ++static void ++http_x509_add_san(GENERAL_NAMES *gens, // I - Concatenation of DNS names ++ const char *name) // I - Hostname ++{ ++ GENERAL_NAME *gen_dns = GENERAL_NAME_new(); ++ // DNS: name ++ ASN1_IA5STRING *ia5 = ASN1_IA5STRING_new(); ++ // Hostname string ++ ++ ++ // Set the strings and push it on the GENERAL_NAMES list... ++ ASN1_STRING_set(ia5, name, strlen(name)); ++ GENERAL_NAME_set0_value(gen_dns, GEN_DNS, ia5); ++ sk_GENERAL_NAME_push(gens, gen_dns); + } diff --git a/src/patches/cups-2.4.2_Fix_default_cupsd_keychain_with_OpenSSL.patch b/src/patches/cups-2.4.2_Fix_default_cupsd_keychain_with_OpenSSL.patch new file mode 100644 index 000000000..ebd3a4843 --- /dev/null +++ b/src/patches/cups-2.4.2_Fix_default_cupsd_keychain_with_OpenSSL.patch @@ -0,0 +1,16 @@ +--- cups-2.4.2/scheduler/conf.c.orig 2022-05-26 08:17:21.000000000 +0200 ++++ cups-2.4.2/scheduler/conf.c 2023-04-23 15:37:48.521145700 +0200 +@@ -605,11 +605,11 @@ + ClassifyOverride = 0; + + #ifdef HAVE_TLS +-# ifdef HAVE_GNUTLS ++# if defined HAVE_GNUTLS || defined HAVE_OPENSSL + cupsdSetString(&ServerKeychain, "ssl"); + # else + cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); +-# endif /* HAVE_GNUTLS */ ++# endif /* HAVE_GNUTLS || HAVE_OPENSSL */ + + _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX); + #endif /* HAVE_TLS */
hooks/post-receive -- IPFire 2.x development tree