This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 6c8b5444946bd5cadb665ae7f37c7f62fcba2252 (commit) via a08b674d1ba6651a1cbd4a8a29e2a719723caac0 (commit) via a32de1bbaec84e18a3284015fda0b0467ca60831 (commit) from 0ba187b4d391d02e3016cc44f313320e6481198b (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6c8b5444946bd5cadb665ae7f37c7f62fcba2252 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 13 22:41:05 2025 +0100
freeradius: Update to version 3.2.6
- Update from version 3.2.5 to 3.2.6 - Update of rootfile - Changelog 3.2.6 Configuration changes * require_message_authenticator=auto and limit_proxy_state=auto are not applied for wildcard clients. This likely will leave your network in an insecure state. Upgrade all clients! Feature improvements * Allow for "auth+acct" dynamic home servers. * Allow for setting "Home-Server-Pool", etc. for proxying accounting packets, just like authentication packets. * Fix spelling in starent SN[1]-Subscriber-Acct-Mode attribute value. Patch from John Thacker. * Update dictionary.iea. Patch from John Thacker. * Add warning for secrets that are too short. * More debugging for SSL ciphers. Patch from Nick Porter. * Update 3GPP dictionary. Patch from Nick Porter. * Fix ZTE dictionary. * Make radsecret more portable and avoid extra dependencies. * Add timestamp for Client-Lost so we don't think it's 1970. Patch from Alexander Clouter. #5353 Bug fixes * Dynamic clients now inherit require_message_authenticator and limit_proxy_state from dynamic client {...} definition. * Fix radsecret build rules to better support parallel builds. * Checkpoint systems should be reconfigured for the BlastRADIUS attack: https://support.checkpoint.com/results/sk/sk182516 The Checkpoint systems drop packets containing Message-Authenticator, which violates the RFCs and is completely ridiculous. * Fix duplicate CoA packet issue. #5397 * Several fixes in the event code * Don't leak memory in rlm_sql_sqlite. #5392 * Don't stop processing RadSec data too early.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a08b674d1ba6651a1cbd4a8a29e2a719723caac0 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 16 18:19:10 2025 +0100
libxxhash: Update to version 0.8.3 and make available to rsync
- Update from version 0.8.2 to 0.8.3 - Update of rootfile - Move libxxhash to before rsync in make.sh - Changelog 0.8.3 - fix : variant `XXH3_128bits_withSecretandSeed()` could produce an invalid result in some specific set of conditions, #894 by @hltj - cli : vector extension detected at runtime on x86/x64, enabled by default - cli : new commands `--filelist` and `--files-from`, by @Ian-Clowes - cli : XXH3 64-bits GNU format can now be generated and checked (command `-H3`) - portability: LoongArch SX SIMD extension, by @lrzlin - portability: can build on AIX, suggested by @likema - portability: validated for SPARC cpus
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a32de1bbaec84e18a3284015fda0b0467ca60831 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 16 18:19:09 2025 +0100
rsync: Update to version 3.4.1
- Update from version 3.3.0 to 3.4.1 as the previous patch which went from 3.3.0 to 3.4.0 has only been merged into CU190 and not into next where this patch is being done. Not sure if this will cause problems or not. I updated the PAK_VER of rsynce from 19 to 21 so that it went over the PAK_VER of the version merged into CU190. - If how I have done it is not the best or not correct just let me know how I should do it and I will re-do it. - Update of rootfile not required. - Added in enabling xxhash as we have that available in IPFire as another addon. - Ran rsync -V and confirmed that xxhash is now available to rsync. - Changelog 3.4.1 Release 3.4.1 is a fix for regressions introduced in 3.4.0 BUG FIXES: - fixed handling of -H flag with conflict in internal flag values - fixed a user after free in logging of failed rename - fixed build on systems without openat() - removed dependency on alloca() in bundled popt DEVELOPER RELATED: - fix to permissions handling in the developer release script 3.4.0 (This was already in the previous patch that went from 3.3.0 to 3.4.0 Release 3.4.0 is a security release that fixes a number of important vulnerabilities. For more details on the vulnerabilities please see the CERT report https://kb.cert.org/vuls/id/952657 PROTOCOL NUMBER: - The protocol number was changed to 32 to make it easier for administrators to check their servers have been updated SECURITY FIXES: Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to develop and test fixes. - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. - CVE-2024-12086 - Server leaks arbitrary client files. - CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links. - CVE-2024-12088 - --safe-links Bypass. - CVE-2024-12747 - symlink race condition. BUG FIXES: - Fixed the included popt to avoid a memory error on modern gcc versions. - Fixed an incorrect extern variable's type that caused an ACL issue on macOS. - Fixed IPv6 configure check INTERNAL: - Updated included popt to version 1.19. DEVELOPER RELATED: - Various improvements to the release scripts and git setup. - Improved packaging/var-checker to identify variable type issues. - added FreeBSD and Solaris CI builds
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/packages/freeradius | 1 + config/rootfiles/packages/libxxhash | 4 +++- lfs/freeradius | 8 ++++---- lfs/libxxhash | 8 ++++---- lfs/rsync | 12 ++++++------ make.sh | 2 +- 6 files changed, 19 insertions(+), 16 deletions(-)
Difference in files: diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius index 7e02a46dff..3a82e7d9c5 100644 --- a/config/rootfiles/packages/freeradius +++ b/config/rootfiles/packages/freeradius @@ -627,6 +627,7 @@ usr/sbin/radmin #usr/share/doc/freeradius/antora/modules/ROOT/pages #usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc #usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc +#usr/share/doc/freeradius/antora/modules/ROOT/pages/radiusd_x.adoc #usr/share/doc/freeradius/antora/modules/concepts #usr/share/doc/freeradius/antora/modules/concepts/nav.adoc #usr/share/doc/freeradius/antora/modules/concepts/pages diff --git a/config/rootfiles/packages/libxxhash b/config/rootfiles/packages/libxxhash index d49d521545..a50cae5ffa 100644 --- a/config/rootfiles/packages/libxxhash +++ b/config/rootfiles/packages/libxxhash @@ -1,5 +1,6 @@ usr/bin/xxh128sum usr/bin/xxh32sum +usr/bin/xxh3sum usr/bin/xxh64sum usr/bin/xxhsum #usr/include/xxh3.h @@ -7,9 +8,10 @@ usr/bin/xxhsum #usr/lib/libxxhash.a #usr/lib/libxxhash.so usr/lib/libxxhash.so.0 -usr/lib/libxxhash.so.0.8.2 +usr/lib/libxxhash.so.0.8.3 #usr/lib/pkgconfig/libxxhash.pc #usr/share/man/man1/xxh128sum.1 #usr/share/man/man1/xxh32sum.1 +#usr/share/man/man1/xxh3sum.1 #usr/share/man/man1/xxh64sum.1 #usr/share/man/man1/xxhsum.1 diff --git a/lfs/freeradius b/lfs/freeradius index 228515400e..e45e41aa41 100644 --- a/lfs/freeradius +++ b/lfs/freeradius @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = RADIUS Server
-VER = 3.2.5 +VER = 3.2.6
THISAPP = freeradius-server-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = freeradius -PAK_VER = 22 +PAK_VER = 23
DEPS = libtalloc samba
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 169dccd6f04b4503869912dec9423279cc18fc22fa3babf324747bdf0d80d3b4fa5460ac07f89f8d845bf664283a9772b483b8fcec990364fcaf71b673b6917c +$(DL_FILE)_BLAKE2 = 0af7cdf7fb784f2d5019f3bcb06d1d44dca046c9a4513d780ab032367001b6a67e9ea17a3a5b4609b9d7b936647e60c96e35188ba9644c4360071ac8d021bd58
install : $(TARGET)
diff --git a/lfs/libxxhash b/lfs/libxxhash index 40aeb2e98a..024a88f891 100644 --- a/lfs/libxxhash +++ b/lfs/libxxhash @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.8.2 +VER = 0.8.3 SUMMARY = Extremely fast non-cryptographic hash algorithm, working at RAM speed limit
THISAPP = xxHash-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libxxhash -PAK_VER = 1 +PAK_VER = 2
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 735408256240760778fa516e01bed428f04837eb4e059c512e924f13e4a96db6cacbbefb04dea65a37b0f25b52cf13c4927a6e7870dc8c0d45b1b955d4ba3da1 +$(DL_FILE)_BLAKE2 = 75923c7c5df3490062791fa02ccddfb7281b3646e2b3e4b4a0c0d611c339e07c8d9cb656777fd0fcec9cda484f7b33edf080116bb011f70d6b8299cda63afa4e
install : $(TARGET)
diff --git a/lfs/rsync b/lfs/rsync index fcbcd0ab90..789b100bdb 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.3.0 +VER = 3.4.1
THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 19 +PAK_VER = 21
-DEPS = +DEPS = libxxhash
SERVICES =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 +$(DL_FILE)_BLAKE2 = 79c1cad697547059ee241e20c26d7f97bed3ad062deb856d31a617fead333a2d9f62c7c47c1efaf70033dbc358fe547d034c35e8181abb51a1fc893557882bc7
install : $(TARGET)
@@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --without-included-popt \ --without-included-zlib \ - --disable-xxhash + --enable-xxhash
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install diff --git a/make.sh b/make.sh index 7b7a2b9cfb..86d018ae4f 100755 --- a/make.sh +++ b/make.sh @@ -1834,6 +1834,7 @@ build_system() { lfsmake2 xvid lfsmake2 libmpeg2 lfsmake2 gnump3d + lfsmake2 libxxhash lfsmake2 rsync lfsmake2 rpcbind lfsmake2 keyutils @@ -2047,7 +2048,6 @@ build_system() { lfsmake2 libplist lfsmake2 nqptp lfsmake2 shairport-sync - lfsmake2 libxxhash lfsmake2 borgbackup lfsmake2 knot lfsmake2 spectre-meltdown-checker
hooks/post-receive -- IPFire 2.x development tree