This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 2e63b7128e519657d445b0cbfc473725fc13a3a4 (commit) via a1836ab1206151d0a714c273d384a5b9ec65f569 (commit) via 16c82f31aa944b248dedb51469e385052f9ea161 (commit) via f20ca78eff6e8baeb86361f55adf52819d1bae1f (commit) via 1b6b4118b2234efa9b28553bc8f9b2c6b74bb5fb (commit) via 607d3a26d8635e6d5ceb4bdcd57198ab23174bbc (commit) via 525e575e0463d9275904ec1273b650859e5358c3 (commit) via cc78ea658d06f1866fb235c14535bd52bb4a479b (commit) via e08399ddd31d6885559afff2970e0c65dd5fbcc2 (commit) via c084d8f970b428ef043aab0263c0f2a8c2f814f5 (commit) via f7447b1b8e37a8ac6663e49ce50f4e1fa49538d4 (commit) from 46c8316642fe90df99de1c0b735f7f4ed9a44464 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2e63b7128e519657d445b0cbfc473725fc13a3a4 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jul 10 17:30:15 2023 +0000
dehydrated: Keep going if re-issuing one certificate fails
This change will make sure that dehydrated will continue if (re-)issuing one or more certificate fails.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit a1836ab1206151d0a714c273d384a5b9ec65f569 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 11 09:37:26 2023 +0000
core177: Do not ship location database extracted in ipset format
Since the update is not built on the day when people install it, we will ship an outdated database. For updates, where the firewall is being reloaded or rebooted, we will have an old database in place until the next database update job runs.
Secondly, the data is 33 MiB in size, which is useless data shipped as every system will already have a database that is very likely to be more recent.
In this update, we are not shipping the location database again, but I wanted to add this change so it does not get lost next time.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 16c82f31aa944b248dedb51469e385052f9ea161 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Jul 13 14:28:44 2023 +0000
Core Update 177: Ship unbound-dhcp-leases-bridge
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f20ca78eff6e8baeb86361f55adf52819d1bae1f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 11 13:29:32 2023 +0000
unbound-dhcp-leases-bridge: Reload unbound to import leases
This changes the old "diff" algorithm that we needed to have before Unbound was able to reload its own configuration.
Now, it can do this even without dropping the cache. This should hopefully perform much better and be more reliable than the old way.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit 1b6b4118b2234efa9b28553bc8f9b2c6b74bb5fb Author: Peter Müller peter.mueller@ipfire.org Date: Thu Jul 13 14:26:34 2023 +0000
Core Update 177: Ship fireinfo
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 607d3a26d8635e6d5ceb4bdcd57198ab23174bbc Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jul 13 14:05:38 2023 +0000
fireinfo: Fix SEGV in detect_hypervisor()
Fixes: #13155 - _fireinfo.detect_hypervisor() rises Segmentation fault Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit 525e575e0463d9275904ec1273b650859e5358c3 Author: Jon Murphy jon.murphy@ipfire.org Date: Thu Jul 6 16:05:06 2023 -0500
pmacct: fix bug 13159
- changes `interface` to `pcap_interface` in pmacct.conf file. - thank you to @iptom for finding and reporting the issue and to many others for pitching in and helping debug!
Signed-off-by: Jon Murphy jon.murphy@ipfire.org
commit cc78ea658d06f1866fb235c14535bd52bb4a479b Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jul 9 15:15:00 2023 +0000
Core Update 177: Delete OpenSSL 1.1.1 files
Originally announced for Core Update 176, this step was postponed until Core Update 177 due to my fault of having shipped all necessary dependencies for OpenSSL 3.x in Core Update 175 properly.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit e08399ddd31d6885559afff2970e0c65dd5fbcc2 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jul 9 14:56:00 2023 +0000
linux: Trigger a BUG() when corruption of kernel data structures is detected
Given that this will merely log such an incident, this can be safely enabled.
Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c084d8f970b428ef043aab0263c0f2a8c2f814f5 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jul 9 14:55:00 2023 +0000
linux: Enable Indirect Branch Tracking by default
This became upstream default (see https://www.phoronix.com/news/Linux-IBT-By-Default-Tip for IT news media coverage), and given its security-relevance, we should adopt this setting as well.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit f7447b1b8e37a8ac6663e49ce50f4e1fa49538d4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 10 13:50:42 2023 +0200
kernel: update to 6.1.38
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/dehydrated/cron.sh | 2 +- config/kernel/kernel.config.aarch64-ipfire | 6 +-- config/kernel/kernel.config.riscv64-ipfire | 4 +- config/kernel/kernel.config.x86_64-ipfire | 8 ++-- config/pmacct/pmacct.conf | 25 ++++++++--- config/rootfiles/common/x86_64/linux | 1 + config/rootfiles/core/177/exclude | 1 + config/rootfiles/core/177/filelists/files | 1 + .../{oldcore/127 => core/177}/filelists/fireinfo | 0 config/rootfiles/core/177/update.sh | 6 ++- config/unbound/unbound-dhcp-leases-bridge | 52 ++++------------------ lfs/dehydrated | 2 +- lfs/fireinfo | 1 + lfs/linux | 4 +- lfs/pmacct | 4 +- src/paks/pmacct/install.sh | 12 ++++- ...ff-by-one-error-when-detecting-hypervisor.patch | 38 ++++++++++++++++ 17 files changed, 100 insertions(+), 67 deletions(-) copy config/rootfiles/{oldcore/127 => core/177}/filelists/fireinfo (100%) create mode 100644 src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
Difference in files: diff --git a/config/dehydrated/cron.sh b/config/dehydrated/cron.sh index 0aa778a38..f2f842527 100644 --- a/config/dehydrated/cron.sh +++ b/config/dehydrated/cron.sh @@ -1,3 +1,3 @@ #!/bin/bash
-exec /usr/bin/dehydrated --cron +exec /usr/bin/dehydrated --cron --keep-going diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index a2c852654..bc07256b6 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.1.37-ipfire Kernel Configuration +# Linux/arm64 6.1.38-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y @@ -8586,11 +8586,11 @@ CONFIG_STACKTRACE=y # # Debug kernel data structures # -# CONFIG_DEBUG_LIST is not set +CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index 8197244c1..7b129a349 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -7073,11 +7073,11 @@ CONFIG_STACKTRACE=y # # Debug kernel data structures # -# CONFIG_DEBUG_LIST is not set +CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 0017a6f54..eeda765dd 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.37-ipfire Kernel Configuration +# Linux/x86 6.1.38-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y @@ -431,7 +431,7 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_X86_UMIP=y CONFIG_CC_HAS_IBT=y -# CONFIG_X86_KERNEL_IBT is not set +CONFIG_X86_KERNEL_IBT=y CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y CONFIG_X86_INTEL_TSX_MODE_OFF=y # CONFIG_X86_INTEL_TSX_MODE_ON is not set @@ -7761,11 +7761,11 @@ CONFIG_STACKTRACE=y # # Debug kernel data structures # -# CONFIG_DEBUG_LIST is not set +CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures
diff --git a/config/pmacct/pmacct.conf b/config/pmacct/pmacct.conf index 3c1d47efa..79e3fd6a7 100644 --- a/config/pmacct/pmacct.conf +++ b/config/pmacct/pmacct.conf @@ -2,23 +2,38 @@ ! Pmacctd configuration file for IPFire environment !
+!----------------------------------- global ----------------------------------- + syslog: daemon daemonize: true debug: false promisc: true -interface: green0 +pcap_interface: green0 + +imt_mem_pools_number: 256
+plugins: memory[plugin1] # , sqlite3[plugin2] + + +!----------------------------------- memory -----------------------------------
! ! "plugin1" plugin configuration ! -plugins: memory[plugin1]
plugin_buffer_size[plugin1]: 102400 -plugin_pipe_size[plugin1]: 10240000 +plugin_pipe_size[plugin1]: 10240000
-imt_mem_pools_number: 256 imt_path[plugin1]: /var/spool/pmacct/plugin1.pipe
aggregate[plugin1]: src_host, src_port, src_mac, dst_host, dst_port, dst_mac, proto -aggregate_filter[plugin1]: ip \ No newline at end of file +aggregate_filter[plugin1]: ip + + +!----------------------------------- sqlite3 ---------------------------------- + +! +! "plugin2" plugin configuration +! + +! add your sqlite3 plugin2 here... diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 2da7da282..512246b73 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -11324,6 +11324,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/X86_INTERNODE_CACHE_SHIFT #lib/modules/KVER-ipfire/build/include/config/X86_IOPL_IOPERM #lib/modules/KVER-ipfire/build/include/config/X86_IO_APIC +#lib/modules/KVER-ipfire/build/include/config/X86_KERNEL_IBT #lib/modules/KVER-ipfire/build/include/config/X86_L1_CACHE_SHIFT #lib/modules/KVER-ipfire/build/include/config/X86_LOCAL_APIC #lib/modules/KVER-ipfire/build/include/config/X86_MCE diff --git a/config/rootfiles/core/177/exclude b/config/rootfiles/core/177/exclude index 378c2d563..8ee1c3c2f 100644 --- a/config/rootfiles/core/177/exclude +++ b/config/rootfiles/core/177/exclude @@ -27,6 +27,7 @@ var/ipfire/urlfilter/blacklist var/ipfire/urlfilter/settings var/lib/alternatives var/lib/location/database.db +var/lib/location/ipset var/log/cache var/log/dhcpcd.log var/log/messages diff --git a/config/rootfiles/core/177/filelists/files b/config/rootfiles/core/177/filelists/files index 2b03325d3..1e50572e7 100644 --- a/config/rootfiles/core/177/filelists/files +++ b/config/rootfiles/core/177/filelists/files @@ -233,3 +233,4 @@ lib/firmware/rtlwifi/rtl8192fufw.bin lib/firmware/rtw89/rtw8851b_fw.bin lib/firmware/rtw89/rtw8852b_fw-1.bin lib/firmware/rtw89/rtw8852c_fw.bin +usr/sbin/unbound-dhcp-leases-bridge diff --git a/config/rootfiles/core/177/filelists/fireinfo b/config/rootfiles/core/177/filelists/fireinfo new file mode 120000 index 000000000..c46115521 --- /dev/null +++ b/config/rootfiles/core/177/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/config/rootfiles/core/177/update.sh b/config/rootfiles/core/177/update.sh index ebe2b4fe5..a98d39f2d 100644 --- a/config/rootfiles/core/177/update.sh +++ b/config/rootfiles/core/177/update.sh @@ -106,7 +106,10 @@ rm -rvf \ /lib/firmware/cxgb4/t5fw-1.27.1* \ /lib/firmware/cxgb4/t6fw-1.27.1* \ /lib/firmware/intel/ice/ddp-comms/ice_comms-1.3.3* \ - /lib/firmware/intel/ice/ddp-wireless_edge/ice_wireless_edge-1.3.7* + /lib/firmware/intel/ice/ddp-wireless_edge/ice_wireless_edge-1.3.7* \ + /usr/lib/engines-1* \ + /usr/lib/libcrypto.so.1* \ + /usr/lib/libssl.so.1*
# update linker config ldconfig @@ -118,6 +121,7 @@ ldconfig /usr/local/bin/filesystem-cleanup
# Start services +/etc/init.d/unbound reload /etc/init.d/ntp restart if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge index e89e0446b..e9f022aff 100644 --- a/config/unbound/unbound-dhcp-leases-bridge +++ b/config/unbound/unbound-dhcp-leases-bridge @@ -514,56 +514,19 @@ class UnboundConfigWriter(object): def __init__(self, path): self.path = path
- self._cached_leases = [] - def update_dhcp_leases(self, leases): - # Find any leases that have expired or do not exist any more - # but are still in the unbound local data - removed_leases = [l for l in self._cached_leases if not l in leases] - - # Find any leases that have been added - new_leases = [l for l in leases if l not in self._cached_leases] - - # End here if nothing has changed - if not new_leases and not removed_leases: - return - # Write out all leases self.write_dhcp_leases(leases)
- # Update unbound about changes - for l in removed_leases: - try: - for name, ttl, type, content in l.rrset: - log.debug("Removing records for %s" % name) - self._control("local_data_remove", name) - - # If the lease cannot be removed we will try the next one - except: - continue - - # If the removal was successful, we will remove it from the cache - else: - self._cached_leases.remove(l) - - for l in new_leases: - try: - for rr in l.rrset: - log.debug("Adding new record %s" % " ".join(rr)) - self._control("local_data", *rr) - - # If the lease cannot be added we will try the next one - except: - continue + log.debug("Reloading Unbound...")
- # Add lease to cache when successfully added - else: - self._cached_leases.append(l) + # Reload the configuration without dropping the cache + self._control("reload_keep_cache")
def write_dhcp_leases(self, leases): - with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: - filename = f.name + log.debug("Writing DHCP leases...")
+ with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: for l in leases: for rr in l.rrset: f.write("local-data: "%s"\n" % " ".join(rr)) @@ -571,7 +534,8 @@ class UnboundConfigWriter(object): # Make file readable for everyone os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
- os.rename(filename, self.path) + # Move the file to its destination + os.rename(f.name, self.path)
def _control(self, *args): command = ["unbound-control"] @@ -585,7 +549,7 @@ class UnboundConfigWriter(object): log.critical("Could not run %s, error code: %s: %s" % ( " ".join(command), e.returncode, e.output))
- raise + raise e
if __name__ == "__main__": diff --git a/lfs/dehydrated b/lfs/dehydrated index 7cd92076b..821c1433b 100644 --- a/lfs/dehydrated +++ b/lfs/dehydrated @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dehydrated -PAK_VER = 5 +PAK_VER = 6
DEPS =
diff --git a/lfs/fireinfo b/lfs/fireinfo index 8b38885d6..629626d1e 100644 --- a/lfs/fireinfo +++ b/lfs/fireinfo @@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr diff --git a/lfs/linux b/lfs/linux index 87442185a..e9a50fba5 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@
include Config
-VER = 6.1.37 +VER = 6.1.38
ARM_PATCHES = 6.1.y-ipfire2
@@ -76,7 +76,7 @@ objects = \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_BLAKE2 = 9ea4b47123c21b658923f46d3f7d6b911f49e8616f038feefef860b3bb8756b2cbd0b097640b18333d79951b99c37dc32c1a4357263ff69641580c4d3ab4bc56 +$(DL_FILE)_BLAKE2 = 43f0fe3f8aeb03e5a2bf46b358b8dc4515765b70f56fb136847c78a80889bc2e163768d941500c285f40f705634b5fd3d6e0d81c10521fc351596c95db62490e arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 7afc460562fb24bcd75784fc79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b96202de12b74f6e2ccbfcec731ad3
install : $(TARGET) diff --git a/lfs/pmacct b/lfs/pmacct index 7c8b32772..4be1be156 100644 --- a/lfs/pmacct +++ b/lfs/pmacct @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2019-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2019-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = pmacct -PAK_VER = 5 +PAK_VER = 6
DEPS = libcdada diff --git a/src/paks/pmacct/install.sh b/src/paks/pmacct/install.sh index 11b16f6c1..abf8ce37e 100755 --- a/src/paks/pmacct/install.sh +++ b/src/paks/pmacct/install.sh @@ -17,7 +17,7 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# Copyright (C) 2007-2023 IPFire-Team info@ipfire.org. # # # ############################################################################ # @@ -26,11 +26,19 @@ extract_files restore_backup ${NAME}
+# update needed for a change in config file +# temporary update added for CU 177 +CONFIG="/etc/pmacct/pmacct.conf" +if grep -q "^interface" "${CONFIG}" ; then + if sed -i.bak 's|^interface|pcap_interface|g' "${CONFIG}" ; then + logger -t pmacct "updated ${CONFIG} and changed "interface" to "pcap_interface"" + fi +fi + # Add symlinks for runlevels ln -s ../init.d/${NAME} /etc/rc.d/rc0.d/K85${NAME} ln -s ../init.d/${NAME} /etc/rc.d/rc3.d/S50${NAME} ln -s ../init.d/${NAME} /etc/rc.d/rc6.d/K85${NAME} start_service ${NAME}
- # EOF diff --git a/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch b/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch new file mode 100644 index 000000000..0799ecce5 --- /dev/null +++ b/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch @@ -0,0 +1,38 @@ +From e3e68b9baa9723916b1999394432e9ad260cfaa2 Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Sat, 1 Jul 2023 09:08:48 +0000 +Subject: [PATCH] virt: Fix off-by-one error when detecting hypervisor + +Reported-by: Mauro Condarelli mc5686@mclink.it +Fixes: #13155 - _fireinfo.detect_hypervisor() rises Segmentation fault +Signed-off-by: Michael Tremer michael.tremer@ipfire.org +--- + src/_fireinfo/fireinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c +index 1d3f424..18edf34 100644 +--- a/src/_fireinfo/fireinfo.c ++++ b/src/_fireinfo/fireinfo.c +@@ -32,8 +32,8 @@ enum hypervisors { + HYPER_KVM, + HYPER_MSHV, + HYPER_VMWARE, ++ // Must always be last + HYPER_OTHER, +- HYPER_LAST /* for loop - must be last*/ + }; + + const char *hypervisor_ids[] = { +@@ -157,7 +157,7 @@ int detect_hypervisor(int *hypervisor) { + *hypervisor = HYPER_OTHER; + + if (*sig.text) { +- for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) { ++ for (int id = HYPER_NONE + 1; id < HYPER_OTHER; id++) { + if (strcmp(hypervisor_ids[id], sig.text) == 0) { + *hypervisor = id; + break; +-- +2.39.2 +
hooks/post-receive -- IPFire 2.x development tree