This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core181 has been created at 81b3cf237ccd48d7e0481b3d81b0406fa66ce578 (commit)
- Log ----------------------------------------------------------------- commit 81b3cf237ccd48d7e0481b3d81b0406fa66ce578 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 3 14:28:19 2023 +0000
core181: Package the correct udev files for riscv64
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8a37e7f0e3ac3bcc24595ca184bbc9ff051b5990 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 2 21:40:09 2023 +0100
kernel: update to 6.1.61
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d0b43f4cc4312b0e9b102b447f61d5913aea0d20 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 1 10:43:34 2023 +0000
udev: Update riscv64 rootfile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 19614961b6c7b09fe6e0cc91b2d4c3a4df6473a0 Author: Robin Roevens robin.roevens@disroot.org Date: Fri Oct 27 21:49:01 2023 +0200
zabbix_agentd: Fix ipfire.net.gateway.ping
Fixes custom IPFire Zabbix Agent userparameter ipfire.net.gateway.ping returning 1 (success) when fping failed for other reasons (rc 2,3 or 4) than host unreachable (rc 0).
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d17d26d7e5a3b23feeb264a2717fb51cc1928db5 Author: Robin Roevens robin.roevens@disroot.org Date: Fri Oct 27 21:40:55 2023 +0200
zabbix_agentd: Update to 6.0.22 (LTS)
- Update from version 6.0.21 to 6.0.22 - Update of rootfile not required
Bugs fixed: - ZBX-23417: Fixed possible memory leak when checking modbus.get[] item New Features and Improvements: - ZBXNEXT-6554: Increased remote command execution limits to 16MB
Full changelogs since 6.0.21: - https://www.zabbix.com/rn/rn6.0.22
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 775a1055a551200bacc121bb82e1d0d2d733b199 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 30 09:59:19 2023 +0000
core181: Remove old udev files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b68136940a27af18695450c2a19dda65e1b7707e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 29 19:19:30 2023 +0100
make.sh: Adjust build order to proper build udev (systemd)
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e174a9594bec95362a94d74e69530962d4e72a9e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 29 19:19:29 2023 +0100
udev: Switch to udev from systemd
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c6b5e0cfe21a4ad20b4126912ea935e6a7c78471 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 29 19:19:28 2023 +0100
python3-Jinja2: New package
This is a build dependency of udev (systemd)
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e6453de73e46741ed947dea92ff20b8a5aa1f023 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 29 19:19:27 2023 +0100
python3-MarkupSafe: New package
This is a build dependency for udev (systemd)
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d14892646716f0e5807afe979754105df59e2af Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 30 06:44:50 2023 +0000
linux: Update x86_64 rootfile
My fault to provide this ahead of time, again. :-/
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 1d1694c7e5f3a088c6aeef74fc51352b7611a008 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 27 07:59:29 2023 +0000
kernel: update aarch64 rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cfe911bab5692864e28675bcbad2a88f1729402e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 27 07:56:20 2023 +0000
kernel: update to 6.1.60
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 026eafd5860ea9fa3a134003d388be356fb266d0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Oct 26 08:57:31 2023 +0000
core181: Ship OpenSSL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6fa97f2c9726ed2f4ac00b9231ef64aaf8907486 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Oct 26 08:57:20 2023 +0000
openssl: Update to 3.1.4
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cce398bca5a266a5563fa1dcb532fd2481400b21 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 21 15:48:29 2023 +0200
kernel: update to 6.1.59
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2b834ef42addfb627637f51c12da2fd50e83aa00 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 21 15:48:28 2023 +0200
kernel: update to 6.1.58
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2cfcb0643007b184a9a56897020e202abcaf86a0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 25 10:59:38 2023 +0000
samba: Update rootfile on aarch64 + riscv64
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7f8b75f8badcfb58710093a4d352cff6fec59b70 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 13 09:04:00 2023 +0000
linux: Set default IOMMU handling to "strict" on 64-bit ARM
This has been our default setting on x86_64 for quite some time now, which is why this patch aligns the aarch64 kernel configuration to that value.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 447d0bf51ed17f16880fd5041b3a88dcdec8a648 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 13 09:03:00 2023 +0000
linux: Disable io_uring
This subsystem has been a frequent source of security vulnerabilities affecting the Linux kernel; as a result, Google announced on June 14, 2023, that they would disable it in their environment as widely as possible.
IPFire does not depend on the availability of io_uring. Therefore, disable this subsystem as well in order to preemptively cut attack surface.
See also: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.ht...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bf85d30b58353bdbf3f375d01f72ca96d0cd030d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Oct 20 08:36:20 2023 +0200
suricata: Update to 6.0.15
Excerpt from changelog:
"6.0.15 -- 2023-10-18
Security #6363: mime: quadratic complexity in MimeDecAddEntity (6.0.x backport) Bug #6407: email: disabled fields in suricata.yaml also get logged (6.0.x backport) Bug #6403: detect: multi-level tunneling inspection fails (6.0.x backport) Bug #6377: byte_jump with negative post_offset before start of buffer failure (6.0.x backport) Task #6364: decode: add drop reason for stream reassembly memcap (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7a6cf8276d81a2df609a807586e0fb0f95d648c0 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 20 08:43:07 2023 +0000
core181: Ship apache2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5049433d91f564a768be95ae51f3ef0a2fa17c52 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Oct 19 20:52:32 2023 +0200
apache: Update to 2.4.58
For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.58
Excerpt from changelog: "Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org) When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Will Dormann of Vul Labs
*) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 (cve.mitre.org) An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Prof. Sven Dietrich (City University of New York)
*) SECURITY: CVE-2023-31122: mod_macro buffer over-read (cve.mitre.org) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credits: David Shoon (github/davidshoon)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e1a68c27a091e1165aaa18ed47d763e81e8a8de4 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Oct 19 19:03:24 2023 +0200
samba: Update to 4.19.2
For details see:
v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html " ============================== Release Notes for Samba 4.19.1 October 10, 2023 ==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html"
v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html "Changes since 4.19.1 --------------------
o Jeremy Allison jra@samba.org * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE. * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown() call.
o Ralph Boehme slow@samba.org * BUG 15463: macOS mdfind returns only 50 results.
o Volker Lendecke vl@samba.org * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value.
o Stefan Metzmacher metze@samba.org * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more.
o Martin Schwenke mschwenke@ddn.com * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.
o Joseph Sutton josephsutton@catalyst.net.nz * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19 * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is in use."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 37678a4f824d7368f39531f39b10ed43abc92aa5 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Oct 16 13:50:58 2023 +0200
en.pl: Correction of typo
- This error means that a section in extrahd.cgi about the mount path being incorrect does not get shown for users with english language selected.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: bbitsch@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d03f03e24c1c84618aa9420b0cdc0ccff14f99e8 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 20 08:41:35 2023 +0000
core181: Ship backup.pl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3f18addedeaa0f917c9a164484dedfaaa2008a69 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Oct 15 18:28:22 2023 +0200
backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup
- A script was added to the update.sh script to add pass/no pass to the ovpnconfig entries but I forgot that this was also needed in the backup.pl file to add those statuses into any ovpnconfig file restored from a backup before the pass/no pass entries were added. - This patch corrects that oversight. - Confirmed by testing on my vm. Before the script added to backup.pl a restore of older ovpnconfig ended up not showing any icons or status elements. With the script in backup.pl confirmed that the restored ovpnconfig showed up in the WUI page correctly with the right icons and with the status elements correctly displayed.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6c829050c8c758e554e584ecf6de41596fad2a4b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 13 04:40:33 2023 +0000
dnsdist: disabled on riscv64 again
dnsdist build on my builder fine but it fails on the buildserver via qemu-user.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 554e339b9e587a21b61bcea2910ee5af3df75d89 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 13 04:37:42 2023 +0000
kernel: update to 6.1.57
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 41ac2cd531d7d022b9ad3da625799dc573d5258b Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 8 16:26:00 2023 +0000
Tor: Update to 0.4.8.7
Changes in version 0.4.8.7 - 2023-09-25 This version fixes a single major bug in the Conflux subsystem on the client side. See below for more information. The upcoming Tor Browser 13 stable will pick this up.
o Major bugfixes (conflux): - Fix an issue that prevented us from pre-building more conflux sets after existing sets had been used. Fixes bug 40862; bugfix on 0.4.8.1-alpha.
o Minor features (fallbackdir): - Regenerate fallback directories generated on September 25, 2023.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/09/25.
Changes in version 0.4.8.6 - 2023-09-18 This version contains an important fix for onion service regarding congestion control and its reliability. Apart from that, uneeded BUG warnings have been suppressed especially about a compression bomb seen on relays. We strongly recommend, in particular onion service operators, to upgrade as soon as possible to this latest stable.
o Major bugfixes (onion service): - Fix a reliability issue where services were expiring their introduction points every consensus update. This caused connectivity issues for clients caching the old descriptor and intro points. Bug reported and fixed by gitlab user @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
o Minor features (debugging, compression): - Log the input and output buffer sizes when we detect a potential compression bomb. Diagnostic for ticket 40739.
o Minor features (fallbackdir): - Regenerate fallback directories generated on September 18, 2023.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/09/18.
o Minor bugfix (defensive programming): - Disable multiple BUG warnings of a missing relay identity key when starting an instance of Tor compiled without relay support. Fixes bug 40848; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (bridge authority): - When reporting a pseudo-networkstatus as a bridge authority, or answering "ns/purpose/*" controller requests, include accurate published-on dates from our list of router descriptors. Fixes bug 40855; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (compression, zstd): - Use less frightening language and lower the log-level of our run- time ABI compatibility check message in our Zstd compression subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 82551c04d2d054a1a067304faa2286dab1c80d5e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 11 07:50:32 2023 +0000
core181: Ship cURL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0f7cdd7661a030e58c9b438df39cbbf41e40c149 Merge: 4bcceb83f a85e9d4eb Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 11 07:50:21 2023 +0000
Merge branch 'master' into next
commit 4bcceb83f97557491b8ad6851785ffe97abb7413 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 9 08:18:43 2023 +0000
core181: Ship udev
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 97bbd49a70a2d5a9ea13e5677f702b2ffd6a07d9 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 9 08:17:48 2023 +0000
core181: Ship sysvinit
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ebcfcd1003e58433cb36bb04707e8992ffe7f3fe Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Oct 8 21:57:37 2023 +0200
udev: Update to version 3.2.14
- Update from version 3.2.12 to 3.2.14 - Update of rootfile not required - This version update includes the patches previously used to add the dummies for tags and to update to udev version 251 which is bugfix #253 - Changelog 3.2.14 Clear sysattr cache if a null pointer is passed by @NaofumiHonda in #255 Add /usr/local/lib/udev/rules.d by @bbonev in #260 Fix := not preventing further assignments to RUN by @bbonev in #257 Let libudev find hwdb.bin under UDEV_HWDB_BIN by @vivien-consider-dropping-github in #264 Add a generic --output argument to udevadm hwdb by @vivien-consider-dropping-github in #263 Dynamically get the udevadm hwdb files with a path variable by @vivien-consider-dropping-github in #262 More wording fixes for the manual page for udev by @vivien-consider-dropping-github in #265 Add missing API from 247 by @bbonev in #253 Ensure that standard file descriptors are open by @bbonev in #266
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 375d921d00b09b5dae714398534e33bdf4910a14 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Oct 8 21:57:36 2023 +0200
sysvinit: Update to version 3.08
- Update from version 3.00 to 3.08 - Update of rootfile - All the other patches and sed modifications are now built mintyo the source tarball, except for the mountpoint patch which is stilol needed - Changelog 3.08 This release focuses on three changes which are basically imports of patches from Gentoo. Special thanks to floppym for supplying these. Applied a patch from floppm which adds kexec option to the halt command. This can be used as "halt -k". floppym provided patch which causes the halt command to call "shutdown -h -H" instead of "shutdown -h" when halt is invoked without parameters. This forces the shutdown command to set the INIT_HALT variable and assume, unless other conditions apply, that the "halt" call really wants to halt the machine and INIT_HALT should be set. In other words we assume halt wants to halt unless told otherwise. Addresses downstream Gentoo bug ID 911257. Updated halt documentation and help output to display parameters in alphabetical order. 3.07 The 3.07 release of SysV init mostly introduces fixes and improvements for the killall5 and pidof programs. (These are actually the same program, but are invoked with two different names, which result in different behaviour. The main highlights in this release are: Fixed killall5 so that processes in the omit list are not sent any signals, including SIGSTOP. Fixed usage message for killall5 to be more accurate. pidof was not returning PIDs of programs which were launched using a symbolic link. This has been fixed so programs run from a symbolic link show up in process lists. 3.06 Mark Hindley fixed typo in es.po Mark Hindley cleaned up translation code in src/Makefile. Drop sulogin from Debian build. Removed libcrypt-dev dependency. Fixed pt translation pages which were failing due to mis-matched open/close tags. Makefile now respects ROOT prefix when setting up pidof-to-killall5 symbolic link. Removed redundant translation files from man directory. Makefile now respects DESTDIR. User can specify either ROOT= or DESTDIR= to set install prefix. 3.05 This release (3.05) focuses on two things: Updating the translation framework. Fixing compiling issues on various systems. The second point, compiling, encompasses a few minor changes to get SysV init to build properly on GNU Hurd, systems without certain GNU assumptions, and systems running the latest glibc library (2.36 at time of writing). 3.04 This release contains one minor fix which allows the bootlogd code to properly compile on Debian's GNU Hurd branch. 3.03 This release includes two minor changes. One is fixing a typo in the init manual page (init.8). this fix was offered by Mark hindley. Mark, and a few other people, also pointed out that a fix in 3.02 for bootlogd introduced reliance on a defined PATH_MAX constant. This is used elsewhere in the code, but is not explicitly defined in bootlogd, which caused bootlogd to not build properly on GNU Hurd and musl C systems. This has been fixed. 3.02 Added q and Q flags to synopsis in shutdown manual page. Applied fixes for markup and spacing in manual pages. Patch provided by Mario Blattermann. Added translation framework (po4a) from Mario Blttermann. Added Makefile for man/ directory. Will handle translations and substitutions. Applied new translations for multiple languages from Mario Blattermann. Added ability to use "@" symbol in command named in the inittab file. This treats commands as literal and does not launch a shell to interpret them. Updated inittab manual page to include overview of symbols which trigger a shell interpretor and how to disable them using the @ symbol. Introduced change which adds error checking in bootlogd when performing chdir(). - Provided by Alexander Vickberg Add check for console using TIOCGDEV on Linux systems in bootlogd to make finding console more robust. - Provided by Alexander Vickberg 3.01 Default to showing processes in the uninterruptable state (D). The -z flag no longer affects whether processes in D state are shown. The -z flag does still toggle whether zombie (Z) processes are shown. Removed unnecessary check which is always true from init tab parsing.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d04d5ff4d2929330b4cd490b258d7cc9f7c13923 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 8 16:31:00 2023 +0000
Lynis: Update to 3.0.9
Changelog according to https://cisofy.com/changelog/lynis/#309:
- DBS-1820 - Added newer style format for Mongo authorization setting - FILE-6410 - Locations added for plocate - SSH-7408 - Only test Compression if sshd version < 7.4 - Improved fetching timestamp - Minor changes such as typos
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b0894a954c866faf414f2ed87de651f10b04aa39 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 8 16:29:00 2023 +0000
Postfix: Update to 3.8.2
Refer to https://www.postfix.org/announcements/postfix-3.8.2.html for the changelog of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d4f665ab3005c89e738e21545fdfb1808c54f06 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 8 09:27:22 2023 +0200
riscv64: enable some disabled addons
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 64d0f1a074b234a2fa55b40d331d132e439ef2ea Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 8 09:27:21 2023 +0200
grub: fix mkimage on riscv64 and fix cdrom
the riscv64 image needs more than 1.44MB
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 16b6a6fd2cb879c7ac65c77274e56986240d4b0f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 8 09:27:20 2023 +0200
strip: exclude rust compiler
this fail on riscv64 because it is compiled with lvm and we not need to strip not shipped buildtime deps.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e275a07b67d7e232e251df92f79b7d947361ea4b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 7 22:16:49 2023 +0200
kernel: update to 6.1.56
this also builds the dtb files on riscv64
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7b9a3bb2d176a1e0c865333315c54000aef9ca11 Merge: fd6dc213f 729fe58b1 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 9 08:12:40 2023 +0000
Merge branch 'master' into next
commit fd6dc213fbd9b7d0dad38dfea0a1d372b6012038 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 4 13:00:39 2023 +0000
core181: Ship glibc again
This was updated in 180, but we want to make sure that even testing users get the latest updates.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aabdf04299f65ab42025ae34e235dd8c403182c5 Merge: 4afc081d8 b9215da1e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 4 12:58:12 2023 +0000
Merge branch 'master' into next
commit 4afc081d8314dd8be9092d428c3bcd8d96ed090e Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Oct 1 08:17:12 2023 +0000
core181: Ship extrahd.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 15d9c996f9aff92f6cb266125e9d406cdf438ab1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Sep 23 12:54:55 2023 +0200
extrahd.cgi: Add support for LVM and MDADM devices
This commit adds support for using LVM and mdadm based RAID devices for the CGI page.
In case one or more drives/partitions are used by such a "grouped" volume they still will displayed on the page, but can not be configured/used. Instead the "master" volume of which the drive/partition is part of is shown in the "mountpoint" input box.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3a7b9b7a2eb9a842d72eacd11813853881a257f8 Merge: 91fe9748c a98abe929 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 28 10:43:48 2023 +0000
Merge branch 'master' into next
commit 91fe9748c92bd5a80e60b9467878f95da5bc7e8e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 28 09:39:56 2023 +0000
core181: Ship URLFilter changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cb741b5a66046150c922a469dc19bb876f216c5f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 26 16:07:01 2023 +0200
urlfilter.cgi: Fixes bug#10649 - calls urlfilterctrl with remove option if update disabled
- When the url filter update enable checkbox is unchecked then this patch calls urlfilterctrl with the remove option added in the otrher patch of this series. - Tested on my vm testbed that this change does remove the urlfilter symlink from the fcron directories when the update is disabled.
Fixes: Bug#10649 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 01ed9ff3219de2683b3a3e74cea6602dde3e04fb Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 26 16:07:00 2023 +0200
urlfilterctrl: Fix bug#10649 - add option to remove urlfilter from fcron directories
- Currently if the urlfilter update is enabled then autoupdate.pl is renamed urlfilter and added into either the daily, weekly or monthly fcron directoiries. If the update is disabled then the urlfilter update script stays in the directory and is not removed. - This patch adds in the option of remove to the urlfilterctrl program. The first part of the urlfilterctrl.c code removes any existing symlinks so all that needs to be done for the remove option is to not add any symlinks to the fcron directories. - Confirmed in a vm testbed that the current approach leaves the symlink in place. Installed the changes from this and the previous patch and confirmed that when the url update is disabled the symlink is removed.
Fixes: Bug#10649 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 94845e08bc2ca9e24e208630979bdcddb84b2682 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 28 09:36:54 2023 +0000
core181: Fix arch-dependendant filelists
I created those in a wrong place :(
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 461ad995ae8b3443c35ae5a6e7a64d8f65e0995f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 28 09:35:33 2023 +0000
core181: Ship OpenVPN changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f8648b956351abb936bae94c9cce84b95b7ca23c Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:56 2023 +0200
update.sh: Adds code to update an existing ovpnconfig with pass or no-pass
- The code checks first if ovpnconfig exists and is not empty. - Then it makes all net2net connections no-pass since they do not use encryption - Then it cycles through all .p12 files and checks with openssl if a password exists or not. If a password is present then pass is added to index 41 and if not then no-pass is added to index 41 - I had to add a blank line to the top of the ovpnconfig file otherwise the awk code treated the first line as a blank line and missed it out of the update. This was the problem that was discovered during the previous Testing Release evaluation. Tested out this time with several existing entries both encrypted and insecure and with additional entries of both added in afterwards and all connection entries were maintained - road warrior and net2net. - This code should be left in update.sh for future Core Updates in case people don't update with Core Update 175 but leave it till later. This code works fine on code that already has pass or no-pass entered into index 41 in ovpnconfig
Fixes: Bug#11048 Suggested-by: Erik Kapfer ummeegge@ipfire.org Suggested-by: Adolf Belka adolf.belka@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8e6bf12f14c87854d311682d04e2269a6d96bbc3 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:55 2023 +0200
web-user-interface: Addition of new icon for secure connection certificate download
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png - The license for this image is the following:- This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See version 2.1 and version 3 of the GNU Lesser General Public License for more details. - Based on the above license I believe it can be used by IPFire covered by the GNU General Public License that is used for it. - The icon image was made by taking the existing openvpn.png file and superimposing the padlock icon on top of it as a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 475fd9e73a0c873df71929c55b205125a1651a7f Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:54 2023 +0200
nl.pl: Change language text for secure icon wording
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e0efec97ca1b8979a407865d97d86b44fb6dc859 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:53 2023 +0200
en.pl: Change language text for secure icon wording
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b725a6990fd9ad84273fea908fa7572f89ca0080 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:52 2023 +0200
de.pl: Change language text for secure icon wording
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8c5e71db2a53b3b443598a53dd01e43832234ca5 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 25 18:41:51 2023 +0200
ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
- At long last I have re-visited the patch submission for bug #11048 and fixed the issues that caused the problems last time I evaluated it in Testing. - The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the connection is a host and if the first password entry is a null. Then it adds no-pass to ovpnconfig. - The same block of code is also used for when he connection is edited. However at this stage the password entry is back to null because the password value is only kept until the connection has been saved. Therefore doing an edit results in the password value being taken as null even for connections with a password. - This fix enters no-pass if the connection type is host and the password is null, pass if the connection type is host and the password has characters. If the connection type is net then no-pass is used as net2net connections dop not have encrypted certificates. - The code has been changed to show a different icon for unencrypted and encrypted certificates. - Separate patches are provided for the language file change, the provision of a new icon and the code for the update.sh script for the Core Update to update all existing connections, if any exist, to have either pass or no-pass in index 41. - This patch set was a joint collaboration between Erik Kapfer and Adolf Belka - Patch set, including the code for the Core Update 180 update.sh script has been tested on a vm testbed
Fixes: Bug#11048 Tested-by: Adolf Belka adolf.belka@ipfire.org Suggested-by: Adolf Belka adolf.belka@ipfire.org Suggested-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e5ad33d9eeffbdeb1abbf2575853d880890ed228 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Sep 16 16:44:38 2023 +0200
kernel: update 6.1.53
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 14bd32221ecb35fc919c6a808621c63cff423094 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Sep 9 17:04:20 2023 +0200
kernel: update to 6.1.52
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit db1ffe0f5f527e99355c8d14defe41ac37d96925 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 28 09:25:16 2023 +0000
Start Core Update 181 (with a kernel)
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree