This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core171 has been created at ee2e7db90bf12ab1c028f5f3b955afaf9cdf76f5 (commit)
- Log ----------------------------------------------------------------- commit ee2e7db90bf12ab1c028f5f3b955afaf9cdf76f5 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 17 16:26:19 2022 +0000
linux: Add upstream patches for CVE-2022-4{1674,2719-2722}
https://lists.ipfire.org/pipermail/development/2022-October/014562.html
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a40977958b051de976b515b30be1fc3f17f19785 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 10 18:41:10 2022 +0000
core171: Ship dhcp
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cdc5f9705ac252e099f89101dc4179d6e06179c7 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Oct 7 21:59:21 2022 +0200
dhcp: Update to 4.4.3-P1
For details see: https://downloads.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES
Changelog since 4.4.1 is rather long...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 437fb4d72bd2814946d6bfc0425c36ae98b04284 Author: Jon Murphy jon.murphy@ipfire.org Date: Fri Oct 7 13:45:17 2022 -0500
manualpages: add and update help links to Wiki
- add help links for two new ipblocklist WebGUI pages - update help links to proxy accounting - add links to OpenVPN Net-to-Net Statistics, MD Raid State, Update Accelerator, OpenVPN Roadwarrior Connections Log
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 692d18285f59f78cfea96b5e2d9f21bed01360ba Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 7 16:24:15 2022 +0000
glibc: Fix added whitespace in syslog messages
Fixes: #12949 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dc84e16d4d058460febe9332435307d93d36d82e Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 7 16:21:16 2022 +0000
firewall: Fix missing whitespace for blocklist messages
Fixes: #12934 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ca4de263184e2d62239cc6d63caf2a0812d492b5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Oct 4 13:32:47 2022 +0000
unbound-dhcp-leases-bridge: Fall back to the default domain
When the bridge cannot detect a domain name for any of the leases, it uses localdomain which is not always the best choice. So instead, this patches changes the behaviour that we read the default domain of the firewall.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit a308f5bcdefa59a744584a8276b03d80acd97517 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Oct 4 14:48:04 2022 +0000
Core Update 171: Ship setclock initscript
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 9745a212d4aff2b9cd50de34e30c79c624d21b3c Author: Mathew McBride matt@traverse.com.au Date: Mon Oct 3 06:20:19 2022 +0000
initscripts: load RTC module (RX8025) for Ten64 board
For reasons I have not been able to determine, the RTC module for the Ten64 board (rtc-rx8025) is not automatically loaded at startup, despite every other relevant modules being loaded.
modprobe it manually if we are on a Ten64 board.
Signed-off-by: Mathew McBride matt@traverse.com.au Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6efb611cbc97908cbd893806ceb82c167cddeb6a Author: Mathew McBride matt@traverse.com.au Date: Mon Oct 3 06:20:18 2022 +0000
config: u-boot: bypass the u-boot script on Traverse Ten64
The Ten64 board runs a U-Boot which works best directly booting EFI. Attempting to load your own DTB or other steps will cause issues. (see https://ten64doc.traverse.com.au/faq/#common-issues)
The current stable Ten64 firmware unfortunately searches for boot.scr before bootaa64.efi. So redirect it back to the EFI path.
A future Ten64 firmware package will prefer EFI first before any boot script avoiding this issue. I will provide a patch reversing this when that day comes.
Signed-off-by: Mathew McBride matt@traverse.com.au Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit e77ef3639579e88f1fe86ef332d9c831b4e200ca Author: Mathew McBride matt@traverse.com.au Date: Mon Oct 3 06:20:17 2022 +0000
kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64)
These two patches are needed to support SFP's on NXP DPAA2 platforms (e.g Traverse Ten64).
The deadlock issue patch was submitted upstream a while ago and rejected, however I am not aware of any better solutions at present.
The 10G mode additions are part of mainline since 5.16.
These two .patches were sourced from our patchset over here: https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patc...
Signed-off-by: Mathew McBride matt@traverse.com.au Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 8399123461b7b790b43d4a8c6ebf27928a44929d Author: Mathew McBride matt@traverse.com.au Date: Mon Oct 3 06:20:16 2022 +0000
linux: enable options for NXP Layerscape
This change enables support for NXP's QorIQ/Layerscape platforms, specifically the Traverse Technologies Ten64 (LS1088A).
Signed-off-by: Mathew McBride matt@traverse.com.au Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a4e5b6d689a7f3094b916251b52e04ff0825add4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Oct 4 12:54:42 2022 +0200
rsync: Update to version 3.2.6 and fix Bug#12947
- Update from version 3.2.4 plus CVE-2022-29154 patch to 3.2.6 - Patch for CVE-2022-29154 applied in CU170 turned out to have a bug within it causing rsync to fail with an error. Four additional commits were done to fix this bug and its consequences but these were all applied in the rsync git repo after the patch had been merged into CU170. - Version 3.2.5 onwards contains the CVE-2022-29154 fix and associated commits. - No update of rootfile required. - Changelog NEWS for rsync 3.2.6 (9 Sep 2022) BUG FIXES: More path-cleaning improvements in the file-list validation code to avoid rejecting of valid args. A file-list validation fix for a --files-from file that ends without a line-terminating character. Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical. Fixed a bug in the internal MD4 checksum code that could cause the digest to be sporadically incorrect (the openssl version was/is fine). A minor tweak to rrsync added "copy-devices" to the list of known args, but left it disabled by default. ENHANCEMENTS: Rename --protect-args to --secluded-args to make it clearer how it differs from the default backslash-escaped arg-protecting behavior of rsync. The old option names are still accepted. The environment-variable override did not change its name. PACKAGING RELATED: The configure option --with-protected-args was renamed to --with-secluded-args. This option makes --secluded-args the default rsync behavior instead of using backslash escaping for protecting args. The mkgitver script now makes sure that a .git dir/file is in the top-level source dir before calling git describe. It also runs a basic check on the version value. This should avoid using an unrelated git description for rsync's version. DEVELOPER RELATED: The configure script no longer sets the -pedantic-errors CFLAG (which it used to try to do only for gcc). The name_num_obj struct was modified to allow its dynamic name_num_item list to be initialized in a better way. NEWS for rsync 3.2.5 (14 Aug 2022) SECURITY FIXES: Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). BUG FIXES: Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). ENHANCEMENTS: The --trust-sender option was added as a way to bypass the extra file-list safety checking (should that be required). PACKAGING RELATED: A note to those wanting to patch older rsync versions: the changes in this release requires the quoted argument change from 3.2.4. Then, you'll want every single code change from 3.2.5 since there is no fluff in this release. The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date. DEVELOPER RELATED: Configure now defaults GETGROUPS_T to gid_t when cross compiling. Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6d0e3c5a5719ea66a47f1859871808d8b2095fa4 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 3 21:58:25 2022 +0000
libseccomp: Bump package version
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 16eb2d5379757076c23b4cdd14a8af595fd9d1bc Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 19 12:35:41 2022 +0000
linux: Enable seccomp filter on ARM
Since last time we checked, the kernel's security features on ARM have improved notably (see CONFIG_RANDOMIZE_BASE discussion). This patch therefore proposes to give the seccomp filter on both 32- and 64-bit ARM another try, since it provides significant security benefit to applications using it.
Due to operational constraints, rootfile changes have been omitted, and will be conducted, should this patch be approved.
Note to future self: Once this patch is approved, applications using seccomp (OpenSSH, Tor) need to be updated/shipped on ARM.
Fixes: #12366 Fixes: #12370 Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 25a3d87645609b3deffdc45a153eb2e2696032f9 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 14:47:52 2022 +0000
linux: Remove user-space probe support
From the kernels' documentation:
> Uprobes is the user-space counterpart to kprobes: they > enable instrumentation applications (such as 'perf probe') > to establish unintrusive probes in user-space binaries and > libraries, by executing handler functions when the probes > are hit by user-space applications. > > ( These probes come in the form of single-byte breakpoints, > managed by the kernel and kept transparent to the probed > application. )
To the best of the authors' understanding, no application on IPFire needs this functionality, and given its abuse potential, we should probably not enable it.
As expected, strace functionality is not impaired by this.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e79c4372ceb87d3fa91cd440745cb6125c57e23e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 29 22:35:18 2022 +0200
suricata 6.0.8 - suggested change in 'suricata.yaml': set app-layer mqtt: enabled: yes
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit 9826ac9bc299360a89c7f3f5bf3df0b9dfc05217 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 3 10:21:24 2022 +0000
modules.d: Drop orphaned blacklist statements
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c480cb54f00ff60e4c55898f67bfb5276db7a961 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 3 10:07:49 2022 +0000
Update contributor list
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit eee65ac34f16babf3ca47274df7c31da5c6ad955 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 3 09:22:57 2022 +0000
backup: Fix file permissions of in-/exclude files, again
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c153f735529a7a9b766e523b26bb578c520e2862 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 10:20:38 2022 +0000
Core Update 171: Do not ship /sbin/tipc
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 415afe55b2e16f06e72adce457f747b04cf63932 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 09:46:47 2022 +0000
Core Update 171: Fix Suricata stop/start
My fault, again. :-/
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c309bdcf3d0c983d2c4a169ea65ce7ef749eba80 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 09:43:47 2022 +0000
Avoid manpages from being shipped and delete them on existing installations
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 18f9c27601d1777e862913428c7a7fc5289b3035 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 08:51:03 2022 +0000
Core Update 171: Ship proxy.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e0be9eab47d621545e5498c32c0fef39f7ef84a9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 30 21:05:56 2022 +0200
proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit 1c8e23c869a9b3bfe9f1b194b561331eae3c8e65 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 2 08:49:53 2022 +0000
backup: Increase chown verbosiness
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2a06a0057120d25fe55f9c326a44c4f6cc3399d4 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 30 22:09:31 2022 +0000
langs: Fix missing spaces for proxy password length error message
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5a44d68fc77bf72adf2d2d961e044510bfebd4f5 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 30 21:18:38 2022 +0000
ncat: Update to 7.92
This was forgotten when updating nmap to 7.92.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6e8e9cba2a2865dd207dfbf8224e3a6c92941d9d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 30 17:20:37 2022 +0000
linux: Update to 5.15.71
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2689789ec088dfb2a24d4b9ae85b001a4b8576fb Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 30 17:20:17 2022 +0000
configroot: Increase verbosiness of chown operations
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2f0fb4492901771f6a830876155f3caf0b9d560b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 30 15:48:03 2022 +0000
Core Update 171: Ship and restart Suricata
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 12697266f4004bf3dc99296bb56d76213cccf0c0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 29 22:21:57 2022 +0200
libhtp: Update to 0.5.41
Needed for 'suricata 6.0.8'
For details see: https://github.com/OISF/libhtp/releases/tag/0.5.41
"trim white space of invalid folding for first header
clear buffered data for body data
minor optimization for decompression code"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit b655b21a45b550714e8bb75efeae5bdd36791956 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 29 22:21:56 2022 +0200
suricata: Update to 6.0.8
Changelog:
"6.0.8 -- 2022-09-27
Task #5552: libhtp 0.5.41
6.0.7 -- 2022-09-27
Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport) Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport) Bug #5549: Failed assert DeStateSearchState (6.0.x) Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x) Bug #5547: rules: less strict parsing of unexpected flowbit options Bug #5546: rules: don't error on bad hex in content Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6 Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6] Bug #5471: Reject action is no longer working (6.0.x backport) Bug #5467: rules: more graceful handling of anomalies for stable versions Bug #5459: Counters are not initialized in all places. (6.0.x backport) Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport) Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports) Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport) Bug #4421: flow manager: using too much CPU during idle (6.0.x backport) Feature #5535: ips: add "reject" action to exception policies (6.0.x backport) Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport) Task #5551: doc: add exception policy documentation (6.0.x) Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport) Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport) Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport) Task #5328: python: distutils deprecation warning (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 520d214419650f90cb9491b6aea5cfe3763688b8 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Sep 27 10:54:45 2022 +0000
Core Update 171: Fix backup {ex,in}clude file permissions
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bd053b99b3feb2e7036822dbbac24b5ce80ce2df Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 26 18:50:08 2022 +0000
backup: Set owner of {ex,in}clude{,.user} files to "root"
Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody". Also, according to configroot's LFS file, this is the intended behaviour for the *.user files, which is then overwritten by the backup LFS file. Therefore, set the file mode of these statically - configroot does not feature other files in /var/ipfire/backup/ anyway.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit d62babe08e3284c3f18ad574b2a255195348c309 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 26 19:18:51 2022 +0000
Core Update 171: Remove some orphaned files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4075ce139b0531e4e90880d76a3db086bee229c9 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 26 08:54:36 2022 +0000
Core Update 171: Ship ipblocklist/sources
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f128ac2a5c88d7094c768fdcada1d0c5d0f81ab1 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Sep 24 13:53:12 2022 +0200
ipblocklist-sources: Correct the info url - Fixes bug#12938
- With the .html ending the link gets a 404 Page not found error
Fixes: Bug#12938 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit 1c154e5180a9920e579c8b6dccafc5540f0d6123 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:43:27 2022 +0000
Core Update 171: Ship expat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit aa4d18a8fbcdfc6123b3aea85a8df4d71e7a22e4 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Sep 21 19:16:11 2022 +0200
expat: Update to version 2.4.9
- Update from version 2.4.8 to 2.4.9 - Update of rootfile - Changelog Release 2.4.9 Tue September 20 2022 Security fixes: #629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. Bug fixes: #634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 #614 docs: Fix documentation on effect of switch XML_DTD on symbol visibility in doc/reference.html Other changes: #638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output #596 #625 Autotools: Sync CMake templates with CMake 3.22 #608 CMake: Migrate from use of CMAKE_*_POSTFIX to dedicated variables EXPAT_*_POSTFIX to stop affecting other projects #597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners and fuzzers #512 #621 Windows|CMake: Render .def file from a template to fix linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON #611 #621 MinGW|CMake: Apply MSVC .def file when linking #622 #624 MinGW|CMake: Sync library name with GNU Autotools, i.e. produce libexpat-1.dll rather than libexpat.dll by default. Filename libexpat.dll.a is unaffected. #632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in toolchain file "cmake/mingw-toolchain.cmake" to avoid error "windres: Command not found" on e.g. Ubuntu 20.04 #597 #627 CMake: Unify inconsistent use of set() and option() in context of public build time options to take need for set(.. FORCE) in projects using Expat by means of add_subdirectory(..) off Expat's users' shoulders #626 #641 Stop exporting API symbols when building a static library #644 Resolve use of deprecated "fgrep" by "grep -F" #620 CMake: Make documentation on variables a bit more consistent #636 CMake: Drop leading whitespace from a #cmakedefine line in file expat_config.h.cmake #594 xmlwf: Fix harmless variable mix-up in function nsattcmp #592 #593 #610 Address Cppcheck warnings #643 Address Clang 15 compiler warnings #642 #644 Version info bumped from 9:8:8 to 9:9:8; see https://verbump.de/ for what these numbers do Infrastructure: #597 #598 CI: Windows: Start covering MSVC 2022 #619 CI: macOS: Migrate off deprecated macOS 10.15 #632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work #643 CI: Upgrade Clang from 14 to 15 #637 apply-clang-format.sh: Add support for BSD find #633 coverage.sh: Exclude MinGW headers #635 coverage.sh: Fix name collision for -funsigned-char
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 80305dd4d3c783bc1ee4cb5b3936235117d40c6d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:42:14 2022 +0000
Core Update 171: Delete stale Bind 9.16.32 libraries
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit abb32f5e608d3e5f0c3176a4087426affbc860a3 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 23 09:03:02 2022 +0200
bind: Update to 9.16.33
For details see: https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html#notes-fo...
"Security Fixes
Previously, there was no limit to the number of database lookups performed while processing large delegations, which could be abused to severely impact the performance of named running as a recursive resolver. This has been fixed. (CVE-2022-2795)
ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing this vulnerability to our attention. [GL #3394]
named running as a resolver with the stale-answer-client-timeout option set to 0 could crash with an assertion failure, when there was a stale CNAME in the cache for the incoming query. This has been fixed. (CVE-2022-3080) [GL #3517]
A memory leak was fixed that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm. (CVE-2022-38177) [GL #3487]
Memory leaks were fixed that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) [GL #3487]
Feature Changes
Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. [GL #3459]
Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. [GL #3381]
A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. [GL #3485]
Bug Fixes
A serve-stale bug was fixed, where BIND would try to return stale data from cache for lookups that received duplicate queries or queries that would be dropped. This bug resulted in premature SERVFAIL responses, and has now been resolved. [GL #2982]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit a76f7d82240ccfe47765eabe84b24fef98e0e2f0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:39:57 2022 +0000
Core Update 171: Ship manualpages
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 75bbee2ae34e169393fe00e90b84ab0c8e3fdb5b Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Sep 22 13:43:10 2022 +0200
manualpages: Correct link to wiki for Network (other)
- Network (other) help link was set to go to Network (internal) wiki page Link modified - Running the check_manualpages.pl script requires it to be executable so the build changed the permissions mode from 644 to 755
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit c073cb7f920c5047029f76147b5124e9aa191e0d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:39:04 2022 +0000
Core Update 171: Ship and rebuild crontab
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 73b404314372b36c788b709bcf18793f0a1abcbc Author: Jon Murphy jon.murphy@ipfire.org Date: Wed Aug 24 19:31:29 2022 -0500
crontab: add periodic cleanup the collectd RRD (graphs)
- Created (mostly) for old openvpn graphs - RRD removed when no graph modification for +365 days - chosen since graph max out is 365 days - fcron job runs once per week - chosen since this is just a cleanup and it doesnt need to run everyday Note: logging can be added if needed.
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c2993d5e587f5111943d3d0452e8a9b1646b69f0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:37:33 2022 +0000
Core Update 171: Ship log.dat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a15c20fde98a4ab34242dd3cefd9bbb890394188 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Sep 19 15:15:18 2022 +0200
log.dat: Add NUT entry for System Logs - Fixes bug#12921
- Also aligned all the code entries in %sections and %trsections
Suggested-by: Michael ip.fire@die-fritzens.de Tested-by: Michael ip.fire@die-fritzens.de Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit 7bb62b122541633c0e79538120b1175faaa521bb Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Sep 21 12:37:19 2022 +0200
cpufrequtils: Remove SERVICES entry for this package - fixes Bug#12933
- cpufrequtils is a set of "tools" to manage and set cpu freq settings. - There is an initscript but this is only loading the cpu dependent kernel modules that are required by cpufrequtils. - Therefore cpufrequtils is not a service but a set of tools that are used when required. - SERVICES line made blank so that this addon does not show up in the services addon table. - Modified install initscript line to not use SERVICES variable
Fixes: Bug#12933 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit 64fc136084e7fa759c7261a3f6e54d9eea72d5fc Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 23 10:35:39 2022 +0000
Core Update 171: Ship and restart Unbound
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 21236acd00c12ea0c33a8f5b4a8829e0310b3290 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 23 09:09:38 2022 +0200
unbound: Update to 1.16.3
For details see: https://lists.nlnetlabs.nl/pipermail/unbound-users/2022-September/007885.htm...
"This release fixes CVE-2022-3204 Non-Responsive Delegation Attack. It was reported by Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr and Shani Stajnrod from Reichman University.
This fixes for better performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records.
Bug Fixes - Patch for CVE-2022-3204 Non-Responsive Delegation Attack."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit abb185bf5ab05fae490db310c6c166dc33a380b7 Author: Peter Müller peter.mueller@ipfire.org Date: Wed Sep 21 13:36:59 2022 +0000
linux: Align configurations and rootfiles for ARM
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d33651d74f2479bb169dcda6934dceb40132b77b Author: Peter Müller peter.mueller@ipfire.org Date: Tue Sep 20 14:30:28 2022 +0000
linux: Prepare CONFIG_DEBUG_FS disabling on non-x86_64 architectures
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 423685839a056f233b5289e2c47a55da47cebc47 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Sep 20 10:39:08 2022 +0000
Core Update 171: Ship kernel and regenerate initial ramdisks locally
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ae185d6f9d0578486f9a91c5e371f159a5a41a23 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 19 12:28:14 2022 +0000
linux: Update to 5.15.68
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68 for the changelog of this release. Due to the lack of local build hardware, ARM rootfile and configuration changes have been omitted.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 12d339e725cf093947c2d0243a724e014d5ef8d4 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 19:24:46 2022 +0000
kernel: Disable CONFIG_DEBUG_FS
According to the kernel's documentation,
> debugfs is a virtual file system that kernel developers use to put > debugging files into. Enable this option to be able to read and > write to these files.
There is no legitimate reason why one has to do so on an IPFire machine. Further, the vast debugging options (i.e. related to various drivers) have never been enabled, limiting the use of this virtual file system even further.
This patch therefore proposes to disable it entirely, since its potential security impact outweights its benefits. Due to operational constraints, changes to ARM kernel configurations will be made if this patch is approved for x86_64.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ae49226866aef4b8ec700be2e739871c694d55c8 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 19 12:37:45 2022 +0000
Core Update 171: Ship backupiso
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c799e441a447863ff94cd27eb418616bc1200855 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 18 13:45:17 2022 +0200
backupiso: Update to ISO file naming - bug#12932
- commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fbd0608c2cb5372fff785706... aligned the ISO file name to the image file name. This change also needed to be added to backupiso as the filename is used to download the iso from the IPFire server when creating an ISO backup.
Fixes: Bug#12932 Suggested-by: Matthias Fischer matthias.fischer@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit e80e1fda2d8de851db1a489a89ab828061c671c2 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 20:55:51 2022 +0000
Guardian: Bump package version for Perl changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ee1cfd760cc2851930ee8528b4d38b405d535d3c Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 20:27:12 2022 +0000
Core Update 171: Ship libloc
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b029818d1ad011837dee87724c1bad8762368833 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 20:24:50 2022 +0000
Core Update 171: Stop and restart collectd
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 492c9fb64b8744fca6a8f403dd3741f12a417397 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 20:21:24 2022 +0000
Fix restarting Squid and OpenVPN during Core Update 171
My fault, again. :-/
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 79fb08749b6d9304818d3bada92302cdfab682c0 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 08:02:14 2022 +0000
Core Update 171: Stop Apache before applying the upgrade
Since we replace Perl, users most likely get to see some nasty "Internal Server Error" messages during the upgrade. To suppres them, and to limit the chance of side effects, stop Apache before applying the update, and start it again afterwards.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 3ce996ffc3bb0c0c4f0cadc2442f8417b9cab172 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 08:01:18 2022 +0000
Core Update 171: Only start services if they are actually enabled
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 78ba0514867f5b0bff0f15dd8600c8969a5f63b5 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 18 07:58:39 2022 +0000
Core Update 171: Ship and restart strongSwan
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4943252194a553dea1475a709f0ef1fbbc9e51c5 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 08:21:23 2022 +0000
strongSwan: Update to 5.9.7
Please refer to https://github.com/strongswan/strongswan/releases/tag/5.9.7 for the release notes of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8017c5cf1f972301c3728da23f26dc29d611119f Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 21:18:41 2022 +0000
Core Update 171: Ship wireless-regdb
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c8e3e7ea785aef12f8dcd43b927d94dad2dd3682 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 16:50:22 2022 +0000
wireless-regdb: Update to 2022-08-12
No changelog is provided, please refer to https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git/... for the commits since 2022-02-18.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit f114e95c1c3197699bf81ce3208d84b90edc747d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 21:18:19 2022 +0000
Core Update 171: Ship ca-certificates
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4f24cba032496e624259b423ce0341fbabe0bccc Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 10:07:58 2022 +0000
ca-certificates: Update root CA certificates bundle
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit 76d9ce6b11f01600c88641f022dc64a260fdf9b1 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 16:53:36 2022 +0000
Core Update 171: Ship libsodium
Fixes: #12929 Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit bd94d363353a7caa2f4089fe91770b465a75936e Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 09:45:30 2022 +0000
Update contributors
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 311d609d74fcd7aca55324e3c9510a4ac069e8f4 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 09:44:40 2022 +0000
Tor: Bump package version
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6c0022149b6ad3d0671e026464687ac91990d208 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 14:14:43 2022 +0000
Tor: Update to 0.4.7.10
Changes in version 0.4.7.10 - 2022-08-12 This version updates the geoip cache that we generate from IPFire location database to use the August 9th, 2022 one. Everyone MUST update to this latest release else circuit path selection and relay metrics are badly affected.
o Major bugfixes (geoip data): - IPFire informed us on August 12th that databases generated after (including) August 10th did not have proper ARIN network allocations. We are updating the database to use the one generated on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.7.9.
Changes in version 0.4.7.9 - 2022-08-11 This version contains several major fixes aimed at reducing memory pressure on relays and possible side-channel. It also contains a major bugfix related to congestion control also aimed at reducing memory pressure on relays. Finally, there is last one major bugfix related to Vanguard L2 layer node selection.
We strongly recommend to upgrade to this version especially for Exit relays in order to help the network defend against this ongoing DDoS.
o Major bugfixes (congestion control): - Implement RFC3742 Limited Slow Start. Congestion control was overshooting the congestion window during slow start, particularly for onion service activity. With this fix, we now update the congestion window more often during slow start, as well as dampen the exponential growth when the congestion window grows above a capping parameter. This should reduce the memory increases guard relays were seeing, as well as allow us to set lower queue limits to defend against ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha.
o Major bugfixes (relay): - Remove OR connections btrack subsystem entries when the connections close normally. Before this, we would only remove the entry on error and thus leaking memory for each normal OR connections. Fixes bug 40604; bugfix on 0.4.0.1-alpha. - Stop sending TRUNCATED cell and instead close the circuit from which we received a DESTROY cell. This makes every relay in the circuit path to stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
o Major bugfixes (vanguards): - We had omitted some checks for whether our vanguards (second layer guards from proposal 333) overlapped. Now make sure to pick each of them to be independent. Also, change the design to allow them to come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha.
o Minor features (dirauth): - Add a torrc option to control the Guard flag bandwidth threshold percentile. Closes ticket 40652. - Add an AuthDirVoteGuard torrc option that can allow authorities to assign the Guard flag to the given fingerprints/country code/IPs. This is a needed feature mostly for defense purposes in case a DoS hits the network and relay start losing the Guard flags too fast. - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from torrc.
o Minor features (fallbackdir): - Regenerate fallback directories generated on August 11, 2022.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/08/11.
o Minor bugfixes (congestion control): - Add a check for an integer underflow condition that might happen in cases where the system clock is stopped, the ORconn is blocked, and the endpoint sends more than a congestion window worth of non- data control cells at once. This would cause a large congestion window to be calculated instead of a small one. No security impact. Fixes bug 40644; bugfix on 0.4.7.5-alpha.
o Minor bugfixes (defense in depth): - Change a test in the netflow padding code to make it more _obviously_ safe against remotely triggered crashes. (It was safe against these before, but not obviously so.) Fixes bug 40645; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (relay): - Do not propagate either forward or backward a DESTROY remote reason when closing a circuit in order to avoid a possible side channel. Fixes bug 40649; bugfix on 0.1.2.4-alpha.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit da65b2892f2c9c91778443cf255b2cd611294a86 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 09:42:51 2022 +0000
Core Update 171: Do not ship obsolete Intel BT firmware
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8f31296112faf5ad91f86c6fc0a9b655b671734e Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 09:41:06 2022 +0000
linux-firmware: Drop dedicated Bluetooth BLOBs
Since we disabled Bluetooth support in the kernel a long time ago due to security reasons, these do not serve any purpose anymore. Therefore, do not ship them and delete them on existing installations.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bc38ca3b00c284ea7ccea8d55d8524f27a768e2c Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 09:15:57 2022 +0000
strip: Exclude /lib/firmware/qcom/sc8280xp/LENOVO/21BX for stage 2
For some reason, stripper crashes processing this directory:
strip: error: the input file '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn' has no sections
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 3b01f08a3cee8cc41db7ad6cee15cdb604f824fe Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 08:49:30 2022 +0000
Core Update 171: Ship linux-firmware changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2862b0e73bbde5fd12e6333de43c500853fe24f2 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 17 08:32:21 2022 +0000
linux-firmware: Update to 20220913
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 9852e4f5e1ff33418e696f03552815e7caeebad7 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 15 19:45:26 2022 +0000
lcdproc: Bump package version
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b8098b5c4727413cce17401d598e7a257d364bde Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Sep 15 15:52:55 2022 +0200
lcdproc: Update to commit 0e2ce9b version - fixes bug#12920
- The lcd2usb portion of the hd44780 driver in in the latest release version of lcdproc (0.5.9) are only coded for libusb-0.1, which was removed from IPFire in recent times. - Commits have been merged into the lcdproc repository that enable lcd2usb to work with the libusb-1.0 series but no release has been made since 2017. - This patch downloaded a zip archive from the status of the lcdproc repository at commit 0e2ce9b. This zip archive was then converted into a tar.gx archive. The lfs and rootfile have been updated in line with this. - The lcdproc-0e2ce9b-4.ipfire file created by this build has been tested by the bug reporter, Rolf Schreiber, and confirmed to fix the issue raised with the bug. - This patch brings lcdproc upto date with the 149 commits that have been made between 2017 and Dec 2021, the date of the last commit. - The version number has been defined as the last commit number. - The -enable-libusb option has to be left in place as it turned out that -enable-libusb-1-0 only works if -enable-libusb is also set. It looks like this was identified in the lcdproc issues list but has not yet been fixed.
Fixes: Bug#12920 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 3890da81da9dba0c4035c61f26ef2fb080644319 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 15 19:36:29 2022 +0000
curl: Fix build on armv6l
https://github.com/curl/curl/pull/9054
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 609f0e129bc33ecfaf6f9eda2d911f6ef5826e84 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 15 19:25:48 2022 +0000
Core Update 171: Add missing changes related to Perl update
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 98f43d8ba8d3c29682807275eba52163ae6bb123 Merge: 4446d9763 c183124f5 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 15 19:12:10 2022 +0000
Merge branch 'master' into next
commit 4446d9763ec364d9646a357c930706190ad0e973 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 15 07:47:36 2022 +0000
efivar: Update aarch64 rootfile as well
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b415bb533e4ad62346e2da09569e2b73c631ebd6 Merge: f58f047fa 9125d3671 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Sep 13 11:43:06 2022 +0000
Merge branch 'next' into temp-c171-development
commit f58f047fa9ab442afb46ac605f5ebaf7160a35a6 Merge: 1564096b5 2e6def380 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Sep 13 07:33:30 2022 +0000
Merge branch 'next' into temp-c171-development
commit 1564096b51b8fda9045e5956ad614500b6aeb616 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 09:52:04 2022 +0000
Core Update 171: Delete stale efivar files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f7384566ea1cbe14709968cb110acf22ddeb518d Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:49:30 2022 +0200
mandoc: Build dependency for efivar version 38 onwards
- New build only dependency
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 922747b2055277559ebb404a8fde2433eeb1d3fa Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:49:29 2022 +0200
efivar: Update to version 38
- Update from version 37 to 38 - Update of rootfile - mandoc is now a build dependency for efivar - Old compile fixes patches are no longer required with version 38 - Details for lfs build of version 38 obtained from Beyond Linux From Scratch - Changelog bug fixes Rework some makefile bits to make overriding some options simpler. by @vathpela in #140 Handle /sys/devices/virtual/{nvme-fabrics,nvme-subsystem} devices by @vathpela in #139 guids.S: Include <cet.h> when CET is enabled by @hjl-tools in #149 Fix /sys/block sysfs parsing for eMMC-s by @jwrdegoede in #150 Properly check mmap return error by @hannob in #152 Fix s{yt,ty}le typo in efi_get_variable(3) by @nabijaczleweli in #162 Handle NULL set_variable() by @lcp in #159 Fix parsing for nvme-subsystem devices by @dannf in #158 Attempt to fix the identified thread safety bugs by @vathpela in #155 Make thread-test depend on libefivar.so by @hjl-tools in #176 Upstream a local patch from rawhide by @frozencemetery in #177 Fix conversion from UTF8 to UCS2 by @freedge in #171 efivar: make docs match current code for 'efivar -A' by @vathpela in #178 Migrate CI to Github actions by @frozencemetery in #179 Add code of conduct by @frozencemetery in #180 Misc minor fixes by @vathpela in #182 Add efi_time_t declarations and helper functions. by @vathpela in #183 More misc fixes by @vathpela in #185 Run CI on more targets by @vathpela in #187 Coverity fixes 20211208 by @vathpela in #189 CI: run abicheck by @frozencemetery in #190 Fix linux virtual root device parsing by @vathpela in #188 efivar.spec.in: fix license to be valid SPDX by @frozencemetery in #192 Add efisecdb tooling by @vathpela in #184 Fix linker string comparison for dash by @frozencemetery in #194 Full changelog diff between version 37 and 38 is available in github repo https://github.com/rhboot/efivar/compare/37...38
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit c6e683d07dc64e93e8876045b0c94c8089ce572f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 09:44:05 2022 +0000
Core Update 171: Ship nettle
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 0f4ecb9fc38d08a0b302d049fbd536b9f363c335 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:50:47 2022 +0200
nettle: Update to version 3.8.1
- Update from version 3.7.3 to 3.8.1 - Update of rootfile - Changelog 3.8.1 release This is a bugfix release, fixing a few portability issues reported for Nettle-3.8. Bug fixes: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. Optimizations: * Implemented runtime detection of cpu features for OpenBSD on arm64. Contributed by Christian Weisgerber. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.6 and libhogweed.so.6.6, with sonames libnettle.so.8 and libhogweed.so.6. 3.8 release This release includes a couple of new features, and many performance improvements. It adds assembly code for two more architectures: ARM64 and S390x. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.5 and libhogweed.so.6.5, with sonames libnettle.so.8 and libhogweed.so.6. New features: * AES keywrap (RFC 3394), contributed by Nicolas Mora. * SM3 hash function, contributed by Tianjia Zhang. * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, cbc_aes256_encrypt. On processors where AES is fast enough, e.g., x86_64 with aesni instructions, the overhead of using Nettle's general cbc_encrypt can be significant. The new functions can be implemented in assembly, to do multiple blocks with reduced per-block overhead. Note that there's no corresponding new decrypt functions, since the general cbc_decrypt doesn't suffer from the same performance problem. Bug fixes: * Fix fat builds for x86_64 windows, these appear to never have worked. Optimizations: * New ARM64 implementation of AES, GCM, Chacha, SHA1 and SHA256, for processors supporting crypto extensions. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, SHA256, SHA512 and SHA3. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New PPC64 assembly for ecc modulo/redc operations, contributed by Amitay Isaacs, Martin Schwenke and Alastair D´Silva. * The x86_64 AES implementation using aesni instructions has been reorganized with one separate function per key size, each interleaving the processing of two blocks at a time (when the caller processes multiple blocks with each call). This gives a modest performance improvement on some processors. * Rewritten and faster x86_64 poly1305 assembly. Known issues: * Nettle's testsuite doesn't work out-of-the-box on recent MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH environment variable. Nettle's test scripts handle this in some cases, but currently fails the test cases that are themselves written as /bin/sh scripts. As a workaround, use make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)' Miscellaneous: * Updated manual to current makeinfo conventions, with no explicit node pointers. Generate pdf version with texi2pdf, to get working hyper links. * Added square root functions for NIST ecc curves, as a preparation for supporting compact point representation. * Reworked internal GCM/ghash interfaces, simplifying assembly implementations. Deleted unused GCM C implementation variants with less than 8-bit lookup table.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit fa100fdd54bc0e62b79e11d122b2f1f3b9595128 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 09:43:05 2022 +0000
Core Update 171: Ship iproute2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 085446d6fb83ee6f20874585173c5e9c29faabf7 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:50:20 2022 +0200
iproute2: Update to version 5.19.0
- Update from 5.17.0 to 5.19.0 - Update of rootfile - Changelog is only available as the lsit fo commits from the git repository https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 97f5feb1fbcd13f964eef90f4114133693a586ab Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:50:02 2022 +0200
fetchmail: Update to version 6.4.32
- Update from version 6.4.19 to 6.4.32 - Update of rootfile not required - Changelog - range of security and bug fixes fetchmail-6.4.32 (released 2022-07-30, 31696 LoC): # FIXES: * Use configure to find rst2html, some systems install it only with .py suffix, others only without, and some install both. * Update README.maintainer # TRANSLATIONS: language translations were updated by these fine people: (in alphabetical order of language codes so as not to prefer people): * cs: Petr Pisar [Czech] * es: Cristian Othón Martínez Vera [Spanish] * ja: Takeshi Hamasaki [Japanese] * pl: Jakub Bogusz [Polish] * ro: Remus-Gabriel Chelu [Romanian] * sq: Besnik Bleta [Albanian] * sv: Göran Uddeborg [Swedish] fetchmail-6.4.31 (released 2022-07-16, 31694 LoC): # BUG FIXES: * Try to fix ./configure --with-ssl=... for systems that have multiple OpenSSL versions installed. Issues reported by Dennis Putnam. * The netrc parser now reports its errors to syslog or logfile when appropriate, previously it would always log to stderr. * Add error checking to .netrc parser. # CHANGES: * manpage: use .UR/.UE macros instead of .URL for URIs. * manpage: fix contractions. Found with FreeBSD's igor tool. * manpage: HTML now built with pandoc -> python-docutils (manServer.pl was dropped) fetchmail-6.4.30 (released 2022-04-26, 31666 LoC): # BREAKING CHANGES: * Bump wolfSSL minimum required version to 5.2.0 to pull in security fix. # CHANGES: * Using OpenSSL 1.* before 1.1.1n elicits a compile-time warning. * Using OpenSSL 3.* before 3.0.2 elicits a compile-time warning. * configure.ac was tweaked in order to hopefully fix cross-compilation issues report, and different patch suggested, by Fabrice Fontaine, https://gitlab.com/fetchmail/fetchmail/-/merge_requests/42 # TRANSLATIONS: language translations were updated by this fine person: * ro: Remus-Gabriel Chelu [Romanian] fetchmail-6.4.29 (released 2022-03-20, 31661 LoC): # TRANSLATIONS: language translations were updated by this fine person: * vi: Trần Ngọc Quân [Vietnamese] fetchmail-6.4.28 (released 2022-03-05, 31661 LoC): # DOCUMENTATION: * Fix a typo in the manual page, courtesy of Jeremy Petch. # TRANSLATIONS: language translations were updated by this fine person: * es: Cristian Othón Martínez Vera [Spanish] fetchmail-6.4.27 (released 2022-01-26, 31661 LoC): # BREAKING CHANGES: * Bump wolfSSL minimum required version to 5.1.1 to pull in security fix. # TRANSLATIONS: language translations were updated by this fine person: * ro: Remus-Gabriel Chelu [Romanian] fetchmail-6.4.26 (released 2021-12-26, 31661 LoC): # FIXES: * When using wolfSSL 5.0.0, work around a bug that appears to hit wolfSSL when receiving handshake records while still in SSL_peek(). Workaround is to read 1 byte and cache it, then call SSL_peek() again. This affects only some servers. https://github.com/wolfSSL/wolfssl/issues/4593 # TRANSLATIONS: language translations were updated by this fine person: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] fetchmail-6.4.25 (released 2021-12-10, 31653 LoC): # BREAKING CHANGES: * Since distributions continue patching for LibreSSL use, which cannot be linked legally, block out LibreSSL in configure.ac and socket.c, and refer to COPYING, unless on OpenBSD (which ships it in the base system). OpenSSL and wolfSSL 5 can be used. SSL-related documentation was updated, do re-read COPYING, INSTALL, README, README.packaging, README.SSL. * Bump OpenSSL version requirement to 1.0.2f in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is publicly available from https://www.openssl.org/source/old/1.0.2/ * Some of the configure.ac fiddling MIGHT have broken cross-compilation again. The maintainer does not test cross-compiling fetchmail; if you have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path containing your target/host libraries, or see if --with-ssl-prefix or --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help. Feedback solicited on compliant systems that are before end-of-life. # BUG FIXES: * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag contained a typo and would not kick in properly. * Library and/or rpath setting from configure.ac was fixed. # ADDITIONS: * Added an example systemd unit file and instructions to contrib/systemd/ which runs fetchmail as a daemon with 5-minute poll intervals. Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464. * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer, see INSTALL and README.SSL. This is considered experimental. Feedback solicited. # CHANGES: * The getstats.py dist-tool now counts lines of .ac and .am files. * ./configure --with-ssl now supports pkg-config module names, too. See INSTALL. # TRANSLATIONS: language translations were updated by these fine people: (in reverse alphabetical order of language codes so as not to prefer people): * sv: Göran Uddeborg [Swedish] * sq: Besnik Bleta [Albanian] * pl: Jakub Bogusz [Polish] * ja: Takeshi Hamasaki [Japanese] * fr: Frédéric Marchal [French] * eo: Keith Bowes [Esperanto] * cs: Petr Pisar [Czech] fetchmail-6.4.24 (released 2021-11-20, 30218 LoC): # OPENSSL AND LICENSING NOTE: > see fetchmail-6.4.22 below, and the file COPYING. Note that distribution of packages linked with LibreSSL is not feasible due to a missing GPLv2 clause 2(b) exception. # COMPATIBILITY: * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a warning workaround. Remove the cast of yytoknum to void. This may cause a compiler warning to reappear with older Bison versions. * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 certificate in its trust store because OpenSSL by default prefers the untrusted certificate and fails. Fetchmail now sets the X509_V_FLAG_TRUSTED_FIRST flag (on OpenSSL 1.0.2 only). This is workaround #2 from the OpenSSL Blog. For details, see both: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ NOTE: OpenSSL 1.0.2 is end of life, it is assumed that the OpenSSL library is kept up to date by a distributor or via OpenSSL support contract. Where this is not the case, please upgrade to a supported OpenSSL version. # DOCUMENTATION: * The manual page was revised after re-checking with mandoc -Tlint, aspell, igor. Some more revisions were made for clarity. # TRANSLATIONS: language translations were updated by these fine people: * sv: Göran Uddeborg [Swedish] * pl: Jakub Bogusz [Polish] * fr: Frédéric Marchal [French] * cs: Petr Pisar [Czech] * eo: Keith Bowes [Esperanto] * ja: Takeshi Hamasaki [Japanese] fetchmail-6.4.23 (released 2021-10-31, 30206 LoC): # USABILITY: * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead. This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22. Fixes Redhat Bugzilla 2008160. Fixes GitLab #39. # TRANSLATIONS: language translations were updated by these fine people: * ja: Takeshi Hamasaki [Japanese] * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] fetchmail-6.4.22 (released 2021-09-13, 30201 LoC): # OPENSSL AND LICENSING NOTE: * fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0. OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay license to Apache License v2.0, which is considered incompatible with GPL v2 by the FSF. For implications and details, see the file COPYING. # SECURITY FIXES: * CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections, without --ssl and with nonempty --sslproto, meaning that fetchmail is to enforce TLS, and when the server or an attacker sends a PREAUTH greeting, fetchmail used to continue an unencrypted connection. Now, log the error and abort the connection. --Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on a dedicated port (default 993): use --ssl, or the ssl user option in an rcfile. --Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel. The paper did not mention fetchmail. * On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS negotiation. * On IMAP connections, fetchmail does not permit overriding a server-side LOGINDISABLED with --auth password any more. * On POP3 connections, the possibility for RPA authentication (by probing with an AUTH command without arguments) no longer prevents STARTTLS negotiation. * For POP3 connections, only attempt RPA if the authentication type is "any". # BUG FIXES: * On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the tagged (= final) response, do not send "*". * On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send a "=" for protocol compliance. * On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4 has not supported and does not support the separate challenge/response with command continuation) * On IMAP connections, when --auth external is requested but not advertised by the server, log a proper error message. * Fetchmail no longer crashes when attempting a connection with --plugin "" or --plugout "". * Fetchmail no longer leaks memory when processing the arguments of --plugin or --plugout on connections. * On POP3 connections, the CAPAbilities parser is now caseblind. * Fix segfault on configurations with "defaults ... no envelope". Reported by Bjørn Mork. Fixes Debian Bug#992400. This is a regression in fetchmail 6.4.3 and happened when plugging memory leaks, which did not account for that the envelope parameter is special when set as "no envelope". The segfault happens in a constant strlen(-1), triggered by trusted local input => no vulnerability. * Fix program abort (SIGABRT) with "internal error" when invalid sslproto is given with OpenSSL 1.1.0 API compatible SSL implementations. # CHANGES: * IMAP: When fetchmail is in not-authenticated state and the server volunteers CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail must and will re-probe explicitly.) * For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option do not match, emit a warning and continue. Closes Gitlab #31. (cherry-picked from 6.5 beta branch "legacy_6x") * fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997 recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+ more prominently. The defaults shall not change between 6.4.X releases for compatibility. # TRANSLATIONS: language translations were updated by these fine people: * sq: Besnik Bleta [Albanian] * cs: Petr Pisar [Czech] * eo: Keith Bowes [Esperanto] * fr: Frédéric Marchal [French] * pl: Jakub Bogusz [Polish] * sv: Göran Uddeborg [Swedish] fetchmail-6.4.21 (released 2021-08-09, 30042 LoC): # REGRESSION FIX: * The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of messages logged to buffered outputs, from --logfile and --syslog. This also caused lines in the logfile to run into one another because the fragment containing the '\n' line-end character was usually lost. Reason is that on all modern systems (with <stdarg.h> header and vsnprintf() interface), the length of log message fragments was added up twice, so that these ended too deep into a freshly allocated buffer, after the '\0' byte. Unbuffered outputs flushed the fragments right away, which masked the bug. fetchmail-6.4.20 (released 2021-07-28, 30042 LoC): # SECURITY FIX: * When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation. fetchmail then reallocates memory and re-runs vsnprintf() without another call to va_start(), so it reads garbage. The exact impact depends on many factors around the compiler and operating system configurations used and the implementation details of the stdarg.h interfaces of the two functions mentioned before. To fix CVE-2021-36386.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 6ccf4650ec93a7107e69e8cbaae811ac9b71a317 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:49:04 2022 +0200
efibootmgr: Update to version 18
- Update from version 17 to 18 - Update of rootfile not required - Changelog bug fixes fixed the simple run example by @Katana-Steel in #88 Restore activation error message in efibootmgr by @rbisewski in #89 Android: correct the sources list by @cwhuang in #124 remove-dupes: update error message by @raharper in #127 Fix typo in manual page by @ferivoz in #136 README: Note efivarfs as the current required kernel module by @cjmayo in #145 Fix possible read out of bounds in ucs2_to_utf8 by @dlrobertson in #147 Migrate CI by @frozencemetery in #153 Add code of conduct by @frozencemetery in #154 Fix help messages by @robert-scheck in #156 Add option for insertion location of new entries by @frozencemetery in #166 Full changelog can be found from the github repository comparing versio 17 to 18 https://github.com/rhboot/efibootmgr/compare/17...18
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit c46d6ee4aba5881f46ccb0af1d5a0c8ef452f74e Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Aug 21 22:01:41 2022 +0200
elfutils: Update to version 0.187
- Update from version 0.186 to 0.187 - Update of rootfile - Changelog 0.187 * NEWS * debuginfod: Support -C option for connection thread pooling. debuginfod-client: Negative cache file are now zero sized instead of no-permission files. addr2line: The -A, --absolute option, which shows file names including the full compilation directory is now the default. To get the old behavior use the new option --relative. readelf, elflint: Recognize FDO Packaging Metadata ELF notes libdw, debuginfo-client: Load libcurl lazily only when files need to be fetched remotely. libcurl is now never loaded when DEBUGINFOD_URLS is unset. And when DEBUGINFOD_URLS is set, libcurl is only loaded when the debuginfod_begin function is called. * GIT SHORTLOG * debuginfod: Include "IPv4 IPv6" in server startup message PR29022: 000-permissions files cause problems for backups debuginfod: Use the debuginfod-size response header debuginfod: ensure X-DEBUGINFOD-SIZE contains file size config: simplify profile.*sh.in debuginfod/debuginfod-client.c: use long for cache time configurations readelf: Don't consider padding DT_NULL as dynamic section entry debuginfod: correct concurrency bug in fdcache metrics PR28661: debuginfo connection thread pool support man debuginfod-client-config.7: Elaborate $DEBUGINFOD_URLS PR28708: debuginfod: use MHD_USE_EPOLL for microhttpd threads debuginfod: use single ipv4+ipv6 microhttpd daemon configuration AUTHORS: Use generator script & git mailmap libebl: recognize FDO Packaging Metadata ELF note tests: Don't set DEBUGINFOD_TIMEOUT tests: Add -rdynamic to dwfl_proc_attach_LDFLAGS debuginfod: Use gmtime_r instead of gmtime to avoid data race debuginfod: sqlite3_sharedprefix_fn should not compare past end of string debuginfod: Fix some memory leaks on debuginfod-client error paths. debuginfod: Clear and reset debuginfod_client winning_headers on reuse libdwfl: Don't read beyond end of file in dwfl_segment_report_module debuginfod: Check result of calling MHD_add_response_header. readelf: Workaround stringop-truncation error tests: varlocs workaround format-overflow errors debuginfod: Fix debuginfod_pool leak configure: Add --enable-sanitize-address debuginfod: Don't format clog using 'right' or 'setw(20)'. libdwfl: Don't try to convert too many bytes in dwfl_link_map_report libdwfl: Make sure we know the phdr entry size before searching phdrs. libdwfl: Don't trust e_shentsize in dwfl_segment_report_module libdwfl: Don't install an Elf handle in a Dwfl_Module twice libdwfl: Don't try to convert too many dyns in dwfl_link_map_report libdwfl: Don't allocate more than SIZE_MAX in dwfl_segment_report_module. libelf: Use offsetof to get field of unaligned libdwfl: Make sure phent is sane and there is at least one phdr libdwfl: Add overflow check while iterating in dwfl_segment_report_module tests: Use /bin/sh instead of /bin/ls as always there binary libdwfl: Make sure there is at least one dynamic entry libdwfl: Make sure there is at least one phdr libdwfl: Make sure note data is properly aligned. libdwfl: Make dwfl_segment_report_module aware of maximum Elf size libdwfl: Make sure the note len increases each iteration libelf: Only set shdr state when there is at least one shdr libdwfl: Make sure that ph_buffer_size has room for at least one phdr libdwfl: Make sure dyn_filesz has a sane size libdwfl: Rewrite GElf_Nhdr reading in dwfl_segment_report_module libdwfl: Handle unaligned Ehdr in dwfl_segment_report_module libdwfl: Handle unaligned Phdr in dwfl_segment_report_module libdwfl: Handle unaligned Nhdr in dwfl_segment_report_module libdwfl: Always clean up build_id.memory libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread libdwfl: Call xlatetom on aligned buffers in dwfl_link_map_report libdwfl: Calculate addr to read by hand in link_map.c read_addrs. libdwfl: Fix overflow check in link_map.c read_addrs libdwfl: Handle unaligned Dyns in dwfl_segment_report_module libdwfl: Declare possible zero sized arrays only when non-zero backends: Use PTRACE_GETREGSET for ppc_set_initial_registers_tid configure: Test for _FORTIFY_SOURCE=3 support. addr2line: Make --absolute the default, add --relative option. configure: Use AS_HELP_STRING instead of AC_HELP_STRING. libelf: Take map offset into account for Shdr alignment check in elf_begin libelf: Make sure ar_size starts with a digit before calling atol. libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets libdwfl: Close ar members when they cannot be processed. libdwfl: Use memcpy to assign image header field values libelf: Don't overflow offsets in elf_cvt_Verneed and elf_cvt_Verdef libelf: Correct alignment of ELF_T_GNUHASH data for ELFCLASS64 tests: Check addsections test binary is 64bit for run-large-elf-file.sh configure: Don't check whether -m64 works for 32bit host biarch check libelf: Sync elf.h from glibc. elflint: Recognize NT_FDO_PACKAGING_METADATA Introduce error_exit as a noreturn variant of error (EXIT_FAILURE, ...) libelf: Also copy/convert partial datastructures in xlate functions libelf: Return already gotten Elf_Data from elf_getdata_rawchunk config: Add versioned requires on libs/libelf for debuginfod-client libdw: Add DWARF5 package file section identifiers, DW_SECT_* tests: Don't try to corrupt sqlite database during test. libdw: Remove unused atomics.h include from libdwP.h readelf: Define dyn_mem outside the while loop. tests: Lower parallel lookups in run-debuginfod-webapi-concurrency.sh debuginfod: Use MHD_USE_ITC in MHD_start_daemon flags elfclassify: Fix --no-stdin flag libelf: Check for mremap, elf_update needs it for ELF_C_RDWR_MMAP debuginfod, libdwfl: Initialize libcurl and dlopen debuginfod-client lazily dwfl: fix potential overflow when reporting on kernel modules debuginfod: fix compilation on platforms without <error.h>
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 0892c58e0cc86772ba23a55bf82a630de4415b3f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:09:22 2022 +0000
Core Update 171: This update needs a reboot
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit af9cd948b388f764cebc131cbe07240fe2099494 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:50:34 2022 +0200
libarchive: Update to version 3.6.1
- Update from version 3.6.0 to 3.6.1 - Update of rootfile - Changelog Libarchive 3.6.1 is a bugfix and security release. Security fixes: 7zip reader: fix PPMD read beyond boundary (#1671) ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672) ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685) RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0) fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50) fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77) fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit e955dbdca3769b755571d6889840e127c0276540 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:08:25 2022 +0000
Core Update 171: Ship and restart OpenVPN
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 43ee894734eb71e7d55e42292300d48b1507e141 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:51:01 2022 +0200
openvpn: Update to version 2.5.7
- Update from version 2.5.6 to 2.5.7 - Update of rootfile not required - Changelog 2.5.7. This is mostly a bugfix release, but adds limited support for OpenSSL 3.0. Full support will arrive in OpenVPN 2.6. networking: use OPENVPN_ETH_ALEN instead of ETH_ALEN networking_iproute2: don't pass M_WARN to openvpn_execve_check() t_net.sh: delete dummy iface using iproute command auth-pam.c: add missing include limits.h Add insecure tls-cert-profile options Refactor early initialisation and uninitialisation into methods Allow loading of non default providers Add ubuntu 22.04 to Github Actions Add macos OpenSSL 3.0 and ASAN builds Add --with-openssl-engine autoconf option (auto|yes|no) Fix allowing/showing unsupported ciphers and digests Remove dependency on BF-CBC existance from test_ncp Add message when decoding PKCS12 file fails. Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names Fix client-pending-auth error message to say ERROR instead of SUCCESS cipher-negotiation.rst missing from doc/Makefile.am vcpkg-ports\pkcs11-helper: shorten patch filename msvc: adjust build options to harden binaries vcpkg-ports: remove openssl port vcpkg: switch to manifest Fix M_ERRNO behavior on Windows vcpkg-ports/pkcs11-helper: bump to release 1.29 tapctl: Resolve MSVC C4996 warnings
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit c49899dc54d196b4c12e952ec68b719063642acc Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:07:41 2022 +0000
Core Update 171: Ship sqlite
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 94ed0a10e09a929b040b28a7105c302efed26725 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:51:15 2022 +0200
sqlite: Update to version 3390200
- Update from version 3390000 to 3390200 - Update of rootfile not required - Changelog version 3.39.2 (2022-07-21): Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. version 3.39.1 (2022-07-13): Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view. forum post 174afeae5734d42d. Fix some harmless compiler warnings. Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. Fix the build so that is works when the SQLITE_DEBUG and SQLITE_OMIT_WINDOWFUNC compile-time options are both provided at the same time. Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. Enhance the sqlite_stmt virtual table so that it buffers all of its output.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 4c4953a0d081a8a521e319b599f189cd701086d0 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:07:03 2022 +0000
Core Update 171: Delete orphaned Bind libraries
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ef0e70ee442fa8fd67c758c3b07c0a3b3f25da10 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:05:42 2022 +0000
Core Update 171: Ship util-linux
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 9f54f60bb15b642d8fcd7f4dd64549ea5d3b6185 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 24 09:51:32 2022 +0200
util-linux: Update to version 2.38.1
- Update from version 2.38 to 2.38.1 - Update of rootfile not required - Changelog util-linux 2.38.1 Release Notes BSD: - Use byteswap.h and endian.h defined macos when present [Warner Losh] column: - fix buffer overflow when -l specified [Karel Zak] - fix greedy mode on -l [Karel Zak] configure.ac: - add lsns option [Fabrice Fontaine] dmesg: - fix --since and --until [Karel Zak] docs: - update AUTHORS file [Karel Zak] fstrim: - Remove all skipped entries before de-duplication [Scott Shambarger] - check for ENOSYS when using --quiet-unsupported [Narthorn] hardlink: - Document '-c' option in manpage [FeRD (Frank Dana)] - Fix man page docs for '-v/--verbose' [FeRD (Frank Dana)] - Move -c option in --help [FeRD (Frank Dana)] - require statfs_magic.h only when reflink support enabled [Karel Zak] - use info rather than warning message [Karel Zak] irqtop: - fix compiler warning [-Werror=format-truncation=] [Karel Zak] - remove unused variable [Karel Zak] lib/fileutils: - fix compiler warning [Karel Zak] lib/logindefs: - fix compiler warning [-Werror=format-truncation=] [Karel Zak] lib/strutils: - add ul_strchr_escaped() [Karel Zak] libblkid: - (bsd) fix buffer pointer use [fuzzing] [Karel Zak] - (hfs) fix label use [fuzzing] [Karel Zak] - (hfs) fix make sure buffer is large enough [Karel Zak] - (mac) make sure block size is large enough [fuzzing] [Karel Zak] - (probe) fix size and offset overflows [fuzzing] [Karel Zak] - (swap) fix magic string memcmp [fuzzing] [Karel Zak] - simplify 'leaf' detection [Karel Zak] - update documentation of BLOCK_SIZE tag [Andrey Albershteyn] libfdisk: - (gpt) Add UUID for Marvell Armada 3700 Boot partition [Pali Rohár] - meson.build fix typo [Anatoly Pugachev] libmount: - fix and improve utab update on MS_MOVE [Karel Zak] - when moving a mount point, all sub mount entries in utab should also be updated [Franck Bui] libuuid: - (man) uuid_copy() -- add missing parenthesis [Andrew Price] - improve cache handling [d032747] logger: - make sure structured data are escaped [Karel Zak] loopdev: - set block_size when using LOOP_CONFIGURE [Hideki EIRAKU] losetup: - Fix typo for the --sector-size docs [Alberto Ruiz] lsblk: - fix JSON output when without --bytes [Karel Zak] lscpu: - keep bogomips locale output locale sensitive [Karel Zak] lsfd: - add static modifier to nodev_table [Masatake YAMATO] - delete __unused__ attribute for an used parameter [Masatake YAMATO] - fix compiler warning [-Werror=maybe-uninitialized] [Karel Zak] - fix crash triggered by an empty filter expression [Masatake YAMATO] lsirq: - improve --sort IRQ [Karel Zak] lslogins: - fix free() invalid pointer [Karel Zak] - improve prefixes interpretation [Karel Zak] lsns: - (man) add ip-netns to "SEE ALSO" section [Masatake YAMATO] - improve dependence on NS_GET_ ioctls [Karel Zak] meson: - fix compilation without systemd [Rosen Penev] - fix when HAVE_CLOCK_GETTIME is set [Nicolas Caramelli] more: - avoid infinite loop on --squeeze [Karel Zak] po: - merge changes [Karel Zak] - update de.po (from translationproject.org) [Mario Blättermann] - update hr.po (from translationproject.org) [Božidar Putanec] - update ja.po (from translationproject.org) [Takeshi Hamasaki] - update uk.po (from translationproject.org) [Yuri Chornoivan] po-man: - merge changes [Karel Zak] - update fr.po (from translationproject.org) [Frédéric Marchal] - update uk.po (from translationproject.org) [Yuri Chornoivan] sfdiks: - (man) fix example [Karel Zak] sulogin: - fix includes [Karel Zak] switch_root: - (man) fix return code description [Karel Zak] taskset: - fix use of err_affinity() [csbo98] tests: - don't compile lsfd/mkfds helper on macos, since it's linux only [Anatoly Pugachev] - fdisk/bsd update expected output for ppc64le [Chris Hofstaedtler] - fix misc/setarch run in a docker environment [Anatoly Pugachev] - make libmount tests more portable [Karel Zak] - report failed tests [Karel Zak] unshare: - Fix "you (user xxxx) don't exist" error when uid differs from primary gid [Sol Boucher] uuidd: - allow AF_INET in systemd service [Karel Zak] - remove also PrivateNetwork=yes from systemd service [Karel Zak] zramctl: - fix compiler warning [-Werror=maybe-uninitialized] [Karel Zak]
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit a6178c7ce784a826fce4f15a21fb0d067395ca3f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 12 06:04:36 2022 +0000
Core Update 171: Ship Bind
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ceff14d956a92c0eecb8d0902af3a9d536dcd733 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 27 09:02:00 2022 +0200
bind: Update to 9.16.32
For details see: https://downloads.isc.org/isc/bind9/9.16.32/doc/arm/html/notes.html#notes-fo...
Excerpt from changelog:
"5934. [func] Improve fetches-per-zone fetch limit logging to log the final allowed and spilled values of the fetch counters before the counter object gets destroyed. [GL #3461]
5933. [port] Automatically disable RSASHA1 and NSEC3RSASHA1 in named on Fedorda 33, Oracle Linux 9 and RHEL9 when they are disabled by the security policy. [GL #3469]
5932. [bug] Fix rndc dumpdb -expired and always include expired RRsets, not just for RBTDB_VIRTUAL time window. [GL #3462]
5929. [bug] The "max-zone-ttl" option in "dnssec-policy" was not fully effective; it was used for timing key rollovers but did not actually place an upper limit on TTLs when loading a zone. This has been corrected, and the documentation has been clarified to indicate that the old "max-zone-ttl" zone option is now ignored when "dnssec-policy" is in use. [GL #2918]
5924. [func] When it's necessary to use AXFR to respond to an IXFR request, a message explaining the reason is now logged at level info. [GL #2683]
5923. [bug] Fix inheritance for dnssec-policy when checking for inline-signing. [GL #3438]
5922. [bug] Forwarding of UPDATE message could fail with the introduction of netmgr. This has been fixed. [GL #3389]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit c5f2199d82d64254b8fc1d9405b4cae8096b9663 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:51:42 2022 +0000
Core Update 171: Ship udev
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6a1c2abd73323c30042624c9401f48d1a6a30169 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Aug 21 22:01:56 2022 +0200
udev: Update to version 3.2.11
- Update from version 3.2.6 to 3.2.11 - Update of rootfile - Changelog Release 3.2.11 Latest add actions workflows to check compilation on glibc and musl (devuan, alpine) by @ArsenArsen in #206 Add build instructions by @slicer69 in #207 src/libudev/conf-files.c: fix bug of using basename by @xfan1024 in #198 Permit eudev to work with rules which include escaped double-quotes by @slicer69 in #208 sync src/ata_id/ata_id.c by @bbonev in #201 sync src/v4l_id/v4l_id.c by @bbonev in #202 sync src/scsi_id/scsi_id.c by @bbonev in #203 sync src/mtd_probe/*.[ch] by @bbonev in #204 sparse: avoid clash with __bitwise and __force from 4.10 linux/types.… by @bbonev in #209 Silence deprecation warnings by @bbonev in #210 update CONTRIBUTING to reflect updated governance, clarify systemd commit hash requirements by @kaniini in #211 hashmap: don't initialize devt_hash_ops in the header by @kaniini in #212 Update to latest Devuan stable by @wwuck in #213 hwdb: sync with systemd/main by @bbonev in #215 Add getrandom(2) system call number for PowerPC by @Low-power in #216 No changelog for versions prior to 3.2.11 found. Looks like they are in nthe systemd releases and not easily extracted.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org
commit 3915db3d4fa892ec36e9105366fb2c2c2bd2774c Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:50:47 2022 +0000
Core Update 171: Ship curl
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a0cd3eb0f0212d2173ee0826e6b4ff1c468f7067 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Aug 21 22:01:18 2022 +0200
curl: Update to version 7.84.0
- Update from version 7.83.1 to 7.84.0 - Update of rootfile - Changelog 7.84.0 - June 27 2022 Changes: curl: add --rate to set max request rate per time unit curl: deprecate --random-file and --egd-file curl_version_info: add CURL_VERSION_THREADSAFE CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl lib: make curl_global_init() threadsafe when possible libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION opts: deprecate RANDOM_FILE and EGDSOCKET socks: support unix sockets for socks proxy Bugfixes: aws-sigv4: fix potentional NULL pointer arithmetic bindlocal: don't use a random port if port number would wrap c-hyper: mark status line as status for Curl_client_write() ci: avoid `cmake -Hpath` CI: bump FreeBSD 13.0 to 13.1 ci: update github actions cmake: add libpsl support cmake: do not add libcurl.rc to the static libcurl library cmake: enable curl.rc for all Windows targets cmake: fix detecting libidn2 cmake: support adding a suffix to the OS value configure: skip libidn2 detection when winidn is used configure: use the SED value to invoke sed configure: warn about rustls being experimental content_encoding: return error on too many compression steps cookie: address secure domain overlay cookie: apply limits copyright.pl: parse and use .reuse/dep5 for skips copyright: make repository REUSE compliant curl.1: add a few see also --tls-max curl.1: mention exit code zero too curl: re-enable --no-remote-name curl_easy_pause.3: remove explanation of progress function curl_getdate.3: document that some illegal dates pass through Curl_parsenetrc: don't access local pwbuf outside of scope curl_url_set.3: clarify by default using known schemes only CURLOPT_ALTSVC.3: document the file format CURLOPT_FILETIME.3: fix the protocols this works with CURLOPT_HTTPHEADER.3: improve comment in example CURLOPT_NETRC.3: document the .netrc file format CURLOPT_PORT.3: We discourage using this option CURLOPT_RANGE.3: remove ranged upload advice digest: added detection of more syntax error in server headers digest: tolerate missing "realm" digest: unquote realm and nonce before processing DISABLED: disable 1021 for hyper again docs/cmdline-opts: add copyright and license identifier to each file docs/CONTRIBUTE.md: document the 'needs-votes' concept docs: clarify data replacement policy for MIME API doh: remove UNITTEST macro definition examples/crawler.c: use the curl license examples: remove fopen.c and rtsp.c FAQ: Clarify Windows double quote usage fopen: add Curl_fopen() for better overwriting of files ftp: restore protocol state after http proxy CONNECT ftp: when failing to do a secure GSSAPI login, fail hard GHA/hyper: enable debug in the build gssapi: improve handling of errors from gss_display_status gssapi: initialize gss_buffer_desc strings headers api: remove EXPERIMENTAL tag http2: always debug print stream id in decimal with %u http2: reject overly many push-promise headers http: restore header folding behavior hyper: use 'alt-used' krb5: return error properly on decode errors lib: make more protocol specific struct fields #ifdefed libcurl-security.3: add "Secrets in memory" libcurl-security.3: document CRLF header injection libssh: skip the fake-close when libssh does the right thing links: update dead links to the curl-wiki log2changes: do not indent empty lines [ci skip] macos9: remove partial support Makefile.am: fix portability issues Makefile.m32: delete obsolete options, improve -On [ci skip] Makefile.m32: delete two obsolete OpenSSL options [ci skip] Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] max-time.d: clarify max-time sets max transfer time mprintf: ignore clang non-literal format string netrc: check %USERPROFILE% as well on Windows netrc: support quoted strings ngtcp2: allow curl to send larger UDP datagrams ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types ngtcp2: enable Linux GSO ngtcp2: extend QUIC transport parameters buffer ngtcp2: fix alert_read_func return value ngtcp2: fix typo in preprocessor condition ngtcp2: handle error from ngtcp2_conn_submit_crypto_data ngtcp2: send appropriate connection close error code ngtcp2: support boringssl crypto backend ngtcp2: use helper funcs to simplify TLS handshake integration ntlm: provide a fixed fake host name projects: fix third-party SSL library build paths for Visual Studio quic: add Curl_quic_idle quiche: support ca-fallback rand: stop detecting /dev/urandom in cross-builds remote-name.d: mention --output-dir runtests.pl: add the --repeat parameter to the --help output runtests: fix skipping tests not done event-based runtests: skip starting the ssh server if user name is lacking scripts/copyright.pl: fix the exclusion to not ignore man pages sectransp: check for a function defined when __BLOCKS__ is undefined select: return error from "lethal" poll/select errors server/sws: support spaces in the HTTP request path speed-limit/time.d: mention these affect transfers in either direction strcase: some optimisations test 2081: add a valid reply for the second request test 675: add missing CR so the test passes when run through Privoxy test414: add the '--resolve' keyword test681: verify --no-remote-name tests 266, 116 and 1540: add a small write delay tests/data/test1501: kill ftp server after slow LIST response tests/getpart: fix getpartattr to work with "data" and "data2" tests/server/sws.c: change the HTTP writedelay unit to milliseconds test{440,441,493,977}: add "HTTP proxy" keywords tool_getparam: fix --parallel-max maximum value constraint tool_operate: make sure --fail-with-body works with --retry transfer: fix potential NULL pointer dereference transfer: maintain --path-as-is after redirects transfer: upload performance; avoid tiny send url: free old conn better on reuse url: remove redundant #ifdefs in allocate_conn() url: URL encode the path when extracted, if spaces were set urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts urlapi: support CURLU_URLENCODE for curl_url_get() urldata: reduce size of a few struct fields urldata: remove three unused booleans from struct UserDefined urldata: store tcp_keepidle and tcp_keepintvl as ints version: allow stricmp() for sorting the feature list vtls: make curl_global_sslset thread-safe wolfssh.h: removed wolfssl: correct the failf() message when a handle can't be made wolfSSL: explicitly use compatibility layer x509asn1: mark msnprintf return as unchecked
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 71ee5abefec2f7150b9bfe0697ddb02a9df34807 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:48:31 2022 +0000
Core Update 171: Ship urlfilter.dat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 3da3c1848e5f19c2f993b8a188df82e9920fbda8 Author: Jon Murphy jon.murphy@ipfire.org Date: Tue Sep 6 14:30:01 2022 -0500
urlfilter.dat: change ipcop to ipfire
- Removed remnant from IPCop on URL Filter Logs Export page.
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit a15a75829294d71530c05ddc0d4393d4e2c79831 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:46:48 2022 +0000
{libvirt,qemu,samba}: Bump package versions for glibc changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8f4b4833c906f8f4b5368c55156015a4e5dd3ae1 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:45:39 2022 +0000
Core Update 171: Ship glibc 2.36 changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c0637090b84d6e451b2d1b821d46c6e0e2bea256 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:53 2022 +0000
u-boot: Ignore LOAD segments with RWX permissions
This is a new check in binutils which has to be disabled for some legacy bootloaders.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2743dd7eba1d8abb2c3aabf31bdd1b6c5d3edea5 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:52 2022 +0000
installer: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cc388c104eb88af53cd2ecd37444ef72fe7e789e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:51 2022 +0000
syslinux: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 34097d0bd3f6d1106e830e2c3b1d74ab9fbb13cf Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:50 2022 +0000
libvirt: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9060a9c9074d753bad930b9458af2155baaccd57 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:49 2022 +0000
collected: Fix build with glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 692416302ca59ba4f94c0da85a66a1ce08c396e5 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:48 2022 +0000
qemu: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b62124581563f9926aae7f3eb36bfa526e30796c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:47 2022 +0000
samba: Fix build with glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fac5f144bb6fca3058ecfdf98b183e76c499c795 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:46 2022 +0000
hdparm: Fix build with glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 03d57d8f1e7cd3aef6be6c4a71e44227f329a68e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:45 2022 +0000
libarchive: Fix build with glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 79c4be107dd463ac465942e40b8fab091bdf184e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:44 2022 +0000
efivars: Fix build with glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 025c5d44de81c3b538487ecb4400e9eb6016356b Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:43 2022 +0000
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2a4ab94d1bc46adb4d74788134eb1f1548ecfaa2 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:42 2022 +0000
glibc: Update to 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a6098f80c241a196162529b3a5d1cddd0ffbdadb Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:41 2022 +0000
binutils: Update to 2.39
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7eda830bfde9962fc53211b872698724dab34e4a Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:40 2022 +0000
gcc: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 11bea269b0a90fa3b956dc76cd78eefc33a8c65b Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 15 17:17:39 2022 +0000
sysvinit: Fix build against glibc 2.36
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 608b536e78422bfc97e59260b1cc2b5a56dd466c Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:35:48 2022 +0000
Core Update 171: Ship kbd
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5e39d521a85108ecd0ab32f2b6014f4b3b73b116 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Aug 7 09:44:19 2022 +0000
kbd: Update to 2.5.1
Changes since 2.2.0 can be obtained from https://github.com/legionus/kbd/releases.
See also: #12857
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ddbc886c4cf2977bddf7f645f6c19992e50710be Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:34:40 2022 +0000
Core Update 171: Ship and restart Squid
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 9ae861b273bf534e898717c552637fd3c4bea05e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 8 19:00:30 2022 +0200
squid: Update to 5.7
For details see: http://www.squid-cache.org/Versions/v5/changesets/SQUID_5_7.html
Excerpt from changelog: "Changes in squid-5.7 (05 Sep 2022):
- Regression Fix: Typo in manager ACL - Bug 5186: noteDestinationsEnd check failed: transportWait - Bug 5160: Test suite fails with -flto=auto - Bug 3193 pt2: NTLM decoder truncating strings - Bug 5133: OpenSSL 3.0 support - ext_session_acl: fix TDB key lookup - forward_max_tries: Do not count discarded connections - ... and many compile and debugging fixes"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 41a518ae1b638d6531c2c8891822e46f775f19b1 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:29:52 2022 +0000
Core Update 171: Ship Perl changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ce455a00a647e6ecef540114a7a5ade658b0e038 Merge: 2fbd66d90 a981a365a Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:20:29 2022 +0000
Merge branch 'next' into temp-c171-development
commit 2fbd66d90e86a6e616d597de700d1382c427884f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:42 2022 +0200
perl-Apache-Htpasswd: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 41b11b16547dfceb6e19e6d28f2812fd95d219ba Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:41 2022 +0200
perl-Archive-Tar: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9c4ca202eb528cfa03ccec2421b8df4e3988dccb Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:40 2022 +0200
perl-Archive-Zip: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 7d9fb46e33ff12ab964dc6ba61cdfdfc12060496 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:39 2022 +0200
perl-BerkeleyDB: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit a56c5c1bd9fbe43048886943cb6457e57210eec0 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:38 2022 +0200
perl-CGI: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 21d7365c92f6a6dec8ff0d8aa04d5b49a03aa143 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:37 2022 +0200
perl-Canary-Stability: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c32e4c315315fb18f6e39ae84bb90f899a5f9d4b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:36 2022 +0200
perl-Compress-Zlib: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit db5479f558b7be4164d48ca9e7b3bd715ecc8c6b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:35 2022 +0200
perl-Convert-TNEF: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5e361fdebcb3a0e870bf842a94793419dd6c83cc Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:34 2022 +0200
perl-Convert-UUlib: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e99c56a20b8abe6e5bf5dc4c0e6f45828544077a Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:33 2022 +0200
perl-Crypt-PasswdMD5: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c8aec11f8b54ae8edab141fbad7dd339d7c966a7 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:32 2022 +0200
perl-DBD-SQLite: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 93c80c7b1e36e1bc596aada95517d34eb0f0cad8 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:31 2022 +0200
perl-DBI: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b3bceb1f6b2f7273e066144f793e33b284479ce4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:30 2022 +0200
perl-Data-UUID: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9a88568665d01819b7edff4171bef9578ebf0e18 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:29 2022 +0200
perl-Device-Modem: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c7f4d9d198ed3e83400a47e8730166fddafed7a4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:28 2022 +0200
perl-Device-SerialPort: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 3c151aed9832e43237993f48c245fa3ab8991c8a Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:27 2022 +0200
perl-Digest-SHA1: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 83c83b347b1ebbd5064fa9d94d7f55842cb848dd Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:26 2022 +0200
perl-Digest-HMAC: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 748b960a45d65e096b455714adfb9b7523882858 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:25 2022 +0200
perl-Digest: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0bc788757421f23b0765e8b243e77dd15f009a48 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:24 2022 +0200
perl-Email-Date-Format: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 210d41959ad2d6e5287ce9f818bbee15918b7506 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:23 2022 +0200
perl-ExtUtils-PkgConfig: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 976532247f3423513b4dbec58ad6936931fad6b4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:22 2022 +0200
perl-File-Remove: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 4862cf1246b8544ac18681578053d4c9a15fb136 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:21 2022 +0200
perl-Font-TTF: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit ad6893021d69670bc353673abe8ba171429d1204 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:20 2022 +0200
perl-GD-Graph: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 58c7c288135b063637837b320cee1f1b42e5ac69 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:19 2022 +0200
perl-GD-TextUtil: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit fcd9e588d3ceb11df988e0225e5595c93dba60fe Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:18 2022 +0200
perl-GD: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 3d449ad1417880b9e05f44adc73e6c05b2d3481d Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:17 2022 +0200
perl-HTML-Parser: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit af585a72cb4f05ac98e4103e324502b0c69d157f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:16 2022 +0200
perl-HTML-Tagset: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit ce01f64c81469fb8f6182d0649700cc0c0405a0e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:15 2022 +0200
perl-HTML-Template: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e21ae3a785cfb7d75c4c849e38bb976d48a15068 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:14 2022 +0200
perl-HTTP-Date: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 09e37c64d09c4542812f46d441f3bc98da67e98b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:13 2022 +0200
perl-HTTP-Message: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 1c3fdbb10f6a38ae5c05d7d356e0f58d08049d41 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:12 2022 +0200
perl-IO-Socket-SSL: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 808aa3753284de1af7eb4ee20eee73ac365e2cfc Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:11 2022 +0200
perl-IO-Stringy: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit f70dba09a1484920c32e8446617bc74efd312fc4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:10 2022 +0200
perl-IO-String: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit ca426ccf049faee40ff45169216feefdd73c09b0 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:09 2022 +0200
perl-Imager-QRCode: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0889e4c137cc76061f96145031fce167cd22222b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:08 2022 +0200
perl-Imager: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d4db32be4d2e373b23f056d394fbc8eb763af7a2 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:07 2022 +0200
perl-LWP-Protocol-https: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 05c79f479302e89b3399306de9ccaad3ae2d8a1e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:06 2022 +0200
perl-MIME-Base32: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit aed984f25ef92275cea19bac96d8e1797884cf76 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:05 2022 +0200
perl-MIME-Lite: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9a898c94bd888ebb36e5df73baafbf9eaf8564df Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:04 2022 +0200
perl-MIME-Tools: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 7aaa698071442180be785c9089fb0f89981f7a10 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:03 2022 +0200
perl-Mail-Tools: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 4fd0eea5f308e25c3a41e32104305496f615f698 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:02 2022 +0200
perl-Module-Build: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0d3e6dd3929c849a45210b938701666a3ea032a1 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:01 2022 +0200
perl-Module-Install: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c300a993d0a600f9eb293f362d349ed8f444d6cb Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:43:00 2022 +0200
perl-Module-ScanDeps: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 59aac1c61dbff7e8a74a4cfd6013a0d44280f719 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:59 2022 +0200
perl-Net-CIDR-Lite: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e605c8dd8d26c6da0f69b80387beb4855ed3703e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:58 2022 +0200
perl-Net-DNS: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5d62cade3d4474f70efb5dd62b371059970a2eba Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:57 2022 +0200
perl-Net-HTTP: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0dcf7b22bb88f6a01c97a93f74cff792f1a8a983 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:56 2022 +0200
perl-Net-IPv4Addr: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 33f4cbf04af5d7fcbc4e288af05311b51006ea43 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:55 2022 +0200
perl-Net-Server: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit db9b30dc61ab4a430b03b1ebc4261976190cff7c Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:54 2022 +0200
perl-Net-Telnet: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 63ba8d2f9ada06a5ff6be19d24738f234eb43ed7 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:53 2022 +0200
perl-NetAddr-IP: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 54bc3ecda5059a67b5ea104660eec056fa16b3d5 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:52 2022 +0200
perl-Net_SSLeay: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 6251450b950d1689f0b58e81faf4d0c552db87cd Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:51 2022 +0200
perl-PDF-API2: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 3609c7e4d5708d1b5870e4c0ba86a55f12a3fa63 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:50 2022 +0200
perl-Sort-Naturally: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 378777d46279b815eb3c5cfb7c46cc0aa8af36f3 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:49 2022 +0200
perl-Switch: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e9ce9aea39567f34c14f5b37481d6cc929beb349 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:48 2022 +0200
perl-Text-CSV_XS: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c0ec961a1a9bfc3a54f7c3e12f5fe63083e0cdaa Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:47 2022 +0200
perl-Text-Tabs+Wrap: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 834e0bcce6f526e14ca51d65161bc79a742c7953 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:46 2022 +0200
perl-Try-Tiny: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 57bf32920c624767ad398cdbb5c0b76069c74211 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:45 2022 +0200
perl-URI-Encode: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0d0d0de6b1c746fa7c0f1d59ea2da16c613474c7 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:44 2022 +0200
perl-URI: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5b5cf76c3575ced6190af66d4a01b02c43a899b4 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:43 2022 +0200
perl-Unix-Syslog: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 63e9047970005fb4f1cdbdc39399367807d308c2 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:42 2022 +0200
perl-XML-Parser: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 02f36960265421b7a041210c318c1ea03383a98e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:41 2022 +0200
perl-YAML-Tiny: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 061b0e067ec0266aefbeb649eb7ea9b2a4354f37 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:40 2022 +0200
perl-libwww: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5e75c717e8e14faa4c5f39e4bc3145d6dc3f601a Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:39 2022 +0200
rrdtool: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 2a42c557203dc8657781fad35dbafb692b3a16a6 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:38 2022 +0200
liboping: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 75ccec947c1c7bab754b61e6d14efad1387a3f48 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:37 2022 +0200
libloc: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit cb6bf1ee7f7bf724184023e06e37517db8508001 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:36 2022 +0200
swatch: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0133d507d3cb025440da24016b7e99596199ceba Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:35 2022 +0200
netsnmpd: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 287b9662079968641b0802267998d9b97c50031b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:34 2022 +0200
mpfire: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 1431b7066e8ea43c595d12290e1ba20afc3bcfc6 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:33 2022 +0200
guardian: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e0c4900717ea89c35cdcd36f4d04c3d8980a1c3e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:32 2022 +0200
gnump3d: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5bbc59b88cbb68853e8843dfe7bc0095c7b80f2f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:31 2022 +0200
foomatic: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5e339063faa7076e1893d15dfcb3ec4bc8a073a6 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:30 2022 +0200
perl-inotify2: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5f94e693c95fa7457e1510ced0124394240d3924 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:29 2022 +0200
perl-gettext: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b4c17f0a66ac39a5600e2e545562331bfe166390 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:28 2022 +0200
perl-common-sense: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 898f3e335cfc58a9cf70e1e77623fb1c14102942 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:27 2022 +0200
perl-TimeDate: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit ae681241a47109920f995529ac932e45aa5c0eb8 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:26 2022 +0200
perl-Parse-Yapp: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 16f5f45f34c318726a478db03d8aec54bde6f33d Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:25 2022 +0200
perl-Net-SMTP-SSL: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 327f007bf1ef9bb7df69aa3b140b968b6f059994 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:24 2022 +0200
perl-Net-IP: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 592bb59006f7ce930775db3292ba78392379d416 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:23 2022 +0200
perl-MIME-Base64: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 4880f2edbd212d9806c148509818cc704b650800 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:22 2022 +0200
perl-JSON: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 6773041e9196fbbafda1a96a7fa1052a69350f5f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:21 2022 +0200
perl-File-Tail: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 248a2cfe2cdf11bcf058df2c25acf4a28f72f7d9 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:20 2022 +0200
perl-File-ReadBackwards: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b7602caac3753ed6edb35c48967ba00c02417006 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:19 2022 +0200
perl-Date-Manip: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit bf0ec79839806ce7b12b87b6f0c0e9aa5a732c67 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:18 2022 +0200
perl-Date-Calc: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 6f5a90c37248686d0b73457dff526921ec497e6d Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:17 2022 +0200
perl-Carp-Clan: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e075fd5dc798e50fb0020ebbe56b6803a9695508 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:16 2022 +0200
perl-Authen-SASL: Update to perl 5.36.0
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9d110cba45e9a40902beb3766bb00970ec2d57f3 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 16 12:42:15 2022 +0200
perl: Update to version 5.36.0
- Update from version 5.32.1 to 5.36.0 - Update of rootfile - Changelog is too large to include here. Version 5.34.0 can be found at https://perldoc.perl.org/5.34.0/perldelta Version 5.34.1 can be found at https://perldoc.perl.org/5.34.1/perldelta Version 5.36.0 can be found at https://perldoc.perl.org/5.36.0/perldelta
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8c179661f01b7f99012985892f1c81c0cd78bd62 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 1 21:16:16 2022 +0000
Core Update 171: Ship index.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a61509b99580fcffb30025954c3e0ba8faf17235 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Aug 14 16:28:49 2022 +0000
index.cgi: Show deprecation warning for armv6l
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit ae84a789f8247f9d140ae7159a46a3859ce24ecf Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 31 23:00:21 2022 +0200
hplip: Update to version 3.22.6
- Update from version 3.22.4 to 3.22.6 - Update of rootfile - Changelog HPLIP 3.22.6 - This release has the following changes: Added support for following new Distro's: Mx Linux 21.1 Ubuntu 22.04 Fedora 36 Added support for the following new Printers: HP Color LaserJet Managed MFP E785dn HP Color LaserJet Managed MFP E78523dn HP Color LaserJet Managed MFP E78528dn HP Color LaserJet Managed MFP E786dn HP Color LaserJet Managed MFP E786 Core Printer HP Color LaserJet Managed MFP E78625dn HP Color LaserJet Managed FlowMFP E786z HP Color LaserJet Managed Flow MFP E78625z HP Color LaserJet Managed MFP E78630dn HP Color LaserJet Managed Flow MFP E78630z HP Color LaserJet Managed MFP E78635dn HP Color LaserJet Managed Flow MFP E78635z HP LaserJet Managed MFP E731dn HP LaserJet Managed MFP E731 Core Printer HP LaserJet Managed MFP E73130dn HP LaserJet Managed Flow MFP E731z HP LaserJet Managed Flow MFP E73130z HP LaserJet Managed MFP E73135dn HP LaserJet Managed Flow MFP E73135z HP LaserJet Managed MFP E73140dn HP LaserJet Managed Flow MFP E73140z HP Color LaserJet Managed MFP E877dn HP Color LaserJet Managed MFP E877 Core Printer HP Color LaserJet Managed MFP E87740dn HP Color LaserJet Managed Flow MFP E877z HP Color LaserJet Managed Flow MFP E87740z HP Color LaserJet Managed MFP E87750dn HP Color LaserJet Managed Flow MFP E87750z HP Color LaserJet Managed MFP E87760dn HP Color LaserJet Managed Flow MFP E87760z HP Color LaserJet Managed MFP E87770dn HP Color LaserJet Managed Flow MFP E87770z HP LaserJet Managed MFP E826dn HP LaserJet Managed MFP E826 Core Printer HP LaserJet Managed MFP E82650dn HP LaserJet Managed Flow MFP E826z HP LaserJet Managed Flow MFP E82650z HP LaserJet Managed MFP E82660dn HP LaserJet Managed Flow MFP E82660z HP LaserJet Managed MFP E82670dn HP LaserJet Managed Flow MFP E82670z HP LaserJet Managed MFP E730dn HP LaserJet Managed MFP E73025dn HP LaserJet Managed MFP E73030dn HP LaserJet Pro MFP 3101fdwe HP LaserJet Pro MFP 3101fdw HP LaserJet Pro MFP 3102fdwe HP LaserJet Pro MFP 3102fdw HP LaserJet Pro MFP 3103fdw HP LaserJet Pro MFP 3104fdw HP LaserJet Pro MFP 3101fdne HP LaserJet Pro MFP 3101fdn HP LaserJet Pro MFP 3102fdne HP LaserJet Pro MFP 3102fdn HP LaserJet Pro MFP 3103fdn HP LaserJet Pro MFP 3104fdn HP LaserJet Pro 3001dwe HP LaserJet Pro 3001dw HP LaserJet Pro 3002dwe HP LaserJet Pro 3002dw HP LaserJet Pro 3003dw HP LaserJet Pro 3004dw HP LaserJet Pro 3001dne HP LaserJet Pro 3001dn HP LaserJet Pro 3002dne HP LaserJet Pro 3002dn HP LaserJet Pro 3003dn HP LaserJet Pro 3004dn
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 67eff38da8605bdc840ebbfbe0157d43353fdcf1 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Sep 1 21:14:33 2022 +0000
Start Core Update 171
Signed-off-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree