This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via bd8cc16ffde139820e282de1ba253e2724320a98 (commit) via 4e57a4f31ac0b3bebac4fd43ad1dd282a4ded352 (commit) via 2182e2d7f7f617567ce94eb3d4471c7c581d4cc9 (commit) via 3b5adf86e089b26b4ccc49c7430fed0f3d0e2047 (commit) via 9820735b9ecc0e442d99a58b96e4309da4edeff6 (commit) via 910a82917aa9a9e5a6f569c304541babeb724699 (commit) via 16492046bc7f50e2c63e2908a7ace13d1548e764 (commit) via f561899b54d6abd81430dd26a83679d49bc3fae7 (commit) via 6e5fa2dae179f8a2e70a008f0fc6aaea6af7c9cd (commit) via c39b2e00be1202a0824b72f28cdc7cfa653ce0a6 (commit) via c4a2b42cb916125cc6aeb343711ec4229f5191dc (commit) via 6cce5585d5c6229f4c205cc88dbd58b7561612fe (commit) via 3983a941bc93715e99559f260a6b2f4608f93b46 (commit) via ef367d6bb0f202e37d08c98a35dcb98e046b1208 (commit) via 972b07cf67ea46b1013b6ca59860e1a8ed91fb3f (commit) via 4698a20b21e492ae965aa1bd0caf63f73d5ed1af (commit) via 30c3ff21bfa434e3773521b716d62dc25bf7bfe9 (commit) via 96db7b8fceaaec49ad8510dd7a387bd203f08d5f (commit) via 1887a63d2635b61ce31ceac3c0817651d6c4369a (commit) via bf292012abe5cb61ff23f43f663ed3f43fe751a5 (commit) via 595f74bed57948da9e44c8e19d0c642ae7862dc7 (commit) via c3152d5edaf2f1dab6f8727cbae9f9a2c7d2f621 (commit) via aabe06ba5a536b707da4e6668f93eeda985d0792 (commit) via 233e800be1bdfaf9a7c1fd50721aa3688b18d42e (commit) via b4fa906f8d0293b4e92c4f6e9aea83786d5a240a (commit) via fab2e0abd4b24f4968addd528b228002a3f8e3f6 (commit) via a18358290945cc28b5231f703ff13187a33a63ca (commit) via 9297dba50f80ef35244230ed3e12cfa3dd45131a (commit) via ee9b73657ef83af7ad8a6fbf520986387ac34c41 (commit) via cd7a901109751cfa28b7cae01e04192aa17232b4 (commit) via 09924d7eec602353d2e585639572f49002e58bee (commit) via 860515b21c695a9cb53ccced691d6cf2ea82ee0e (commit) via e1f9b110a485e74ab37d6bcf69661816e81b0ece (commit) via 0a6b31db21517541b026abf4e193740508fd1e17 (commit) via 88361859eb183a6a730179bd7cf4485b525a5d84 (commit) via c0d35245e1458dc6cb77dd1184afcc0ab2ff3176 (commit) via bb6d3ed8cf3df79d0e8f10ec1ecaf49040d6a226 (commit) via 2556a8ea982c2107b664b0cf67d057105d987e89 (commit) via 025cf4aafce4250961c7b156224d010c2e2a8579 (commit) via d3b0d3a99c8ac4a88d6b1876aa54a676b6f5cde9 (commit) via 58e395e90a431cd6126c614aea8b3b0c3bb3144a (commit) via 117f144799e550538b686c2ffd09ad698b5851c5 (commit) via 772c150bf3cd894d68ef1a8e82713009153429e9 (commit) via 721c70139b1680cdeb9afa2b180a8cbad77df5a7 (commit) via 716b8fb503b5c02ac921cd843f8c646892c4cf55 (commit) via 5a7342fc285425d226e52d988c0e35c23cd7547b (commit) via 4f39eaeb793547386ab45879c999eaae9b24b577 (commit) via 09bfdb62e5a18f5c09cd5fc576659a4acdc857cf (commit) via 8b4cc72d4e64803a41d432541170b74d19f51eae (commit) via 9612bc11334234371c561ad3150ae3665675f1b5 (commit) via f6474f325c00f213c9f5ff7747fa52a641780ad9 (commit) via 22e3210eff579628e76081606e6d005058d59f86 (commit) via 1dc90e7d07ba43219ceef69824c4085728709b67 (commit) via 9546ab3f5c79272a7a950e188391fe7c5c48436e (commit) via 1f75cc04ca4fe89db54747da3c0ca77742ce9edc (commit) via e7624fcefa3a4f6bb5b0fc3b5fd3fc4de8bb8752 (commit) via 99d70a15508f10a6f13a0d09ccaef042a8873ee0 (commit) via 869d7be4f4b0f7a27aab9c191c8f4227156c13df (commit) via d28dbdc0c0602aaa570a61f00467cbea714ab2fd (commit) via 9f94857120dbae6fee6df3c0240d2280c4daed22 (commit) via 91aefa33f9fc626acce7eb2b197f91effb719d25 (commit) via bc98c579cb6d6d8547d79e6c2fed6d7536e3f0d9 (commit) via 730be02c8eb83ba5e6404d450bbe26b8aa19c264 (commit) via 97f69f7768df9dc15563794226649432e5740266 (commit) via fc22e74b79d146f37509f48789f736bdd5fe9ca6 (commit) via 05512cabe0220d8208c12fddd293cee9d305b0a2 (commit) via 60e990fe3dd5771ffab24072858e8b9b01add0a1 (commit) via 01925627b1f59cb3b1348bcff7200c48dc477553 (commit) via 49ed7f690203cf3052f62c476808f8a57b052c98 (commit) via 825871b9782085fadc5d78524714c9ca501767fb (commit) via 16d664b2bd4cb546cc2f1d5b7f36b2983f93f5d3 (commit) via 0c051ce27903e9d18c8ee247d92535c633ef93a2 (commit) via 6dac44d40c4e1e80c497959f7098158462b033cb (commit) via 4a0648243b991b00130aca4fcc615e717ddb1003 (commit) via 6ea7d8c67e0ea53188d6dc356b9cdbc5bf7b5d97 (commit) via d71c37a6329ceeed4657e28c4f51a138e55056dc (commit) via 6dd7451f11385e984b2d24afff99360919f2d3a9 (commit) via 1c9dcaf97639d229abef169c13a74b8beca82d19 (commit) via bff53f09ffb26cee1e410a2ee812efe4b83538d3 (commit) via 670e7d6e363d1a51de623428620b5d50b0e814d8 (commit) via 5ef6f1dcaeea9b49c70d2bd4b2e80b17c64fffcf (commit) via 1c0e8ff9fcf7934fc5943a3b43aaef8c58d325d3 (commit) via cbc1c00ed909dea9bcd0e2b762505b80e33b211b (commit) via 90ea6fac35ac12a6fea9163ac71da166370856fe (commit) via 20e8c4739caf8f8e6b6f331d239025184b007926 (commit) via 272076e3c8f8d835816fb796cfb27501c7299e85 (commit) via 314315bee30ed6361ad628a25095e50ebbafd35c (commit) via 5fafff021f06f286e1605db48bde8bf762209cc8 (commit) via 9b2298d92f8d058ce5be6c84668e65c466cf8211 (commit) via f5a2b26bd180fc1b5e57345864bb866d82b2e6fc (commit) via 68cf137999dd22b56f094cbd725482bfe657db9d (commit) via 1087370d524d7ce690164c79cf941116994752db (commit) via ee2072fd20be1a3590e347bc59b1353aa7d69ba9 (commit) via bed265cc5ab80f97c4981f2ba5d4c1cb10c55f57 (commit) via 3ee04b3b8a4da3513d288c5e4dfd0d3139b2d7ea (commit) via c790899f7383dae7f734a44c1570da1c9246b778 (commit) via f433fdcd90cb406f1095e6c3d2fa6af7cd85efb3 (commit) via 033252e043de35cc1da36e0eb5dc198126abbae5 (commit) via 60a050768f1e3e4dd79c1696e249d426cdb9eab7 (commit) via bf93033801e5c7a1e6de05a073321e909f43a388 (commit) via 7c6ff5ff12331a53f416080a44c8d6145e78bfac (commit) via 84c599f55f2b85b0e3f6c9b058b132f2d39b0a46 (commit) via a809f932464a603af0bda13dfb558573ba58a483 (commit) via e56646a748fda6d9143a6e7e1236e16fdf9eadaa (commit) via d29916135f6cb1874c789a1483e6923f16e2429b (commit) via e3a8147c670b7033914d4243c166cb321c4c448c (commit) via 5097f72d498f135560030918626acb1c9710fb67 (commit) via 362bb6862093da2d2764c9cfd271ad0642d48b4f (commit) via 39cd2fff5442994d4cf9776798be91c918f13ca6 (commit) via 3de42257d00724f578d2f374ce47a70082edf42a (commit) via db4977b30ab4a9424627a3cbe9415ed4f43b88fb (commit) via 4d7023105dc3c1ee04da6c2ffb441146c04428fa (commit) via 1dbea7df56018981f37761f86de76f02a1d7a018 (commit) via 7e79a6c92e563ac3b322ec35c8f50b7221091397 (commit) via 7275d72be39594283cbec4027ea2ab57068e760e (commit) via 5a1b6efa009684a1a3c5c8d3f63dc187d96345f5 (commit) via 0b29422c936281a555c710c3122a098a7acf3cce (commit) via d6511c820d09f7873780130b8054093fa43ba90c (commit) via 6336428ef8083719909e944d5785a8f498d7f84d (commit) via 2038b640e6c96a854b9ce47ed4872bcc6cab7272 (commit) via b8f2d9da4cb911061cd13c22b29b9b92c5d6a362 (commit) via ef2846e46d29fe5d1f434ff00821d6e29e118176 (commit) via 1ec11ba5150bfd4716c9a1081e4bb0c56f21e1be (commit) via d36a58ef6bdf0cdd9c6792526b2f2c36bfef4dae (commit) via 90e40b194873b596c138cbc25d559e765824f155 (commit) via 407548690c672bc58b02123787aa443d44d9f49d (commit) via c73a75cb70d4e66c37ea4cc6ba5c4b114308ef2e (commit) via 5db2b07c890b526cfe4c032c7123f11016ae4744 (commit) via c5b441a4e62004171ed5957254a1322c7a4431a3 (commit) via 64300f2212afbc083b3a0b926904cc62079432bc (commit) via 935da8b7a22fc3cc365c21d3bdd11f93cebcc2f9 (commit) via b6d47f727a5726cedcc3dc3ec8aa540c34a2597e (commit) via a4f29a53477951513a7621f52c313541e87bf735 (commit) via 761e73230f5e6540e3bdc9d49dfcde158356cfc2 (commit) via 1b57f838f19e2a8c1e1a3bd903b2a70c730ab08f (commit) via cecad543cb59d0e052cea437cc064bb0924cdbd2 (commit) via 900e1c57229b896ee5824ec543560605df062e77 (commit) via be60a304dd1714af9129fce8a673fab80f6cd3dc (commit) via 691a64130f7a83ceba89127c7b016b3ba96719b3 (commit) via 394405b1dd985b2563b9a95122808b43a843d39c (commit) via 65c19014117f573ab616b4fda537749a3eee5b5e (commit) via 87a0bf6fb2de46a1635936714a1d4d6d8b27195e (commit) via e8972095c6fa63c8b51f8409c6a40d427bb616a0 (commit) via bb25f15cf91029156905f8c8f1cc6cd5981cba88 (commit) via 448a98dc81ddea51dcd5147ce1e6b712f2678daa (commit) via f4b059a7719cc49be1f93e06cdcceb30dff904c0 (commit) via 4fde42d7ecd545bcf3b7c556c3b6420837dc92fa (commit) via e56ca17e9bffa1100734792efdc5a6ff848d2572 (commit) via c4fd8911d35e7be4f53e52550ff49305225ed58c (commit) via 24dbe4eaf2a3541c422849582994a165b6ffe80f (commit) via 2ee8edb81a1851ce6bab10dac383c36c67139917 (commit) via c082a0cc9a8f9faf0f7db38cda1641a1f34d74c9 (commit) via bf3f602e05df35b7619c39243c88d571c9309e8a (commit) via 06c2bfa3c4d54a6fc6c3edb834ccb65732850383 (commit) via 749b93c6e96d032a04a87ebaf3f4cbba7b34f5db (commit) via 43c2dc9318f5733006388563468ba75e39e8d997 (commit) via bb88fd1b69ae27e9c14b97d219879627a473a3d2 (commit) via cf70bd231a1ad7ba9507514722ce7f10f92af388 (commit) via b95afd6aca51723390d4cc14a9607e9333bca4b4 (commit) via 5cf3bc3507b841078d25852672931e8f49d59bb6 (commit) via 605217e96f9c4b99fe66ca8c610cdf58e7797947 (commit) via c3019331df2bb393c96def62a56d33abdec72e8c (commit) via dd8ef8cc107a867d4b2a739913b399f6966b34ff (commit) from 68c3cfd0be7d840466361fc33901db9f1fb74daa (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bd8cc16ffde139820e282de1ba253e2724320a98 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 16:17:53 2024 +0000
make.sh: Update contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/backup.pl | 4 + config/backup/includes/mpd | 4 + config/backup/includes/mpfire | 4 - config/ca-certificates/certdata.txt | 1008 +++++++++++++++++--- config/cfgroot/manualpages | 2 +- config/menu/EX-mympd.menu | 5 + config/menu/EX-transmission.menu | 5 + config/menu/EX-vdr.menu | 5 + config/{mpfire => mpd}/mpd.conf | 15 +- config/mpfire/mpfire.pl | 2 +- config/ovpn/openssl/ovpn.cnf | 3 - config/rootfiles/common/aarch64/binutils | 7 +- config/rootfiles/common/aarch64/glibc | 128 ++- config/rootfiles/common/configroot | 3 + config/rootfiles/common/elfutils | 6 +- config/rootfiles/common/expat | 20 +- config/rootfiles/common/gdb | 28 +- config/rootfiles/common/glib | 1 - config/rootfiles/common/i2c-tools | 1 - config/rootfiles/common/iproute2 | 4 +- config/rootfiles/common/knot | 4 +- config/rootfiles/common/libffi | 2 +- config/rootfiles/common/libgpg-error | 2 +- config/rootfiles/common/meson | 14 +- config/rootfiles/common/newt | 2 +- config/rootfiles/common/openjpeg | 12 +- config/rootfiles/common/pango | 6 +- config/rootfiles/common/pciutils | 2 +- config/rootfiles/common/perl | 1 - config/rootfiles/common/pixman | 2 +- config/rootfiles/common/poppler | 4 +- config/rootfiles/common/qpdf | 3 +- config/rootfiles/common/riscv64/binutils | 7 +- config/rootfiles/common/riscv64/glibc | 126 ++- config/rootfiles/common/squidguard | 1 - config/rootfiles/common/suricata | 3 +- config/rootfiles/common/tar | 1 - config/rootfiles/common/tcl | 70 +- config/rootfiles/common/unbound | 2 +- config/rootfiles/common/web-user-interface | 3 + config/rootfiles/common/x86_64/binutils | 9 +- config/rootfiles/common/x86_64/glibc | 128 ++- config/rootfiles/common/x86_64/intel-microcode | 5 +- config/rootfiles/common/xz | 34 +- config/rootfiles/core/{184 => 185}/exclude | 0 .../133 => core/185}/filelists/aarch64/binutils | 0 .../core/{184 => 185}/filelists/aarch64/glibc | 0 .../155 => core/185}/filelists/aarch64/util-linux | 0 .../{oldcore/154 => core/185}/filelists/arping | 0 config/rootfiles/core/{184 => 185}/filelists/bind | 0 .../121 => core/185}/filelists/ca-certificates | 0 .../core/{184 => 185}/filelists/core-files | 0 config/rootfiles/core/185/filelists/elfutils | 1 + .../{oldcore/158 => core/185}/filelists/ethtool | 0 config/rootfiles/core/{184 => 185}/filelists/expat | 0 config/rootfiles/core/185/filelists/files | 54 ++ .../rootfiles/core/{184 => 185}/filelists/iproute2 | 0 .../rootfiles/core/{184 => 185}/filelists/iputils | 0 .../{oldcore/128 => core/185}/filelists/knot | 0 .../{oldcore/104 => core/185}/filelists/libcap | 0 .../{oldcore/155 => core/185}/filelists/libffi | 0 .../106 => core/185}/filelists/libgpg-error | 0 .../rootfiles/core/{184 => 185}/filelists/libpng | 0 .../{oldcore/154 => core/185}/filelists/newt | 0 .../{oldcore/100 => core/185}/filelists/ntp | 0 .../{oldcore/151 => core/185}/filelists/openjpeg | 0 .../{oldcore/100 => core/185}/filelists/openssh | 0 .../{oldcore/163 => core/185}/filelists/pango | 0 .../{oldcore/101 => core/185}/filelists/pciutils | 0 .../rootfiles/core/{184 => 185}/filelists/pixman | 0 .../rootfiles/core/{184 => 185}/filelists/poppler | 0 .../{oldcore/110 => core/185}/filelists/qpdf | 0 .../180 => core/185}/filelists/riscv64/binutils | 0 .../core/{184 => 185}/filelists/riscv64/glibc | 0 .../180 => core/185}/filelists/riscv64/util-linux | 0 .../rootfiles/core/{184 => 185}/filelists/shadow | 0 .../rootfiles/core/{184 => 185}/filelists/sqlite | 0 config/rootfiles/core/{184 => 185}/filelists/squid | 0 .../rootfiles/core/{184 => 185}/filelists/suricata | 0 .../{oldcore/155 => core/185}/filelists/tcl | 0 .../rootfiles/core/{184 => 185}/filelists/unbound | 0 .../{oldcore/104 => core/185}/filelists/wget | 0 .../{oldcore/162 => core/185}/filelists/whois | 0 .../100 => core/185}/filelists/x86_64/binutils | 0 .../core/{184 => 185}/filelists/x86_64/glibc | 0 .../185}/filelists/x86_64/intel-microcode | 0 .../112 => core/185}/filelists/x86_64/util-linux | 0 config/rootfiles/core/{184 => 185}/filelists/xz | 0 .../rootfiles/{oldcore/181 => core/185}/update.sh | 155 ++- config/rootfiles/{core => oldcore}/184/exclude | 0 .../{core => oldcore}/184/filelists/aarch64/glibc | 0 .../rootfiles/{core => oldcore}/184/filelists/acl | 0 .../rootfiles/{core => oldcore}/184/filelists/attr | 0 .../rootfiles/{core => oldcore}/184/filelists/bash | 0 .../rootfiles/{core => oldcore}/184/filelists/bind | 0 .../{core => oldcore}/184/filelists/core-files | 0 .../{core => oldcore}/184/filelists/dhcpcd | 0 .../{core => oldcore}/184/filelists/diffutils | 0 .../rootfiles/{core => oldcore}/184/filelists/ed | 0 .../{core => oldcore}/184/filelists/expat | 0 .../rootfiles/{core => oldcore}/184/filelists/file | 0 .../{core => oldcore}/184/filelists/files | 0 .../{core => oldcore}/184/filelists/gettext | 0 .../{core => oldcore}/184/filelists/gnutls | 0 .../{core => oldcore}/184/filelists/iana-etc | 0 .../{core => oldcore}/184/filelists/iproute2 | 0 .../{core => oldcore}/184/filelists/ipset | 0 .../{core => oldcore}/184/filelists/iputils | 0 .../{core => oldcore}/184/filelists/libhtp | 0 .../{core => oldcore}/184/filelists/libidn | 0 .../{core => oldcore}/184/filelists/libpng | 0 .../rootfiles/{core => oldcore}/184/filelists/lvm2 | 0 .../rootfiles/{core => oldcore}/184/filelists/lzip | 0 .../{core => oldcore}/184/filelists/memtest | 0 .../{core => oldcore}/184/filelists/openssl | 0 .../rootfiles/{core => oldcore}/184/filelists/pam | 0 .../{core => oldcore}/184/filelists/pixman | 0 .../{core => oldcore}/184/filelists/poppler | 0 .../{core => oldcore}/184/filelists/readline | 0 .../{core => oldcore}/184/filelists/riscv64/glibc | 0 .../{core => oldcore}/184/filelists/shadow | 0 .../{core => oldcore}/184/filelists/sqlite | 0 .../{core => oldcore}/184/filelists/squid | 0 .../{core => oldcore}/184/filelists/suricata | 0 .../{core => oldcore}/184/filelists/unbound | 0 .../{core => oldcore}/184/filelists/vnstat | 0 .../184/filelists/x86_64/dmidecode | 0 .../{core => oldcore}/184/filelists/x86_64/glibc | 0 .../rootfiles/{core => oldcore}/184/filelists/xz | 0 .../rootfiles/{core => oldcore}/184/filelists/zlib | 0 config/rootfiles/{core => oldcore}/184/update.sh | 0 config/rootfiles/packages/clamav | 9 +- config/rootfiles/packages/ghostscript | 326 +++---- config/rootfiles/packages/git | 1 + config/rootfiles/packages/gnump3d | 1 + config/rootfiles/packages/gutenprint | 1 - config/rootfiles/packages/libmpdclient | 12 +- config/rootfiles/packages/libplist | 4 +- config/rootfiles/packages/mpd | 7 + config/rootfiles/packages/mpfire | 6 - config/rootfiles/packages/mympd | 4 + config/rootfiles/packages/opus | 2 +- config/rootfiles/packages/sdl2 | 2 +- config/rootfiles/packages/transmission | 2 + config/rootfiles/packages/vdr | 2 + config/rootfiles/packages/wsdd | 2 + config/rootfiles/packages/zabbix_agentd | 3 + config/suricata/ruleset-sources | 44 +- config/zabbix_agentd/ipfire_certificate_detail.sh | 91 ++ config/zabbix_agentd/sudoers | 1 + config/zabbix_agentd/userparameter_ipfire.conf | 8 +- ...rameter_ipfire.conf => userparameter_ovpn.conf} | 19 +- doc/language_issues.en | 4 +- doc/language_issues.es | 2 + doc/language_issues.fr | 16 +- doc/language_issues.it | 4 +- doc/language_issues.nl | 4 +- doc/language_issues.pl | 4 +- doc/language_issues.ru | 4 +- doc/language_issues.tr | 4 +- doc/language_missings | 27 +- html/cgi-bin/credits.cgi | 4 +- html/cgi-bin/dhcp.cgi | 4 +- html/cgi-bin/dns.cgi | 13 +- html/cgi-bin/index.cgi | 1 + html/cgi-bin/mpfire.cgi | 4 +- .../update-lang-cache => html/cgi-bin/mympd.cgi | 8 +- html/cgi-bin/ovpnmain.cgi | 40 +- html/cgi-bin/time.cgi | 4 + .../cgi-bin/transmission.cgi | 8 +- .../update-lang-cache => html/cgi-bin/vdr.cgi | 8 +- langs/de/cgi-bin/de.pl | 2 + langs/en/cgi-bin/en.pl | 4 +- langs/fr/cgi-bin/fr.pl | 25 +- lfs/binutils | 4 +- lfs/ca-certificates | 4 +- lfs/clamav | 8 +- lfs/dnsdist | 6 +- lfs/elfutils | 4 +- lfs/ethtool | 6 +- lfs/expat | 4 +- lfs/gdb | 6 +- lfs/ghostscript | 8 +- lfs/git | 8 +- lfs/glibc | 50 +- lfs/gptfdisk | 8 +- lfs/intel-microcode | 6 +- lfs/ipfire-netboot | 8 +- lfs/iproute2 | 4 +- lfs/knot | 6 +- lfs/libffi | 6 +- lfs/libgpg-error | 6 +- lfs/libloc | 6 +- lfs/libmpdclient | 8 +- lfs/libplist | 8 +- lfs/libpng | 4 +- lfs/meson | 6 +- lfs/mpc | 8 +- lfs/mpd | 18 +- lfs/mpfire | 14 +- lfs/multipath-tools | 2 +- lfs/mympd | 13 +- lfs/newt | 6 +- lfs/openjpeg | 6 +- lfs/openssh | 6 +- lfs/opus | 8 +- lfs/pango | 6 +- lfs/pciutils | 6 +- lfs/pixman | 4 +- lfs/poppler | 4 +- lfs/qpdf | 6 +- lfs/samba | 8 +- lfs/sdl2 | 8 +- lfs/shadow | 4 +- lfs/sqlite | 4 +- lfs/squid | 4 +- lfs/suricata | 7 +- lfs/tcl | 6 +- lfs/transmission | 2 +- lfs/unbound | 4 +- lfs/util-linux | 6 +- lfs/vdr | 2 +- lfs/vim | 4 + lfs/wget | 6 +- lfs/whois | 6 +- lfs/{protobuf => wsdd} | 28 +- lfs/xz | 4 +- lfs/zabbix_agentd | 13 +- make.sh | 9 +- src/initscripts/packages/mpd | 4 +- src/initscripts/packages/{mympd => wsdd} | 51 +- src/initscripts/system/functions | 10 +- src/initscripts/system/unbound | 2 +- src/installer/dracut-module/70-dhcpcd.exe | 2 +- src/paks/alsa/update.sh | 15 +- src/paks/{mympd => mpd}/install.sh | 13 +- src/paks/{mpfire => mpd}/uninstall.sh | 2 +- src/paks/{mympd => mpd}/update.sh | 0 src/paks/mpfire/install.sh | 11 +- src/paks/mpfire/uninstall.sh | 4 +- src/paks/mpfire/update.sh | 2 +- src/paks/mympd/install.sh | 3 +- src/paks/{alsa => wsdd}/install.sh | 20 +- src/paks/{transmission => wsdd}/uninstall.sh | 4 +- src/paks/{amazon-ssm-agent => wsdd}/update.sh | 0 ...ove-tst-realpath-compatibility-with-sourc.patch | 43 - ...-for-cache-computation-on-AMD-legacy-cpus.patch | 286 ------ ...nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch | 185 ---- ...orrect-scope-of-setting-shared_per_thread.patch | 45 - ...Fix-build-with-disable-multiarch-BZ-30721.patch | 60 -- ...006-i686-Fix-build-with-disable-multiarch.patch | 100 -- ...le-merging-of-remainders-in-memalign-bug-.patch | 301 ------ ...move-bin-scanning-from-memalign-bug-30723.patch | 269 ------ ...09-sysdeps-tst-bz21269-fix-test-parameter.patch | 31 - ...-bz21269-handle-ENOSYS-skip-appropriately.patch | 42 - ...0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch | 30 - ...rd-locking-contants-for-powerpc64-with-__.patch | 91 -- .../0013-libio-Fix-oversized-__io_vtables.patch | 51 - ...Do-not-run-constructors-for-proxy-objects.patch | 37 - ...call-destructors-in-reverse-constructor-o.patch | 669 ------------- ...unused-l_text_end-field-from-struct-link_.patch | 143 --- ...init_called_next-to-old-place-of-l_text_e.patch | 41 - .../0018-NEWS-Add-the-2.38.1-bug-list.patch | 37 - ...27-Stack-read-overflow-with-large-TCP-res.patch | 221 ----- ...-Fix-use-after-free-in-getcanonname-CVE-2.patch | 338 ------- ...re-verbosity-with-unrecognized-encoding-n.patch | 32 - ...tester-build-with-fortify-enable-with-gcc.patch | 50 - ...s.texi-Add-missing-item-EPERM-for-getpgid.patch | 30 - ...-getaddrinfo-introduced-by-the-fix-for-CV.patch | 98 -- ...t-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch | 36 - ...opagate-GLIBC_TUNABLES-in-setxid-binaries.patch | 32 - ...rminate-if-end-of-input-is-reached-CVE-20.patch | 173 ---- ...Remove-unused-l_text_end-field-from-struc.patch | 135 --- ...Always-call-destructors-in-reverse-constr.patch | 593 ------------ ...Move-l_init_called_next-to-old-place-of-l.patch | 42 - ..._open-Clear-O_CREAT-when-semaphore-file-i.patch | 105 -- ...f-Fix-wrong-break-removal-from-8ee878592c.patch | 26 - ...gArch-Delete-excessively-allocated-memory.patch | 109 --- ...-modid-reuse-generation-assignment-BZ-290.patch | 54 -- ...lf-Add-TLS-modid-reuse-test-for-bug-29039.patch | 208 ---- ...4-Fix-the-dtv-field-load-for-x32-BZ-31184.patch | 68 -- ...4-Fix-the-tcb-field-load-for-x32-BZ-31185.patch | 69 -- ...ion-bug-fixes-for-29039-30694-30709-30721.patch | 27 - ...39-NEWS-Mention-bug-fixes-for-30745-30843.patch | 30 - ...-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch | 36 - ...-remaining-buffer-size-in-_IO_wdo_write-b.patch | 48 - ...heap-buffer-overflow-in-__vsyslog_interna.patch | 181 ---- ...heap-buffer-overflow-in-__vsyslog_interna.patch | 106 -- ...integer-overflow-in-__vsyslog_internal-CV.patch | 41 - ...explicit-about-fcommon-compiler-directive.patch | 27 - ...-stringop-truncation-warning-with-gcc-8-x.patch | 32 - src/patches/ipxe-handle-R_X86_64_PLT32.patch | 23 - ...pxe-use-the-right-sized-register-for-push.patch | 44 - ....0.8-fix-level1-cache-line-size-detection.patch | 13 - tools/checkrootfiles | 139 ++- 295 files changed, 2295 insertions(+), 6540 deletions(-) create mode 100644 config/backup/includes/mpd create mode 100644 config/menu/EX-mympd.menu create mode 100644 config/menu/EX-transmission.menu create mode 100644 config/menu/EX-vdr.menu rename config/{mpfire => mpd}/mpd.conf (93%) copy config/rootfiles/core/{184 => 185}/exclude (100%) copy config/rootfiles/{oldcore/133 => core/185}/filelists/aarch64/binutils (100%) copy config/rootfiles/core/{184 => 185}/filelists/aarch64/glibc (100%) copy config/rootfiles/{oldcore/155 => core/185}/filelists/aarch64/util-linux (100%) copy config/rootfiles/{oldcore/154 => core/185}/filelists/arping (100%) copy config/rootfiles/core/{184 => 185}/filelists/bind (100%) copy config/rootfiles/{oldcore/121 => core/185}/filelists/ca-certificates (100%) copy config/rootfiles/core/{184 => 185}/filelists/core-files (100%) create mode 120000 config/rootfiles/core/185/filelists/elfutils copy config/rootfiles/{oldcore/158 => core/185}/filelists/ethtool (100%) copy config/rootfiles/core/{184 => 185}/filelists/expat (100%) create mode 100644 config/rootfiles/core/185/filelists/files copy config/rootfiles/core/{184 => 185}/filelists/iproute2 (100%) copy config/rootfiles/core/{184 => 185}/filelists/iputils (100%) copy config/rootfiles/{oldcore/128 => core/185}/filelists/knot (100%) copy config/rootfiles/{oldcore/104 => core/185}/filelists/libcap (100%) copy config/rootfiles/{oldcore/155 => core/185}/filelists/libffi (100%) copy config/rootfiles/{oldcore/106 => core/185}/filelists/libgpg-error (100%) copy config/rootfiles/core/{184 => 185}/filelists/libpng (100%) copy config/rootfiles/{oldcore/154 => core/185}/filelists/newt (100%) copy config/rootfiles/{oldcore/100 => core/185}/filelists/ntp (100%) copy config/rootfiles/{oldcore/151 => core/185}/filelists/openjpeg (100%) copy config/rootfiles/{oldcore/100 => core/185}/filelists/openssh (100%) copy config/rootfiles/{oldcore/163 => core/185}/filelists/pango (100%) copy config/rootfiles/{oldcore/101 => core/185}/filelists/pciutils (100%) copy config/rootfiles/core/{184 => 185}/filelists/pixman (100%) copy config/rootfiles/core/{184 => 185}/filelists/poppler (100%) copy config/rootfiles/{oldcore/110 => core/185}/filelists/qpdf (100%) copy config/rootfiles/{oldcore/180 => core/185}/filelists/riscv64/binutils (100%) copy config/rootfiles/core/{184 => 185}/filelists/riscv64/glibc (100%) copy config/rootfiles/{oldcore/180 => core/185}/filelists/riscv64/util-linux (100%) copy config/rootfiles/core/{184 => 185}/filelists/shadow (100%) copy config/rootfiles/core/{184 => 185}/filelists/sqlite (100%) copy config/rootfiles/core/{184 => 185}/filelists/squid (100%) copy config/rootfiles/core/{184 => 185}/filelists/suricata (100%) copy config/rootfiles/{oldcore/155 => core/185}/filelists/tcl (100%) copy config/rootfiles/core/{184 => 185}/filelists/unbound (100%) copy config/rootfiles/{oldcore/104 => core/185}/filelists/wget (100%) copy config/rootfiles/{oldcore/162 => core/185}/filelists/whois (100%) copy config/rootfiles/{oldcore/100 => core/185}/filelists/x86_64/binutils (100%) copy config/rootfiles/core/{184 => 185}/filelists/x86_64/glibc (100%) copy config/rootfiles/{oldcore/121 => core/185}/filelists/x86_64/intel-microcode (100%) copy config/rootfiles/{oldcore/112 => core/185}/filelists/x86_64/util-linux (100%) copy config/rootfiles/core/{184 => 185}/filelists/xz (100%) copy config/rootfiles/{oldcore/181 => core/185}/update.sh (55%) rename config/rootfiles/{core => oldcore}/184/exclude (100%) rename config/rootfiles/{core => oldcore}/184/filelists/aarch64/glibc (100%) rename config/rootfiles/{core => oldcore}/184/filelists/acl (100%) rename config/rootfiles/{core => oldcore}/184/filelists/attr (100%) rename config/rootfiles/{core => oldcore}/184/filelists/bash (100%) rename config/rootfiles/{core => oldcore}/184/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/184/filelists/core-files (100%) rename config/rootfiles/{core => oldcore}/184/filelists/dhcpcd (100%) rename config/rootfiles/{core => oldcore}/184/filelists/diffutils (100%) rename config/rootfiles/{core => oldcore}/184/filelists/ed (100%) rename config/rootfiles/{core => oldcore}/184/filelists/expat (100%) rename config/rootfiles/{core => oldcore}/184/filelists/file (100%) rename config/rootfiles/{core => oldcore}/184/filelists/files (100%) rename config/rootfiles/{core => oldcore}/184/filelists/gettext (100%) rename config/rootfiles/{core => oldcore}/184/filelists/gnutls (100%) rename config/rootfiles/{core => oldcore}/184/filelists/iana-etc (100%) rename config/rootfiles/{core => oldcore}/184/filelists/iproute2 (100%) rename config/rootfiles/{core => oldcore}/184/filelists/ipset (100%) rename config/rootfiles/{core => oldcore}/184/filelists/iputils (100%) rename config/rootfiles/{core => oldcore}/184/filelists/libhtp (100%) rename config/rootfiles/{core => oldcore}/184/filelists/libidn (100%) rename config/rootfiles/{core => oldcore}/184/filelists/libpng (100%) rename config/rootfiles/{core => oldcore}/184/filelists/lvm2 (100%) rename config/rootfiles/{core => oldcore}/184/filelists/lzip (100%) rename config/rootfiles/{core => oldcore}/184/filelists/memtest (100%) rename config/rootfiles/{core => oldcore}/184/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/184/filelists/pam (100%) rename config/rootfiles/{core => oldcore}/184/filelists/pixman (100%) rename config/rootfiles/{core => oldcore}/184/filelists/poppler (100%) rename config/rootfiles/{core => oldcore}/184/filelists/readline (100%) rename config/rootfiles/{core => oldcore}/184/filelists/riscv64/glibc (100%) rename config/rootfiles/{core => oldcore}/184/filelists/shadow (100%) rename config/rootfiles/{core => oldcore}/184/filelists/sqlite (100%) rename config/rootfiles/{core => oldcore}/184/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/184/filelists/suricata (100%) rename config/rootfiles/{core => oldcore}/184/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/184/filelists/vnstat (100%) rename config/rootfiles/{core => oldcore}/184/filelists/x86_64/dmidecode (100%) rename config/rootfiles/{core => oldcore}/184/filelists/x86_64/glibc (100%) rename config/rootfiles/{core => oldcore}/184/filelists/xz (100%) rename config/rootfiles/{core => oldcore}/184/filelists/zlib (100%) rename config/rootfiles/{core => oldcore}/184/update.sh (100%) create mode 100644 config/rootfiles/packages/wsdd create mode 100755 config/zabbix_agentd/ipfire_certificate_detail.sh copy config/zabbix_agentd/{userparameter_ipfire.conf => userparameter_ovpn.conf} (55%) copy src/scripts/update-lang-cache => html/cgi-bin/mympd.cgi (88%) copy src/scripts/update-lang-cache => html/cgi-bin/transmission.cgi (88%) copy src/scripts/update-lang-cache => html/cgi-bin/vdr.cgi (88%) copy lfs/{protobuf => wsdd} (86%) copy src/initscripts/packages/{mympd => wsdd} (65%) copy src/paks/{mympd => mpd}/install.sh (87%) copy src/paks/{mpfire => mpd}/uninstall.sh (96%) copy src/paks/{mympd => mpd}/update.sh (100%) copy src/paks/{alsa => wsdd}/install.sh (82%) copy src/paks/{transmission => wsdd}/uninstall.sh (97%) copy src/paks/{amazon-ssm-agent => wsdd}/update.sh (100%) delete mode 100644 src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch delete mode 100644 src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch delete mode 100644 src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch delete mode 100644 src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch delete mode 100644 src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch delete mode 100644 src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch delete mode 100644 src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch delete mode 100644 src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch delete mode 100644 src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch delete mode 100644 src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch delete mode 100644 src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch delete mode 100644 src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch delete mode 100644 src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch delete mode 100644 src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch delete mode 100644 src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch delete mode 100644 src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch delete mode 100644 src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch delete mode 100644 src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch delete mode 100644 src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch delete mode 100644 src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch delete mode 100644 src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch delete mode 100644 src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch delete mode 100644 src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch delete mode 100644 src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch delete mode 100644 src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch delete mode 100644 src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch delete mode 100644 src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch delete mode 100644 src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch delete mode 100644 src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch delete mode 100644 src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch delete mode 100644 src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch delete mode 100644 src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch delete mode 100644 src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch delete mode 100644 src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch delete mode 100644 src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch delete mode 100644 src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch delete mode 100644 src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch delete mode 100644 src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch delete mode 100644 src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch delete mode 100644 src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch delete mode 100644 src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch delete mode 100644 src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch delete mode 100644 src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch delete mode 100644 src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch delete mode 100644 src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch delete mode 100644 src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch delete mode 100644 src/patches/ipxe-handle-R_X86_64_PLT32.patch delete mode 100644 src/patches/ipxe-use-the-right-sized-register-for-push.patch delete mode 100644 src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 7992f21c58..b434207400 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -75,6 +75,10 @@ make_backup() { restore_backup() { local filename="${1}"
+ # remove all openvpn certs to prevent old unusable + # certificates being left in directory after a restore + rm -f /var/ipfire/ovpn/certs/* + # Extract backup if ! tar xvzpf "${filename}" -C / \ --exclude-from="/var/ipfire/backup/exclude" \ diff --git a/config/backup/includes/mpd b/config/backup/includes/mpd new file mode 100644 index 0000000000..a570a8d1cf --- /dev/null +++ b/config/backup/includes/mpd @@ -0,0 +1,4 @@ +/etc/asound.state +/var/ipfire/mpd/db/ +/var/ipfire/mpd/mpd.conf +/var/ipfire/mpd/mpd_state diff --git a/config/backup/includes/mpfire b/config/backup/includes/mpfire index 4ea18a2a1a..a21e77a6f6 100644 --- a/config/backup/includes/mpfire +++ b/config/backup/includes/mpfire @@ -1,6 +1,2 @@ -/etc/asound.state -/var/ipfire/mpfire/db/ -/var/ipfire/mpfire/mpd.conf -/var/ipfire/mpfire/mpd_state /var/ipfire/mpfire/settings /var/ipfire/mpfire/webradio diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 59cc15df6e..ed5e6cb17c 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -1294,138 +1294,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-# -# Certificate "Security Communication Root CA" -# -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\132\060\202\002\102\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061\030 -\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040\124 -\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125\004 -\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155\155 -\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103\101 -\061\060\036\027\015\060\063\060\071\063\060\060\064\062\060\064 -\071\132\027\015\062\063\060\071\063\060\060\064\062\060\064\071 -\132\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120 -\061\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115 -\040\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003 -\125\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157 -\155\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164 -\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\263\263\376\177\323\155\261\357\026\174\127\245 -\014\155\166\212\057\113\277\144\373\114\356\212\360\363\051\174 -\365\377\356\052\340\351\351\272\133\144\042\232\232\157\054\072 -\046\151\121\005\231\046\334\325\034\152\161\306\232\175\036\235 -\335\174\154\306\214\147\147\112\076\370\161\260\031\047\251\011 -\014\246\225\277\113\214\014\372\125\230\073\330\350\042\241\113 -\161\070\171\254\227\222\151\263\211\176\352\041\150\006\230\024 -\226\207\322\141\066\274\155\047\126\236\127\356\300\300\126\375 -\062\317\244\331\216\302\043\327\215\250\363\330\045\254\227\344 -\160\070\364\266\072\264\235\073\227\046\103\243\241\274\111\131 -\162\114\043\060\207\001\130\366\116\276\034\150\126\146\257\315 -\101\135\310\263\115\052\125\106\253\037\332\036\342\100\075\333 -\315\175\271\222\200\234\067\335\014\226\144\235\334\042\367\144 -\213\337\141\336\025\224\122\025\240\175\122\311\113\250\041\311 -\306\261\355\313\303\225\140\321\017\360\253\160\370\337\313\115 -\176\354\326\372\253\331\275\177\124\362\245\351\171\372\331\326 -\166\044\050\163\002\003\001\000\001\243\077\060\075\060\035\006 -\003\125\035\016\004\026\004\024\240\163\111\231\150\334\205\133 -\145\343\233\050\057\127\237\275\063\274\007\110\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\150\100 -\251\250\273\344\117\135\171\263\005\265\027\263\140\023\353\306 -\222\135\340\321\323\152\376\373\276\233\155\277\307\005\155\131 -\040\304\034\360\267\332\204\130\002\143\372\110\026\357\117\245 -\013\367\112\230\362\077\236\033\255\107\153\143\316\010\107\353 -\122\077\170\234\257\115\256\370\325\117\317\232\230\052\020\101 -\071\122\304\335\331\233\016\357\223\001\256\262\056\312\150\102 -\044\102\154\260\263\072\076\315\351\332\110\304\025\313\351\371 -\007\017\222\120\111\212\335\061\227\137\311\351\067\252\073\131 -\145\227\224\062\311\263\237\076\072\142\130\305\111\255\142\016 -\161\245\062\252\057\306\211\166\103\100\023\023\147\075\242\124 -\045\020\313\361\072\362\331\372\333\111\126\273\246\376\247\101 -\065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260 -\112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055 -\105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003 -\214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026 -\057\317\246\356\311\160\042\024\275\375\276\154\013\003 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Security Communication Root CA" -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217 -\135\254\262\367 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\361\274\143\152\124\340\265\047\365\315\347\032\343\115\156\112 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "XRamp Global CA Root" # @@ -13758,7 +13626,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \072\352 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -24617,3 +24485,877 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "D-Trust SBR Root CA 1 2022" +# +# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95 +# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Wed Jul 06 11:30:00 2022 +# Not Valid After : Mon Jul 06 11:29:59 2037 +# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2 +# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011 +\214\225 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\136\060\202\001\343\240\003\002\001\002\002\020\122 +\317\344\214\155\240\112\367\077\202\227\014\200\011\214\225\060 +\012\006\010\052\206\110\316\075\004\003\003\060\111\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\025\060\023\006\003 +\125\004\012\023\014\104\055\124\162\165\163\164\040\107\155\142 +\110\061\043\060\041\006\003\125\004\003\023\032\104\055\124\162 +\165\163\164\040\123\102\122\040\122\157\157\164\040\103\101\040 +\061\040\062\060\062\062\060\036\027\015\062\062\060\067\060\066 +\061\061\063\060\060\060\132\027\015\063\067\060\067\060\066\061 +\061\062\071\065\071\132\060\111\061\013\060\011\006\003\125\004 +\006\023\002\104\105\061\025\060\023\006\003\125\004\012\023\014 +\104\055\124\162\165\163\164\040\107\155\142\110\061\043\060\041 +\006\003\125\004\003\023\032\104\055\124\162\165\163\164\040\123 +\102\122\040\122\157\157\164\040\103\101\040\061\040\062\060\062 +\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 +\053\201\004\000\042\003\142\000\004\131\223\071\366\214\111\146 +\050\327\141\014\310\253\177\014\243\055\337\242\244\174\222\053 +\150\325\056\176\036\100\313\264\150\111\177\022\241\253\177\127 +\237\031\056\143\056\133\376\146\161\014\063\017\271\336\153\304 +\210\303\261\357\354\071\100\343\226\253\333\345\173\256\037\334 +\371\257\106\232\152\106\006\057\307\067\144\213\027\142\376\226 +\303\242\356\204\340\260\227\071\274\243\201\217\060\201\214\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\035\006\003\125\035\016\004\026\004\024\361\051\243\036\001 +\022\035\075\165\126\115\307\120\174\305\031\252\017\030\267\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240\073 +\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055\164 +\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164 +\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143\141 +\137\061\137\062\060\062\062\056\143\162\154\060\012\006\010\052 +\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\227 +\371\336\256\113\217\230\265\036\100\177\062\175\115\124\103\332 +\211\315\302\252\222\074\321\202\036\163\317\372\114\222\040\373 +\143\047\305\365\163\075\011\075\367\247\141\206\214\363\152\002 +\061\000\347\057\174\270\365\045\214\073\071\037\066\253\215\365 +\206\242\056\341\172\144\332\147\071\002\376\376\063\077\331\163 +\266\130\133\072\374\262\244\331\140\170\167\314\171\247\246\256 +\125\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "D-Trust SBR Root CA 1 2022" +# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95 +# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Wed Jul 06 11:30:00 2022 +# Not Valid After : Mon Jul 06 11:29:59 2037 +# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2 +# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\017\122\072\153\116\175\035\030\005\245\110\371\115\315\344\303 +\036\033\351\346 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\074\033\202\352\156\352\355\144\142\351\132\171\005\151\004 +END +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011 +\214\225 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "D-Trust SBR Root CA 2 2022" +# +# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba +# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Thu Jul 07 07:30:00 2022 +# Not Valid After : Tue Jul 07 07:29:59 2037 +# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC +# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041 +\112\272 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\254\060\202\003\224\240\003\002\001\002\002\020\124 +\325\243\225\036\075\225\272\162\033\232\320\061\041\112\272\060 +\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\111 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060 +\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040 +\107\155\142\110\061\043\060\041\006\003\125\004\003\023\032\104 +\055\124\162\165\163\164\040\123\102\122\040\122\157\157\164\040 +\103\101\040\062\040\062\060\062\062\060\036\027\015\062\062\060 +\067\060\067\060\067\063\060\060\060\132\027\015\063\067\060\067 +\060\067\060\067\062\071\065\071\132\060\111\061\013\060\011\006 +\003\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004 +\012\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061 +\043\060\041\006\003\125\004\003\023\032\104\055\124\162\165\163 +\164\040\123\102\122\040\122\157\157\164\040\103\101\040\062\040 +\062\060\062\062\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\257\054\274\216\066\214\353\144\257\121\152 +\326\156\074\136\221\072\352\232\303\312\154\373\252\047\236\144 +\042\251\100\337\271\050\105\132\354\123\141\026\050\230\302\212 +\244\165\170\120\204\335\372\040\110\222\007\145\101\065\146\121 +\022\164\141\235\007\006\205\071\061\127\173\050\077\325\234\245 +\354\132\351\034\113\047\237\316\047\006\363\067\365\122\330\021 +\063\026\101\072\037\365\143\170\145\143\206\311\277\310\001\004 +\037\156\356\342\354\254\014\356\202\222\342\366\032\015\077\071 +\371\235\145\223\255\370\271\005\301\075\370\067\201\126\303\240 +\376\005\354\340\224\026\072\043\026\004\332\246\012\223\205\162 +\155\141\073\241\215\105\326\343\177\276\025\275\066\204\010\366 +\013\203\153\046\252\242\275\340\260\347\252\340\256\147\304\323 +\202\245\014\251\244\360\063\171\015\120\077\360\357\220\075\044 +\271\177\322\040\154\352\227\363\277\234\334\107\336\011\141\275 +\224\171\225\132\002\166\065\140\304\107\042\015\367\166\143\003 +\323\306\373\203\306\135\253\255\355\151\045\053\003\133\115\045 +\000\101\343\214\207\027\122\250\340\005\053\103\115\024\023\312 +\347\077\103\042\274\067\244\165\361\366\277\072\357\062\036\256 +\356\130\206\220\162\272\004\254\100\110\357\134\304\170\247\251 +\217\047\132\313\172\354\130\362\302\010\130\220\155\115\003\205 +\171\161\025\005\016\116\076\371\337\017\005\367\137\024\110\126 +\041\015\063\222\261\254\214\345\030\376\277\017\356\340\004\252 +\275\041\362\130\266\134\211\012\213\030\011\042\032\263\065\306 +\146\302\365\063\025\231\200\340\010\371\226\057\023\214\356\332 +\267\210\304\351\067\265\327\152\327\072\204\115\253\160\214\323 +\116\024\125\240\242\020\374\144\332\147\350\361\313\063\335\311 +\232\212\217\226\057\130\201\331\370\232\000\103\314\220\373\125 +\166\373\206\343\067\001\050\014\157\364\351\131\115\025\167\121 +\102\112\314\064\270\200\103\120\201\357\127\245\023\333\247\224 +\171\017\113\312\176\027\175\257\243\041\144\350\161\125\126\217 +\006\260\107\354\131\017\135\160\133\054\026\102\360\206\236\165 +\336\153\115\110\230\204\342\127\030\266\234\202\231\145\072\213 +\200\170\127\014\111\002\003\001\000\001\243\201\217\060\201\214 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\035\006\003\125\035\016\004\026\004\024\135\263\200\224 +\033\345\206\277\150\272\024\064\244\366\356\155\362\335\337\347 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 +\060\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240 +\073\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055 +\164\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055 +\164\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143 +\141\137\062\137\062\060\062\062\056\143\162\154\060\015\006\011 +\052\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000 +\064\124\056\130\030\126\315\112\275\227\323\365\175\053\334\257 +\017\121\341\115\274\041\113\223\364\000\104\023\007\020\013\045 +\030\076\110\131\226\367\241\341\223\220\170\146\032\075\043\353 +\042\253\001\246\216\014\121\063\346\155\214\061\356\254\244\001 +\160\071\110\336\307\146\054\153\015\313\163\237\207\222\351\076 +\107\037\270\357\057\356\267\126\214\110\211\360\070\247\025\071 +\262\356\300\077\027\244\163\002\010\234\274\006\212\244\302\267 +\141\141\371\303\333\304\320\172\174\141\336\261\130\221\365\335 +\145\114\057\013\370\353\075\265\355\212\276\167\034\272\131\002 +\022\146\161\345\230\047\316\016\075\257\121\242\105\371\202\373 +\132\245\224\160\367\213\204\303\114\145\045\233\173\342\037\060 +\160\263\100\216\072\356\275\364\347\150\305\235\311\051\107\161 +\016\223\310\265\110\116\365\146\273\007\210\161\151\153\173\110 +\216\157\360\021\304\264\311\160\024\230\040\275\355\247\352\001 +\332\156\245\233\022\376\076\104\060\263\360\353\165\122\300\364 +\303\372\167\046\244\167\202\055\157\363\050\036\116\225\360\060 +\367\211\370\054\242\120\133\362\276\062\176\154\124\333\162\311 +\052\132\340\034\266\013\330\122\232\131\241\343\260\001\047\305 +\240\026\120\146\334\353\256\155\364\233\133\075\204\155\133\207 +\347\251\211\273\156\270\340\233\123\211\300\377\056\100\032\211 +\104\056\030\103\147\070\344\174\162\137\331\243\051\045\101\101 +\075\034\167\033\144\250\303\125\356\143\161\146\142\203\364\177 +\046\231\240\124\073\241\022\155\160\142\316\323\371\270\275\042 +\374\324\232\324\273\342\070\026\057\267\175\071\302\260\251\003 +\351\234\317\176\030\215\166\334\137\021\273\353\102\354\120\011 +\076\134\354\220\061\330\032\162\272\077\151\007\356\230\064\302 +\064\244\326\332\023\326\251\204\362\000\206\300\124\272\036\021 +\260\342\271\304\007\264\221\347\252\346\061\126\157\261\104\304 +\052\142\274\311\260\145\234\064\374\014\032\123\337\041\027\273 +\302\155\241\012\346\361\260\252\104\011\120\111\070\172\135\161 +\342\061\056\031\260\337\225\102\004\175\204\210\316\012\043\147 +\153\070\235\026\336\006\376\050\160\070\245\132\256\374\203\355 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "D-Trust SBR Root CA 2 2022" +# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba +# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Thu Jul 07 07:30:00 2022 +# Not Valid After : Tue Jul 07 07:29:59 2037 +# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC +# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\047\377\143\271\357\064\051\061\003\070\032\330\140\140\332\314 +\140\050\065\341 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\220\361\364\053\074\247\312\112\210\073\005\053\010\124\205\336 +END +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041 +\112\272 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security SMIME ECC Root 2021" +# +# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f +# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Thu Mar 18 11:08:30 2021 +# Not Valid After : Sat Mar 17 23:59:59 2046 +# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55 +# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257 +\007\137 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\107\060\202\001\315\240\003\002\001\002\002\020\025 +\052\335\024\311\030\321\244\126\100\206\246\045\257\007\137\060 +\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003 +\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107 +\155\142\110\061\055\060\053\006\003\125\004\003\014\044\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\123 +\115\111\115\105\040\105\103\103\040\122\157\157\164\040\062\060 +\062\061\060\036\027\015\062\061\060\063\061\070\061\061\060\070 +\063\060\132\027\015\064\066\060\063\061\067\062\063\065\071\065 +\071\132\060\145\061\013\060\011\006\003\125\004\006\023\002\104 +\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165\164 +\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145\143 +\165\162\151\164\171\040\107\155\142\110\061\055\060\053\006\003 +\125\004\003\014\044\124\145\154\145\153\157\155\040\123\145\143 +\165\162\151\164\171\040\123\115\111\115\105\040\105\103\103\040 +\122\157\157\164\040\062\060\062\061\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\260\031\217\242\153\265\307\315\017\060\231\067\014\303\140 +\133\361\361\047\040\125\075\300\222\213\253\127\241\157\163\203 +\041\302\103\023\014\136\211\252\307\005\065\171\223\142\220\326 +\135\023\037\321\172\240\274\236\020\247\146\174\106\012\260\127 +\154\277\346\124\071\070\041\154\022\134\161\314\323\132\137\155 +\267\247\206\337\263\337\356\302\347\211\101\226\065\366\057\112 +\265\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024 +\053\313\001\014\143\303\123\022\245\250\127\257\320\234\203\373 +\275\220\072\113\060\017\006\003\125\035\023\001\001\377\004\005 +\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\012\006\010\052\206\110\316\075\004\003 +\003\003\150\000\060\145\002\061\000\326\274\110\222\207\107\003 +\307\160\073\045\266\037\256\106\147\163\164\000\047\113\344\245 +\004\242\003\337\136\050\255\156\136\003\310\335\150\234\266\277 +\224\020\110\225\057\017\377\030\213\002\060\001\100\063\236\227 +\227\115\005\362\164\124\014\315\071\375\152\153\011\301\044\077 +\141\216\070\241\267\350\327\104\025\021\142\377\016\141\067\107 +\113\100\177\112\137\262\147\132\163\165\302 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security SMIME ECC Root 2021" +# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f +# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Thu Mar 18 11:08:30 2021 +# Not Valid After : Sat Mar 17 23:59:59 2046 +# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55 +# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\267\371\035\230\354\045\223\363\120\024\204\232\250\176\042\020 +\074\304\071\047 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\165\275\136\355\174\015\146\076\007\244\233\274\002\007\330\264 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257 +\007\137 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security TLS ECC Root 2020" +# +# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00 +# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Aug 25 07:48:20 2020 +# Not Valid After : Fri Aug 25 23:59:59 2045 +# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1 +# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345 +\127\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\102\060\202\001\311\240\003\002\001\002\002\020\066 +\072\226\214\311\134\262\130\315\320\001\135\305\345\127\000\060 +\012\006\010\052\206\110\316\075\004\003\003\060\143\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003 +\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107 +\155\142\110\061\053\060\051\006\003\125\004\003\014\042\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\124 +\114\123\040\105\103\103\040\122\157\157\164\040\062\060\062\060 +\060\036\027\015\062\060\060\070\062\065\060\067\064\070\062\060 +\132\027\015\064\065\060\070\062\065\062\063\065\071\065\071\132 +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\316\277\376 +\127\250\277\325\252\367\020\232\315\274\321\021\242\275\147\102 +\314\220\353\025\030\220\331\242\315\014\052\045\353\076\117\316 +\265\322\217\017\363\065\332\103\213\002\200\276\157\121\044\035 +\017\153\053\312\237\302\157\120\062\345\067\040\266\040\377\210 +\015\017\155\111\273\333\006\244\207\220\222\224\364\011\320\317 +\177\310\200\013\301\227\263\273\065\047\311\302\033\243\102\060 +\100\060\035\006\003\125\035\016\004\026\004\024\343\162\314\156 +\225\231\107\261\346\263\141\114\321\313\253\343\272\315\336\237 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 +\006\060\012\006\010\052\206\110\316\075\004\003\003\003\147\000 +\060\144\002\060\165\122\213\267\244\020\117\256\112\020\213\262 +\204\133\102\341\346\052\066\002\332\240\156\031\077\045\277\332 +\131\062\216\344\373\220\334\223\144\316\255\264\101\107\140\342 +\317\247\313\036\002\060\067\101\214\146\337\101\153\326\203\000 +\101\375\057\132\367\120\264\147\321\054\250\161\327\103\312\234 +\047\044\221\203\110\015\317\315\367\124\201\257\354\177\344\147 +\333\270\220\356\335\045 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security TLS ECC Root 2020" +# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00 +# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Aug 25 07:48:20 2020 +# Not Valid After : Fri Aug 25 23:59:59 2045 +# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1 +# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\300\370\226\305\251\073\001\006\041\007\332\030\102\110\274\351 +\235\210\325\354 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\301\253\376\152\020\054\003\215\274\034\042\062\300\205\247\375 +END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345 +\127\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security SMIME RSA Root 2023" +# +# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8 +# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:09:22 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48 +# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221 +\225\270 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\267\060\202\003\237\240\003\002\001\002\002\020\014 +\176\142\365\171\163\073\235\103\216\213\143\355\221\225\270\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060 +\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145 +\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\107\155\142\110\061\055\060\053\006\003\125\004\003\014 +\044\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\123\115\111\115\105\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063\060\036\027\015\062\063\060\063\062\070\061 +\062\060\071\062\062\132\027\015\064\070\060\063\062\067\062\063 +\065\071\065\071\132\060\145\061\013\060\011\006\003\125\004\006 +\023\002\104\105\061\047\060\045\006\003\125\004\012\014\036\104 +\145\165\164\163\143\150\145\040\124\145\154\145\153\157\155\040 +\123\145\143\165\162\151\164\171\040\107\155\142\110\061\055\060 +\053\006\003\125\004\003\014\044\124\145\154\145\153\157\155\040 +\123\145\143\165\162\151\164\171\040\123\115\111\115\105\040\122 +\123\101\040\122\157\157\164\040\062\060\062\063\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\357\305\016 +\213\276\062\322\147\107\377\012\114\147\263\052\277\310\303\305 +\221\353\265\307\036\221\341\146\250\210\213\125\040\200\037\121 +\136\167\227\236\031\012\134\307\153\067\041\174\003\066\001\364 +\210\045\331\250\056\101\252\374\330\046\340\226\100\142\171\256 +\127\236\003\070\032\034\262\167\024\076\351\241\162\320\344\340 +\067\321\027\106\355\120\134\172\130\305\370\053\367\165\057\317 +\201\236\132\054\267\072\254\240\131\230\004\121\014\377\111\305 +\120\375\036\323\107\205\113\063\117\242\067\265\257\004\232\047 +\062\235\126\325\077\125\141\343\213\157\256\121\376\227\376\151 +\007\372\142\133\046\346\024\171\025\245\023\070\256\137\067\276 +\224\112\326\015\200\026\151\244\221\262\072\111\230\165\235\106 +\020\212\134\172\177\204\245\350\257\036\307\253\263\132\106\265 +\243\113\365\246\043\066\000\106\261\333\005\266\033\316\236\172 +\062\134\232\325\162\303\235\206\115\053\204\323\036\265\210\332 +\020\170\234\042\303\073\043\265\353\023\007\275\157\123\354\233 +\354\233\323\145\365\007\011\343\135\247\231\265\176\206\216\325 +\002\377\267\205\011\343\107\024\335\226\146\030\064\336\010\325 +\337\313\030\231\142\013\053\354\000\135\122\104\323\306\226\374 +\062\126\045\221\317\315\031\073\225\071\076\002\207\231\143\266 +\325\076\064\172\017\021\165\201\274\175\004\312\140\264\050\165 +\327\002\121\335\122\000\056\307\375\211\361\134\363\313\244\047 +\022\070\217\273\373\211\360\344\304\070\054\276\202\240\161\141 +\142\221\217\110\014\057\053\251\260\361\313\020\004\347\164\277 +\067\220\357\117\052\103\065\227\022\306\052\160\015\336\054\125 +\107\171\143\051\365\312\037\152\006\122\034\256\055\044\042\203 +\042\257\320\252\060\267\052\037\377\145\043\130\145\223\310\216 +\175\100\020\061\206\170\331\125\313\074\060\360\336\121\052\000 +\066\322\047\105\137\330\350\241\041\075\176\106\126\073\051\105 +\361\035\005\011\316\266\103\060\334\105\220\020\060\114\244\153 +\206\213\077\075\057\061\221\161\357\046\271\366\276\235\260\154 +\337\021\356\130\077\103\171\206\071\200\361\046\027\007\230\360 +\231\252\060\054\103\131\024\316\355\342\100\023\205\002\003\001 +\000\001\243\143\060\141\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\232\316\254\052\354\001\372\145\160\336\227\235\361\322\000 +\214\245\243\144\273\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\037\006\003\125\035\043\004\030\060 +\026\200\024\232\316\254\052\354\001\372\145\160\336\227\235\361 +\322\000\214\245\243\144\273\060\015\006\011\052\206\110\206\367 +\015\001\001\014\005\000\003\202\002\001\000\343\120\375\365\100 +\026\042\011\226\072\015\251\357\201\347\056\062\360\241\361\111 +\136\173\210\015\004\162\327\276\147\250\272\035\356\120\273\162 +\156\172\321\273\014\162\060\106\310\325\327\002\022\026\231\116 +\036\337\132\226\356\217\221\276\256\206\370\020\167\245\304\156 +\107\141\300\362\046\331\117\141\150\005\110\165\010\025\245\241 +\173\325\270\263\211\171\346\355\361\363\141\000\206\173\056\061 +\376\243\134\370\171\075\264\133\210\173\340\043\273\015\241\027 +\372\313\150\015\230\167\161\010\342\155\103\164\153\304\066\305 +\224\101\244\000\326\127\055\231\212\213\040\022\025\002\062\016 +\322\111\354\201\110\305\152\047\122\327\262\163\125\123\226\074 +\236\117\114\265\240\320\117\127\320\147\050\110\144\276\306\270 +\272\354\144\317\310\173\305\152\347\052\346\131\127\266\326\324 +\326\300\147\134\331\236\050\011\100\277\363\251\065\061\145\140 +\003\313\031\154\202\225\003\036\137\077\341\275\352\111\161\345 +\133\267\013\107\026\033\040\211\155\224\231\014\176\210\154\035 +\015\364\267\041\032\131\227\254\313\350\276\027\037\225\174\123 +\233\257\120\122\252\215\013\056\257\132\327\140\362\052\151\052 +\271\356\124\160\030\252\275\365\241\077\322\335\241\143\031\000 +\370\247\014\353\243\171\362\160\131\243\370\242\022\003\354\023 +\377\344\002\206\066\327\301\303\244\265\324\244\302\067\105\266 +\224\160\075\305\275\353\243\025\035\343\066\172\025\151\052\126 +\064\071\317\245\232\066\252\310\355\171\274\317\366\316\004\123 +\013\332\262\120\043\174\274\076\046\255\360\016\103\273\046\313 +\256\302\100\336\067\037\012\240\121\315\143\235\266\117\330\306 +\107\174\274\330\264\355\236\213\363\021\342\250\265\076\354\256 +\160\076\176\042\273\065\110\027\140\142\024\221\060\243\166\075 +\246\121\066\213\037\015\335\152\061\034\245\355\335\226\243\156 +\162\017\023\115\252\247\251\134\170\371\003\022\030\223\067\105 +\022\211\075\370\276\312\275\331\276\014\331\030\144\247\310\101 +\076\165\202\041\070\175\145\364\240\324\023\113\007\170\051\371 +\235\176\314\207\077\304\332\056\210\335\343\013\334\132\121\132 +\351\331\022\117\236\002\333\367\005\045\121 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security SMIME RSA Root 2023" +# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8 +# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:09:22 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48 +# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\211\077\157\034\342\115\177\373\303\323\024\172\005\200\247\336 +\341\012\136\115 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\353\335\044\371\050\017\243\302\303\156\012\077\320\303\015\033 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221 +\225\270 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security TLS RSA Root 2023" +# +# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97 +# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:16:45 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46 +# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160 +\127\227 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\263\060\202\003\233\240\003\002\001\002\002\020\041 +\234\124\055\350\366\354\161\167\372\116\350\303\160\127\227\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\143 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060 +\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145 +\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\107\155\142\110\061\053\060\051\006\003\125\004\003\014 +\042\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\124\114\123\040\122\123\101\040\122\157\157\164\040\062 +\060\062\063\060\036\027\015\062\063\060\063\062\070\061\062\061 +\066\064\065\132\027\015\064\070\060\063\062\067\062\063\065\071 +\065\071\132\060\143\061\013\060\011\006\003\125\004\006\023\002 +\104\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165 +\164\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145 +\143\165\162\151\164\171\040\107\155\142\110\061\053\060\051\006 +\003\125\004\003\014\042\124\145\154\145\153\157\155\040\123\145 +\143\165\162\151\164\171\040\124\114\123\040\122\123\101\040\122 +\157\157\164\040\062\060\062\063\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\355\065\241\201\200\363\313 +\112\151\133\302\373\121\203\256\046\375\341\156\363\201\022\175 +\161\100\377\207\165\102\051\041\355\201\122\054\337\022\301\031 +\204\211\301\275\305\050\325\325\113\154\104\326\114\333\007\226 +\112\125\172\312\066\202\004\066\250\245\374\047\366\111\361\325 +\162\236\221\371\043\326\160\173\273\365\233\301\354\223\317\031 +\352\145\176\210\160\240\163\374\366\377\265\126\142\341\163\152 +\064\230\076\202\270\254\225\123\364\001\240\047\007\162\243\000 +\123\240\344\262\253\203\070\127\063\045\224\237\276\110\035\230 +\341\243\272\236\134\315\004\161\121\175\165\170\253\363\131\252 +\304\340\140\276\217\203\122\270\165\032\101\065\355\274\363\072 +\143\351\251\024\105\327\346\122\321\156\322\336\274\343\365\013 +\073\346\340\304\275\103\144\023\246\316\364\230\067\154\212\225 +\250\227\310\107\017\360\136\020\213\347\035\034\376\261\073\240 +\005\063\150\005\101\202\301\003\053\001\310\347\217\115\253\350 +\265\366\315\153\104\265\347\335\213\354\352\045\264\000\042\127 +\115\260\261\262\061\301\026\316\377\375\024\204\267\107\372\262 +\361\160\336\333\213\154\066\130\244\174\263\021\321\303\167\177 +\137\266\045\340\015\305\322\263\371\270\270\167\333\067\161\161 +\107\343\140\030\117\044\266\165\067\170\271\243\142\257\275\311 +\162\216\057\314\273\256\333\344\025\122\031\007\063\373\152\267 +\055\113\220\050\202\163\376\030\213\065\215\333\247\004\152\276 +\352\301\115\066\073\026\066\221\062\357\266\100\211\221\103\340 +\362\242\253\004\056\346\362\114\016\026\064\040\254\207\301\055 +\176\311\146\107\027\024\021\244\363\367\241\044\211\253\330\032 +\310\241\134\261\243\367\214\155\310\001\311\117\311\354\304\374 +\254\121\063\321\310\203\321\311\237\035\324\107\064\051\076\313 +\260\016\372\203\013\050\130\345\051\334\077\174\250\237\311\266 +\012\273\246\350\106\026\017\226\345\173\344\152\172\110\155\166 +\230\005\245\334\155\036\102\036\102\332\032\340\122\367\265\203 +\300\032\173\170\065\054\070\365\037\375\111\243\056\322\131\143 +\277\200\260\214\223\163\313\065\246\231\225\042\141\145\003\140 +\373\057\223\113\372\232\234\200\073\002\003\001\000\001\243\143 +\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\266\247\227 +\202\075\164\205\233\367\074\237\223\232\225\171\165\122\214\155 +\107\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024\266 +\247\227\202\075\164\205\233\367\074\237\223\232\225\171\165\122 +\214\155\107\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\003\202\002\001\000\250\314\141\246\276\165\236\025\120 +\244\153\373\250\160\105\174\272\176\261\132\374\133\043\372\012 +\167\370\230\161\202\014\155\340\136\106\252\223\364\036\240\303 +\341\223\333\113\255\262\246\135\253\260\324\142\313\136\273\146 +\365\055\356\227\100\074\142\353\136\326\024\326\214\342\226\213 +\101\151\223\065\346\271\231\153\142\264\241\027\146\064\246\153 +\143\306\271\116\362\042\351\130\015\126\101\321\372\014\112\360 +\063\315\073\273\155\041\072\256\216\162\265\303\112\373\351\175 +\345\261\233\206\356\342\340\175\264\367\062\375\042\204\361\205 +\311\067\171\351\265\077\277\134\344\164\262\217\021\142\000\335 +\030\146\241\331\173\043\137\361\216\325\147\350\124\332\133\072 +\153\066\157\371\201\261\063\107\063\167\100\371\122\252\335\324 +\203\317\205\170\231\232\223\271\163\147\102\106\021\041\352\376 +\012\251\033\032\145\151\263\217\256\026\266\366\113\126\262\055 +\371\245\310\354\073\142\243\355\153\320\116\325\100\011\244\037 +\230\327\072\245\222\131\040\344\260\175\315\133\163\150\275\155 +\304\242\023\016\147\031\270\215\102\176\154\014\232\156\240\044 +\055\325\105\033\334\304\002\024\376\205\133\145\227\312\116\220 +\120\010\172\102\065\371\352\302\146\324\370\001\256\036\264\276 +\303\250\357\376\166\232\242\246\037\106\366\204\355\374\333\316 +\304\002\316\167\110\054\214\262\354\303\000\243\354\054\125\030 +\301\176\031\356\341\057\362\255\203\233\236\253\031\337\306\212 +\057\214\167\345\267\005\354\073\301\354\276\206\263\206\274\300 +\367\334\347\352\133\256\262\314\265\065\206\113\320\342\077\266 +\330\370\016\000\356\135\343\367\215\130\377\317\213\067\351\143 +\137\156\367\011\161\066\302\022\135\127\362\310\264\315\363\356 +\002\337\021\334\152\271\127\204\035\131\115\214\316\310\016\043 +\302\267\046\232\020\024\161\376\223\262\212\270\200\360\016\020 +\236\323\250\120\014\067\202\057\352\340\212\235\341\054\071\377 +\265\264\163\000\344\367\110\246\163\254\277\262\336\167\004\207 +\264\243\315\233\065\044\067\372\220\223\023\201\102\306\230\046 +\165\067\146\101\020\254\273\365\224\343\302\061\053\255\347\043 +\126\314\065\045\222\263\120 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security TLS RSA Root 2023" +# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97 +# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:16:45 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46 +# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\124\323\254\263\275\127\126\366\205\235\316\345\303\041\342\324 +\255\203\320\223 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\277\133\353\124\100\315\110\161\304\040\215\175\336\012\102\362 +END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160 +\127\227 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/config/cfgroot/manualpages b/config/cfgroot/manualpages index fe5ebc0b82..f70381f12f 100644 --- a/config/cfgroot/manualpages +++ b/config/cfgroot/manualpages @@ -2,7 +2,7 @@ # The CGI files are referenced relative to the "/cgi-bin/" path
# Fixed base URL (without trailing slash) -BASE_URL=https://wiki.ipfire.org +BASE_URL=https://www.ipfire.org/docs
# System menu index.cgi=configuration/system/startpage diff --git a/config/menu/EX-mympd.menu b/config/menu/EX-mympd.menu new file mode 100644 index 0000000000..b3108d3936 --- /dev/null +++ b/config/menu/EX-mympd.menu @@ -0,0 +1,5 @@ + $subipfire->{'41.mympd'} = {'caption' => myMPD, + 'uri' => '/cgi-bin/mympd.cgi', + 'title' => myMPD, + 'enabled' => 1, + }; diff --git a/config/menu/EX-transmission.menu b/config/menu/EX-transmission.menu new file mode 100644 index 0000000000..5199f6c999 --- /dev/null +++ b/config/menu/EX-transmission.menu @@ -0,0 +1,5 @@ + $subipfire->{'42.transmission'} = {'caption' => TransmissionBT, + 'uri' => '/cgi-bin/transmission.cgi', + 'title' => TransmissionBT, + 'enabled' => 1, + }; diff --git a/config/menu/EX-vdr.menu b/config/menu/EX-vdr.menu new file mode 100644 index 0000000000..31640678d4 --- /dev/null +++ b/config/menu/EX-vdr.menu @@ -0,0 +1,5 @@ + $subipfire->{'60.vdr'} = {'caption' => VDR, + 'uri' => '/cgi-bin/vdr.cgi', + 'title' => VDR, + 'enabled' => 1, + }; diff --git a/config/mpfire/mpd.conf b/config/mpd/mpd.conf similarity index 93% rename from config/mpfire/mpd.conf rename to config/mpd/mpd.conf index d66481ecfd..c4aabdf0b4 100644 --- a/config/mpfire/mpd.conf +++ b/config/mpd/mpd.conf @@ -5,7 +5,7 @@ ##################### REQUIRED ########################### port "6600" music_directory "/var/mp3" -playlist_directory "/var/ipfire/mpfire" +playlist_directory "/var/ipfire/mpd" log_file "/var/log/mpd.log" pid_file "/var/run/mpd.pid" ########################################################## @@ -18,7 +18,7 @@ pid_file "/var/run/mpd.pid" # # Location of DB file # -db_file "/var/ipfire/mpfire/db/mpd.db" +db_file "/var/ipfire/mpd/db/mpd.db" # # The state file (if set) will be a file # for storing all current information @@ -27,7 +27,7 @@ db_file "/var/ipfire/mpfire/db/mpd.db" # to recreate your last MPD session after # restart. # -state_file "/var/ipfire/mpfire/mpd_state" +state_file "/var/ipfire/mpd/mpd_state" # ##########################################################
@@ -104,12 +104,6 @@ audio_output { # audio_buffer_size "2048" # -# This means exactly what it says, it will -# buffer your file up to the percentage of -# the buffer before it begins playing. -# -buffer_before_play "25%" -# ##########################################################
@@ -189,9 +183,6 @@ connection_timeout "60" # filesystem_charset "UTF-8" # -# The encoding that ID3v1 tags should be converted from. -# -id3v1_encoding "UTF-8" metadata_to_use "artist,album,title,track,name,comment,date,genre" # ################################################################ diff --git a/config/mpfire/mpfire.pl b/config/mpfire/mpfire.pl index 66413145de..15abd78932 100644 --- a/config/mpfire/mpfire.pl +++ b/config/mpfire/mpfire.pl @@ -87,7 +87,7 @@ sub shuffle(){ }
sub checkplaylist(){ - my $Datei = "/var/ipfire/mpfire/playlist.m3u"; + my $Datei = "/var/ipfire/mpd/playlist.m3u"; my @Info = stat($Datei); if ( $Info[7] eq '' || $Info[7] eq '0' ){print "There is no playlist";exit(1);} } diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf index 96c3dcb09d..bfa7ad744c 100644 --- a/config/ovpn/openssl/ovpn.cnf +++ b/config/ovpn/openssl/ovpn.cnf @@ -79,13 +79,10 @@ extendedKeyUsage = clientAuth keyUsage = digitalSignature
[ server ] - # JY ADDED -- Make a cert with nsCertType set to "server" basicConstraints = CA:FALSE nsCertType = server nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always extendedKeyUsage = serverAuth keyUsage = digitalSignature, keyEncipherment
diff --git a/config/rootfiles/common/aarch64/binutils b/config/rootfiles/common/aarch64/binutils index 64bf0db7a3..3f9475665b 100644 --- a/config/rootfiles/common/aarch64/binutils +++ b/config/rootfiles/common/aarch64/binutils @@ -312,7 +312,8 @@ usr/lib/bfd-plugins/libdep.so #usr/lib/ldscripts/armelfb_linux_eabi.xu #usr/lib/ldscripts/armelfb_linux_eabi.xw #usr/lib/ldscripts/armelfb_linux_eabi.xwe -usr/lib/libbfd-2.41.so +#usr/lib/ldscripts/stamp +usr/lib/libbfd-2.42.so #usr/lib/libbfd.a #usr/lib/libbfd.la #usr/lib/libbfd.so @@ -331,7 +332,7 @@ usr/lib/libctf.so.0.0.0 #usr/lib/libgprofng.so usr/lib/libgprofng.so.0 usr/lib/libgprofng.so.0.0.0 -usr/lib/libopcodes-2.41.so +usr/lib/libopcodes-2.42.so #usr/lib/libopcodes.a #usr/lib/libopcodes.la #usr/lib/libopcodes.so @@ -405,6 +406,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/ja/LC_MESSAGES/ld.mo #usr/share/locale/ka/LC_MESSAGES/bfd.mo #usr/share/locale/ka/LC_MESSAGES/gprof.mo +#usr/share/locale/ka/LC_MESSAGES/ld.mo #usr/share/locale/ms #usr/share/locale/ms/LC_MESSAGES #usr/share/locale/ms/LC_MESSAGES/gprof.mo @@ -418,6 +420,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/ro/LC_MESSAGES/bfd.mo #usr/share/locale/ro/LC_MESSAGES/binutils.mo #usr/share/locale/ro/LC_MESSAGES/gprof.mo +#usr/share/locale/ro/LC_MESSAGES/ld.mo #usr/share/locale/ro/LC_MESSAGES/opcodes.mo #usr/share/locale/ru/LC_MESSAGES/bfd.mo #usr/share/locale/ru/LC_MESSAGES/binutils.mo diff --git a/config/rootfiles/common/aarch64/glibc b/config/rootfiles/common/aarch64/glibc index f6cd12331b..99481d6b30 100644 --- a/config/rootfiles/common/aarch64/glibc +++ b/config/rootfiles/common/aarch64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/netdb.h #usr/include/bits/param.h #usr/include/bits/poll.h +#usr/include/bits/platform/features.h #usr/include/bits/poll2.h #usr/include/bits/posix1_lim.h #usr/include/bits/posix2_lim.h @@ -168,6 +169,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -176,6 +178,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -417,6 +420,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -808,7 +812,7 @@ usr/lib/gconv #usr/lib/libc_nonshared.a #usr/lib/libdl.a #usr/lib/libg.a -#usr/lib/libm-2.38.a +#usr/lib/libm-2.39.a #usr/lib/libm.a #usr/lib/libm.so #usr/lib/libmcheck.a @@ -880,20 +884,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2126,6 +2116,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4142,6 +4146,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4968,6 +4986,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6662,6 +6694,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6690,6 +6736,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7054,6 +7114,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7502,6 +7576,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7941,7 +8029,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -8004,6 +8091,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8093,6 +8181,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8139,6 +8228,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8232,7 +8322,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8254,6 +8346,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8262,6 +8355,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8291,6 +8385,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8308,6 +8403,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index b920dd248c..a286a15383 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -120,8 +120,11 @@ var/ipfire/menu.d/70-log.menu #var/ipfire/menu.d/EX-apcupsd.menu #var/ipfire/menu.d/EX-guardian.menu #var/ipfire/menu.d/EX-mpfire.menu +#var/ipfire/menu.d/EX-mympd.menu #var/ipfire/menu.d/EX-samba.menu #var/ipfire/menu.d/EX-tor.menu +#var/ipfire/menu.d/EX-transmission.menu +#var/ipfire/menu.d/EX-vdr.menu #var/ipfire/menu.d/EX-wio.menu #var/ipfire/menu.d/EX-wlanap.menu var/ipfire/modem diff --git a/config/rootfiles/common/elfutils b/config/rootfiles/common/elfutils index 830638e2be..04773db9f4 100644 --- a/config/rootfiles/common/elfutils +++ b/config/rootfiles/common/elfutils @@ -28,15 +28,15 @@ #usr/include/gelf.h #usr/include/libelf.h #usr/include/nlist.h -usr/lib/libasm-0.190.so +usr/lib/libasm-0.191.so #usr/lib/libasm.a #usr/lib/libasm.so usr/lib/libasm.so.1 -usr/lib/libdw-0.190.so +usr/lib/libdw-0.191.so #usr/lib/libdw.a #usr/lib/libdw.so usr/lib/libdw.so.1 -usr/lib/libelf-0.190.so +usr/lib/libelf-0.191.so #usr/lib/libelf.a #usr/lib/libelf.so usr/lib/libelf.so.1 diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 499f99f8ee..2ab49e910e 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -3,21 +3,21 @@ #usr/include/expat_config.h #usr/include/expat_external.h #usr/lib/cmake -#usr/lib/cmake/expat-2.6.0 -#usr/lib/cmake/expat-2.6.0/expat-config-version.cmake -#usr/lib/cmake/expat-2.6.0/expat-config.cmake -#usr/lib/cmake/expat-2.6.0/expat-noconfig.cmake -#usr/lib/cmake/expat-2.6.0/expat.cmake +#usr/lib/cmake/expat-2.6.2 +#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake +#usr/lib/cmake/expat-2.6.2/expat-config.cmake +#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake +#usr/lib/cmake/expat-2.6.2/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.9.0 +usr/lib/libexpat.so.1.9.2 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.6.0 -#usr/share/doc/expat-2.6.0/ok.min.css -#usr/share/doc/expat-2.6.0/reference.html -#usr/share/doc/expat-2.6.0/style.css +#usr/share/doc/expat-2.6.2 +#usr/share/doc/expat-2.6.2/ok.min.css +#usr/share/doc/expat-2.6.2/reference.html +#usr/share/doc/expat-2.6.2/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog #usr/share/man/man1/xmlwf.1 diff --git a/config/rootfiles/common/gdb b/config/rootfiles/common/gdb index 6a366ac7d1..be23b3e79b 100644 --- a/config/rootfiles/common/gdb +++ b/config/rootfiles/common/gdb @@ -2,14 +2,10 @@ #usr/bin/gdb #usr/bin/gdb-add-index #usr/bin/gdbserver -#usr/bin/run #usr/include/gdb #usr/include/gdb/jit-reader.h #usr/include/sim -#usr/include/sim/callback.h -#usr/include/sim/sim.h #usr/lib/libinproctrace.so -#usr/lib/libsim.a #usr/share/gdb/python #usr/share/gdb/python/gdb #usr/share/gdb/python/gdb/FrameDecorator.py @@ -24,6 +20,29 @@ #usr/share/gdb/python/gdb/command/type_printers.py #usr/share/gdb/python/gdb/command/unwinders.py #usr/share/gdb/python/gdb/command/xmethods.py +#usr/share/gdb/python/gdb/dap +#usr/share/gdb/python/gdb/dap/__init__.py +#usr/share/gdb/python/gdb/dap/breakpoint.py +#usr/share/gdb/python/gdb/dap/bt.py +#usr/share/gdb/python/gdb/dap/disassemble.py +#usr/share/gdb/python/gdb/dap/evaluate.py +#usr/share/gdb/python/gdb/dap/events.py +#usr/share/gdb/python/gdb/dap/frames.py +#usr/share/gdb/python/gdb/dap/io.py +#usr/share/gdb/python/gdb/dap/launch.py +#usr/share/gdb/python/gdb/dap/locations.py +#usr/share/gdb/python/gdb/dap/memory.py +#usr/share/gdb/python/gdb/dap/modules.py +#usr/share/gdb/python/gdb/dap/next.py +#usr/share/gdb/python/gdb/dap/pause.py +#usr/share/gdb/python/gdb/dap/scopes.py +#usr/share/gdb/python/gdb/dap/server.py +#usr/share/gdb/python/gdb/dap/sources.py +#usr/share/gdb/python/gdb/dap/startup.py +#usr/share/gdb/python/gdb/dap/state.py +#usr/share/gdb/python/gdb/dap/threads.py +#usr/share/gdb/python/gdb/dap/typecheck.py +#usr/share/gdb/python/gdb/dap/varref.py #usr/share/gdb/python/gdb/disassembler.py #usr/share/gdb/python/gdb/frames.py #usr/share/gdb/python/gdb/function @@ -70,6 +89,7 @@ #usr/share/info/gdb.info-6 #usr/share/info/gdb.info-7 #usr/share/info/gdb.info-8 +#usr/share/info/gdb.info-9 #usr/share/info/stabs.info #usr/share/man/man1/gcore.1 #usr/share/man/man1/gdb-add-index.1 diff --git a/config/rootfiles/common/glib b/config/rootfiles/common/glib index 4481c2c7e5..251004a617 100644 --- a/config/rootfiles/common/glib +++ b/config/rootfiles/common/glib @@ -571,4 +571,3 @@ usr/lib/libgthread-2.0.so.0.7700.0 #usr/share/locale/zh_HK/LC_MESSAGES #usr/share/locale/zh_HK/LC_MESSAGES/glib20.mo #usr/share/locale/zh_TW/LC_MESSAGES/glib20.mo - diff --git a/config/rootfiles/common/i2c-tools b/config/rootfiles/common/i2c-tools index 7dec1eec1c..da9cb57b4f 100644 --- a/config/rootfiles/common/i2c-tools +++ b/config/rootfiles/common/i2c-tools @@ -22,4 +22,3 @@ usr/sbin/i2ctransfer #usr/share/man/man8/i2cget.8 #usr/share/man/man8/i2cset.8 #usr/share/man/man8/i2ctransfer.8 - diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2 index fb68e31f24..da7134d2dc 100644 --- a/config/rootfiles/common/iproute2 +++ b/config/rootfiles/common/iproute2 @@ -30,8 +30,6 @@ sbin/vdpa #usr/include/iproute2/bpf_elf.h #usr/lib/tc #usr/lib/tc/experimental.dist -usr/lib/tc/m_ipt.so -usr/lib/tc/m_xt.so #usr/lib/tc/normal.dist #usr/lib/tc/pareto.dist #usr/lib/tc/paretonormal.dist @@ -129,6 +127,7 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/tc-fq_codel.8 #usr/share/man/man8/tc-fq_pie.8 #usr/share/man/man8/tc-fw.8 +#usr/share/man/man8/tc-gact.8 #usr/share/man/man8/tc-gate.8 #usr/share/man/man8/tc-hfsc.8 #usr/share/man/man8/tc-htb.8 @@ -160,7 +159,6 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/tc-tunnel_key.8 #usr/share/man/man8/tc-u32.8 #usr/share/man/man8/tc-vlan.8 -#usr/share/man/man8/tc-xt.8 #usr/share/man/man8/tc.8 #usr/share/man/man8/tipc-bearer.8 #usr/share/man/man8/tipc-link.8 diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot index 6660b27d11..0fc076c104 100644 --- a/config/rootfiles/common/knot +++ b/config/rootfiles/common/knot @@ -9,7 +9,7 @@ usr/lib/libdnssec.so.9.0.0 #usr/lib/libknot.la #usr/lib/libknot.lai #usr/lib/libknot.so -usr/lib/libknot.so.13 -usr/lib/libknot.so.13.0.0 +usr/lib/libknot.so.14 +usr/lib/libknot.so.14.0.0 #usr/lib/libknotus.a #usr/lib/libknotus.la diff --git a/config/rootfiles/common/libffi b/config/rootfiles/common/libffi index 02c161e54b..41cf295938 100644 --- a/config/rootfiles/common/libffi +++ b/config/rootfiles/common/libffi @@ -4,7 +4,7 @@ #usr/lib/libffi.la #usr/lib/libffi.so usr/lib/libffi.so.8 -usr/lib/libffi.so.8.1.2 +usr/lib/libffi.so.8.1.4 #usr/lib/pkgconfig/libffi.pc #usr/share/info/libffi.info #usr/share/man/man3/ffi.3 diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error index 08079ed9c5..ce3492a246 100644 --- a/config/rootfiles/common/libgpg-error +++ b/config/rootfiles/common/libgpg-error @@ -6,7 +6,7 @@ usr/bin/gpg-error #usr/lib/libgpg-error.la #usr/lib/libgpg-error.so usr/lib/libgpg-error.so.0 -usr/lib/libgpg-error.so.0.34.0 +usr/lib/libgpg-error.so.0.35.0 #usr/lib/pkgconfig/gpg-error.pc #usr/share/aclocal/gpg-error.m4 #usr/share/aclocal/gpgrt.m4 diff --git a/config/rootfiles/common/meson b/config/rootfiles/common/meson index ff8e294d17..6db0e34edf 100644 --- a/config/rootfiles/common/meson +++ b/config/rootfiles/common/meson @@ -1,11 +1,11 @@ #usr/bin/meson -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/entry_points.txt -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/entry_points.txt +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/top_level.txt #usr/lib/python3.10/site-packages/mesonbuild #usr/lib/python3.10/site-packages/mesonbuild/__init__.py #usr/lib/python3.10/site-packages/mesonbuild/_pathlib.py diff --git a/config/rootfiles/common/newt b/config/rootfiles/common/newt index b3d9a581b2..adcc9cace6 100644 --- a/config/rootfiles/common/newt +++ b/config/rootfiles/common/newt @@ -3,7 +3,7 @@ usr/bin/whiptail #usr/lib/libnewt.a #usr/lib/libnewt.so usr/lib/libnewt.so.0.52 -usr/lib/libnewt.so.0.52.23 +usr/lib/libnewt.so.0.52.24 #usr/lib/pkgconfig/libnewt.pc #usr/lib/python3.10/site-packages/_snack.so #usr/lib/python3.10/site-packages/snack.py diff --git a/config/rootfiles/common/openjpeg b/config/rootfiles/common/openjpeg index 7d1effd408..19a9198e7a 100644 --- a/config/rootfiles/common/openjpeg +++ b/config/rootfiles/common/openjpeg @@ -4,12 +4,12 @@ usr/bin/opj_dump #usr/include/openjpeg-2.5 #usr/include/openjpeg-2.5/openjpeg.h #usr/include/openjpeg-2.5/opj_config.h -#usr/include/openjpeg-2.5/opj_stdint.h +#usr/lib/cmake/openjpeg-2.5 +#usr/lib/cmake/openjpeg-2.5/OpenJPEGConfig.cmake +#usr/lib/cmake/openjpeg-2.5/OpenJPEGConfigVersion.cmake +#usr/lib/cmake/openjpeg-2.5/OpenJPEGTargets-release.cmake +#usr/lib/cmake/openjpeg-2.5/OpenJPEGTargets.cmake #usr/lib/libopenjp2.so -usr/lib/libopenjp2.so.2.5.0 +usr/lib/libopenjp2.so.2.5.2 usr/lib/libopenjp2.so.7 -#usr/lib/openjpeg-2.5 -#usr/lib/openjpeg-2.5/OpenJPEGConfig.cmake -#usr/lib/openjpeg-2.5/OpenJPEGTargets-release.cmake -#usr/lib/openjpeg-2.5/OpenJPEGTargets.cmake #usr/lib/pkgconfig/libopenjp2.pc diff --git a/config/rootfiles/common/pango b/config/rootfiles/common/pango index a50610e7c5..4cfba12c27 100644 --- a/config/rootfiles/common/pango +++ b/config/rootfiles/common/pango @@ -41,13 +41,13 @@ usr/bin/pango-view #usr/include/pango-1.0/pango/pangoft2.h #usr/lib/libpango-1.0.so usr/lib/libpango-1.0.so.0 -usr/lib/libpango-1.0.so.0.5000.13 +usr/lib/libpango-1.0.so.0.5200.0 #usr/lib/libpangocairo-1.0.so usr/lib/libpangocairo-1.0.so.0 -usr/lib/libpangocairo-1.0.so.0.5000.13 +usr/lib/libpangocairo-1.0.so.0.5200.0 #usr/lib/libpangoft2-1.0.so usr/lib/libpangoft2-1.0.so.0 -usr/lib/libpangoft2-1.0.so.0.5000.13 +usr/lib/libpangoft2-1.0.so.0.5200.0 #usr/lib/pkgconfig/pango.pc #usr/lib/pkgconfig/pangocairo.pc #usr/lib/pkgconfig/pangofc.pc diff --git a/config/rootfiles/common/pciutils b/config/rootfiles/common/pciutils index 491bf05673..b230795260 100644 --- a/config/rootfiles/common/pciutils +++ b/config/rootfiles/common/pciutils @@ -1,7 +1,7 @@ bin/lspci bin/setpci lib/libpci.so.3 -lib/libpci.so.3.10.0 +lib/libpci.so.3.11.1 sbin/update-pciids #usr/include/pci #usr/include/pci/config.h diff --git a/config/rootfiles/common/perl b/config/rootfiles/common/perl index fb360c8747..94e37db0e8 100644 --- a/config/rootfiles/common/perl +++ b/config/rootfiles/common/perl @@ -2797,4 +2797,3 @@ usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/threads/shared.pm #usr/share/man/man3/vmsish.3 #usr/share/man/man3/warnings.3 #usr/share/man/man3/warnings::register.3 - diff --git a/config/rootfiles/common/pixman b/config/rootfiles/common/pixman index c48845cdef..d6ed58f3cd 100644 --- a/config/rootfiles/common/pixman +++ b/config/rootfiles/common/pixman @@ -3,5 +3,5 @@ #usr/include/pixman-1/pixman.h #usr/lib/libpixman-1.so usr/lib/libpixman-1.so.0 -usr/lib/libpixman-1.so.0.43.0 +usr/lib/libpixman-1.so.0.43.4 #usr/lib/pkgconfig/pixman-1.pc diff --git a/config/rootfiles/common/poppler b/config/rootfiles/common/poppler index 68deecd650..192011364b 100644 --- a/config/rootfiles/common/poppler +++ b/config/rootfiles/common/poppler @@ -173,8 +173,8 @@ usr/lib/libpoppler-cpp.so.0.11.0 usr/lib/libpoppler-glib.so.8 usr/lib/libpoppler-glib.so.8.26.0 #usr/lib/libpoppler.so -usr/lib/libpoppler.so.133 -usr/lib/libpoppler.so.133.0.0 +usr/lib/libpoppler.so.135 +usr/lib/libpoppler.so.135.0.0 #usr/lib/pkgconfig/poppler-cpp.pc #usr/lib/pkgconfig/poppler-glib.pc #usr/lib/pkgconfig/poppler.pc diff --git a/config/rootfiles/common/qpdf b/config/rootfiles/common/qpdf index 4bc9120cce..322845aa0e 100644 --- a/config/rootfiles/common/qpdf +++ b/config/rootfiles/common/qpdf @@ -66,6 +66,7 @@ usr/bin/qpdf #usr/include/qpdf/auto_job_c_enc.hh #usr/include/qpdf/auto_job_c_main.hh #usr/include/qpdf/auto_job_c_pages.hh +#usr/include/qpdf/auto_job_c_set_page_labels.hh #usr/include/qpdf/auto_job_c_uo.hh #usr/include/qpdf/qpdf-c.h #usr/include/qpdf/qpdfjob-c.h @@ -77,7 +78,7 @@ usr/bin/qpdf #usr/lib/cmake/qpdf/qpdfConfigVersion.cmake #usr/lib/libqpdf.so usr/lib/libqpdf.so.29 -usr/lib/libqpdf.so.29.7.0 +usr/lib/libqpdf.so.29.9.0 #usr/lib/pkgconfig/libqpdf.pc #usr/share/doc/qpdf #usr/share/doc/qpdf/README-doc.txt diff --git a/config/rootfiles/common/riscv64/binutils b/config/rootfiles/common/riscv64/binutils index 6ecd90ac28..88dadbe6bb 100644 --- a/config/rootfiles/common/riscv64/binutils +++ b/config/rootfiles/common/riscv64/binutils @@ -293,7 +293,8 @@ usr/bin/strings #usr/lib/ldscripts/elf64lriscv_lp64f.xu #usr/lib/ldscripts/elf64lriscv_lp64f.xw #usr/lib/ldscripts/elf64lriscv_lp64f.xwe -usr/lib/libbfd-2.41.so +#usr/lib/ldscripts/stamp +usr/lib/libbfd-2.42.so #usr/lib/libbfd.a #usr/lib/libbfd.la #usr/lib/libbfd.so @@ -307,7 +308,7 @@ usr/lib/libctf-nobfd.so.0.0.0 #usr/lib/libctf.so usr/lib/libctf.so.0 usr/lib/libctf.so.0.0.0 -usr/lib/libopcodes-2.41.so +usr/lib/libopcodes-2.42.so #usr/lib/libopcodes.a #usr/lib/libopcodes.la #usr/lib/libopcodes.so @@ -380,6 +381,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/ja/LC_MESSAGES/ld.mo #usr/share/locale/ka/LC_MESSAGES/bfd.mo #usr/share/locale/ka/LC_MESSAGES/gprof.mo +#usr/share/locale/ka/LC_MESSAGES/ld.mo #usr/share/locale/ms #usr/share/locale/ms/LC_MESSAGES #usr/share/locale/ms/LC_MESSAGES/gprof.mo @@ -393,6 +395,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/ro/LC_MESSAGES/bfd.mo #usr/share/locale/ro/LC_MESSAGES/binutils.mo #usr/share/locale/ro/LC_MESSAGES/gprof.mo +#usr/share/locale/ro/LC_MESSAGES/ld.mo #usr/share/locale/ro/LC_MESSAGES/opcodes.mo #usr/share/locale/ru/LC_MESSAGES/bfd.mo #usr/share/locale/ru/LC_MESSAGES/binutils.mo diff --git a/config/rootfiles/common/riscv64/glibc b/config/rootfiles/common/riscv64/glibc index cf1df065a6..1ee4b92bdb 100644 --- a/config/rootfiles/common/riscv64/glibc +++ b/config/rootfiles/common/riscv64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/param.h #usr/include/bits/poll.h #usr/include/bits/poll2.h +#usr/include/bits/platform/features.h #usr/include/bits/posix1_lim.h #usr/include/bits/posix2_lim.h #usr/include/bits/posix_opt.h @@ -167,6 +168,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -175,6 +177,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -416,6 +419,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -875,20 +879,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2121,6 +2111,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4137,6 +4141,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4963,6 +4981,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6657,6 +6689,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6685,6 +6731,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7049,6 +7109,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7497,6 +7571,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7935,7 +8023,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -7998,6 +8085,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8087,6 +8175,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8133,6 +8222,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8226,7 +8316,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8248,6 +8340,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8256,6 +8349,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8285,6 +8379,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8302,6 +8397,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/config/rootfiles/common/squidguard b/config/rootfiles/common/squidguard index a6bab0c181..389f03787f 100644 --- a/config/rootfiles/common/squidguard +++ b/config/rootfiles/common/squidguard @@ -80,4 +80,3 @@ var/lib/squidguard #var/log/squidGuard var/log/squidGuard/squidGuard.log var/urlrepo - diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index c414cf61b1..53224d006e 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -1,7 +1,6 @@ etc/suricata etc/suricata/suricata.yaml usr/bin/suricata -#usr/include/suricata-plugin.h usr/sbin/convert-ids-backend-files #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS @@ -27,6 +26,7 @@ usr/share/suricata #usr/share/suricata/rules/dnp3-events.rules #usr/share/suricata/rules/dns-events.rules #usr/share/suricata/rules/files.rules +#usr/share/suricata/rules/ftp-events.rules #usr/share/suricata/rules/http-events.rules #usr/share/suricata/rules/http2-events.rules #usr/share/suricata/rules/ipsec-events.rules @@ -35,6 +35,7 @@ usr/share/suricata #usr/share/suricata/rules/mqtt-events.rules #usr/share/suricata/rules/nfs-events.rules #usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/quic-events.rules #usr/share/suricata/rules/rfb-events.rules #usr/share/suricata/rules/smb-events.rules #usr/share/suricata/rules/smtp-events.rules diff --git a/config/rootfiles/common/tar b/config/rootfiles/common/tar index 6dbb6ee71c..11b92eb2c6 100644 --- a/config/rootfiles/common/tar +++ b/config/rootfiles/common/tar @@ -6,4 +6,3 @@ bin/tar #usr/share/man/man1/tar.1 #usr/share/man/man8/rmt.8 #usr/sbin/rmt - diff --git a/config/rootfiles/common/tcl b/config/rootfiles/common/tcl index 5dd185c51b..e01d7cfa2c 100644 --- a/config/rootfiles/common/tcl +++ b/config/rootfiles/common/tcl @@ -25,20 +25,20 @@ usr/bin/tclsh8.6 #usr/include/tdbc.h #usr/include/tdbcDecls.h #usr/include/tdbcInt.h -usr/lib/itcl4.2.3 -usr/lib/itcl4.2.3/itcl.tcl -usr/lib/itcl4.2.3/itclConfig.sh -usr/lib/itcl4.2.3/itclHullCmds.tcl -usr/lib/itcl4.2.3/itclWidget.tcl -usr/lib/itcl4.2.3/libitcl4.2.3.so -usr/lib/itcl4.2.3/libitclstub4.2.3.a -usr/lib/itcl4.2.3/pkgIndex.tcl +usr/lib/itcl4.2.4 +usr/lib/itcl4.2.4/itcl.tcl +usr/lib/itcl4.2.4/itclConfig.sh +usr/lib/itcl4.2.4/itclHullCmds.tcl +usr/lib/itcl4.2.4/itclWidget.tcl +usr/lib/itcl4.2.4/libitcl4.2.4.so +usr/lib/itcl4.2.4/libitclstub4.2.4.a +usr/lib/itcl4.2.4/pkgIndex.tcl usr/lib/libtcl8.6.so #usr/lib/libtclstub8.6.a #usr/lib/pkgconfig/tcl.pc -#usr/lib/sqlite3.40.0 -usr/lib/sqlite3.40.0/libsqlite3.40.0.so -usr/lib/sqlite3.40.0/pkgIndex.tcl +usr/lib/sqlite3.44.2 +usr/lib/sqlite3.44.2/libsqlite3.44.2.so +usr/lib/sqlite3.44.2/pkgIndex.tcl #usr/lib/tcl8 #usr/lib/tcl8.6 usr/lib/tcl8.6/auto.tcl @@ -273,35 +273,35 @@ usr/lib/tcl8/8.4/platform-1.0.19.tm usr/lib/tcl8/8.4/platform/shell-1.1.4.tm #usr/lib/tcl8/8.5 usr/lib/tcl8/8.5/msgcat-1.6.1.tm -usr/lib/tcl8/8.5/tcltest-2.5.5.tm +usr/lib/tcl8/8.5/tcltest-2.5.7.tm #usr/lib/tcl8/8.6 usr/lib/tcl8/8.6/http-2.9.8.tm usr/lib/tcl8/8.6/tdbc -usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.5.tm +usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.7.tm usr/lib/tclConfig.sh usr/lib/tclooConfig.sh -usr/lib/tdbc1.1.5 -usr/lib/tdbc1.1.5/libtdbc1.1.5.so -usr/lib/tdbc1.1.5/libtdbcstub1.1.5.a -usr/lib/tdbc1.1.5/pkgIndex.tcl -usr/lib/tdbc1.1.5/tdbc.tcl -usr/lib/tdbc1.1.5/tdbcConfig.sh -#usr/lib/tdbcmysql1.1.5 -usr/lib/tdbcmysql1.1.5/libtdbcmysql1.1.5.so -usr/lib/tdbcmysql1.1.5/pkgIndex.tcl -usr/lib/tdbcmysql1.1.5/tdbcmysql.tcl -#usr/lib/tdbcodbc1.1.5 -usr/lib/tdbcodbc1.1.5/libtdbcodbc1.1.5.so -usr/lib/tdbcodbc1.1.5/pkgIndex.tcl -usr/lib/tdbcodbc1.1.5/tdbcodbc.tcl -#usr/lib/tdbcpostgres1.1.5 -usr/lib/tdbcpostgres1.1.5/libtdbcpostgres1.1.5.so -usr/lib/tdbcpostgres1.1.5/pkgIndex.tcl -usr/lib/tdbcpostgres1.1.5/tdbcpostgres.tcl -#usr/lib/thread2.8.8 -usr/lib/thread2.8.8/libthread2.8.8.so -usr/lib/thread2.8.8/pkgIndex.tcl -usr/lib/thread2.8.8/ttrace.tcl +usr/lib/tdbc1.1.7 +usr/lib/tdbc1.1.7/libtdbc1.1.7.so +usr/lib/tdbc1.1.7/libtdbcstub1.1.7.a +usr/lib/tdbc1.1.7/pkgIndex.tcl +usr/lib/tdbc1.1.7/tdbc.tcl +usr/lib/tdbc1.1.7/tdbcConfig.sh +usr/lib/tdbcmysql1.1.7 +usr/lib/tdbcmysql1.1.7/libtdbcmysql1.1.7.so +usr/lib/tdbcmysql1.1.7/pkgIndex.tcl +usr/lib/tdbcmysql1.1.7/tdbcmysql.tcl +usr/lib/tdbcodbc1.1.7 +usr/lib/tdbcodbc1.1.7/libtdbcodbc1.1.7.so +usr/lib/tdbcodbc1.1.7/pkgIndex.tcl +usr/lib/tdbcodbc1.1.7/tdbcodbc.tcl +usr/lib/tdbcpostgres1.1.7 +usr/lib/tdbcpostgres1.1.7/libtdbcpostgres1.1.7.so +usr/lib/tdbcpostgres1.1.7/pkgIndex.tcl +usr/lib/tdbcpostgres1.1.7/tdbcpostgres.tcl +usr/lib/thread2.8.9 +usr/lib/thread2.8.9/libthread2.8.9.so +usr/lib/thread2.8.9/pkgIndex.tcl +usr/lib/thread2.8.9/ttrace.tcl #usr/man/man1/tclsh.1 #usr/man/man3 #usr/man/man3/DString.3 diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 1badd605ab..95dafc4dae 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.24 +usr/lib/libunbound.so.8.1.26 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 2fbbcbcf2e..d2ef6ab103 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -57,6 +57,7 @@ srv/web/ipfire/cgi-bin/memory.cgi srv/web/ipfire/cgi-bin/modem-status.cgi srv/web/ipfire/cgi-bin/modem.cgi #srv/web/ipfire/cgi-bin/mpfire.cgi +#srv/web/ipfire/cgi-bin/mympd.cgi srv/web/ipfire/cgi-bin/netexternal.cgi srv/web/ipfire/cgi-bin/netinternal.cgi srv/web/ipfire/cgi-bin/netother.cgi @@ -78,8 +79,10 @@ srv/web/ipfire/cgi-bin/system.cgi srv/web/ipfire/cgi-bin/time.cgi #srv/web/ipfire/cgi-bin/tor.cgi srv/web/ipfire/cgi-bin/traffic.cgi +#srv/web/ipfire/cgi-bin/transmission.cgi srv/web/ipfire/cgi-bin/updatexlrator.cgi srv/web/ipfire/cgi-bin/urlfilter.cgi +#srv/web/ipfire/cgi-bin/vdr.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/cgi-bin/vulnerabilities.cgi srv/web/ipfire/cgi-bin/wakeonlan.cgi diff --git a/config/rootfiles/common/x86_64/binutils b/config/rootfiles/common/x86_64/binutils index b38eb4a43c..44863503dc 100644 --- a/config/rootfiles/common/x86_64/binutils +++ b/config/rootfiles/common/x86_64/binutils @@ -136,7 +136,8 @@ usr/bin/strings #usr/lib/ldscripts/elf_x86_64.xu #usr/lib/ldscripts/elf_x86_64.xw #usr/lib/ldscripts/elf_x86_64.xwe -usr/lib/libbfd-2.41.so +#usr/lib/ldscripts/stamp +usr/lib/libbfd-2.42.so #usr/lib/libbfd.a #usr/lib/libbfd.la #usr/lib/libbfd.so @@ -155,7 +156,7 @@ usr/lib/libctf.so.0.0.0 #usr/lib/libgprofng.so usr/lib/libgprofng.so.0 usr/lib/libgprofng.so.0.0.0 -usr/lib/libopcodes-2.41.so +usr/lib/libopcodes-2.42.so #usr/lib/libopcodes.a #usr/lib/libopcodes.la #usr/lib/libopcodes.so @@ -229,6 +230,7 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/ja/LC_MESSAGES/ld.mo #usr/share/locale/ka/LC_MESSAGES/bfd.mo #usr/share/locale/ka/LC_MESSAGES/gprof.mo +#usr/share/locale/ka/LC_MESSAGES/ld.mo #usr/share/locale/ms #usr/share/locale/ms/LC_MESSAGES #usr/share/locale/ms/LC_MESSAGES/gprof.mo @@ -239,11 +241,10 @@ usr/lib/libsframe.so.1.0.0 #usr/share/locale/pt_BR/LC_MESSAGES/gprof.mo #usr/share/locale/pt_BR/LC_MESSAGES/ld.mo #usr/share/locale/pt_BR/LC_MESSAGES/opcodes.mo -#usr/share/locale/ro -#usr/share/locale/ro/LC_MESSAGES #usr/share/locale/ro/LC_MESSAGES/bfd.mo #usr/share/locale/ro/LC_MESSAGES/binutils.mo #usr/share/locale/ro/LC_MESSAGES/gprof.mo +#usr/share/locale/ro/LC_MESSAGES/ld.mo #usr/share/locale/ro/LC_MESSAGES/opcodes.mo #usr/share/locale/ru/LC_MESSAGES/bfd.mo #usr/share/locale/ru/LC_MESSAGES/binutils.mo diff --git a/config/rootfiles/common/x86_64/glibc b/config/rootfiles/common/x86_64/glibc index 66d310e384..929a8f6609 100644 --- a/config/rootfiles/common/x86_64/glibc +++ b/config/rootfiles/common/x86_64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/netdb.h #usr/include/bits/param.h #usr/include/bits/platform +#usr/include/bits/platform/features.h #usr/include/bits/platform/x86.h #usr/include/bits/poll.h #usr/include/bits/poll2.h @@ -170,6 +171,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -178,6 +180,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -419,6 +422,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -816,7 +820,7 @@ usr/lib/gconv #usr/lib/libc_nonshared.a #usr/lib/libdl.a #usr/lib/libg.a -#usr/lib/libm-2.38.a +#usr/lib/libm-2.39.a #usr/lib/libm.a #usr/lib/libm.so #usr/lib/libmcheck.a @@ -888,20 +892,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2134,6 +2124,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4150,6 +4154,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4976,6 +4994,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6670,6 +6702,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6698,6 +6744,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7062,6 +7122,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7510,6 +7584,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7949,7 +8037,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -8012,6 +8099,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8101,6 +8189,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8147,6 +8236,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8240,7 +8330,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8262,6 +8354,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8270,6 +8363,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8299,6 +8393,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8316,6 +8411,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode index 7f96329732..5037ac6a8c 100644 --- a/config/rootfiles/common/x86_64/intel-microcode +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -95,7 +95,6 @@ lib/firmware/intel-ucode/06-8e-09 lib/firmware/intel-ucode/06-8e-0a lib/firmware/intel-ucode/06-8e-0b lib/firmware/intel-ucode/06-8e-0c -lib/firmware/intel-ucode/06-8f-04 lib/firmware/intel-ucode/06-8f-05 lib/firmware/intel-ucode/06-8f-06 lib/firmware/intel-ucode/06-8f-07 @@ -117,12 +116,16 @@ lib/firmware/intel-ucode/06-a5-05 lib/firmware/intel-ucode/06-a6-00 lib/firmware/intel-ucode/06-a6-01 lib/firmware/intel-ucode/06-a7-01 +lib/firmware/intel-ucode/06-aa-04 lib/firmware/intel-ucode/06-b7-01 lib/firmware/intel-ucode/06-ba-02 lib/firmware/intel-ucode/06-ba-03 +lib/firmware/intel-ucode/06-ba-08 lib/firmware/intel-ucode/06-be-00 lib/firmware/intel-ucode/06-bf-02 lib/firmware/intel-ucode/06-bf-05 +lib/firmware/intel-ucode/06-cf-01 +lib/firmware/intel-ucode/06-cf-02 lib/firmware/intel-ucode/0f-00-07 lib/firmware/intel-ucode/0f-00-0a lib/firmware/intel-ucode/0f-01-02 diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index c38db650a3..73c0e4d242 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,17 +41,18 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.4.6 +usr/lib/liblzma.so.5.6.1 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING +#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS -#usr/share/doc/xz/TODO #usr/share/doc/xz/api +#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -120,16 +121,15 @@ usr/lib/liblzma.so.5.4.6 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html +#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c +#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile -#usr/share/doc/xz/examples_old -#usr/share/doc/xz/examples_old/xz_pipe_comp.c -#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,6 +168,7 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 +#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -184,21 +185,16 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 -#usr/share/man/fr/man1/lzcmp.1 -#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmore.1 +#usr/share/man/fr/man1/lzmainfo.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 -#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 -#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 -#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -210,6 +206,7 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 +#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -249,27 +246,16 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 -#usr/share/man/pt_BR/man1/lzcmp.1 -#usr/share/man/pt_BR/man1/lzdiff.1 -#usr/share/man/pt_BR/man1/lzegrep.1 -#usr/share/man/pt_BR/man1/lzfgrep.1 -#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmore.1 +#usr/share/man/pt_BR/man1/lzmainfo.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 -#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 -#usr/share/man/pt_BR/man1/xzdiff.1 -#usr/share/man/pt_BR/man1/xzegrep.1 -#usr/share/man/pt_BR/man1/xzfgrep.1 -#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 -#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -281,6 +267,7 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 +#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -305,6 +292,7 @@ usr/lib/liblzma.so.5.4.6 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 +#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/config/rootfiles/core/184/exclude b/config/rootfiles/core/185/exclude similarity index 100% rename from config/rootfiles/core/184/exclude rename to config/rootfiles/core/185/exclude diff --git a/config/rootfiles/core/185/filelists/aarch64/binutils b/config/rootfiles/core/185/filelists/aarch64/binutils new file mode 120000 index 0000000000..6da9d39e5e --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/binutils @@ -0,0 +1 @@ +../../../../common/aarch64/binutils \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/aarch64/glibc b/config/rootfiles/core/185/filelists/aarch64/glibc similarity index 100% rename from config/rootfiles/core/184/filelists/aarch64/glibc rename to config/rootfiles/core/185/filelists/aarch64/glibc diff --git a/config/rootfiles/core/185/filelists/aarch64/util-linux b/config/rootfiles/core/185/filelists/aarch64/util-linux new file mode 120000 index 0000000000..9c253c6896 --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/util-linux @@ -0,0 +1 @@ +../../../../common/aarch64/util-linux \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/arping b/config/rootfiles/core/185/filelists/arping new file mode 120000 index 0000000000..5662e8d929 --- /dev/null +++ b/config/rootfiles/core/185/filelists/arping @@ -0,0 +1 @@ +../../../common/arping \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/bind b/config/rootfiles/core/185/filelists/bind similarity index 100% rename from config/rootfiles/core/184/filelists/bind rename to config/rootfiles/core/185/filelists/bind diff --git a/config/rootfiles/core/185/filelists/ca-certificates b/config/rootfiles/core/185/filelists/ca-certificates new file mode 120000 index 0000000000..320fea8f40 --- /dev/null +++ b/config/rootfiles/core/185/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/core-files b/config/rootfiles/core/185/filelists/core-files similarity index 100% rename from config/rootfiles/core/184/filelists/core-files rename to config/rootfiles/core/185/filelists/core-files diff --git a/config/rootfiles/core/185/filelists/elfutils b/config/rootfiles/core/185/filelists/elfutils new file mode 120000 index 0000000000..8367974bbc --- /dev/null +++ b/config/rootfiles/core/185/filelists/elfutils @@ -0,0 +1 @@ +../../../common/elfutils \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/ethtool b/config/rootfiles/core/185/filelists/ethtool new file mode 120000 index 0000000000..494a53e9d6 --- /dev/null +++ b/config/rootfiles/core/185/filelists/ethtool @@ -0,0 +1 @@ +../../../common/ethtool \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/expat b/config/rootfiles/core/185/filelists/expat similarity index 100% rename from config/rootfiles/core/184/filelists/expat rename to config/rootfiles/core/185/filelists/expat diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files new file mode 100644 index 0000000000..750a006418 --- /dev/null +++ b/config/rootfiles/core/185/filelists/files @@ -0,0 +1,54 @@ +etc/rc.d/init.d/functions +etc/sudoers.d/logwatch-mdadm +lib/firmware/brcm/BCM-0a5c-6410.hcd +lib/firmware/brcm/brcmfmac43012-sdio.bin +lib/firmware/brcm/brcmfmac43012-sdio.clm_blob +lib/firmware/brcm/brcmfmac43430-sdio.clm_blob +lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-plus.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-ultra.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-zero.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m3.txt +lib/firmware/brcm/brcmfmac43455-sdio.clm_blob +lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi 4 Model B.txt +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi Compute Module 4.txt +lib/firmware/brcm/brcmfmac4354-sdio.clm_blob +lib/firmware/brcm/brcmfmac4356-pcie.clm_blob +lib/firmware/brcm/brcmfmac4356-sdio.clm_blob +lib/firmware/brcm/brcmfmac4356-sdio.khadas,vim2.txt +lib/firmware/brcm/brcmfmac43570-pcie.clm_blob +lib/firmware/brcm/brcmfmac4373-sdio.clm_blob +lib/firmware/brcm/brcmfmac54591-pcie.bin +lib/firmware/brcm/brcmfmac54591-pcie.clm_blob +lib/firmware/cxgb4/t4-config.txt +lib/firmware/cxgb4/t5-config.txt +lib/firmware/cxgb4/t6-config.txt +lib/firmware/intel/ice/ddp/ice.pkg +lib/firmware/netronome/flower/nic_AMDA0058-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_8x10.nffw +lib/firmware/nvidia/tegra124/vic.bin +lib/firmware/nvidia/tegra186/vic.bin +lib/firmware/nvidia/tegra210/vic.bin +srv/web/ipfire/cgi-bin/dhcp.cgi +srv/web/ipfire/cgi-bin/dns.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/time.cgi +var/ipfire/backup/bin/backup.pl +var/ipfire/main/manualpages +var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/rootfiles/core/184/filelists/iproute2 b/config/rootfiles/core/185/filelists/iproute2 similarity index 100% rename from config/rootfiles/core/184/filelists/iproute2 rename to config/rootfiles/core/185/filelists/iproute2 diff --git a/config/rootfiles/core/184/filelists/iputils b/config/rootfiles/core/185/filelists/iputils similarity index 100% rename from config/rootfiles/core/184/filelists/iputils rename to config/rootfiles/core/185/filelists/iputils diff --git a/config/rootfiles/core/185/filelists/knot b/config/rootfiles/core/185/filelists/knot new file mode 120000 index 0000000000..28e96f8782 --- /dev/null +++ b/config/rootfiles/core/185/filelists/knot @@ -0,0 +1 @@ +../../../common/knot \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libcap b/config/rootfiles/core/185/filelists/libcap new file mode 120000 index 0000000000..ed67d950a8 --- /dev/null +++ b/config/rootfiles/core/185/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libffi b/config/rootfiles/core/185/filelists/libffi new file mode 120000 index 0000000000..c391acd0cb --- /dev/null +++ b/config/rootfiles/core/185/filelists/libffi @@ -0,0 +1 @@ +../../../common/libffi \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libgpg-error b/config/rootfiles/core/185/filelists/libgpg-error new file mode 120000 index 0000000000..cad431339f --- /dev/null +++ b/config/rootfiles/core/185/filelists/libgpg-error @@ -0,0 +1 @@ +../../../common/libgpg-error \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/libpng b/config/rootfiles/core/185/filelists/libpng similarity index 100% rename from config/rootfiles/core/184/filelists/libpng rename to config/rootfiles/core/185/filelists/libpng diff --git a/config/rootfiles/core/185/filelists/newt b/config/rootfiles/core/185/filelists/newt new file mode 120000 index 0000000000..fb3eb20c3e --- /dev/null +++ b/config/rootfiles/core/185/filelists/newt @@ -0,0 +1 @@ +../../../common/newt \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/ntp b/config/rootfiles/core/185/filelists/ntp new file mode 120000 index 0000000000..7542d86cb0 --- /dev/null +++ b/config/rootfiles/core/185/filelists/ntp @@ -0,0 +1 @@ +../../../common/ntp \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/openjpeg b/config/rootfiles/core/185/filelists/openjpeg new file mode 120000 index 0000000000..5b71a3c93f --- /dev/null +++ b/config/rootfiles/core/185/filelists/openjpeg @@ -0,0 +1 @@ +../../../common/openjpeg \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/openssh b/config/rootfiles/core/185/filelists/openssh new file mode 120000 index 0000000000..d8c77fd8e7 --- /dev/null +++ b/config/rootfiles/core/185/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/pango b/config/rootfiles/core/185/filelists/pango new file mode 120000 index 0000000000..6c37231c7e --- /dev/null +++ b/config/rootfiles/core/185/filelists/pango @@ -0,0 +1 @@ +../../../common/pango \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/pciutils b/config/rootfiles/core/185/filelists/pciutils new file mode 120000 index 0000000000..aeb45e7b31 --- /dev/null +++ b/config/rootfiles/core/185/filelists/pciutils @@ -0,0 +1 @@ +../../../common/pciutils \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/pixman b/config/rootfiles/core/185/filelists/pixman similarity index 100% rename from config/rootfiles/core/184/filelists/pixman rename to config/rootfiles/core/185/filelists/pixman diff --git a/config/rootfiles/core/184/filelists/poppler b/config/rootfiles/core/185/filelists/poppler similarity index 100% rename from config/rootfiles/core/184/filelists/poppler rename to config/rootfiles/core/185/filelists/poppler diff --git a/config/rootfiles/core/185/filelists/qpdf b/config/rootfiles/core/185/filelists/qpdf new file mode 120000 index 0000000000..2d6c43dec3 --- /dev/null +++ b/config/rootfiles/core/185/filelists/qpdf @@ -0,0 +1 @@ +../../../common/qpdf \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/riscv64/binutils b/config/rootfiles/core/185/filelists/riscv64/binutils new file mode 120000 index 0000000000..c5f3990b61 --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/binutils @@ -0,0 +1 @@ +../../../../common/riscv64/binutils \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/riscv64/glibc b/config/rootfiles/core/185/filelists/riscv64/glibc similarity index 100% rename from config/rootfiles/core/184/filelists/riscv64/glibc rename to config/rootfiles/core/185/filelists/riscv64/glibc diff --git a/config/rootfiles/core/185/filelists/riscv64/util-linux b/config/rootfiles/core/185/filelists/riscv64/util-linux new file mode 120000 index 0000000000..f8e6802053 --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/util-linux @@ -0,0 +1 @@ +../../../../common/riscv64/util-linux \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/shadow b/config/rootfiles/core/185/filelists/shadow similarity index 100% rename from config/rootfiles/core/184/filelists/shadow rename to config/rootfiles/core/185/filelists/shadow diff --git a/config/rootfiles/core/184/filelists/sqlite b/config/rootfiles/core/185/filelists/sqlite similarity index 100% rename from config/rootfiles/core/184/filelists/sqlite rename to config/rootfiles/core/185/filelists/sqlite diff --git a/config/rootfiles/core/184/filelists/squid b/config/rootfiles/core/185/filelists/squid similarity index 100% rename from config/rootfiles/core/184/filelists/squid rename to config/rootfiles/core/185/filelists/squid diff --git a/config/rootfiles/core/184/filelists/suricata b/config/rootfiles/core/185/filelists/suricata similarity index 100% rename from config/rootfiles/core/184/filelists/suricata rename to config/rootfiles/core/185/filelists/suricata diff --git a/config/rootfiles/core/185/filelists/tcl b/config/rootfiles/core/185/filelists/tcl new file mode 120000 index 0000000000..7f620c687e --- /dev/null +++ b/config/rootfiles/core/185/filelists/tcl @@ -0,0 +1 @@ +../../../common/tcl \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/unbound b/config/rootfiles/core/185/filelists/unbound similarity index 100% rename from config/rootfiles/core/184/filelists/unbound rename to config/rootfiles/core/185/filelists/unbound diff --git a/config/rootfiles/core/185/filelists/wget b/config/rootfiles/core/185/filelists/wget new file mode 120000 index 0000000000..fcb57dfec8 --- /dev/null +++ b/config/rootfiles/core/185/filelists/wget @@ -0,0 +1 @@ +../../../common/wget \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/whois b/config/rootfiles/core/185/filelists/whois new file mode 120000 index 0000000000..60cbd1894f --- /dev/null +++ b/config/rootfiles/core/185/filelists/whois @@ -0,0 +1 @@ +../../../common/whois \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/binutils b/config/rootfiles/core/185/filelists/x86_64/binutils new file mode 120000 index 0000000000..7d0fda554d --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/binutils @@ -0,0 +1 @@ +../../../../common/x86_64/binutils \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/x86_64/glibc b/config/rootfiles/core/185/filelists/x86_64/glibc similarity index 100% rename from config/rootfiles/core/184/filelists/x86_64/glibc rename to config/rootfiles/core/185/filelists/x86_64/glibc diff --git a/config/rootfiles/core/185/filelists/x86_64/intel-microcode b/config/rootfiles/core/185/filelists/x86_64/intel-microcode new file mode 120000 index 0000000000..d5ac074e2e --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/util-linux b/config/rootfiles/core/185/filelists/x86_64/util-linux new file mode 120000 index 0000000000..7b5558d2c2 --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/util-linux @@ -0,0 +1 @@ +../../../../common/x86_64/util-linux \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/xz b/config/rootfiles/core/185/filelists/xz similarity index 100% rename from config/rootfiles/core/184/filelists/xz rename to config/rootfiles/core/185/filelists/xz diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh new file mode 100644 index 0000000000..3dce4693c4 --- /dev/null +++ b/config/rootfiles/core/185/update.sh @@ -0,0 +1,142 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2024 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=185 + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/ntp stop +/etc/init.d/squid stop + +# Extract files +extract_files + +# Remove files +rm -rvf \ + /etc/pango \ + /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \ + /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \ + /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \ + /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \ + /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \ + /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \ + /lib/firmware/intel-ucode/06-86-04 \ + /lib/firmware/intel-ucode/06-86-05 \ + /lib/firmware/intel-ucode/06-8f-04 \ + /sbin/xtables-multi \ + /srv/web/ipfire/html/themes/ipfire-rounded \ + /usr/lib/crda/pubkeys/linville.key.pub.pem \ + /usr/lib/grub/i386-pc/efiemu{32,64}.o \ + /usr/lib/grub/i386-pc/verifiers.* \ + /usr/lib/grub/i386-pc/verify.* \ + /usr/lib/grub/x86_64-efi/shim_lock.* \ + /usr/lib/grub/x86_64-efi/verifiers.* \ + /usr/lib/grub/x86_64-efi/verify.* \ + /usr/lib/snort_dynamic* \ + /usr/local/bin/snortctrl \ + /usr/share/usb_modeswitch/1033:0035 \ + /usr/share/vim/vim7* \ + /var/ipfire/geoip-functions.pl \ + /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \ + /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \ + /var/lib/location/tmp* + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Filesytem cleanup +/usr/local/bin/filesystem-cleanup + +# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + +# Fix permissions of /etc/sudoers.d/ +chmod -v 750 /etc/sudoers.d +chmod -v 640 /etc/sudoers.d/* + +# Start services +telinit u +/etc/init.d/sshd restart +/etc/init.d/suricata restart +/etc/init.d/unbound restart +/etc/init.d/ntp start +if [ -f /var/ipfire/proxy/enable ]; then + /etc/init.d/squid start +fi +## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections +# Check if ovpnconfig exists and is not empty +if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update + awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig + + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + # Copy all RW connections unchanged to the new ovpnconfig file + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do + awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + + done +fi + +# Replace existing ovpnconfig with updated index +mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig +# Set correct ownership +chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + +# Rebuild initial ramdisks +dracut --regenerate-all --force +KVER="xxxKVERxxx" +case "$(uname -m)" in + aarch64) + mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire + # dont remove initramfs because grub need this to boot. + ;; +esac + +# This update needs a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/184/exclude b/config/rootfiles/oldcore/184/exclude new file mode 100644 index 0000000000..8ee1c3c2f5 --- /dev/null +++ b/config/rootfiles/oldcore/184/exclude @@ -0,0 +1,35 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +boot/uEnv.txt +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/firewall/locationblock +var/ipfire/fwhosts/customlocationgrp +var/ipfire/ovpn +var/ipfire/urlfilter/blacklist +var/ipfire/urlfilter/settings +var/lib/alternatives +var/lib/location/database.db +var/lib/location/ipset +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/184/filelists/aarch64/glibc b/config/rootfiles/oldcore/184/filelists/aarch64/glibc new file mode 120000 index 0000000000..d13849ff91 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/aarch64/glibc @@ -0,0 +1 @@ +../../../../common/aarch64/glibc \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/acl b/config/rootfiles/oldcore/184/filelists/acl similarity index 100% rename from config/rootfiles/core/184/filelists/acl rename to config/rootfiles/oldcore/184/filelists/acl diff --git a/config/rootfiles/core/184/filelists/attr b/config/rootfiles/oldcore/184/filelists/attr similarity index 100% rename from config/rootfiles/core/184/filelists/attr rename to config/rootfiles/oldcore/184/filelists/attr diff --git a/config/rootfiles/core/184/filelists/bash b/config/rootfiles/oldcore/184/filelists/bash similarity index 100% rename from config/rootfiles/core/184/filelists/bash rename to config/rootfiles/oldcore/184/filelists/bash diff --git a/config/rootfiles/oldcore/184/filelists/bind b/config/rootfiles/oldcore/184/filelists/bind new file mode 120000 index 0000000000..48a0ebaefd --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/core-files b/config/rootfiles/oldcore/184/filelists/core-files new file mode 100644 index 0000000000..0dec37e538 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/core-files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/os-release +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/core/184/filelists/dhcpcd b/config/rootfiles/oldcore/184/filelists/dhcpcd similarity index 100% rename from config/rootfiles/core/184/filelists/dhcpcd rename to config/rootfiles/oldcore/184/filelists/dhcpcd diff --git a/config/rootfiles/core/184/filelists/diffutils b/config/rootfiles/oldcore/184/filelists/diffutils similarity index 100% rename from config/rootfiles/core/184/filelists/diffutils rename to config/rootfiles/oldcore/184/filelists/diffutils diff --git a/config/rootfiles/core/184/filelists/ed b/config/rootfiles/oldcore/184/filelists/ed similarity index 100% rename from config/rootfiles/core/184/filelists/ed rename to config/rootfiles/oldcore/184/filelists/ed diff --git a/config/rootfiles/oldcore/184/filelists/expat b/config/rootfiles/oldcore/184/filelists/expat new file mode 120000 index 0000000000..e1923cf639 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/file b/config/rootfiles/oldcore/184/filelists/file similarity index 100% rename from config/rootfiles/core/184/filelists/file rename to config/rootfiles/oldcore/184/filelists/file diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/oldcore/184/filelists/files similarity index 100% rename from config/rootfiles/core/184/filelists/files rename to config/rootfiles/oldcore/184/filelists/files diff --git a/config/rootfiles/core/184/filelists/gettext b/config/rootfiles/oldcore/184/filelists/gettext similarity index 100% rename from config/rootfiles/core/184/filelists/gettext rename to config/rootfiles/oldcore/184/filelists/gettext diff --git a/config/rootfiles/core/184/filelists/gnutls b/config/rootfiles/oldcore/184/filelists/gnutls similarity index 100% rename from config/rootfiles/core/184/filelists/gnutls rename to config/rootfiles/oldcore/184/filelists/gnutls diff --git a/config/rootfiles/core/184/filelists/iana-etc b/config/rootfiles/oldcore/184/filelists/iana-etc similarity index 100% rename from config/rootfiles/core/184/filelists/iana-etc rename to config/rootfiles/oldcore/184/filelists/iana-etc diff --git a/config/rootfiles/oldcore/184/filelists/iproute2 b/config/rootfiles/oldcore/184/filelists/iproute2 new file mode 120000 index 0000000000..05f0f71fb5 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/iproute2 @@ -0,0 +1 @@ +../../../common/iproute2 \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/ipset b/config/rootfiles/oldcore/184/filelists/ipset similarity index 100% rename from config/rootfiles/core/184/filelists/ipset rename to config/rootfiles/oldcore/184/filelists/ipset diff --git a/config/rootfiles/oldcore/184/filelists/iputils b/config/rootfiles/oldcore/184/filelists/iputils new file mode 120000 index 0000000000..361c28f71a --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/libhtp b/config/rootfiles/oldcore/184/filelists/libhtp similarity index 100% rename from config/rootfiles/core/184/filelists/libhtp rename to config/rootfiles/oldcore/184/filelists/libhtp diff --git a/config/rootfiles/core/184/filelists/libidn b/config/rootfiles/oldcore/184/filelists/libidn similarity index 100% rename from config/rootfiles/core/184/filelists/libidn rename to config/rootfiles/oldcore/184/filelists/libidn diff --git a/config/rootfiles/oldcore/184/filelists/libpng b/config/rootfiles/oldcore/184/filelists/libpng new file mode 120000 index 0000000000..8ef96e2c13 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/libpng @@ -0,0 +1 @@ +../../../common/libpng \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/lvm2 b/config/rootfiles/oldcore/184/filelists/lvm2 similarity index 100% rename from config/rootfiles/core/184/filelists/lvm2 rename to config/rootfiles/oldcore/184/filelists/lvm2 diff --git a/config/rootfiles/core/184/filelists/lzip b/config/rootfiles/oldcore/184/filelists/lzip similarity index 100% rename from config/rootfiles/core/184/filelists/lzip rename to config/rootfiles/oldcore/184/filelists/lzip diff --git a/config/rootfiles/core/184/filelists/memtest b/config/rootfiles/oldcore/184/filelists/memtest similarity index 100% rename from config/rootfiles/core/184/filelists/memtest rename to config/rootfiles/oldcore/184/filelists/memtest diff --git a/config/rootfiles/core/184/filelists/openssl b/config/rootfiles/oldcore/184/filelists/openssl similarity index 100% rename from config/rootfiles/core/184/filelists/openssl rename to config/rootfiles/oldcore/184/filelists/openssl diff --git a/config/rootfiles/core/184/filelists/pam b/config/rootfiles/oldcore/184/filelists/pam similarity index 100% rename from config/rootfiles/core/184/filelists/pam rename to config/rootfiles/oldcore/184/filelists/pam diff --git a/config/rootfiles/oldcore/184/filelists/pixman b/config/rootfiles/oldcore/184/filelists/pixman new file mode 120000 index 0000000000..fdb6346ae8 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/pixman @@ -0,0 +1 @@ +../../../common/pixman \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/poppler b/config/rootfiles/oldcore/184/filelists/poppler new file mode 120000 index 0000000000..39aa6c2638 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/poppler @@ -0,0 +1 @@ +../../../common/poppler \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/readline b/config/rootfiles/oldcore/184/filelists/readline similarity index 100% rename from config/rootfiles/core/184/filelists/readline rename to config/rootfiles/oldcore/184/filelists/readline diff --git a/config/rootfiles/oldcore/184/filelists/riscv64/glibc b/config/rootfiles/oldcore/184/filelists/riscv64/glibc new file mode 120000 index 0000000000..36b731f7dd --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/riscv64/glibc @@ -0,0 +1 @@ +../../../../common/riscv64/glibc \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/shadow b/config/rootfiles/oldcore/184/filelists/shadow new file mode 120000 index 0000000000..c0824b7b99 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/shadow @@ -0,0 +1 @@ +../../../common/shadow \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/sqlite b/config/rootfiles/oldcore/184/filelists/sqlite new file mode 120000 index 0000000000..4ea5697669 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/sqlite @@ -0,0 +1 @@ +../../../common/sqlite \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/squid b/config/rootfiles/oldcore/184/filelists/squid new file mode 120000 index 0000000000..2dc8372a0e --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/suricata b/config/rootfiles/oldcore/184/filelists/suricata new file mode 120000 index 0000000000..f671f69933 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/unbound b/config/rootfiles/oldcore/184/filelists/unbound new file mode 120000 index 0000000000..66adf09242 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/vnstat b/config/rootfiles/oldcore/184/filelists/vnstat similarity index 100% rename from config/rootfiles/core/184/filelists/vnstat rename to config/rootfiles/oldcore/184/filelists/vnstat diff --git a/config/rootfiles/core/184/filelists/x86_64/dmidecode b/config/rootfiles/oldcore/184/filelists/x86_64/dmidecode similarity index 100% rename from config/rootfiles/core/184/filelists/x86_64/dmidecode rename to config/rootfiles/oldcore/184/filelists/x86_64/dmidecode diff --git a/config/rootfiles/oldcore/184/filelists/x86_64/glibc b/config/rootfiles/oldcore/184/filelists/x86_64/glibc new file mode 120000 index 0000000000..1119099669 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/x86_64/glibc @@ -0,0 +1 @@ +../../../../common/x86_64/glibc \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/xz b/config/rootfiles/oldcore/184/filelists/xz new file mode 120000 index 0000000000..734e926c7e --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/zlib b/config/rootfiles/oldcore/184/filelists/zlib similarity index 100% rename from config/rootfiles/core/184/filelists/zlib rename to config/rootfiles/oldcore/184/filelists/zlib diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/oldcore/184/update.sh similarity index 100% rename from config/rootfiles/core/184/update.sh rename to config/rootfiles/oldcore/184/update.sh diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 428f73e6c3..2c7242d7e5 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -14,16 +14,17 @@ usr/bin/sigtool #usr/include/libfreshclam.h usr/lib/libclamav.so usr/lib/libclamav.so.12 -usr/lib/libclamav.so.12.0.1 +usr/lib/libclamav.so.12.0.2 +#usr/lib/libclamav_rust.a usr/lib/libclammspack.so usr/lib/libclammspack.so.0 usr/lib/libclammspack.so.0.8.0 usr/lib/libclamunrar.so usr/lib/libclamunrar.so.12 -usr/lib/libclamunrar.so.12.0.1 +usr/lib/libclamunrar.so.12.0.2 usr/lib/libclamunrar_iface.so usr/lib/libclamunrar_iface.so.12 -usr/lib/libclamunrar_iface.so.12.0.1 +usr/lib/libclamunrar_iface.so.12.0.2 usr/lib/libfreshclam.so usr/lib/libfreshclam.so.3 usr/lib/libfreshclam.so.3.0.1 @@ -98,6 +99,7 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-italic.woff2 #usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-regular.woff2 #usr/share/doc/ClamAV/html/fonts/source-code-pro-v11-all-charsets-500.woff2 +#usr/share/doc/ClamAV/html/googled62299e9391332c4.html #usr/share/doc/ClamAV/html/highlight.css #usr/share/doc/ClamAV/html/highlight.js #usr/share/doc/ClamAV/html/images @@ -167,6 +169,7 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/searcher.js #usr/share/doc/ClamAV/html/searchindex.js #usr/share/doc/ClamAV/html/searchindex.json +#usr/share/doc/ClamAV/html/sitemap.xml #usr/share/doc/ClamAV/html/theme-dawn.js #usr/share/doc/ClamAV/html/theme-tomorrow_night.js #usr/share/doc/ClamAV/html/tomorrow-night.css diff --git a/config/rootfiles/packages/ghostscript b/config/rootfiles/packages/ghostscript index c7af93ce23..05242f7258 100644 --- a/config/rootfiles/packages/ghostscript +++ b/config/rootfiles/packages/ghostscript @@ -25,170 +25,170 @@ usr/bin/ps2ps usr/bin/ps2ps2 usr/bin/unix-lpr.sh #usr/share/doc/ghostscript -#usr/share/doc/ghostscript/10.02.1 -#usr/share/doc/ghostscript/10.02.1/COPYING -#usr/share/doc/ghostscript/10.02.1/GS9_Color_Management.pdf -#usr/share/doc/ghostscript/10.02.1/Ghostscript.pdf -#usr/share/doc/ghostscript/10.02.1/News.html +#usr/share/doc/ghostscript/10.03.0 +#usr/share/doc/ghostscript/10.03.0/COPYING +#usr/share/doc/ghostscript/10.03.0/GS9_Color_Management.pdf +#usr/share/doc/ghostscript/10.03.0/Ghostscript.pdf +#usr/share/doc/ghostscript/10.03.0/News.html #usr/share/ghostscript -#usr/share/ghostscript/10.02.1 -#usr/share/ghostscript/10.02.1/lib -#usr/share/ghostscript/10.02.1/lib/PDFA_def.ps -#usr/share/ghostscript/10.02.1/lib/PDFX_def.ps -#usr/share/ghostscript/10.02.1/lib/PM760p.upp -#usr/share/ghostscript/10.02.1/lib/PM760pl.upp -#usr/share/ghostscript/10.02.1/lib/PM820p.upp -#usr/share/ghostscript/10.02.1/lib/PM820pl.upp -#usr/share/ghostscript/10.02.1/lib/Stc670p.upp -#usr/share/ghostscript/10.02.1/lib/Stc670pl.upp -#usr/share/ghostscript/10.02.1/lib/Stc680p.upp -#usr/share/ghostscript/10.02.1/lib/Stc680pl.upp -#usr/share/ghostscript/10.02.1/lib/Stc740p.upp -#usr/share/ghostscript/10.02.1/lib/Stc740pl.upp -#usr/share/ghostscript/10.02.1/lib/Stc760p.upp -#usr/share/ghostscript/10.02.1/lib/Stc760pl.upp -#usr/share/ghostscript/10.02.1/lib/Stc777p.upp -#usr/share/ghostscript/10.02.1/lib/Stc777pl.upp -#usr/share/ghostscript/10.02.1/lib/Stp720p.upp -#usr/share/ghostscript/10.02.1/lib/Stp720pl.upp -#usr/share/ghostscript/10.02.1/lib/Stp870p.upp -#usr/share/ghostscript/10.02.1/lib/Stp870pl.upp -#usr/share/ghostscript/10.02.1/lib/acctest.ps -#usr/share/ghostscript/10.02.1/lib/align.ps -#usr/share/ghostscript/10.02.1/lib/bj8.rpd -#usr/share/ghostscript/10.02.1/lib/bj8gc12f.upp -#usr/share/ghostscript/10.02.1/lib/bj8hg12f.upp -#usr/share/ghostscript/10.02.1/lib/bj8oh06n.upp -#usr/share/ghostscript/10.02.1/lib/bj8pa06n.upp -#usr/share/ghostscript/10.02.1/lib/bj8pp12f.upp -#usr/share/ghostscript/10.02.1/lib/bj8ts06n.upp -#usr/share/ghostscript/10.02.1/lib/bjc6000a1.upp -#usr/share/ghostscript/10.02.1/lib/bjc6000b1.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a0.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a1.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a2.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a3.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a4.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a5.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a6.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a7.upp -#usr/share/ghostscript/10.02.1/lib/bjc610a8.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b1.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b2.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b3.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b4.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b6.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b7.upp -#usr/share/ghostscript/10.02.1/lib/bjc610b8.upp -#usr/share/ghostscript/10.02.1/lib/caption.ps -#usr/share/ghostscript/10.02.1/lib/cbjc600.ppd -#usr/share/ghostscript/10.02.1/lib/cbjc800.ppd -#usr/share/ghostscript/10.02.1/lib/cdj550.upp -#usr/share/ghostscript/10.02.1/lib/cdj690.upp -#usr/share/ghostscript/10.02.1/lib/cdj690ec.upp -#usr/share/ghostscript/10.02.1/lib/cid2code.ps -#usr/share/ghostscript/10.02.1/lib/dnj750c.upp -#usr/share/ghostscript/10.02.1/lib/dnj750m.upp -#usr/share/ghostscript/10.02.1/lib/docie.ps -#usr/share/ghostscript/10.02.1/lib/font2pcl.ps -#usr/share/ghostscript/10.02.1/lib/ghostpdf.ppd -#usr/share/ghostscript/10.02.1/lib/gs_ce_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_css_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_il2_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_kanji.ps -#usr/share/ghostscript/10.02.1/lib/gs_ksb_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_l.xbm -#usr/share/ghostscript/10.02.1/lib/gs_l.xpm -#usr/share/ghostscript/10.02.1/lib/gs_l_m.xbm -#usr/share/ghostscript/10.02.1/lib/gs_lgo_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_lgx_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_m.xbm -#usr/share/ghostscript/10.02.1/lib/gs_m.xpm -#usr/share/ghostscript/10.02.1/lib/gs_m_m.xbm -#usr/share/ghostscript/10.02.1/lib/gs_s.xbm -#usr/share/ghostscript/10.02.1/lib/gs_s.xpm -#usr/share/ghostscript/10.02.1/lib/gs_s_m.xbm -#usr/share/ghostscript/10.02.1/lib/gs_t.xbm -#usr/share/ghostscript/10.02.1/lib/gs_t.xpm -#usr/share/ghostscript/10.02.1/lib/gs_t_m.xbm -#usr/share/ghostscript/10.02.1/lib/gs_wl1_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_wl2_e.ps -#usr/share/ghostscript/10.02.1/lib/gs_wl5_e.ps -#usr/share/ghostscript/10.02.1/lib/gslp.ps -#usr/share/ghostscript/10.02.1/lib/gsnup.ps -#usr/share/ghostscript/10.02.1/lib/ht_ccsto.ps -#usr/share/ghostscript/10.02.1/lib/image-qa.ps -#usr/share/ghostscript/10.02.1/lib/jispaper.ps -#usr/share/ghostscript/10.02.1/lib/landscap.ps -#usr/share/ghostscript/10.02.1/lib/lines.ps -#usr/share/ghostscript/10.02.1/lib/mkcidfm.ps -#usr/share/ghostscript/10.02.1/lib/necp2x.upp -#usr/share/ghostscript/10.02.1/lib/necp2x6.upp -#usr/share/ghostscript/10.02.1/lib/pdf2dsc.ps -#usr/share/ghostscript/10.02.1/lib/pdf_info.ps -#usr/share/ghostscript/10.02.1/lib/pf2afm.ps -#usr/share/ghostscript/10.02.1/lib/pfbtopfa.ps -#usr/share/ghostscript/10.02.1/lib/ppath.ps -#usr/share/ghostscript/10.02.1/lib/pphs.ps -#usr/share/ghostscript/10.02.1/lib/prfont.ps -#usr/share/ghostscript/10.02.1/lib/printafm.ps -#usr/share/ghostscript/10.02.1/lib/ps2ai.ps -#usr/share/ghostscript/10.02.1/lib/ps2epsi.ps -#usr/share/ghostscript/10.02.1/lib/ras1.upp -#usr/share/ghostscript/10.02.1/lib/ras24.upp -#usr/share/ghostscript/10.02.1/lib/ras3.upp -#usr/share/ghostscript/10.02.1/lib/ras32.upp -#usr/share/ghostscript/10.02.1/lib/ras4.upp -#usr/share/ghostscript/10.02.1/lib/ras8m.upp -#usr/share/ghostscript/10.02.1/lib/rollconv.ps -#usr/share/ghostscript/10.02.1/lib/s400a1.upp -#usr/share/ghostscript/10.02.1/lib/s400b1.upp -#usr/share/ghostscript/10.02.1/lib/sharp.upp -#usr/share/ghostscript/10.02.1/lib/sipixa6.upp -#usr/share/ghostscript/10.02.1/lib/st640ih.upp -#usr/share/ghostscript/10.02.1/lib/st640ihg.upp -#usr/share/ghostscript/10.02.1/lib/st640p.upp -#usr/share/ghostscript/10.02.1/lib/st640pg.upp -#usr/share/ghostscript/10.02.1/lib/st640pl.upp -#usr/share/ghostscript/10.02.1/lib/st640plg.upp -#usr/share/ghostscript/10.02.1/lib/stc.upp -#usr/share/ghostscript/10.02.1/lib/stc1520h.upp -#usr/share/ghostscript/10.02.1/lib/stc2.upp -#usr/share/ghostscript/10.02.1/lib/stc200_h.upp -#usr/share/ghostscript/10.02.1/lib/stc2_h.upp -#usr/share/ghostscript/10.02.1/lib/stc2s_h.upp -#usr/share/ghostscript/10.02.1/lib/stc300.upp -#usr/share/ghostscript/10.02.1/lib/stc300bl.upp -#usr/share/ghostscript/10.02.1/lib/stc300bm.upp -#usr/share/ghostscript/10.02.1/lib/stc500p.upp -#usr/share/ghostscript/10.02.1/lib/stc500ph.upp -#usr/share/ghostscript/10.02.1/lib/stc600ih.upp -#usr/share/ghostscript/10.02.1/lib/stc600p.upp -#usr/share/ghostscript/10.02.1/lib/stc600pl.upp -#usr/share/ghostscript/10.02.1/lib/stc640p.upp -#usr/share/ghostscript/10.02.1/lib/stc740ih.upp -#usr/share/ghostscript/10.02.1/lib/stc800ih.upp -#usr/share/ghostscript/10.02.1/lib/stc800p.upp -#usr/share/ghostscript/10.02.1/lib/stc800pl.upp -#usr/share/ghostscript/10.02.1/lib/stc_h.upp -#usr/share/ghostscript/10.02.1/lib/stc_l.upp -#usr/share/ghostscript/10.02.1/lib/stcany.upp -#usr/share/ghostscript/10.02.1/lib/stcany_h.upp -#usr/share/ghostscript/10.02.1/lib/stcinfo.ps -#usr/share/ghostscript/10.02.1/lib/stcolor.ps -#usr/share/ghostscript/10.02.1/lib/stocht.ps -#usr/share/ghostscript/10.02.1/lib/traceimg.ps -#usr/share/ghostscript/10.02.1/lib/traceop.ps -#usr/share/ghostscript/10.02.1/lib/uninfo.ps -#usr/share/ghostscript/10.02.1/lib/viewcmyk.ps -#usr/share/ghostscript/10.02.1/lib/viewgif.ps -#usr/share/ghostscript/10.02.1/lib/viewjpeg.ps -#usr/share/ghostscript/10.02.1/lib/viewmiff.ps -#usr/share/ghostscript/10.02.1/lib/viewpbm.ps -#usr/share/ghostscript/10.02.1/lib/viewpcx.ps -#usr/share/ghostscript/10.02.1/lib/viewps2a.ps -#usr/share/ghostscript/10.02.1/lib/winmaps.ps -#usr/share/ghostscript/10.02.1/lib/zeroline.ps +#usr/share/ghostscript/10.03.0 +#usr/share/ghostscript/10.03.0/lib +#usr/share/ghostscript/10.03.0/lib/PDFA_def.ps +#usr/share/ghostscript/10.03.0/lib/PDFX_def.ps +#usr/share/ghostscript/10.03.0/lib/PM760p.upp +#usr/share/ghostscript/10.03.0/lib/PM760pl.upp +#usr/share/ghostscript/10.03.0/lib/PM820p.upp +#usr/share/ghostscript/10.03.0/lib/PM820pl.upp +#usr/share/ghostscript/10.03.0/lib/Stc670p.upp +#usr/share/ghostscript/10.03.0/lib/Stc670pl.upp +#usr/share/ghostscript/10.03.0/lib/Stc680p.upp +#usr/share/ghostscript/10.03.0/lib/Stc680pl.upp +#usr/share/ghostscript/10.03.0/lib/Stc740p.upp +#usr/share/ghostscript/10.03.0/lib/Stc740pl.upp +#usr/share/ghostscript/10.03.0/lib/Stc760p.upp +#usr/share/ghostscript/10.03.0/lib/Stc760pl.upp +#usr/share/ghostscript/10.03.0/lib/Stc777p.upp +#usr/share/ghostscript/10.03.0/lib/Stc777pl.upp +#usr/share/ghostscript/10.03.0/lib/Stp720p.upp +#usr/share/ghostscript/10.03.0/lib/Stp720pl.upp +#usr/share/ghostscript/10.03.0/lib/Stp870p.upp +#usr/share/ghostscript/10.03.0/lib/Stp870pl.upp +#usr/share/ghostscript/10.03.0/lib/acctest.ps +#usr/share/ghostscript/10.03.0/lib/align.ps +#usr/share/ghostscript/10.03.0/lib/bj8.rpd +#usr/share/ghostscript/10.03.0/lib/bj8gc12f.upp +#usr/share/ghostscript/10.03.0/lib/bj8hg12f.upp +#usr/share/ghostscript/10.03.0/lib/bj8oh06n.upp +#usr/share/ghostscript/10.03.0/lib/bj8pa06n.upp +#usr/share/ghostscript/10.03.0/lib/bj8pp12f.upp +#usr/share/ghostscript/10.03.0/lib/bj8ts06n.upp +#usr/share/ghostscript/10.03.0/lib/bjc6000a1.upp +#usr/share/ghostscript/10.03.0/lib/bjc6000b1.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a0.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a1.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a2.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a3.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a4.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a5.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a6.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a7.upp +#usr/share/ghostscript/10.03.0/lib/bjc610a8.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b1.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b2.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b3.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b4.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b6.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b7.upp +#usr/share/ghostscript/10.03.0/lib/bjc610b8.upp +#usr/share/ghostscript/10.03.0/lib/caption.ps +#usr/share/ghostscript/10.03.0/lib/cbjc600.ppd +#usr/share/ghostscript/10.03.0/lib/cbjc800.ppd +#usr/share/ghostscript/10.03.0/lib/cdj550.upp +#usr/share/ghostscript/10.03.0/lib/cdj690.upp +#usr/share/ghostscript/10.03.0/lib/cdj690ec.upp +#usr/share/ghostscript/10.03.0/lib/cid2code.ps +#usr/share/ghostscript/10.03.0/lib/dnj750c.upp +#usr/share/ghostscript/10.03.0/lib/dnj750m.upp +#usr/share/ghostscript/10.03.0/lib/docie.ps +#usr/share/ghostscript/10.03.0/lib/font2pcl.ps +#usr/share/ghostscript/10.03.0/lib/ghostpdf.ppd +#usr/share/ghostscript/10.03.0/lib/gs_ce_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_css_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_il2_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_kanji.ps +#usr/share/ghostscript/10.03.0/lib/gs_ksb_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_l.xbm +#usr/share/ghostscript/10.03.0/lib/gs_l.xpm +#usr/share/ghostscript/10.03.0/lib/gs_l_m.xbm +#usr/share/ghostscript/10.03.0/lib/gs_lgo_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_lgx_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_m.xbm +#usr/share/ghostscript/10.03.0/lib/gs_m.xpm +#usr/share/ghostscript/10.03.0/lib/gs_m_m.xbm +#usr/share/ghostscript/10.03.0/lib/gs_s.xbm +#usr/share/ghostscript/10.03.0/lib/gs_s.xpm +#usr/share/ghostscript/10.03.0/lib/gs_s_m.xbm +#usr/share/ghostscript/10.03.0/lib/gs_t.xbm +#usr/share/ghostscript/10.03.0/lib/gs_t.xpm +#usr/share/ghostscript/10.03.0/lib/gs_t_m.xbm +#usr/share/ghostscript/10.03.0/lib/gs_wl1_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_wl2_e.ps +#usr/share/ghostscript/10.03.0/lib/gs_wl5_e.ps +#usr/share/ghostscript/10.03.0/lib/gslp.ps +#usr/share/ghostscript/10.03.0/lib/gsnup.ps +#usr/share/ghostscript/10.03.0/lib/ht_ccsto.ps +#usr/share/ghostscript/10.03.0/lib/image-qa.ps +#usr/share/ghostscript/10.03.0/lib/jispaper.ps +#usr/share/ghostscript/10.03.0/lib/landscap.ps +#usr/share/ghostscript/10.03.0/lib/lines.ps +#usr/share/ghostscript/10.03.0/lib/mkcidfm.ps +#usr/share/ghostscript/10.03.0/lib/necp2x.upp +#usr/share/ghostscript/10.03.0/lib/necp2x6.upp +#usr/share/ghostscript/10.03.0/lib/pdf2dsc.ps +#usr/share/ghostscript/10.03.0/lib/pdf_info.ps +#usr/share/ghostscript/10.03.0/lib/pf2afm.ps +#usr/share/ghostscript/10.03.0/lib/pfbtopfa.ps +#usr/share/ghostscript/10.03.0/lib/ppath.ps +#usr/share/ghostscript/10.03.0/lib/pphs.ps +#usr/share/ghostscript/10.03.0/lib/prfont.ps +#usr/share/ghostscript/10.03.0/lib/printafm.ps +#usr/share/ghostscript/10.03.0/lib/ps2ai.ps +#usr/share/ghostscript/10.03.0/lib/ps2epsi.ps +#usr/share/ghostscript/10.03.0/lib/ras1.upp +#usr/share/ghostscript/10.03.0/lib/ras24.upp +#usr/share/ghostscript/10.03.0/lib/ras3.upp +#usr/share/ghostscript/10.03.0/lib/ras32.upp +#usr/share/ghostscript/10.03.0/lib/ras4.upp +#usr/share/ghostscript/10.03.0/lib/ras8m.upp +#usr/share/ghostscript/10.03.0/lib/rollconv.ps +#usr/share/ghostscript/10.03.0/lib/s400a1.upp +#usr/share/ghostscript/10.03.0/lib/s400b1.upp +#usr/share/ghostscript/10.03.0/lib/sharp.upp +#usr/share/ghostscript/10.03.0/lib/sipixa6.upp +#usr/share/ghostscript/10.03.0/lib/st640ih.upp +#usr/share/ghostscript/10.03.0/lib/st640ihg.upp +#usr/share/ghostscript/10.03.0/lib/st640p.upp +#usr/share/ghostscript/10.03.0/lib/st640pg.upp +#usr/share/ghostscript/10.03.0/lib/st640pl.upp +#usr/share/ghostscript/10.03.0/lib/st640plg.upp +#usr/share/ghostscript/10.03.0/lib/stc.upp +#usr/share/ghostscript/10.03.0/lib/stc1520h.upp +#usr/share/ghostscript/10.03.0/lib/stc2.upp +#usr/share/ghostscript/10.03.0/lib/stc200_h.upp +#usr/share/ghostscript/10.03.0/lib/stc2_h.upp +#usr/share/ghostscript/10.03.0/lib/stc2s_h.upp +#usr/share/ghostscript/10.03.0/lib/stc300.upp +#usr/share/ghostscript/10.03.0/lib/stc300bl.upp +#usr/share/ghostscript/10.03.0/lib/stc300bm.upp +#usr/share/ghostscript/10.03.0/lib/stc500p.upp +#usr/share/ghostscript/10.03.0/lib/stc500ph.upp +#usr/share/ghostscript/10.03.0/lib/stc600ih.upp +#usr/share/ghostscript/10.03.0/lib/stc600p.upp +#usr/share/ghostscript/10.03.0/lib/stc600pl.upp +#usr/share/ghostscript/10.03.0/lib/stc640p.upp +#usr/share/ghostscript/10.03.0/lib/stc740ih.upp +#usr/share/ghostscript/10.03.0/lib/stc800ih.upp +#usr/share/ghostscript/10.03.0/lib/stc800p.upp +#usr/share/ghostscript/10.03.0/lib/stc800pl.upp +#usr/share/ghostscript/10.03.0/lib/stc_h.upp +#usr/share/ghostscript/10.03.0/lib/stc_l.upp +#usr/share/ghostscript/10.03.0/lib/stcany.upp +#usr/share/ghostscript/10.03.0/lib/stcany_h.upp +#usr/share/ghostscript/10.03.0/lib/stcinfo.ps +#usr/share/ghostscript/10.03.0/lib/stcolor.ps +#usr/share/ghostscript/10.03.0/lib/stocht.ps +#usr/share/ghostscript/10.03.0/lib/traceimg.ps +#usr/share/ghostscript/10.03.0/lib/traceop.ps +#usr/share/ghostscript/10.03.0/lib/uninfo.ps +#usr/share/ghostscript/10.03.0/lib/viewcmyk.ps +#usr/share/ghostscript/10.03.0/lib/viewgif.ps +#usr/share/ghostscript/10.03.0/lib/viewjpeg.ps +#usr/share/ghostscript/10.03.0/lib/viewmiff.ps +#usr/share/ghostscript/10.03.0/lib/viewpbm.ps +#usr/share/ghostscript/10.03.0/lib/viewpcx.ps +#usr/share/ghostscript/10.03.0/lib/viewps2a.ps +#usr/share/ghostscript/10.03.0/lib/winmaps.ps +#usr/share/ghostscript/10.03.0/lib/zeroline.ps #usr/share/ghostscript/fonts #usr/share/ghostscript/fonts/COPYING #usr/share/ghostscript/fonts/ChangeLog diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git index 306767e4b8..17efb20122 100644 --- a/config/rootfiles/packages/git +++ b/config/rootfiles/packages/git @@ -133,6 +133,7 @@ usr/libexec/git-core/git-remote-http usr/libexec/git-core/git-remote-https usr/libexec/git-core/git-repack usr/libexec/git-core/git-replace +usr/libexec/git-core/git-replay usr/libexec/git-core/git-request-pull usr/libexec/git-core/git-rerere usr/libexec/git-core/git-reset diff --git a/config/rootfiles/packages/gnump3d b/config/rootfiles/packages/gnump3d index 4679c87b1b..ab1f0282cb 100644 --- a/config/rootfiles/packages/gnump3d +++ b/config/rootfiles/packages/gnump3d @@ -387,4 +387,5 @@ usr/share/gnump3d var/cache/gnump3d var/cache/gnump3d/serving var/log/gnump3d +#var/mp3 var/mp3/info diff --git a/config/rootfiles/packages/gutenprint b/config/rootfiles/packages/gutenprint index 8d6fdd489b..fb44ab7e48 100644 --- a/config/rootfiles/packages/gutenprint +++ b/config/rootfiles/packages/gutenprint @@ -450,4 +450,3 @@ usr/share/gutenprint/samples/testpattern.sample #usr/share/man/man8/cups-genppd.8 #usr/share/man/man8/cups-genppdupdate.8 var/ipfire/cups/command.types - diff --git a/config/rootfiles/packages/libmpdclient b/config/rootfiles/packages/libmpdclient index 531afce82d..1c9da51f9a 100644 --- a/config/rootfiles/packages/libmpdclient +++ b/config/rootfiles/packages/libmpdclient @@ -1,6 +1,8 @@ #usr/include/mpd +#usr/include/mpd/albumart.h #usr/include/mpd/async.h #usr/include/mpd/audio_format.h +#usr/include/mpd/binary.h #usr/include/mpd/capabilities.h #usr/include/mpd/client.h #usr/include/mpd/compiler.h @@ -23,8 +25,10 @@ #usr/include/mpd/password.h #usr/include/mpd/player.h #usr/include/mpd/playlist.h +#usr/include/mpd/position.h #usr/include/mpd/protocol.h #usr/include/mpd/queue.h +#usr/include/mpd/readpicture.h #usr/include/mpd/recv.h #usr/include/mpd/replay_gain.h #usr/include/mpd/response.h @@ -40,13 +44,11 @@ #usr/include/mpd/version.h usr/lib/libmpdclient.so usr/lib/libmpdclient.so.2 -usr/lib/libmpdclient.so.2.19 +usr/lib/libmpdclient.so.2.22 #usr/lib/pkgconfig/libmpdclient.pc #usr/share/doc/libmpdclient #usr/share/doc/libmpdclient/AUTHORS -#usr/share/doc/libmpdclient/COPYING +#usr/share/doc/libmpdclient/BSD-2-Clause.txt +#usr/share/doc/libmpdclient/BSD-3-Clause.txt #usr/share/doc/libmpdclient/NEWS #usr/share/doc/libmpdclient/README.rst -#usr/share/vala -#usr/share/vala/vapi -#usr/share/vala/vapi/libmpdclient.vapi diff --git a/config/rootfiles/packages/libplist b/config/rootfiles/packages/libplist index 8f2d3b9e05..53be64faaf 100644 --- a/config/rootfiles/packages/libplist +++ b/config/rootfiles/packages/libplist @@ -17,11 +17,11 @@ #usr/lib/libplist++-2.0.la #usr/lib/libplist++-2.0.so usr/lib/libplist++-2.0.so.4 -usr/lib/libplist++-2.0.so.4.3.0 +usr/lib/libplist++-2.0.so.4.4.0 #usr/lib/libplist-2.0.la #usr/lib/libplist-2.0.so usr/lib/libplist-2.0.so.4 -usr/lib/libplist-2.0.so.4.3.0 +usr/lib/libplist-2.0.so.4.4.0 #usr/lib/pkgconfig/libplist++-2.0.pc #usr/lib/pkgconfig/libplist-2.0.pc #usr/share/man/man1/plistutil.1 diff --git a/config/rootfiles/packages/mpd b/config/rootfiles/packages/mpd index 85501238ba..828ae31e17 100644 --- a/config/rootfiles/packages/mpd +++ b/config/rootfiles/packages/mpd @@ -8,3 +8,10 @@ usr/bin/mpd #usr/share/icons/hicolor/scalable/apps/mpd.svg var/log/mpd.error.log var/log/mpd.log +var/ipfire/backup/addons/includes/mpd +#var/ipfire/mpd +#var/ipfire/mpd/db +var/ipfire/mpd/db/info +var/ipfire/mpd/mpd.conf +var/ipfire/mpd/playlist.m3u +var/mp3/info diff --git a/config/rootfiles/packages/mpfire b/config/rootfiles/packages/mpfire index ec0ea43959..ab12bde032 100644 --- a/config/rootfiles/packages/mpfire +++ b/config/rootfiles/packages/mpfire @@ -27,15 +27,9 @@ var/ipfire/menu.d/EX-mpfire.menu var/ipfire/mpfire var/ipfire/mpfire/bin var/ipfire/mpfire/bin/mpfire.pl -#var/ipfire/mpfire/db -var/ipfire/mpfire/db/info -var/ipfire/mpfire/mpd.conf -var/ipfire/mpfire/playlist.m3u var/ipfire/mpfire/settings var/ipfire/mpfire/webradio -var/mp3/info usr/local/bin/mpfirectrl srv/web/ipfire/cgi-bin/mpfire.cgi srv/web/ipfire/html/images/mpfire var/ipfire/menu.d/EX-mpfire.menu -#var/mp3 diff --git a/config/rootfiles/packages/mympd b/config/rootfiles/packages/mympd index bc9912b85a..b0ac2859fc 100644 --- a/config/rootfiles/packages/mympd +++ b/config/rootfiles/packages/mympd @@ -1,5 +1,6 @@ etc/rc.d/init.d/mympd usr/bin/mympd +usr/bin/mympd-config usr/bin/mympd-script #usr/lib/systemd/system/mympd.service #usr/share/doc/mympd @@ -7,6 +8,7 @@ usr/bin/mympd-script #usr/share/doc/mympd/LICENSE.md #usr/share/doc/mympd/README.md #usr/share/doc/mympd/SECURITY.md +#usr/share/man/man1/mympd-config.1.gz #usr/share/man/man1/mympd-script.1.gz #usr/share/man/man1/mympd.1.gz var/ipfire/backup/addons/includes/mympd @@ -16,3 +18,5 @@ var/lib/mympd #var/lib/mympd/config/ssl_port #var/lib/mympd/state #var/lib/mympd/state/music_directory +srv/web/ipfire/cgi-bin/mympd.cgi +var/ipfire/menu.d/EX-mympd.menu diff --git a/config/rootfiles/packages/opus b/config/rootfiles/packages/opus index 398135c3da..1865d30e24 100644 --- a/config/rootfiles/packages/opus +++ b/config/rootfiles/packages/opus @@ -8,6 +8,6 @@ #usr/lib/libopus.la #usr/lib/libopus.so usr/lib/libopus.so.0 -usr/lib/libopus.so.0.9.0 +usr/lib/libopus.so.0.10.0 #usr/lib/pkgconfig/opus.pc #usr/share/aclocal/opus.m4 diff --git a/config/rootfiles/packages/sdl2 b/config/rootfiles/packages/sdl2 index 10691044c1..b0d9606604 100644 --- a/config/rootfiles/packages/sdl2 +++ b/config/rootfiles/packages/sdl2 @@ -82,7 +82,7 @@ #usr/lib/cmake/SDL2/sdl2-config-version.cmake #usr/lib/cmake/SDL2/sdl2-config.cmake usr/lib/libSDL2-2.0.so.0 -usr/lib/libSDL2-2.0.so.0.2800.5 +usr/lib/libSDL2-2.0.so.0.3000.1 #usr/lib/libSDL2.la usr/lib/libSDL2.so #usr/lib/libSDL2_test.a diff --git a/config/rootfiles/packages/transmission b/config/rootfiles/packages/transmission index 827205a11e..66b832e3c9 100644 --- a/config/rootfiles/packages/transmission +++ b/config/rootfiles/packages/transmission @@ -17,3 +17,5 @@ usr/share/transmission #usr/share/transmission/public_html/transmission-app.js #usr/share/transmission/public_html/transmission-app.js.LEGAL.txt var/ipfire/backup/addons/includes/transmission +srv/web/ipfire/cgi-bin/transmission.cgi +var/ipfire/menu.d/EX-transmission.menu diff --git a/config/rootfiles/packages/vdr b/config/rootfiles/packages/vdr index b08f1f04d0..8a6895df4f 100644 --- a/config/rootfiles/packages/vdr +++ b/config/rootfiles/packages/vdr @@ -87,3 +87,5 @@ usr/share/vdr var/cache/vdr var/ipfire/backup/addons/includes/vdr #var/video +srv/web/ipfire/cgi-bin/vdr.cgi +var/ipfire/menu.d/EX-vdr.menu diff --git a/config/rootfiles/packages/wsdd b/config/rootfiles/packages/wsdd new file mode 100644 index 0000000000..ce225043ae --- /dev/null +++ b/config/rootfiles/packages/wsdd @@ -0,0 +1,2 @@ +etc/rc.d/init.d/wsdd +usr/bin/wsdd diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 729a47ac62..8e10cb4c8a 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -20,3 +20,6 @@ var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf var/ipfire/zabbix_agentd/userparameters var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf +var/ipfire/zabbix_agentd/scripts +var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 14d1b865f3..2b3b4ffcb7 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,44 +97,14 @@ our %Providers = ( dl_type => "plain", },
- # Positive Technologies Attack Detection Team rules. - attack_detection => { - summary => "PT Attack Detection Team Rules", - website => "https://github.com/ptresearch/AttackDetection", - tr_string => "attack detection team rules", + # ThreatFox + threatfox => { + summary => "ThreatFox Indicators Of Compromise Rules", + website => "https://threatfox.abuse.ch/", + tr_string => "threatfox rules", requires_subscription => "False", - dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules...", - dl_type => "archive", - }, - - # Secureworks Security rules. - secureworks_security => { - summary => "Secureworks Security Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks security ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz", - dl_type => "archive", - }, - - # Secureworks Malware rules. - secureworks_malware => { - summary => "Secureworks Malware Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks malware ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz", - dl_type => "archive", - }, - - # Secureworks Enhanced rules. - secureworks_enhanced => { - summary => "Secureworks Enhanced Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks enhanced ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz", - dl_type => "archive", + dl_url => "https://threatfox.abuse.ch/downloads/threatfox_suricata.rules", + dl_type => "plain", },
# Travis B. Green hunting rules. diff --git a/config/zabbix_agentd/ipfire_certificate_detail.sh b/config/zabbix_agentd/ipfire_certificate_detail.sh new file mode 100755 index 0000000000..9ca0ef5de9 --- /dev/null +++ b/config/zabbix_agentd/ipfire_certificate_detail.sh @@ -0,0 +1,91 @@ +#!/bin/bash +############################################################################### +# ipfire_certificate_detail.sh - Get certificate details and validation results +# in JSON format for use by Zabbix agent +# +# Author: robin.roevens (at) disroot.org +# Version: 1.0 +# +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +############################################################################### + +# Required binaries +OPENSSL=/usr/bin/openssl +DATE=/bin/date + +# Parameter checking +[[ $1 ]] || { echo "{"error":"No CA certificate file given."}"; exit 1; } +[[ -f $1 ]] || { echo "{"error":"CA certificate not found: $1."}"; exit 1; } +[[ -r $1 ]] || { echo "{"error":"No read permission on CA certificate: $1."}"; exit 1; } +[[ $2 ]] || { echo "{"error":"No certificate file given."}"; exit 1; } +[[ -f $2 ]] || { echo "{"error":"Certificate not found: $2."}"; exit 1; } +[[ -r $2 ]] || { echo "{"error":"No read permission on certificate $2."}"; exit 1; } +[[ -x $OPENSSL ]] || { echo "{"error":"$OPENSSL binary not found or no permission."}"; exit 1; } +[[ -x $DATE ]] || { echo "{"error":"$DATE binary not found or no permission."}"; exit 1; } + +cafile=$1 +cert=$2 + +# Parse certificate details +cert_details=$(${OPENSSL} x509 -in "${cert}" -noout -text -certopt no_header,no_sigdump) +version=$(echo "${cert_details}" | grep "Version:" | sed 's/^ +Version: ([0-9]+) (.+)$/\1/g') +serial_number=$(echo "${cert_details}" | grep -A1 "Serial Number:" | tr -d '\n' | sed 's/^ +Serial Number:(( (.*) ([0-9]+x[0-9]+).*)|( +(.*)$))/\3\5/g') +signature_algorithm=$(echo "${cert_details}" | grep "Signature Algorithm:" | sed 's/^ +Signature Algorithm: //g') +issuer=$(echo "${cert_details}" | grep "Issuer:" | sed 's/^ +Issuer: //g' | sed 's/"/\"/g') +not_before_value=$(echo "${cert_details}" | grep "Not Before:" | sed 's/^ +Not Before: //g') +not_before_timestamp=$(${DATE} -d "${not_before_value}" +%s) +not_after_value=$(echo "${cert_details}" | grep "Not After :" | sed 's/^ +Not After : //g') +not_after_timestamp=$(${DATE} -d "${not_after_value}" +%s) +subject=$(echo "${cert_details}" | grep "Subject:" | sed 's/^ +Subject: //g' | sed 's/"/\"/g') +public_key_algorithm=$(echo "${cert_details}" | grep "Public Key Algorithm:" | sed 's/^ +Public Key Algorithm: //g') + +# Verify certificate +cert_verify=$(${OPENSSL} verify -CAfile "${cafile}" "${cert}" 2>&1) +if [[ $? != 0 ]]; then + result_value="invalid" + result_message="failed to verify certificate: x509: $(echo "${cert_verify}" | grep -E "error [0-9]+" | sed 's/^.+: (.+)/\1/g')" +else + result_value="valid" + result_message="certificate verified successfully" +fi + +# Generate fingerprints +sha1_fingerprint=$(${OPENSSL} x509 -in "${cert}" -noout -fingerprint -sha1 | cut -d= -f2) +sha256_fingerprint=$(${OPENSSL} x509 -in "${cert}" -noout -fingerprint -sha256 | cut -d= -f2) + +# Print certificate details in JSON +echo -n "{"x509":{" +echo -n ""version":"${version}"," +echo -n ""serial_number":"${serial_number}"," +echo -n ""signature_algorithm":"${signature_algorithm}"," +echo -n ""issuer":"${issuer}"," +echo -n ""not_before":{" +echo -n ""value":"${not_before_value}"," +echo -n ""timestamp":"${not_before_timestamp}"}," +echo -n ""not_after":{" +echo -n ""value":"${not_after_value}"," +echo -n ""timestamp":"${not_after_timestamp}"}," +echo -n ""subject":"${subject}"," +echo -n ""public_key_algorithm":"${public_key_algorithm}"}," +echo -n ""result":{" +echo -n ""value":"${result_value}"," +echo -n ""message":"${result_message}"}," +echo -n ""sha1_fingerprint":"${sha1_fingerprint}"," +echo -n ""sha256_fingerprint":"${sha256_fingerprint}"" +echo -n "}" + +exit 0 \ No newline at end of file diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index d93ec5d556..138c75635a 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -9,3 +9,4 @@ # Defaults:zabbix !requiretty zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log +zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf index ba0c6c2ca3..d2d0c83078 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -9,10 +9,4 @@ UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/ # Number of currently Active DHCP leases UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l # Number of Captive Portal clients -UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients -# Discovery of configured ovpn clients -UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{"{#NAME}":"%s","{#COMMONNAME}":"%s","{#STATE}":"%s","{#REMARK}":"%s","{#TYPE}":"%s"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }' -# Get OpenVPN status report -UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf ""timestamp":%s,"clients":[",unixtime($2) } /^.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{"common_name":"%s","real_address":"%s","bytes_in":"%s","bytes_out":"%s","connected_since":"%s"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],"routing_table":["; separator = "" } /^[0-9]+.[0-9]+.[0-9]+.[0-9]+,.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{"common_name":"%s","virtual_address":"%s","real_address":"%s","last_ref":"%s"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }' -# Allow item key to be called with (unused) parameters. This allows the #SINGLETON method of discovering this item only when openvpn service is active -Alias=ipfire.ovpn.statusreport.get[]:ipfire.ovpn.statusreport.get \ No newline at end of file +UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients \ No newline at end of file diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf new file mode 100644 index 0000000000..a7a6d8535f --- /dev/null +++ b/config/zabbix_agentd/userparameter_ovpn.conf @@ -0,0 +1,13 @@ +# Parameters for monitoring IPFire OpenVPN specific metrics +# +# Discovery of configured ovpn clients +UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{"{#NAME}":"%s","{#COMMONNAME}":"%s","{#STATE}":"%s","{#REMARK}":"%s","{#TYPE}":"%s"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }' +# Get OpenVPN status report +UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf ""timestamp":%s,"clients":[",unixtime($2) } /^.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{"common_name":"%s","real_address":"%s","bytes_in":"%s","bytes_out":"%s","connected_since":"%s"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],"routing_table":["; separator = "" } /^[0-9]+.[0-9]+.[0-9]+.[0-9]+,.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{"common_name":"%s","virtual_address":"%s","real_address":"%s","last_ref":"%s"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }' +# Get OpenVPN client certificate details +UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem +UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem + +# Allow item key to be called with (unused) parameters. This allows the #SINGLETON method of discovering this item only when openvpn service is active +Alias=ipfire.ovpn.statusreport.get[]:ipfire.ovpn.statusreport.get +Alias=ipfire.ovpn.cacert[]:ipfire.ovpn.cacert \ No newline at end of file diff --git a/doc/language_issues.en b/doc/language_issues.en index 86d5890f23..2eca62e606 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -687,7 +687,7 @@ WARNING: untranslated string: drop outgoing = Log dropped outgoing packets WARNING: untranslated string: drop portscan = Log dropped portscan packets WARNING: untranslated string: drop proxy = Drop all packets not addressed to proxy WARNING: untranslated string: drop samba = Drop all Microsoft ports 135,137,138,139,445,1025 -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: drop wirelessforward = Log dropped wireless forward packets WARNING: untranslated string: drop wirelessinput = Log dropped wireless input packets WARNING: untranslated string: dst port = Dst Port @@ -1743,6 +1743,7 @@ WARNING: untranslated string: system = System WARNING: untranslated string: system information = System Information WARNING: untranslated string: system is offline = The system is offline. WARNING: untranslated string: system logs = System Logs +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: ta key = TLS-Authentification-Key WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) @@ -1756,6 +1757,7 @@ WARNING: untranslated string: thirty minutes = 30 Minutes WARNING: untranslated string: thursday = Thursday WARNING: untranslated string: time = Time WARNING: untranslated string: time server = Time Server +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: timeout must be a number = Timeout must be a number. WARNING: untranslated string: title = Title WARNING: untranslated string: to = To diff --git a/doc/language_issues.es b/doc/language_issues.es index 30e20ae87d..ff5434e05d 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1010,6 +1010,8 @@ WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: service boot setting unavailable = No valid runlevel symlink was found for the initscript of this service. WARNING: untranslated string: spec rstack overflow = Speculative Return Stack Overflow +WARNING: untranslated string: system time = System Time (as of last page load) +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index a53358147c..395afd9982 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -908,15 +908,10 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val vlan tag range error WARNING: translation string unused: zoneconf val zoneslave amount error WARNING: untranslated string: core notice 3 = available. -WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: enable disable client = unknown string WARNING: untranslated string: enable disable dyndns = unknown string WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string -WARNING: untranslated string: extrahd mounted = Mounted -WARNING: untranslated string: extrahd no mount point given = No mount point given -WARNING: untranslated string: extrahd not configured = Not configured -WARNING: untranslated string: extrahd not mounted = Not mounted WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian block a host = unknown string @@ -948,19 +943,12 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string -WARNING: untranslated string: hostile networks in = From Hostile Networks -WARNING: untranslated string: hostile networks out = To Hostile Networks WARNING: untranslated string: hostile networks total = Total Hostile Networks -WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks -WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. -WARNING: untranslated string: regenerate host certificate = Renew Host Certificate -WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. -WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. -WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string -WARNING: untranslated string: spec rstack overflow = Speculative Return Stack Overflow +WARNING: untranslated string: system time = System Time (as of last page load) +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string WARNING: untranslated string: wio cron = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 24efece2b4..d9bad7f14c 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -973,7 +973,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: eight hours = 8 Hours WARNING: untranslated string: email config = Configuration @@ -1260,10 +1260,12 @@ WARNING: untranslated string: strict = Strict WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: system is offline = The system is offline. +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country diff --git a/doc/language_issues.nl b/doc/language_issues.nl index b6a65fad29..b93cc1cd19 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -978,7 +978,7 @@ WARNING: untranslated string: download apple profile = Download Apple Configurat WARNING: untranslated string: download tls-auth key = Download tls-auth key WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: eight hours = 8 Hours WARNING: untranslated string: email config = Configuration @@ -1283,11 +1283,13 @@ WARNING: untranslated string: strict = Strict WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: system is offline = The system is offline. +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: ta key = TLS-Authentification-Key WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 1a4f62870f..ab220103f5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -965,7 +965,7 @@ WARNING: untranslated string: drop action2 = Default behaviour of (input) firewa WARNING: untranslated string: drop forward = Log dropped forward packets WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: eight hours = 8 Hours WARNING: untranslated string: email config = Configuration @@ -1471,11 +1471,13 @@ WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: support donation = Support the IPFire project with your donation WARNING: untranslated string: system is offline = The system is offline. +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: ta key = TLS-Authentification-Key WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor = Tor diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 8da6fe4b6d..533b21a0dc 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -962,7 +962,7 @@ WARNING: untranslated string: drop action2 = Default behaviour of (input) firewa WARNING: untranslated string: drop forward = Log dropped forward packets WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) WARNING: untranslated string: drop outgoing = Log dropped outgoing packets -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: eight hours = 8 Hours WARNING: untranslated string: email config = Configuration @@ -1466,11 +1466,13 @@ WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: support donation = Support the IPFire project with your donation WARNING: untranslated string: system is offline = The system is offline. +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: ta key = TLS-Authentification-Key WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor = Tor diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 96fe71f7b5..d9caa290e4 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -953,7 +953,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling WARNING: untranslated string: download apple profile = Download Apple Configuration Profile WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.) -WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians +WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians WARNING: untranslated string: duration = Duration WARNING: untranslated string: email recipient invalid = Invalid email recipient WARNING: untranslated string: email tls explicit = explicit (STARTTLS) @@ -1166,7 +1166,9 @@ WARNING: untranslated string: strict = Strict WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: system is offline = The system is offline. +WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2 +WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country diff --git a/doc/language_missings b/doc/language_missings index c92e1e6a36..65d69daee3 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -133,6 +133,8 @@ < reiserfs warning2 < service boot setting unavailable < spec rstack overflow +< system time +< timeformat < transport mode does not support vti < wlanap < wlan client configuration @@ -142,23 +144,12 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb -< downfall gather data sampling < extrahd because it it outside the allowed mount path -< extrahd mounted -< extrahd no mount point given -< extrahd not configured -< extrahd not mounted < g.dtm < g.lite -< hostile networks in -< hostile networks out < hostile networks total -< log drop hostile in -< log drop hostile out -< regenerate host certificate -< reiserfs warning1 -< reiserfs warning2 -< spec rstack overflow +< system time +< timeformat < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # @@ -583,10 +574,12 @@ < subnet mask < subscription code < system is offline +< system time < taa zombieload2 < tcp more reliable < ten minutes < thirty minutes +< timeformat < token < token not set < tor guard country @@ -1129,12 +1122,14 @@ < subnet mask < subscription code < system is offline +< system time < taa zombieload2 < ta key < tcp more reliable < ten minutes < teovpn_fragment < thirty minutes +< timeformat < token < token not set < tor guard country @@ -2021,12 +2016,14 @@ < subscription code < support donation < system is offline +< system time < taa zombieload2 < ta key < tcp more reliable < ten minutes < teovpn_fragment < thirty minutes +< timeformat < token < token not set < tor @@ -3017,12 +3014,14 @@ < subscription code < support donation < system is offline +< system time < taa zombieload2 < ta key < tcp more reliable < ten minutes < teovpn_fragment < thirty minutes +< timeformat < token < token not set < tor @@ -3481,7 +3480,9 @@ < subnet mask < subscription code < system is offline +< system time < taa zombieload2 +< timeformat < token < token not set < tor guard country diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index bc1c1639ef..ae17b92d82 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -77,14 +77,14 @@ Leo-Andres Hofmann, Alf Høgemark, Timo Eissler, Ben Schweikert, +Robin Roevens, Daniel Weismüller, Peter Pfeiffer, -Robin Roevens, Daniel Glanzmann, Heiner Schmeling, Stephan Feddersen, -Stéphane Pautrel, Jon Murphy, +Stéphane Pautrel, Tim FitzGeorge, Jan Lentfer, Marcus Scholz, diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index c079fe1aee..be00f199a8 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -48,7 +48,7 @@ my @nosaved=(); my %color = ();
#Basic syntax allowed for new Option definition. Not implemented: RECORDS & array of RECORDS -our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of ip-address'; +our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of (ip-address|integer (8|16|32))';
&Header::showhttpheaders(); our @ITFs=('GREEN'); diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 0a34d3fd6c..1181523d47 100644 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2020 IPFire Development Team # +# Copyright (C) 2005-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -21,6 +21,7 @@
use strict; use IO::Socket; +use Encode;
# enable only the following on debugging purpose #use warnings; @@ -142,8 +143,18 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L # Go further if there was no error. if ( ! $errormessage) { # Check if a remark has been entered. + + # decode the UTF-8 text so that characters with diacritical marks such as + # umlauts are treated correctly by the following cleanhtml command + $cgiparams{'REMARK'} = decode("UTF-8", $cgiparams{'REMARK'}); + + # run the REMARK text through cleanhtml to ensure all unsafe html characters + # are correctly encoded to their html entities $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
+ # encode the text back to UTF-8 after running the cleanhtml command + $cgiparams{'REMARK'} = encode("UTF-8", $cgiparams{'REMARK'}); + my %dns_servers = (); my $id; my $status; diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 65773244c5..5e32ce0381 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -564,6 +564,7 @@ my $temp2=(); my @df = `/bin/df -B M -P -x rootfs`; foreach my $line (@df) { next if $line =~ m/^Filesystem/; + next if $line =~ m/^efivarfs/; if ($line =~ m/root/ ) { $line =~ m/^.* (\d+)M.*$/; @temp = split(/ +/,$line); diff --git a/html/cgi-bin/mpfire.cgi b/html/cgi-bin/mpfire.cgi index ea83d1db17..5685053e66 100644 --- a/html/cgi-bin/mpfire.cgi +++ b/html/cgi-bin/mpfire.cgi @@ -214,11 +214,11 @@ if ( $mpfiresettings{'ACTION'} eq "scan" ){ delete $mpfiresettings{'PAGE'}; delete $mpfiresettings{'FRAME'}; &General::writehash("${General::swroot}/mpfire/settings", %mpfiresettings);
- open(DATEI, "<${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden"; + open(DATEI, "<${General::swroot}/mpd/mpd.conf") || die "Datei nicht gefunden"; my @Zeilen = <DATEI>; close(DATEI);
- open(DATEI, ">${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden"; + open(DATEI, ">${General::swroot}/mpd/mpd.conf") || die "Datei nicht gefunden"; foreach (@Zeilen){ if ( $_ =~ /music_directory/){ print DATEI "music_directory "".$mpfiresettings{'MUSICDIR'}.""\n"; diff --git a/html/cgi-bin/mympd.cgi b/html/cgi-bin/mympd.cgi new file mode 100644 index 0000000000..4b524d25cb --- /dev/null +++ b/html/cgi-bin/mympd.cgi @@ -0,0 +1,25 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +print "Status: 302 Moved Temporarily\n"; +print "Location: https://$ENV%7BSERVER_ADDR%7D:8800%5Cn%5Cn"; + +exit (0); diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index eb89c50955..c92d0237d2 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[31] = $n2ntunmtu[1]; $confighash{$key}[39] = $n2nauth[1]; $confighash{$key}[40] = $n2ncipher[1]; - $confighash{$key}[41] = 'disabled'; + $confighash{$key}[41] = 'no-pass';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
@@ -4216,15 +4216,25 @@ if ($cgiparams{'TYPE'} eq 'net') { } }
- # Check for RW if client name is already set - if ($cgiparams{'TYPE'} eq 'host') { - foreach my $key (keys %confighash) { - if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { - $errormessage = $Lang::tr{'a connection with this name already exists'}; - goto VPNCONF_ERROR; - } - } - } + # Check for RW if client name is already set + if ($cgiparams{'TYPE'} eq 'host') { + foreach my $key (keys %confighash) { + if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto VPNCONF_ERROR; + } + } + } + + # Check if there is no other entry with this common name + if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { + foreach my $key (keys %confighash) { + if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { + $errormessage = $Lang::tr{'a connection with this common name already exists'}; + goto VPNCONF_ERROR; + } + } + }
# Replace empty strings with a . (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/./; @@ -4309,16 +4319,6 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; }
- # Check if there is no other entry with this common name - if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { - foreach my $key (keys %confighash) { - if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { - $errormessage = $Lang::tr{'a connection with this common name already exists'}; - goto VPNCONF_ERROR; - } - } - } - # Save the config my $key = $cgiparams{'KEY'};
diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi index 57a02a4b63..04c1e771f7 100644 --- a/html/cgi-bin/time.cgi +++ b/html/cgi-bin/time.cgi @@ -287,6 +287,10 @@ print <<END </table> END ; + +my $now = strftime($Lang::tr{'timeformat'}, localtime); +print "<hr>$Lang::tr{'system time'}: $now"; + &Header::closebox(); &Header::openbox('100%',1,$Lang::tr{'ntp sync'}); print <<END diff --git a/html/cgi-bin/transmission.cgi b/html/cgi-bin/transmission.cgi new file mode 100644 index 0000000000..8fdcc5cd0a --- /dev/null +++ b/html/cgi-bin/transmission.cgi @@ -0,0 +1,25 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +print "Status: 302 Moved Temporarily\n"; +print "Location: http://$ENV%7BSERVER_ADDR%7D:9091%5Cn%5Cn"; + +exit (0); diff --git a/html/cgi-bin/vdr.cgi b/html/cgi-bin/vdr.cgi new file mode 100644 index 0000000000..aaf722ee37 --- /dev/null +++ b/html/cgi-bin/vdr.cgi @@ -0,0 +1,25 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +print "Status: 302 Moved Temporarily\n"; +print "Location: http://$ENV%7BSERVER_ADDR%7D:3000%5Cn%5Cn"; + +exit (0); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 49018f6a57..f13bddf4bc 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2391,6 +2391,7 @@ 'system log viewer' => 'Betrachter der Systemprotokolldateien', 'system logs' => 'Systemprotokolldateien', 'system status information' => 'System-Statusinformationen', +'system time' => 'Systemzeit (zur Zeit des Ladens der Seite)', 'ta key' => 'TLS-Authentifizierungsschlüssel', 'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2', 'tcp more reliable' => 'TCP (zuverlässiger)', @@ -2418,6 +2419,7 @@ 'time' => 'Uhrzeit', 'time date manually reset' => 'Datum/Zeit wurden manuell zurückgesetzt.', 'time server' => 'Zeitserver', +'timeformat' => '%d.%m.%Y um %H:%M:%S %Z', 'timeout must be a number' => 'Wartezeit muss eine Zahl sein.', 'title' => 'Titel', 'to' => 'Bis', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 3246102ba5..0113f8811f 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -959,7 +959,7 @@ 'drop portscan' => 'Log dropped portscan packets', 'drop proxy' => 'Drop all packets not addressed to proxy', 'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025', -'drop spoofed martians' => 'Log dropped spoofed packets and marsians', +'drop spoofed martians' => 'Log dropped spoofed packets and martians', 'drop wirelessforward' => 'Log dropped wireless forward packets', 'drop wirelessinput' => 'Log dropped wireless input packets', 'dst port' => 'Dst Port', @@ -2462,6 +2462,7 @@ 'system log viewer' => 'System Log Viewer', 'system logs' => 'System Logs', 'system status information' => 'System Status Information', +'system time' => 'System Time (as of last page load)', 'ta key' => 'TLS-Authentification-Key', 'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2', 'tcp more reliable' => 'TCP (more reliable)', @@ -2490,6 +2491,7 @@ 'time' => 'Time', 'time date manually reset' => 'Time/Date manually reset.', 'time server' => 'Time Server', +'timeformat' => '%Y-%m-%d at %H:%M:%S %Z', 'timeout must be a number' => 'Timeout must be a number.', 'title' => 'Title', 'to' => 'To', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 87ec52e8b2..6034de409d 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -936,6 +936,7 @@ 'done' => 'Fait', 'dos charset' => 'Jeu de car. DOS', 'down and up speed' => 'Entrez votre débit descendant et montant <br /> et cliquez sur <i>Sauvegarder</i>.', +'downfall gather data sampling' => 'Chute / collecte échantillons de données - proc. Intel', 'downlink' => 'Liaison descendante', 'downlink speed' => 'Débit descendant - download (kbit/sec) ', 'downlink std class' => 'Classe standard de réception ', @@ -1077,11 +1078,15 @@ 'external access rule removed' => 'Règle d'accès externe supprimée ; Redémarrage du contrôleur d'accès', 'external aliases configuration' => 'Configuration des alias externes', 'extrahd' => 'Options stockage', -'extrahd because there is already a device mounted' => ' car vous avez déjà un support de monté', +'extrahd because there is already a device mounted' => ', car il y a déjà un périphérique monté', 'extrahd cant umount' => 'Impossible de démonter', 'extrahd detected drives' => 'Périphériques de stockage détectés', 'extrahd install or load driver' => 'Si votre stockage n'est pas visible ici, vous devez installer ou charger son pilote.<br />Si vous voyez votre stockage mais pas de partitions, vous devez tout d'abord les créer.', 'extrahd maybe the device is in use' => '. Votre support est peut-être en cours d'utilisation', +'extrahd mounted' => 'Monté', +'extrahd no mount point given' => 'Aucun point de montage indiqué', +'extrahd not configured' => 'Non configuré', +'extrahd not mounted' => 'Non monté', 'extrahd to' => 'vers', 'extrahd to root' => 'vers root', 'extrahd unable to read' => 'Impossible de lire', @@ -1406,7 +1411,9 @@ 'host deny' => 'Liste des hôtes non autorisés', 'host ip' => 'Adresse IP de l'hôte ', 'host to net vpn' => 'Réseau privé virtuel (VPN) de l'hôte au réseau (client nomade) ', -'hostile networks' => 'Réseaux hostiles', +'hostile networks' => 'Total réseaux hostiles', +'hostile networks in' => 'Depuis réseaux hostiles', +'hostile networks out' => 'Vers réseaux hostiles', 'hostname' => 'Nom hôte ', 'hostname and domain already in use' => 'Le nom d'hôte et de domaine sont déjà utilisés.', 'hostname cant be empty' => 'Le nom d'hôte ne peut pas être vide.', @@ -1442,8 +1449,8 @@ 'ids hide' => 'Cacher', 'ids ignored hosts' => 'Hôtes de liste blanche', 'ids log hits' => 'Total du nombre de règles activées pour', -'ids log viewer' => 'Rapport IDs', -'ids logs' => 'Rapports IDs', +'ids log viewer' => 'Rapport IDS', +'ids logs' => 'Rapports IDS', 'ids merge classifications' => 'Fusion des classements...', 'ids merge sid files' => 'Fusion des sid aux fichiers de messages...', 'ids monitor traffic only' => 'Surveiller seulement le trafic', @@ -1686,6 +1693,8 @@ 'locationblock enable feature' => 'Activer le blocage par localisation :', 'locationblock flag' => 'Drap.', 'log' => 'Rapport :', +'log drop hostile in' => 'Journaliser les paquets abandonnés depuis des réseaux hostiles', +'log drop hostile out' => 'Journaliser les paquets abandonnés vers des réseaux hostiles', 'log dropped conntrack invalids' => 'Journaliser les paquets abandonnés classés comme INVALIDES par le suivi de connexion', 'log enabled' => 'Journal activé', 'log level' => 'Niveau de rapport', @@ -2211,7 +2220,10 @@ 'refresh' => 'Actualiser', 'refresh index page while connected' => 'Actualiser la page index.cgi pendant la connexion', 'refresh update list' => 'Actualiser la liste des mises à jour', +'regenerate host certificate' => 'Renouveler le certificat hôte', 'registered user rules' => 'Règles Sourcefire VRT pour les utilisateurs enregistrés', +'reiserfs warning1' => 'Reiserfs est obsolète et devrait être supprimé du noyau en 2025.', +'reiserfs warning2' => 'Assurez-vous qu'une nouvelle installation est effectuée à l'aide des systèmes de fichiers ext4 ou xfs avant cette date.', 'release' => 'Révision', 'released' => 'Disponible', 'reload' => 'Recharger', @@ -2255,7 +2267,7 @@ 'root certificate' => 'Certificat racine', 'root path' => 'Répertoire root', 'root user password' => 'Mot de passe root', -'route config changed' => '', +'route config changed' => 'La configuration de la route a été modifiée', 'route subnet is invalid' => 'L'itinéraire additionnel push du sous-réseau est non valide', 'router ip' => 'Adresse IP du routeur :', 'routing table' => 'Table de routage', @@ -2379,6 +2391,7 @@ 'source port overlaps' => 'La plage de port source chevauche une plage de port existante.', 'speaker off' => 'Haut-parleur éteint :', 'speaker on' => 'Haut-parleur allumé :', +'spec rstack overflow' => 'Débordement de la pile de rendement spéculative - proc. AMD', 'spectre variant 1' => 'Spectre - variante 1', 'spectre variant 2' => 'Spectre - variante 2', 'spectre variant 4' => 'Spectre - variante 4', @@ -2460,7 +2473,7 @@ 'system logs' => 'Rapports système', 'system status information' => 'Informations sur le statut du système', 'ta key' => 'Clé d'authentification TLS', -'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2', +'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (plus fiable)', 'telephone not set' => 'Numéro de téléphone non défini.', 'template' => 'Préétabli', diff --git a/lfs/binutils b/lfs/binutils index b4b3cd9212..7af8251d19 100644 --- a/lfs/binutils +++ b/lfs/binutils @@ -24,7 +24,7 @@
include Config
-VER = 2.41 +VER = 2.42
THISAPP = binutils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -96,7 +96,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3bccec2b52f7e82a727121bf2a2e51a6249ba63dcd74c665fd834e858645c912ffd8245d848435288b938852830b482905606f55c40df4061215fd75c52ffc75 +$(DL_FILE)_BLAKE2 = e67a5c028fba70e70088fd11b38ec8c9c4ed5a019badefda25abeb6275997b16f0891e7ff3424c4b82bbfae92e8992669826920dd53df61cd48469d8f7cd5bd1
install : $(TARGET)
diff --git a/lfs/ca-certificates b/lfs/ca-certificates index e828b55713..5fe5ca5501 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 20231204 +VER = 20240217
# From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu...
diff --git a/lfs/clamav b/lfs/clamav index b64753c443..5a10891878 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.2.1 +VER = 1.3.0
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 70 +PAK_VER = 71
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1373c6882b165e769dcc3c3631dfe7183231b2fe4830608b57d919af1a8e9a5a73aa3cc4767981a27bb9845390165b5241750904d50e1a90b7237200b97f7ef3 +$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282
install : $(TARGET) diff --git a/lfs/dnsdist b/lfs/dnsdist index ac5c602b45..a0cc2dffc5 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config
SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer
-VER = 1.8.0 +VER = 1.9.1
THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 17 +PAK_VER = 19
SUP_ARCH = x86_64 aarch64
@@ -52,7 +52,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 47cfcfe3756cdc4520c1ba1e11b7d60191125ef900ba829ff7437ac2041352b845ab5f7183f53fea9b3aa6f44c5745de3878c2b72f2be048fa57d2c2e9325c0c +$(DL_FILE)_BLAKE2 = 2225ffde3e7c1f864fc87256d9d2bfe99edfd9dd5127e72cda32026316119546288cd0cc9c603fa883775fb824e270bce022ac6bbd7da66c364124da287e63ef
install : $(TARGET)
diff --git a/lfs/elfutils b/lfs/elfutils index 7dd95caa25..901b82d42e 100644 --- a/lfs/elfutils +++ b/lfs/elfutils @@ -26,7 +26,7 @@ include Config
SUMMARY = Higher-level library to access ELF files
-VER = 0.190 +VER = 0.191
THISAPP = elfutils-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9934aff08f1898377708b28595fb52130ef9f80408132ac7d306845b10672ba45cf1ac69783da07b3eea9fd647741d44da45b8b2626c45a768cb2844c6186513 +$(DL_FILE)_BLAKE2 = 2a7ad251369eca7ba609ab8644181fd479ad8596ee58dc068398ca22be25a978e96b81a10a92a5555d7574fd1b9227c8d54fb41dceb4025aedfc6ae32870bbca
install : $(TARGET)
diff --git a/lfs/ethtool b/lfs/ethtool index e6d65ea12c..c6b54aa4ed 100644 --- a/lfs/ethtool +++ b/lfs/ethtool @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.3 +VER = 6.7
THISAPP = ethtool-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c06509525db47f8ee7c220d0b880fe80323a4a00036e9698432b1b9c85ad75045e98b23498f6283497728cafd187ca173b15f3ad60f8e6f8b4d0c5688d84a1f9 +$(DL_FILE)_BLAKE2 = 94a6fd8d29ff479eb894fe56bf991f522fff9af5a94c176d06be2819fe2520125cb48dbded229df1a9f5a0308aeaec503c55caf5d248eef87640c7f90f1132ec
install : $(TARGET)
diff --git a/lfs/expat b/lfs/expat index acfdba6ea4..3a37bf2d2a 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@
include Config
-VER = 2.6.0 +VER = 2.6.2
THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2f0117317bde4e03d8662bcac1ff6c2bbb1af694846b21a82ac12d11ccd43032b481af72fa35298c3cb19b7426dba6a67e703904ca7b05663ffd854a42348bd0 +$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
install : $(TARGET)
diff --git a/lfs/gdb b/lfs/gdb index f534774e06..c8cb470394 100644 --- a/lfs/gdb +++ b/lfs/gdb @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 13.2 +VER = 14.2
THISAPP = gdb-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bf5216ba2286448a46f9e0a405367c5a678e6d7540204722d355b618018b7b75a2ebc5b51353304c5ded02a3979223a81781d305f5afa5be82516cdc2863d49f +$(DL_FILE)_BLAKE2 = 65765dfd1ed08e19bb881fc7ae98d6ee4914f38a9a2bb0d0ca73bef472669664f807fe9c04e8dffd7025be98e736ac52f88ff5851ceddbb01a361885b18befc8
install : $(TARGET)
diff --git a/lfs/ghostscript b/lfs/ghostscript index 9c947df7d6..57634f6f66 100644 --- a/lfs/ghostscript +++ b/lfs/ghostscript @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = The Ghostscript interpreter for PostScript and PDF
-VER = 10.02.1 +VER = 10.03.0
THISAPP = ghostscript-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ghostscript -PAK_VER = 16 +PAK_VER = 17
DEPS = cups dbus
@@ -52,7 +52,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) ghostscript-fonts-std-8.11.tar.gz = $(URL_IPFIRE)/ghostscript-fonts-std-8.11.tar.gz gnu-gs-fonts-other-6.0.tar.gz = $(URL_IPFIRE)/gnu-gs-fonts-other-6.0.tar.gz
-$(DL_FILE)_BLAKE2 = b491473f0b3d50121e4373e21af3d8cdf55d9ca4390b240c4cb88d0d44e707e32570a7f1f05cb656d1b65443fcd7e37f5eab404d72a20f83d8fd87370a585467 +$(DL_FILE)_BLAKE2 = c64e0fc9dd290b81e61793671e8645f16b04070685f6ab9d35a60cb910d7504e1e686525af8b74121ae31a5b344e2332efd8bdf99f2a4c5586bff747b8df78d7 ghostscript-fonts-std-8.11.tar.gz_BLAKE2 = 1d8ae8f7813623a36e160bdd0ca9ccf33c67b945dd96952eb0e37e9bb5bb4ba5daf7df4da5ba53c1d25d6598a0576990ba7e094b8c395778cb9cdfd32761454c gnu-gs-fonts-other-6.0.tar.gz_BLAKE2 = 001709983161519365bcef23fef3705071b67253ff3b557c45d2ec892987815444d8dd1d213e94bc02e361917c061c723043bf04c98b0a1e38c9cd1f265d1312
diff --git a/lfs/git b/lfs/git index 6489215255..d10ca469c2 100644 --- a/lfs/git +++ b/lfs/git @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.43.0 +VER = 2.44.0 SUMMARY = Fast, scalable, distributed revision control system
THISAPP = git-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = git -PAK_VER = 31 +PAK_VER = 32
DEPS = perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5da19211df56e306eb95cef65b2a987134d2f0853dc1db30e1cc99d0357b3f5ab7f1e434e73948d7b6ad6b7bfc44f75349479f46050ee63a6516c72b774b4eba +$(DL_FILE)_BLAKE2 = 6dc145e20e737763fb738ccb4a65ba2f8d6f35bb4e30520a0c79f4fcc0eaaaf4e99a9be00eaa9e14dec231ed122d54be7dfa9212a3e5a75707730256391896d4
install : $(TARGET)
diff --git a/lfs/glibc b/lfs/glibc index 5c62aaa448..43523e46f5 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -24,7 +24,7 @@
include Config
-VER = 2.38 +VER = 2.39
THISAPP = glibc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -82,7 +82,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f9b039f0ef98a7dd8e1cba228ed10286b9e4fbe4dd89af4d26fa5c4e4cf266f19c2746b44d797ce54739d86499e74cf334aaf311bcf6e30120fd7748453e653f +$(DL_FILE)_BLAKE2 = 9d98459a2d58401e07c081e0d841935b23998da75a7eb5a7ebd23a1f9ebab99dee623fe166397c1b6c926960c570f62dbca5cb3b5ce84a918adff6b7a15e16bb
install : $(TARGET)
@@ -114,52 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) @mkdir $(DIR_SRC)/glibc-build
- # Patches from upstream - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch
ifneq "$(TOOLCHAIN)" "1" diff --git a/lfs/gptfdisk b/lfs/gptfdisk index eb1c60357f..9e6f4310a8 100644 --- a/lfs/gptfdisk +++ b/lfs/gptfdisk @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@
include Config
-VER = 1.0.9 +VER = 1.0.10
THISAPP = gptfdisk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = gptfdisk -PAK_VER = 2 +PAK_VER = 3
DEPS =
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1939ffd75972a4d7f92af2bfab90c7b0223825b5478b6b808dd35af943c687d38ba81663cd7ba5e0f9400656db4dac019c13a9f75d90b7bd716568c676c24dd2 +$(DL_FILE)_BLAKE2 = 9047bf68a2c5c254bda9b2815488963dc19a9415c90fbf4a127268a37fe8a545b7d45a333e356bd9da22e37ef649d9f60896ffedfdc35b60c7642a48e4ed2e5a
install : $(TARGET)
diff --git a/lfs/intel-microcode b/lfs/intel-microcode index 5e262dda35..785b2303b6 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 20231114 +VER = 20240312
THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 +$(DL_FILE)_BLAKE2 = 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747
install : $(TARGET)
diff --git a/lfs/ipfire-netboot b/lfs/ipfire-netboot index e7ba44af95..9e7e3c5ea4 100644 --- a/lfs/ipfire-netboot +++ b/lfs/ipfire-netboot @@ -25,7 +25,7 @@ include Config
VER = v2.0 -PXE_VER = 1b67a05 +PXE_VER = 0cc0f47
THISAPP = ipfire-netboot-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) ipxe-$(PXE_VER).tar.gz = $(URL_IPFIRE)/ipxe-$(PXE_VER).tar.gz
$(DL_FILE)_BLAKE2 = 5f66932b7be228f5a246b92352e31c99d4f4e8666da9795a6f9762c979f480fb3c2620fc128af14d396065d0c9362e1cdc10eddce2bb58901567581c0d5e8cee -ipxe-$(PXE_VER).tar.gz_BLAKE2 = 5a6b7c422856157ff1f6aeb7e835add5a2bdd6678d8cc960eae2d926709ce73803484bbe0a428022de2fbc5b018096526ba48f2172c2c25540e1dc12c7a1f8e1 +ipxe-$(PXE_VER).tar.gz_BLAKE2 = f678abfe4cb1bf4ff85667719417c694365aece144c05fff8f8df82008100a6172bd27799498f27eddf8c38f43b3d553e704191037ef94dfbcaf19428c07028c
install : $(TARGET)
@@ -77,10 +77,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Extract iPXE source cd $(DIR_APP) && tar axf $(DIR_DL)/ipxe-$(PXE_VER).tar.gz - cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch - cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-handle-R_X86_64_PLT32.patch - cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch - cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-use-the-right-sized-register-for-push.patch cd $(DIR_APP) && rm -rfv ipxe && ln -s ipxe-$(PXE_VER) ipxe cd $(DIR_APP) && make $(MAKETUNING) bin/ipxe.lkrn ifeq "$(BUILD_ARCH)" "x86_64" diff --git a/lfs/iproute2 b/lfs/iproute2 index ce2ee1f81e..17f25dddc5 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -24,7 +24,7 @@
include Config
-VER = 6.7.0 +VER = 6.8.0 # https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/
THISAPP = iproute2-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = df55dffc54ed196d43a86ce40e887dca6390b91289a492266568ff31aa8b2827fbd91c18676e14706df844fbfe3a5c50bf927ed4401e098e385d401ec3d5c116 +$(DL_FILE)_BLAKE2 = d30cdff8522627c27c9165f068f42adbec38f15548a8f2cd31276f283880dc402e10c5989e7227e80cdc891bcc4a574b330d634ae550e689758b849c0506c31f
install : $(TARGET)
diff --git a/lfs/knot b/lfs/knot index feb3c89311..2fe4752bab 100644 --- a/lfs/knot +++ b/lfs/knot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.2.4 +VER = 3.3.5
THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1 +$(DL_FILE)_BLAKE2 = 201da56486eb551560b5f8a32cf54b9367a15347e3da9ff743c0fc41696b12d2de4091ceb575070e61d83f1c06542f7d08fc88d8e2ce6da8e8f69c2ab4b68df3
install : $(TARGET)
diff --git a/lfs/libffi b/lfs/libffi index bfd02b57fd..ffe7803aa1 100644 --- a/lfs/libffi +++ b/lfs/libffi @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.4.4 +VER = 3.4.6
THISAPP = libffi-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 189fe1ffe9507f204581b0ab09995dc7e7b761bb4eac7e338e9f5ff81431aebcef6c182c1839c9f9acb2706697a260c67e6d1351cf7e2aed7c4eb5d694f6f8fd +$(DL_FILE)_BLAKE2 = af8402a09bdbd59b4e9400d2d71bd5ce98f6f1d981d35d1ab40d77a831b13b32c5bd34ca54ff75999e39f0d8a9c066381fae7a8d6c5216d955e064f929f08b88
install : $(TARGET)
diff --git a/lfs/libgpg-error b/lfs/libgpg-error index f60f1ae820..c402d0bf81 100644 --- a/lfs/libgpg-error +++ b/lfs/libgpg-error @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.47 +VER = 1.48
THISAPP = libgpg-error-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bc04efa0686b1b7d7cdce045fc080c090c1abec60349b673c2e1ce27900483aea090eb6ebcb3fb49a4eed36f18156a12413d5446f739475632f4ed2a2481ff27 +$(DL_FILE)_BLAKE2 = 4ced63058586558f4d001bcc468f4bd419b8ec29fbd7dbcaa1a21f959d847c9e12c10c548a0038fd4eac0bdfc9907b61e9f6be71c95fc61c964c649e2415dfd7
install : $(TARGET)
diff --git a/lfs/libloc b/lfs/libloc index 5c67d11952..35a711286f 100644 --- a/lfs/libloc +++ b/lfs/libloc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@ include Config
VER = 0.9.17 -DB_DATE = 2023-08-09 +DB_DATE = 2024-02-17
THISAPP = libloc-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ $(DL_FILE) = https://source.ipfire.org/releases/libloc/$(DL_F location-$(DB_DATE).db.xz = https://location.ipfire.org/databases/1/archive/location-$(DB_DATE).db.xz
$(DL_FILE)_BLAKE2 = b0bf860ebaccd3cb49c58c066c430f7a1f936a2029957db9b88e22c04240af0268a8f6388e8ca512102f14033037a2ab8bbb93fe83e525b9859c790c5c382df4 -location-$(DB_DATE).db.xz_BLAKE2 = 24ad4dc2496d3c0a7fe645374a02c8d4bf4724796ccf4ed00d2de9adfaa08f31cb70314afa5d8f7b7acebd4ccbd4d1f8a15b8da09a27b0092d74412cf30aa721 +location-$(DB_DATE).db.xz_BLAKE2 = 36432bed306871e96a741d364fdefaa677d47245e38596d1c7fb6a8f0a143e3ffa549e16effa58289b5481220b0a2560255e75b0bfe53219b1400d6d250aa02b
install : $(TARGET)
diff --git a/lfs/libmpdclient b/lfs/libmpdclient index 69e54803e6..6335f1b4a1 100644 --- a/lfs/libmpdclient +++ b/lfs/libmpdclient @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Library for interfacing the Music Player Daemon
-VER = 2.19 +VER = 2.22
THISAPP = libmpdclient-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libmpdclient -PAK_VER = 5 +PAK_VER = 6
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c045c4847d43f166a3e1549654784bd994fa4156e3ecebf7c02a412b34ca150940f3c43cdc385839cd7c281bd4ed4fd1935b757d8505133d146ea955ec2d0832 +$(DL_FILE)_BLAKE2 = 2ff692baaeb8160ce757e754ae08db57aca803628989e4dc3616f88eb02ebf1823d269d5a17afaa32bf32c7a384da0342db1ef083199f85ea7e0687cae0e8455
install : $(TARGET)
diff --git a/lfs/libplist b/lfs/libplist index dd4df36e65..8cf4f54706 100644 --- a/lfs/libplist +++ b/lfs/libplist @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = A library to handle Apple Property List format in binary or XML
-VER = 2.3.0 +VER = 2.4.0
THISAPP = libplist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libplist -PAK_VER = 2 +PAK_VER = 3
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e8c8fc59e7d694b1d69f0da3538ff313eb84d3c9ecad966c514d098e14308cc0bf9f67bfb4fe5b27c2638d1fc71294ed34fc9f881204e9c009f30c68a89b1a38 +$(DL_FILE)_BLAKE2 = b12d929d4451389dfab4a2eaef2b8e85c5695a17feedad80f7dfbee7238f6b78b5d3819b9b59593612bb8f39b887147403a8de469b2d44ad26b8fa8c35b8fbef
install : $(TARGET)
diff --git a/lfs/libpng b/lfs/libpng index 3a0704e591..b22b64b65a 100644 --- a/lfs/libpng +++ b/lfs/libpng @@ -24,7 +24,7 @@
include Config
-VER = 1.6.41 +VER = 1.6.42
THISAPP = libpng-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 43d8d1c563d9df46b663f706dca9563e31e6e47a2809a77a5d059de8cfa348721054df724d08ac24ef4717ffc101989941127df2d026c9537532375d9b432b68 +$(DL_FILE)_BLAKE2 = 8a8895b673ff90416a00c9ff775d7bdc38ab1ab0d83fd6e70cfffea2ed78bd42896950a64bf48ad9a00ea50d8c5d5702975b0bae7bb3300d4de4c82b334e513e
install : $(TARGET)
diff --git a/lfs/meson b/lfs/meson index 47156561f2..fa5512b811 100644 --- a/lfs/meson +++ b/lfs/meson @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.3.1 +VER = 1.4.0
THISAPP = meson-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 64d53eddc8cb321a4e2dabaa4b7499798a7b68764b1a7a5182bfa21d081dc07105acab616119b88ff610e5d75504f03d1c0aefee3602ddf538fc491ff3d0204a +$(DL_FILE)_BLAKE2 = 7f742ef870c182e552c1ff3508d65f251009d610def6a08e01fddb6c6a4ed6d608ead0d52cf8ca7d66b5bd7a4732dccd7ab5d98f141a4a61e275398885f79486
install : $(TARGET)
diff --git a/lfs/mpc b/lfs/mpc index 78fd9488c6..3bf4914e19 100644 --- a/lfs/mpc +++ b/lfs/mpc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Client for the Music Player Daemon
-VER = 0.34 +VER = 0.35
THISAPP = mpc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mpc -PAK_VER = 9 +PAK_VER = 10
DEPS = mpd libmpdclient
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 709f54ceebd66f703e5b1bf6ff8deb890e484fdc29c0b2198922763e347caac89d6eec5f74101f9fa860436e7493e2b02cc6b1b26e800e783546fe5a0c6e0d8f +$(DL_FILE)_BLAKE2 = 7e47d78b762b7334f5fec13897bdf11859310932371a55c189c4554b347f097852e5fa17be3df03d047fabcc60699a3b310d0aa395aadd96a5ebff009a2ddba0
install : $(TARGET)
diff --git a/lfs/mpd b/lfs/mpd index a9807b3cda..c05d34d8e5 100644 --- a/lfs/mpd +++ b/lfs/mpd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Music Player Daemon
-VER = 0.23.14 +VER = 0.23.15
THISAPP = mpd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/${THISAPP} TARGET = $(DIR_INFO)/$(THISAPP) PROG = mpd -PAK_VER = 33 +PAK_VER = 37 # SUP_ARCH = aarch64 x86_64
DEPS = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr fmt @@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c048f128111d1d65775c317182b91d113339a5b09d3005c320cc3b14a79b7c1da0d1ba3d53f6bf348a3a404ceea33c1ad2427225f4a1f3d1cde4a921e71d6e1c +$(DL_FILE)_BLAKE2 = 78036078b850afab900b5d50e44ce83cbbf900369f5028d4177fdbfc4128dd3c35c59a773528a1fcfcc0179d0e579566b827fe87ef780a88082dc3b7f70cd5e7
install : $(TARGET)
@@ -105,6 +105,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) #install initscripts $(call INSTALL_INITSCRIPTS,$(SERVICES))
+ -mkdir -p /var/ipfire/mpd/db + touch /var/ipfire/mpd/playlist.m3u + install -v -m 664 $(DIR_SRC)/config/mpd/mpd.conf /var/ipfire/mpd/ + echo "Folder for mpd database" > /var/ipfire/mpd/db/info + -mkdir -p /var/mp3 + echo "Folder for music files" > /var/mp3/info + chown root.nobody /var/ipfire/mpd/{mpd.conf,playlist.m3u} + chmod 664 /var/ipfire/mpd/playlist.m3u + install -v -m 644 $(DIR_SRC)/config/backup/includes/mpd /var/ipfire/backup/addons/includes/mpd + @rm -rf $(DIR_APP) touch /var/log/mpd.error.log touch /var/log/mpd.log diff --git a/lfs/mpfire b/lfs/mpfire index 590cf31ef3..54551a0b6d 100644 --- a/lfs/mpfire +++ b/lfs/mpfire @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,7 +32,7 @@ THISAPP = mpfire-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mpfire -PAK_VER = 16 +PAK_VER = 17
DEPS = mpd mpc
@@ -61,17 +61,11 @@ dist:
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - -mkdir -p /var/ipfire/mpfire/{bin,db} - touch /var/ipfire/mpfire/{settings,playlist.m3u} + -mkdir -p /var/ipfire/mpfire/bin + touch /var/ipfire/mpfire/settings install -v -m 755 $(DIR_SRC)/config/mpfire/mpfire.pl /var/ipfire/mpfire/bin - install -v -m 664 $(DIR_SRC)/config/mpfire/mpd.conf /var/ipfire/mpfire/ install -v -m 644 $(DIR_SRC)/config/mpfire/webradio /var/ipfire/mpfire/ - echo "Folder for mpd database" > /var/ipfire/mpfire/db/info - -mkdir -p /var/mp3 - echo "Folder for music files" > /var/mp3/info - chown root.nobody /var/ipfire/mpfire/{mpd.conf,playlist.m3u} chown nobody.nobody /var/ipfire/mpfire/{settings,webradio} - chmod 664 /var/ipfire/mpfire/playlist.m3u chmod 755 /srv/web/ipfire/html/images/mpfire install -v -m 644 $(DIR_SRC)/config/backup/includes/mpfire /var/ipfire/backup/addons/includes/mpfire -mkdir -p /usr/lib/perl5/site_perl/5.36.0/Audio/ diff --git a/lfs/multipath-tools b/lfs/multipath-tools index 61b6183f01..0ff8d813f7 100644 --- a/lfs/multipath-tools +++ b/lfs/multipath-tools @@ -73,7 +73,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP)/kpartx && make $(MAKETUNING) + cd $(DIR_APP)/kpartx && make $(MAKETUNING) CPPFLAGS= cd $(DIR_APP)/kpartx && make install PREFIX=/usr @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/mympd b/lfs/mympd index ffedcdcce1..bb7215ba1b 100644 --- a/lfs/mympd +++ b/lfs/mympd @@ -26,7 +26,7 @@ include Config
SUMMARY = Webfrontend for Music Player Daemon
-VER = 13.0.6 +VER = 14.1.0
THISAPP = myMPD-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,10 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mympd -PAK_VER = 1 +PAK_VER = 4
-# TODO move mpd initskript and config to mpd package to run without mpfire -DEPS = mpd libmpdclient mpfire +DEPS = mpd libmpdclient
SERVICES = mympd
@@ -49,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2ecd8d42b9398e85fc6c149c9e55f760f2039434039d558ac1914b447858a59676ed9300bc89b2a25757b8d9828dec5934376d4587f6b84026d07adbfd2e4a33 +$(DL_FILE)_BLAKE2 = 621ecc2b9ecf78c606005120837480b1bccc92fd3b9c201781e719ea524fc689b58f587f59fd388b73a0a1e63befce951e9182ee865e625f83a175a61572759b
install : $(TARGET)
@@ -82,6 +81,10 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + + # Do not try to re-define _FORTIFY_SOURCE + cd $(DIR_APP) && sed -e "/D_FORTIFY_SOURCE/d" -i CMakeLists.txt + cd $(DIR_APP) && mkdir -p build cd $(DIR_APP)/build && cmake -Wno-dev \ -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release .. diff --git a/lfs/newt b/lfs/newt index fa2254d2e0..156a0df4cd 100644 --- a/lfs/newt +++ b/lfs/newt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.52.23 +VER = 0.52.24
THISAPP = newt-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 55046155d02a406ac618f9c1a1f668e6794b6875e4d9083e3d5da32fe008df3deb79eddadfce40c193346b7a705b8c5c18e7bb7076e8ea8729f35384fa944a97 +$(DL_FILE)_BLAKE2 = 4ab5b343d1cc72855ee330d4a7f03a0dd5b090748410b64844277a7d9464f9166459ac6d943d07e844b22b7187ed851473840739dde8991e3b4b2dae97e6dcf4
install : $(TARGET)
diff --git a/lfs/openjpeg b/lfs/openjpeg index 40c642c073..f2637fb517 100644 --- a/lfs/openjpeg +++ b/lfs/openjpeg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.5.0 +VER = 2.5.2
THISAPP = openjpeg-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 472d9998a7407574d3bc059d1c0b662a8a553cfe5cb7806a022cb35e14564417a8e06e9970f06d8e65ef149019bab747caefa8e29bc793d07ad86e076909d306 +$(DL_FILE)_BLAKE2 = 4c23eecd603c620d3555fa02055104d292cdf4bbb88ab3d8d8a8f62e3c21b52d3c6d9211d8dd6f11d76fb1ca6f2333a7305ae07b5883a62eb7fc28ec9dfafc0f
install : $(TARGET)
diff --git a/lfs/openssh b/lfs/openssh index 3833f2ca73..315b1a70b0 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 9.6p1 +VER = 9.7p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd +$(DL_FILE)_BLAKE2 = 520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b
install : $(TARGET)
diff --git a/lfs/opus b/lfs/opus index e91c6a0e13..a7858f5c82 100644 --- a/lfs/opus +++ b/lfs/opus @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Opus Audio Codec Library
-VER = 1.4 +VER = 1.5.1
THISAPP = opus-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = opus -PAK_VER = 4 +PAK_VER = 5
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 21f11df745cb868f4da1586d678901045fd9bd0c0590628015f3adc2522c88b0660df88096abe975051fec3188b76b93762c4a01907c2ab2b23c40fde79cf6ad +$(DL_FILE)_BLAKE2 = 5ba1d6f28594f366b545507bafb22751e15a0e78e152e7cdef456dccb0bc9fc512faa18c90fb4ea5455a9535de89df987dea8a0fabce9a25c285d0c410d4b482
install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) diff --git a/lfs/pango b/lfs/pango index 19b5100591..016c3b0433 100644 --- a/lfs/pango +++ b/lfs/pango @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.50.13 +VER = 1.52.0
THISAPP = pango-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8524d5ff478137e6f3795aff8428a8bc864d72338d93c579c039c94eba368526d38f999b7a9b1964e3649d748393dbe2fffaa29a11732df5bd0adff010d79e05 +$(DL_FILE)_BLAKE2 = 3b90c1b104fc2624d0d3c5f35262dc6718f7d795a8932ee6d674ab107c12896f9fced16e9eaa1028db1e92833a108d9d608741df17c0a3aaa7fdf43a6b68e754
install : $(TARGET)
diff --git a/lfs/pciutils b/lfs/pciutils index eb9a0b2d7e..bb06ba0298 100644 --- a/lfs/pciutils +++ b/lfs/pciutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.10.0 +VER = 3.11.1
THISAPP = pciutils-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2e1255eb5508c9d1339f5bc772c2592a03cae4d8d097e8939748c9bb5d5d949be53d705d1b7d903f7ea88b2abeea91e39de16e39d2f46f0a1f62f8a9e32c6faa +$(DL_FILE)_BLAKE2 = 447d0e3fa209d2d27a0310a5824a75b543b539c459caed23e9218f4ff3f9a3c2a99c65dd5ddf92a56c2b880ecfaeff6f3edc458c3e5973a1a4937325740915ac
install : $(TARGET)
diff --git a/lfs/pixman b/lfs/pixman index a1f362febe..8b4644757d 100644 --- a/lfs/pixman +++ b/lfs/pixman @@ -24,7 +24,7 @@
include Config
-VER = 0.43.0 +VER = 0.43.4
THISAPP = pixman-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1a807d4d5598a5fe6077d6bbc7786cba41a698a1f03801cc5367ade8707500ee215a0faf65afe85f9e040b0380f1074c2fdfd31c0805dc41a4e5e34e36416764 +$(DL_FILE)_BLAKE2 = c31e5700bfadcd72f522af50509a4a6cd7bbf90c918c75b108e50246f1c76e858125138902a222040ada192710ec788deb43eb65085416f3eff88e3ed970933e
install : $(TARGET)
diff --git a/lfs/poppler b/lfs/poppler index 03838d09a2..27b06c5ea1 100644 --- a/lfs/poppler +++ b/lfs/poppler @@ -24,7 +24,7 @@
include Config
-VER = 24.01.0 +VER = 24.03.0
THISAPP = poppler-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 16c87a4338c73fcccfac3ac477807a7f96c8e95e68efff484d9d544da10815972f20d40f71091c6092913d82b205ca0d1bd25acbaba79277e1a1bf19ba397e6d +$(DL_FILE)_BLAKE2 = 34cd3b64b1fbee53727d99bf73a896331c15d816ea77aa678a9ebe4bc6ddf8c859ae004915aba36346dbcb13862d7d6670562e45d99888d444c523d83c90b58a
install : $(TARGET)
diff --git a/lfs/qpdf b/lfs/qpdf index b91ca693f5..fabb4565b5 100644 --- a/lfs/qpdf +++ b/lfs/qpdf @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 11.7.0 +VER = 11.9.0
THISAPP = qpdf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aa10e154899a7fd53d696b9521cc8a44d4a336094711ddc2a506dac8841ae12ce5bcd604555725d2b6bae3c63a6a3f6ef0e9ab6baf38dd3d7fa71507234378a3 +$(DL_FILE)_BLAKE2 = 3f79bef4b8d276cb73db1a08eb72cc67dec803c942c5e6f5322ecfc2fb017c7169aebb6b0790f1789970c86f4c8790465d0315ff8b355dd7e395a02192a605cb
install : $(TARGET)
diff --git a/lfs/samba b/lfs/samba index 7ebac8ded2..76088abfad 100644 --- a/lfs/samba +++ b/lfs/samba @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.19.3 +VER = 4.19.5 SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 98 +PAK_VER = 99
DEPS = avahi cups perl-Parse-Yapp perl-JSON
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f83af3b50d795bdc4a250fe96040721150acc3b8effddd473e3cfa3ef6eeec99928b1307a18a472be45049e1d0b74650b9f6dd4bf5c434277c94ab88cb493b3b +$(DL_FILE)_BLAKE2 = 0f0081380ad459cca914e5e4cf505a4783ce97f0fb8c0471a6e558c747c16b0b327e545358265f365599c3807540985bcddb68aa67d14136cee4dbcb5158090c
install : $(TARGET)
diff --git a/lfs/sdl2 b/lfs/sdl2 index 51d7de8cc1..de7a5e7365 100644 --- a/lfs/sdl2 +++ b/lfs/sdl2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.28.5 +VER = 2.30.1 SUMMARY = Simple DirectMedia Layer Library
THISAPP = SDL2-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = sdl2 -PAK_VER = 14 +PAK_VER = 15
DEPS = alsa
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c96481bc02af6b6d077247238f7e46b0e3ec216664584add29cafb0a91d06dc6ddc637a01519dbd7182d4fa59cfaf26ad6733f72583021cf65849416f9c4b698 +$(DL_FILE)_BLAKE2 = 5cc651bcb38a1a3989a966351074b1a77f511b5bef0d3c9aef06d67d89f1d0ee926f5cba4bf2d45be28bb3f1e9da9b3f17a85f094c8547586072b24ee342777d
install : $(TARGET)
diff --git a/lfs/shadow b/lfs/shadow index a3495474aa..46b716c27d 100644 --- a/lfs/shadow +++ b/lfs/shadow @@ -24,7 +24,7 @@
include Config
-VER = 4.14.3 +VER = 4.15.0
THISAPP = shadow-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6707cae41a0f8478cadd94ea5eaba95cdc6b1b23896b8dd903c62c931839a82b0538f04f8c12433f148da5b23c12a033963380be81f6fc97fa0e3f9399e51b21 +$(DL_FILE)_BLAKE2 = 1a7594c6f93d1c8cad8caa574cdcda60a48d7c001c9ad48e540b26763d9a1cd7fba9501a0a451a5a64889dd6c0cbcf4d026fc72a7ee5a3ee682931bfe7e1b391
install : $(TARGET)
diff --git a/lfs/sqlite b/lfs/sqlite index 0ad87a0824..922b303b78 100644 --- a/lfs/sqlite +++ b/lfs/sqlite @@ -24,7 +24,7 @@
include Config
-VER = 3450100 +VER = 3450200
THISAPP = sqlite-autoconf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2725faccde5b964b3c037ae0f885b3461c01619e6c086e53f53cc1ecf7e75a46dd1ac4bec4803bc149014d158976607d195993e5d925b723284512a880010bf5 +$(DL_FILE)_BLAKE2 = 7bc225167a6792a35c2e7a324fe9bff1a1540a01b0fd04197d023f113a368ba6034235045281c7653abdd2ea67aa10a5ed19b024d1d25bdb7232533e25dfb991
install : $(TARGET)
diff --git a/lfs/squid b/lfs/squid index 3a2d1039c4..882a8842ed 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 6.7 +VER = 6.8
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f91b0f617b6b32138c33575d5daec0bc6dfcb0d356939b6c01e9d4c33b77886ffb55c38678f31aeed9bf4d5d5e488c751d41098b846a956383c8b6db8c851cab +$(DL_FILE)_BLAKE2 = 771de358d395a6b4bb5d94b02325755d1ba891c24f2cc1bdc80d91a73467a475c2cb7f0e1c24aed2f714c0de38858a24ac3864a5b772b6828beeb014da827d9d
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata index fbad896722..e8729e3689 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.0.16 +VER = 7.0.3
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 831d18072b52bfdd8379ac43a99b1660e575b04a805034371c1341f7fb4875f1b110d2f35bbf7eb7834f2b6b44cafdb939b32dbc50b43c4657277fa24c4dd3f4 +$(DL_FILE)_BLAKE2 = b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb
install : $(TARGET)
@@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ diff --git a/lfs/tcl b/lfs/tcl index 3bfde88a2f..05cf99aa6b 100644 --- a/lfs/tcl +++ b/lfs/tcl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.6.13 +VER = 8.6.14
THISAPP = tcl$(VER) DL_FILE = $(THISAPP)-src.tar.gz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f7d895ee04bf2be2a327a957189a8a4400afae13d065163c4c7b6b5ee909bae2352114843d82d9475046eafd3d288da2c1649fe6285fdb26eb22f0b97e4227ab +$(DL_FILE)_BLAKE2 = 7089747a4d539b46e710ecb795aa3cd5576243862fae3cf8e6f0efb15681174881396c0147071dca18421d9d95eb35557b17d623f0f63383476fe882cef35a61
install : $(TARGET)
diff --git a/lfs/transmission b/lfs/transmission index 3b77a85e01..298c2a0e9f 100644 --- a/lfs/transmission +++ b/lfs/transmission @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = transmission -PAK_VER = 21 +PAK_VER = 22
DEPS =
diff --git a/lfs/unbound b/lfs/unbound index b852f75b9b..f09e76b1b9 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@
include Config
-VER = 1.19.1 +VER = 1.19.3
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f9192434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012 +$(DL_FILE)_BLAKE2 = 5d9cbc26510afc2b92ecce6307cd9924a1b450892f7839f076535177ab35f78059d271e628e2aa995b62f5cf97add2363561a819d6e0181beb6b44421661d8f0
install : $(TARGET)
diff --git a/lfs/util-linux b/lfs/util-linux index 3252f8f465..d99ded13fe 100644 --- a/lfs/util-linux +++ b/lfs/util-linux @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.39.2 +VER = 2.39.3
THISAPP = util-linux-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 963c257b86f8a025a3452f102656f479382b9e03dd8ce39b9561302b484c595005aa0bbce9b91422d9be038037143772483363c2a1eec569355316fc8d5d5765 +$(DL_FILE)_BLAKE2 = cd7b2b3c820e920d4a6ecd46fd807e018fc8e54439292f5e62c5f6863dd0f2505df3ec02c470d9be255a437c6ee8e4077908ac78d19a0d1273854d99eb571df0
install : $(TARGET)
diff --git a/lfs/vdr b/lfs/vdr index eb761123d1..41dd4e92dd 100644 --- a/lfs/vdr +++ b/lfs/vdr @@ -39,7 +39,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr -PAK_VER = 16 +PAK_VER = 17
DEPS = vdr_streamdev
diff --git a/lfs/vim b/lfs/vim index ea52c8e73f..19f6ec10a7 100644 --- a/lfs/vim +++ b/lfs/vim @@ -32,6 +32,10 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/vim90 TARGET = $(DIR_INFO)/$(THISAPP)
+# vim tries to build itself with FORTIFY_SOURCE=1 and is not very good at +# filtering out any CFLAGS that might change that. So we do this ourselves. +CFLAGS := $(filter-out -Wp$(COMMA)-U_FORTIFY_SOURCE,$(CFLAGS)) + ############################################################################### # Top-level Rules ############################################################################### diff --git a/lfs/wget b/lfs/wget index 670a937205..5bb650e9bf 100644 --- a/lfs/wget +++ b/lfs/wget @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.21.4 +VER = 1.24.5
THISAPP = wget-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ced6fb9a20343d41e4d8e0c8f171c60535847504fa4c32abc81d104a1594dc7b7c97b5b301836e31dacc7a0f2155c0a2e70e42ff60dc3fa471deb1dad33ba736 +$(DL_FILE)_BLAKE2 = d33274d599f91384c2a7db0b145ec6b315cf87cbbd02026d686a79220e3f15ca9ad0f9d8b507895f6c8486b7ac2ae5fa5c9ea010e883b6eec68d3aba038b02de
install : $(TARGET)
diff --git a/lfs/whois b/lfs/whois index fc2b99b6ea..2bda1fcc96 100644 --- a/lfs/whois +++ b/lfs/whois @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.5.18 +VER = 5.5.21
THISAPP = whois-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 86809c2bd7175947191f1b516702e62dcb8ad1ee7bb65091a598ba7c5501e628886245d1f61ce141de869c923cfe67247038b61d6e8875c7c6c712c6a61fa119 +$(DL_FILE)_BLAKE2 = b1cf42f1a60e5009e5882f154432d5974f45c1bf89d8b36b73f6e5f55ff2dba02e8ca7900926d2824200f5422d5e9f00abde524d4e2d8a25ba37376cc2e8d04a
install : $(TARGET)
diff --git a/lfs/wsdd b/lfs/wsdd new file mode 100644 index 0000000000..aa65e47ef0 --- /dev/null +++ b/lfs/wsdd @@ -0,0 +1,89 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 +SUMMARY = A Web Service Discovery host daemon. + +THISAPP = wsdd-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = wsdd +PAK_VER = 1 + +DEPS = + +SERVICES = wsdd + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd + + #install initscripts + $(call INSTALL_INITSCRIPTS,$(SERVICES)) + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/xz b/lfs/xz index e0b905a221..cbec430d4e 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.4.6 +VER = 5.6.1
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d609590f1e9f13404988050e1bfdc623b996794b603cf2e39d2fd592be1967c97d8beaba9196eae4a0d448a432b1d7499986b7f669e736b65ec67590a04af9f7 +$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925
install : $(TARGET)
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 0033d9a2c2..5f274c3098 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 6.0.22 +VER = 6.0.27
THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 11 +PAK_VER = 12
DEPS = fping
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bba7911a24b00827c58d84938b5786d07f1eb44cbcad94cddf68b484ac9a2f514beb60225d006b8cefc5bbf92e51da27f26d9f6681e10f6322ed0841394e8d9d +$(DL_FILE)_BLAKE2 = 793bb887bd8f0d3c2f3d15a4ed9bb5b1fcfb13fcf80ea077672744a1bd8524e213eaf53291e0f9eecb9eb055fee6f1e29e91f890b54698906beac21ca54db4e9
install : $(TARGET)
@@ -110,6 +110,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ipfire.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf + + # Install IPFire-specific Zabbix Agent scripts + -mkdir -pv /var/ipfire/zabbix_agentd/scripts + install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_certificate_detail.sh \ + /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
# Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix diff --git a/make.sh b/make.sh index 6178b46cb7..64dbef5c4b 100755 --- a/make.sh +++ b/make.sh @@ -23,7 +23,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.29" # Version number -CORE="184" # Core Level (Filename) +CORE="185" # Core Level (Filename) SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir MAX_RETRIES=1 # prefetch/check loop @@ -35,7 +35,7 @@ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" # Git Branch GIT_TAG="$(git tag | tail -1)" # Git Tag GIT_LASTCOMMIT="$(git rev-parse --verify HEAD)" # Last commit
-TOOLCHAINVER=20231206 +TOOLCHAINVER=20240210
# use multicore and max compression ZSTD_OPT="-T0 --ultra -22" @@ -182,9 +182,9 @@ configure_build() { TOOLS_DIR="/tools_${BUILD_ARCH}"
# Enables hardening - HARDENING_CFLAGS="-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection" + HARDENING_CFLAGS="-Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection"
- CFLAGS="-O2 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}" + CFLAGS="-O2 -g0 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}" CXXFLAGS="${CFLAGS}"
RUSTFLAGS="-Copt-level=3 -Clink-arg=-Wl,-z,relro,-z,now -Ccodegen-units=1 --cap-lints=warn ${RUSTFLAGS_ARCH}" @@ -1711,6 +1711,7 @@ buildipfire() { lfsmake2 perl-URI-Encode lfsmake2 rsnapshot lfsmake2 mympd + lfsmake2 wsdd
# Kernelbuild ... current we have no platform that need # multi kernel builds so KCFG is empty diff --git a/src/initscripts/packages/mpd b/src/initscripts/packages/mpd index 977001140e..d42c0c5495 100644 --- a/src/initscripts/packages/mpd +++ b/src/initscripts/packages/mpd @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@ case "$1" in start) boot_mesg "Starting MPD..." - chown -R root.nobody /var/ipfire/mpfire/db + chown -R root.nobody /var/ipfire/mpd/db /bin/nice --5 /usr/bin/mpd evaluate_retval ;; diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd new file mode 100644 index 0000000000..68e8f3de00 --- /dev/null +++ b/src/initscripts/packages/wsdd @@ -0,0 +1,78 @@ +#!/bin/sh +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /etc/sysconfig/rc +. $rc_functions + +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + +PIDFILE="/var/run/wsdd.pid" + +case "$1" in + start) + ARGS=( + # Launch as non-privileged user + "--user" "wsdd:wsdd" + + # Launch in chroot + "--chroot" "/var/run/wsdd" + + # Only use IPv4 + "--ipv4only" + + # Configure the workgroup + "--workgroup" "$(testparm -s --parameter-name workgroup 2>/dev/null)" + ) + + # Conditionally add the GREEN/BLUE interface + for intf in GREEN_DEV BLUE_DEV; do + if [ -n "${!intf}" ]; then + ARGS+=( "--interface" "${!intf}" ) + fi + done + + # Create chroot directory for wsdd + mkdir -p /var/run/wsdd + + boot_mesg "Starting Web Service Discovery Host Daemon..." + loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" + ;; + + stop) + boot_mesg "Stopping Web Service Discovery Host Daemon..." + killproc -p "${PIDFILE}" /usr/bin/wsdd + ;; + + status) + statusproc /usr/bin/wsdd + ;; + + restart) + $0 stop + $0 start + ;; + + *) + echo "Usage: $0 (start|stop|status|restart)" + exit 1 + ;; +esac + diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 6f53a941ba..5a26aef45f 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -407,7 +407,7 @@ pidofproc() # This will ensure compatibility with previous LFS Bootscripts getpids() { - if [ -z "${PIDFILE}" ]; then + if [ -n "${PIDFILE}" ]; then pidofproc -s -p "${PIDFILE}" $@ else pidofproc -s $@ @@ -446,6 +446,7 @@ loadproc() local pidfile="" local forcestart="" local nicelevel="" + local pid
# This will ensure compatibility with previous LFS Bootscripts if [ -n "${PIDFILE}" ]; then @@ -521,12 +522,19 @@ loadproc() ( ${cmd} &>/dev/null ) & + pid="$!" evaluate_retval else ${cmd} + pid="$!" evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts fi
+ # Write the pidfile + if [ -n "${pid}" -a -n "${pidfile}" ]; then + echo "${pid}" > "${pidfile}" + fi + return 0 }
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 04e43fbce0..24d9256380 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -288,7 +288,7 @@ fix_time_if_dns_fails() { fi
# Try to sync time with a known time server - boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..." + boot_mesg "DNS not functioning... Trying to sync time with time.ipfire.org (81.3.27.46)..." loadproc /usr/local/bin/settime 81.3.27.46 }
diff --git a/src/installer/dracut-module/70-dhcpcd.exe b/src/installer/dracut-module/70-dhcpcd.exe index d801c8adad..b9693198d9 100755 --- a/src/installer/dracut-module/70-dhcpcd.exe +++ b/src/installer/dracut-module/70-dhcpcd.exe @@ -48,7 +48,7 @@ case "${reason}" in make_resolvconf
# Set time - ntpdate "ntp.ipfire.org" + ntpdate "time.ipfire.org" ;;
EXPIRE|FAIL|IPV4LL|NAK|NOCARRIER|RELEASE|STOP) diff --git a/src/paks/alsa/update.sh b/src/paks/alsa/update.sh index 14cf836b2d..6ea2cdbb25 100644 --- a/src/paks/alsa/update.sh +++ b/src/paks/alsa/update.sh @@ -22,8 +22,19 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh -mv /etc/asound.state /tmp + +# Backup /etc/asound.state +if [ -e "/etc/asound.state" ]; then + mv /etc/asound.state /tmp/asound.state +fi + extract_backup_includes ./uninstall.sh ./install.sh -mv /tmp/asound.state /etc + +# Restore asound.state +if [ -e "/tmp/asound.state" ]; then + mv /tmp/asound.state /etc/asound.state +fi + +exit 0 diff --git a/src/paks/mpd/install.sh b/src/paks/mpd/install.sh new file mode 100644 index 0000000000..5dd0aacb9f --- /dev/null +++ b/src/paks/mpd/install.sh @@ -0,0 +1,32 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +ln -svf /etc/init.d/mpd /etc/rc.d/rc3.d/S65mpd +ln -svf /etc/init.d/mpd /etc/rc.d/rc0.d/K35mpd +ln -svf /etc/init.d/mpd /etc/rc.d/rc6.d/K35mpd +ln -svf /var/ipfire/mpd/mpd.conf /etc/mpd.conf +touch /var/log/mpd.log +restore_backup ${NAME} +/etc/init.d/mpd restart diff --git a/src/paks/mpd/uninstall.sh b/src/paks/mpd/uninstall.sh new file mode 100644 index 0000000000..7b86ae393d --- /dev/null +++ b/src/paks/mpd/uninstall.sh @@ -0,0 +1,28 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/etc/init.d/mpd stop +make_backup ${NAME} +remove_files +rm -f /etc/rc.d/rc*.d/???mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf diff --git a/src/paks/mpd/update.sh b/src/paks/mpd/update.sh new file mode 100644 index 0000000000..31d1d77cc5 --- /dev/null +++ b/src/paks/mpd/update.sh @@ -0,0 +1,27 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_backup_includes +./uninstall.sh +./install.sh diff --git a/src/paks/mpfire/install.sh b/src/paks/mpfire/install.sh index f8f833de96..541a25ca2e 100644 --- a/src/paks/mpfire/install.sh +++ b/src/paks/mpfire/install.sh @@ -17,20 +17,11 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007-2011 IPFire-Team info@ipfire.org. # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # # # ############################################################################ # . /opt/pakfire/lib/functions.sh extract_files -ln -svf /etc/init.d/mpd /etc/rc.d/rc3.d/S65mpd -ln -svf /etc/init.d/mpd /etc/rc.d/rc0.d/K35mpd -ln -svf /etc/init.d/mpd /etc/rc.d/rc6.d/K35mpd -ln -svf /var/ipfire/mpfire/mpd.conf /etc/mpd.conf chmod 755 /srv/web/ipfire/html/images/mpfire -touch /var/log/mpd.log restore_backup ${NAME} -# comment removed option from config -sed -i -e "s|^error_file|#error_file|g" /var/ipfire/mpfire/mpd.conf -# -/etc/init.d/mpd start diff --git a/src/paks/mpfire/uninstall.sh b/src/paks/mpfire/uninstall.sh index 7dec707ee2..ed7e6a821c 100644 --- a/src/paks/mpfire/uninstall.sh +++ b/src/paks/mpfire/uninstall.sh @@ -17,12 +17,10 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # # # ############################################################################ # . /opt/pakfire/lib/functions.sh -/etc/init.d/mpd stop make_backup ${NAME} remove_files -rm -f /etc/rc.d/rc*.d/???mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf diff --git a/src/paks/mpfire/update.sh b/src/paks/mpfire/update.sh index 99776659c3..31d1d77cc5 100644 --- a/src/paks/mpfire/update.sh +++ b/src/paks/mpfire/update.sh @@ -17,7 +17,7 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007-2020 IPFire-Team info@ipfire.org. # +# Copyright (C) 2007-2024 IPFire-Team info@ipfire.org. # # # ############################################################################ # diff --git a/src/paks/mympd/install.sh b/src/paks/mympd/install.sh index 529f415e61..9c154b5b42 100644 --- a/src/paks/mympd/install.sh +++ b/src/paks/mympd/install.sh @@ -29,5 +29,6 @@ ln -svf /etc/init.d/mympd /etc/rc.d/rc6.d/K34mympd restore_backup ${NAME} # create/check config /usr/bin/mympd -u nobody -c -# start service +# start services +/etc/init.d/mpd restart /etc/init.d/mympd start diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh new file mode 100644 index 0000000000..181b84eb99 --- /dev/null +++ b/src/paks/wsdd/install.sh @@ -0,0 +1,40 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh + +# If the wsdd user does not exist yet, then create it and add to wsdd group. +if ! getent user wsdd >/dev/null; then + useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd + usermod -a -G wsdd wsdd +fi + +extract_files +restore_backup ${NAME} + +# Create startlinks +ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd +ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd +ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd +start_service ${NAME} +exit 0 diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh new file mode 100644 index 0000000000..4c52ee281e --- /dev/null +++ b/src/paks/wsdd/uninstall.sh @@ -0,0 +1,30 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} +remove_files +# Remove all start links. +rm -rf /etc/rc.d/rc*.d/*wsdd +exit 0 diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh new file mode 100644 index 0000000000..99776659c3 --- /dev/null +++ b/src/paks/wsdd/update.sh @@ -0,0 +1,27 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2020 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_backup_includes +./uninstall.sh +./install.sh diff --git a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch b/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch deleted file mode 100644 index b78a5a8844..0000000000 --- a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d97cca1e5df812be0e4de1e38091f02bb1e7ec4e Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Tue, 1 Aug 2023 10:27:15 +0200 -Subject: [PATCH 01/44] stdlib: Improve tst-realpath compatibility with source - fortification - -On GCC before 11, IPA can make the fortified realpath aware that the -buffer size is not large enough (8 bytes instead of PATH_MAX bytes). -Fix this by using a buffer that is large enough. - -(cherry picked from commit 510fc20d73de12c85823d9996faac74666e9c2e7) ---- - stdlib/tst-realpath.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/stdlib/tst-realpath.c b/stdlib/tst-realpath.c -index f325c95a44..3694ecd8af 100644 ---- a/stdlib/tst-realpath.c -+++ b/stdlib/tst-realpath.c -@@ -24,6 +24,7 @@ - License along with the GNU C Library; if not, see - https://www.gnu.org/licenses/. */ - -+#include <limits.h> - #include <stdio.h> - #include <stdlib.h> - #include <malloc.h> -@@ -50,7 +51,11 @@ void dealloc (void *p) - - char* alloc (void) - { -- return (char *)malloc (8); -+#ifdef PATH_MAX -+ return (char *)malloc (PATH_MAX); -+#else -+ return (char *)malloc (4096); -+#endif - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch b/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch deleted file mode 100644 index 3b5917d25a..0000000000 --- a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch +++ /dev/null @@ -1,286 +0,0 @@ -From ced101ed9d3b7cfd12d97ef24940cb00b8658c81 Mon Sep 17 00:00:00 2001 -From: Sajan Karumanchi sajan.karumanchi@amd.com -Date: Tue, 1 Aug 2023 15:20:55 +0000 -Subject: [PATCH 02/44] x86: Fix for cache computation on AMD legacy cpus. - -Some legacy AMD CPUs and hypervisors have the _cpuid_ '0x8000_001D' -set to Zero, thus resulting in zeroed-out computed cache values. -This patch reintroduces the old way of cache computation as a -fail-safe option to handle these exceptions. -Fixed 'level4_cache_size' value through handle_amd(). - -Reviewed-by: Premachandra Mallappa premachandra.mallappa@amd.com -Tested-by: Florian Weimer fweimer@redhat.com ---- - sysdeps/x86/dl-cacheinfo.h | 226 ++++++++++++++++++++++++++++++++----- - 1 file changed, 199 insertions(+), 27 deletions(-) - -diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h -index cd4d0351ae..285773039f 100644 ---- a/sysdeps/x86/dl-cacheinfo.h -+++ b/sysdeps/x86/dl-cacheinfo.h -@@ -315,40 +315,206 @@ handle_amd (int name) - { - unsigned int eax; - unsigned int ebx; -- unsigned int ecx; -+ unsigned int ecx = 0; - unsigned int edx; -- unsigned int count = 0x1; -+ unsigned int max_cpuid = 0; -+ unsigned int fn = 0; - - /* No level 4 cache (yet). */ - if (name > _SC_LEVEL3_CACHE_LINESIZE) - return 0; - -- if (name >= _SC_LEVEL3_CACHE_SIZE) -- count = 0x3; -- else if (name >= _SC_LEVEL2_CACHE_SIZE) -- count = 0x2; -- else if (name >= _SC_LEVEL1_DCACHE_SIZE) -- count = 0x0; -+ __cpuid (0x80000000, max_cpuid, ebx, ecx, edx); -+ -+ if (max_cpuid >= 0x8000001D) -+ /* Use __cpuid__ '0x8000_001D' to compute cache details. */ -+ { -+ unsigned int count = 0x1; -+ -+ if (name >= _SC_LEVEL3_CACHE_SIZE) -+ count = 0x3; -+ else if (name >= _SC_LEVEL2_CACHE_SIZE) -+ count = 0x2; -+ else if (name >= _SC_LEVEL1_DCACHE_SIZE) -+ count = 0x0; -+ -+ __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx); -+ -+ if (ecx != 0) -+ { -+ switch (name) -+ { -+ case _SC_LEVEL1_ICACHE_ASSOC: -+ case _SC_LEVEL1_DCACHE_ASSOC: -+ case _SC_LEVEL2_CACHE_ASSOC: -+ case _SC_LEVEL3_CACHE_ASSOC: -+ return ((ebx >> 22) & 0x3ff) + 1; -+ case _SC_LEVEL1_ICACHE_LINESIZE: -+ case _SC_LEVEL1_DCACHE_LINESIZE: -+ case _SC_LEVEL2_CACHE_LINESIZE: -+ case _SC_LEVEL3_CACHE_LINESIZE: -+ return (ebx & 0xfff) + 1; -+ case _SC_LEVEL1_ICACHE_SIZE: -+ case _SC_LEVEL1_DCACHE_SIZE: -+ case _SC_LEVEL2_CACHE_SIZE: -+ case _SC_LEVEL3_CACHE_SIZE: -+ return (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1); -+ default: -+ __builtin_unreachable (); -+ } -+ return -1; -+ } -+ } -+ -+ /* Legacy cache computation for CPUs prior to Bulldozer family. -+ This is also a fail-safe mechanism for some hypervisors that -+ accidentally configure __cpuid__ '0x8000_001D' to Zero. */ - -- __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx); -+ fn = 0x80000005 + (name >= _SC_LEVEL2_CACHE_SIZE); -+ -+ if (max_cpuid < fn) -+ return 0; -+ -+ __cpuid (fn, eax, ebx, ecx, edx); -+ -+ if (name < _SC_LEVEL1_DCACHE_SIZE) -+ { -+ name += _SC_LEVEL1_DCACHE_SIZE - _SC_LEVEL1_ICACHE_SIZE; -+ ecx = edx; -+ } - - switch (name) - { -- case _SC_LEVEL1_ICACHE_ASSOC: -- case _SC_LEVEL1_DCACHE_ASSOC: -- case _SC_LEVEL2_CACHE_ASSOC: -+ case _SC_LEVEL1_DCACHE_SIZE: -+ return (ecx >> 14) & 0x3fc00; -+ -+ case _SC_LEVEL1_DCACHE_ASSOC: -+ ecx >>= 16; -+ if ((ecx & 0xff) == 0xff) -+ { -+ /* Fully associative. */ -+ return (ecx << 2) & 0x3fc00; -+ } -+ return ecx & 0xff; -+ -+ case _SC_LEVEL1_DCACHE_LINESIZE: -+ return ecx & 0xff; -+ -+ case _SC_LEVEL2_CACHE_SIZE: -+ return (ecx & 0xf000) == 0 ? 0 : (ecx >> 6) & 0x3fffc00; -+ -+ case _SC_LEVEL2_CACHE_ASSOC: -+ switch ((ecx >> 12) & 0xf) -+ { -+ case 0: -+ case 1: -+ case 2: -+ case 4: -+ return (ecx >> 12) & 0xf; -+ case 6: -+ return 8; -+ case 8: -+ return 16; -+ case 10: -+ return 32; -+ case 11: -+ return 48; -+ case 12: -+ return 64; -+ case 13: -+ return 96; -+ case 14: -+ return 128; -+ case 15: -+ return ((ecx >> 6) & 0x3fffc00) / (ecx & 0xff); -+ default: -+ return 0; -+ } -+ -+ case _SC_LEVEL2_CACHE_LINESIZE: -+ return (ecx & 0xf000) == 0 ? 0 : ecx & 0xff; -+ -+ case _SC_LEVEL3_CACHE_SIZE: -+ { -+ long int total_l3_cache = 0, l3_cache_per_thread = 0; -+ unsigned int threads = 0; -+ const struct cpu_features *cpu_features; -+ -+ if ((edx & 0xf000) == 0) -+ return 0; -+ -+ total_l3_cache = (edx & 0x3ffc0000) << 1; -+ cpu_features = __get_cpu_features (); -+ -+ /* Figure out the number of logical threads that share L3. */ -+ if (max_cpuid >= 0x80000008) -+ { -+ /* Get width of APIC ID. */ -+ __cpuid (0x80000008, eax, ebx, ecx, edx); -+ threads = (ecx & 0xff) + 1; -+ } -+ -+ if (threads == 0) -+ { -+ /* If APIC ID width is not available, use logical -+ processor count. */ -+ __cpuid (0x00000001, eax, ebx, ecx, edx); -+ if ((edx & (1 << 28)) != 0) -+ threads = (ebx >> 16) & 0xff; -+ } -+ -+ /* Cap usage of highest cache level to the number of -+ supported threads. */ -+ if (threads > 0) -+ l3_cache_per_thread = total_l3_cache/threads; -+ -+ /* Get shared cache per ccx for Zen architectures. */ -+ if (cpu_features->basic.family >= 0x17) -+ { -+ long int l3_cache_per_ccx = 0; -+ /* Get number of threads share the L3 cache in CCX. */ -+ __cpuid_count (0x8000001D, 0x3, eax, ebx, ecx, edx); -+ unsigned int threads_per_ccx = ((eax >> 14) & 0xfff) + 1; -+ l3_cache_per_ccx = l3_cache_per_thread * threads_per_ccx; -+ return l3_cache_per_ccx; -+ } -+ else -+ { -+ return l3_cache_per_thread; -+ } -+ } -+ - case _SC_LEVEL3_CACHE_ASSOC: -- return ecx ? ((ebx >> 22) & 0x3ff) + 1 : 0; -- case _SC_LEVEL1_ICACHE_LINESIZE: -- case _SC_LEVEL1_DCACHE_LINESIZE: -- case _SC_LEVEL2_CACHE_LINESIZE: -+ switch ((edx >> 12) & 0xf) -+ { -+ case 0: -+ case 1: -+ case 2: -+ case 4: -+ return (edx >> 12) & 0xf; -+ case 6: -+ return 8; -+ case 8: -+ return 16; -+ case 10: -+ return 32; -+ case 11: -+ return 48; -+ case 12: -+ return 64; -+ case 13: -+ return 96; -+ case 14: -+ return 128; -+ case 15: -+ return ((edx & 0x3ffc0000) << 1) / (edx & 0xff); -+ default: -+ return 0; -+ } -+ - case _SC_LEVEL3_CACHE_LINESIZE: -- return ecx ? (ebx & 0xfff) + 1 : 0; -- case _SC_LEVEL1_ICACHE_SIZE: -- case _SC_LEVEL1_DCACHE_SIZE: -- case _SC_LEVEL2_CACHE_SIZE: -- case _SC_LEVEL3_CACHE_SIZE: -- return ecx ? (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1): 0; -+ return (edx & 0xf000) == 0 ? 0 : edx & 0xff; -+ - default: - __builtin_unreachable (); - } -@@ -703,7 +869,6 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) - data = handle_amd (_SC_LEVEL1_DCACHE_SIZE); - core = handle_amd (_SC_LEVEL2_CACHE_SIZE); - shared = handle_amd (_SC_LEVEL3_CACHE_SIZE); -- shared_per_thread = shared; - - level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE); - level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE); -@@ -716,13 +881,20 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) - level3_cache_size = shared; - level3_cache_assoc = handle_amd (_SC_LEVEL3_CACHE_ASSOC); - level3_cache_linesize = handle_amd (_SC_LEVEL3_CACHE_LINESIZE); -+ level4_cache_size = handle_amd (_SC_LEVEL4_CACHE_SIZE); - - if (shared <= 0) -- /* No shared L3 cache. All we have is the L2 cache. */ -- shared = core; -+ { -+ /* No shared L3 cache. All we have is the L2 cache. */ -+ shared = core; -+ } -+ else if (cpu_features->basic.family < 0x17) -+ { -+ /* Account for exclusive L2 and L3 caches. */ -+ shared += core; -+ } - -- if (shared_per_thread <= 0) -- shared_per_thread = shared; -+ shared_per_thread = shared; - } - - cpu_features->level1_icache_size = level1_icache_size; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch b/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch deleted file mode 100644 index 22a2cbdeff..0000000000 --- a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 6b99458d197ab779ebb6ff632c168e2cbfa4f543 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Fri, 11 Aug 2023 10:10:16 +0200 -Subject: [PATCH 03/44] nscd: Do not rebuild getaddrinfo (bug 30709) - -The nscd daemon caches hosts data from NSS modules verbatim, without -filtering protocol families or sorting them (otherwise separate caches -would be needed for certain ai_flags combinations). The cache -implementation is complete separate from the getaddrinfo code. This -means that rebuilding getaddrinfo is not needed. The only function -actually used is __bump_nl_timestamp from check_pf.c, and this change -moves it into nscd/connections.c. - -Tested on x86_64-linux-gnu with -fexceptions, built with -build-many-glibcs.py. I also backported this patch into a distribution -that still supports nscd and verified manually that caching still works. - -Reviewed-by: Siddhesh Poyarekar siddhesh@sourceware.org -(cherry picked from commit 039ff51ac7e02db1cfc0c23e38ac7bfbb00221d1) ---- - include/ifaddrs.h | 4 --- - inet/check_pf.c | 9 ------ - nscd/Makefile | 2 +- - nscd/connections.c | 11 +++++++ - nscd/gai.c | 50 ------------------------------ - sysdeps/unix/sysv/linux/check_pf.c | 17 +--------- - 6 files changed, 13 insertions(+), 80 deletions(-) - delete mode 100644 nscd/gai.c - -diff --git a/include/ifaddrs.h b/include/ifaddrs.h -index 416118f1b3..19a3afb19f 100644 ---- a/include/ifaddrs.h -+++ b/include/ifaddrs.h -@@ -34,9 +34,5 @@ extern void __check_native (uint32_t a1_index, int *a1_native, - uint32_t a2_index, int *a2_native) - attribute_hidden; - --#if IS_IN (nscd) --extern uint32_t __bump_nl_timestamp (void) attribute_hidden; --#endif -- - # endif /* !_ISOMAC */ - #endif /* ifaddrs.h */ -diff --git a/inet/check_pf.c b/inet/check_pf.c -index 5310c99121..6d1475920f 100644 ---- a/inet/check_pf.c -+++ b/inet/check_pf.c -@@ -60,12 +60,3 @@ __free_in6ai (struct in6addrinfo *in6ai) - { - /* Nothing to do. */ - } -- -- --#if IS_IN (nscd) --uint32_t --__bump_nl_timestamp (void) --{ -- return 0; --} --#endif -diff --git a/nscd/Makefile b/nscd/Makefile -index 2a0489f4cf..16b6460ee9 100644 ---- a/nscd/Makefile -+++ b/nscd/Makefile -@@ -35,7 +35,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \ - getgrnam_r getgrgid_r hstcache gethstbyad_r gethstbynm3_r \ - getsrvbynm_r getsrvbypt_r servicescache \ - dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \ -- xmalloc xstrdup aicache initgrcache gai res_hconf \ -+ xmalloc xstrdup aicache initgrcache res_hconf \ - netgroupcache cachedumper - - ifeq ($(build-nscd)$(have-thread-library),yesyes) -diff --git a/nscd/connections.c b/nscd/connections.c -index a405a44a9b..15693e5090 100644 ---- a/nscd/connections.c -+++ b/nscd/connections.c -@@ -256,6 +256,17 @@ int inotify_fd = -1; - #ifdef HAVE_NETLINK - /* Descriptor for netlink status updates. */ - static int nl_status_fd = -1; -+ -+static uint32_t -+__bump_nl_timestamp (void) -+{ -+ static uint32_t nl_timestamp; -+ -+ if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0) -+ atomic_fetch_add_relaxed (&nl_timestamp, 1); -+ -+ return nl_timestamp; -+} - #endif - - /* Number of times clients had to wait. */ -diff --git a/nscd/gai.c b/nscd/gai.c -deleted file mode 100644 -index e29f3fe583..0000000000 ---- a/nscd/gai.c -+++ /dev/null -@@ -1,50 +0,0 @@ --/* Copyright (C) 2004-2023 Free Software Foundation, Inc. -- This file is part of the GNU C Library. -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published -- by the Free Software Foundation; version 2 of the License, or -- (at your option) any later version. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, see https://www.gnu.org/licenses/. */ -- --#include <alloca.h> --#include <sys/stat.h> -- --/* This file uses the getaddrinfo code but it compiles it without NSCD -- support. We just need a few symbol renames. */ --#define __ioctl ioctl --#define __getsockname getsockname --#define __socket socket --#define __recvmsg recvmsg --#define __bind bind --#define __sendto sendto --#define __strchrnul strchrnul --#define __getline getline --#define __qsort_r qsort_r --/* nscd uses 1MB or 2MB thread stacks. */ --#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF) --#define __getifaddrs getifaddrs --#define __freeifaddrs freeifaddrs --#undef __fstat64 --#define __fstat64 fstat64 --#undef __stat64 --#define __stat64 stat64 -- --/* We are nscd, so we don't want to be talking to ourselves. */ --#undef USE_NSCD -- --#include <getaddrinfo.c> -- --/* Support code. */ --#include <check_pf.c> --#include <check_native.c> -- --/* Some variables normally defined in libc. */ --nss_action_list __nss_hosts_database attribute_hidden; -diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c -index 2b0b8b6368..3aa6a00348 100644 ---- a/sysdeps/unix/sysv/linux/check_pf.c -+++ b/sysdeps/unix/sysv/linux/check_pf.c -@@ -66,25 +66,10 @@ static struct cached_data *cache; - __libc_lock_define_initialized (static, lock); - - --#if IS_IN (nscd) --static uint32_t nl_timestamp; -- --uint32_t --__bump_nl_timestamp (void) --{ -- if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0) -- atomic_fetch_add_relaxed (&nl_timestamp, 1); -- -- return nl_timestamp; --} --#endif -- - static inline uint32_t - get_nl_timestamp (void) - { --#if IS_IN (nscd) -- return nl_timestamp; --#elif defined USE_NSCD -+#if defined USE_NSCD - return __nscd_get_nl_timestamp (); - #else - return 0; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch b/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch deleted file mode 100644 index e124662cb2..0000000000 --- a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5ea70cc02626d9b85f1570153873d8648a47bf95 Mon Sep 17 00:00:00 2001 -From: Noah Goldstein goldstein.w.n@gmail.com -Date: Thu, 10 Aug 2023 19:28:24 -0500 -Subject: [PATCH 04/44] x86: Fix incorrect scope of setting `shared_per_thread` - [BZ# 30745] - -The: - -``` - if (shared_per_thread > 0 && threads > 0) - shared_per_thread /= threads; -``` - -Code was accidentally moved to inside the else scope. This doesn't -match how it was previously (before af992e7abd). - -This patch fixes that by putting the division after the `else` block. - -(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede) ---- - sysdeps/x86/dl-cacheinfo.h | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h -index 285773039f..5ddb35c9d9 100644 ---- a/sysdeps/x86/dl-cacheinfo.h -+++ b/sysdeps/x86/dl-cacheinfo.h -@@ -770,11 +770,10 @@ get_common_cache_info (long int *shared_ptr, long int * shared_per_thread_ptr, u - level. */ - threads = ((cpu_features->features[CPUID_INDEX_1].cpuid.ebx >> 16) - & 0xff); -- -- /* Get per-thread size of highest level cache. */ -- if (shared_per_thread > 0 && threads > 0) -- shared_per_thread /= threads; - } -+ /* Get per-thread size of highest level cache. */ -+ if (shared_per_thread > 0 && threads > 0) -+ shared_per_thread /= threads; - } - - /* Account for non-inclusive L2 and L3 caches. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch b/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch deleted file mode 100644 index 3ee8410ebe..0000000000 --- a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 6135d50e44233d8c89ca788f78c669941ad09fb9 Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella adhemerval.zanella@linaro.org -Date: Tue, 8 Aug 2023 09:27:54 -0300 -Subject: [PATCH 05/44] x86_64: Fix build with --disable-multiarch (BZ 30721) - -With multiarch disabled, the default memmove implementation provides -the fortify routines for memcpy, mempcpy, and memmove. However, it -does not provide the internal hidden definitions used when building -with fortify enabled. The memset has a similar issue. - -Checked on x86_64-linux-gnu building with different options: -default and --disable-multi-arch plus default, --disable-default-pie, ---enable-fortify-source={2,3}, and --enable-fortify-source={2,3} -with --disable-default-pie. -Tested-by: Andreas K. Huettel dilfridge@gentoo.org -Reviewed-by: Siddhesh Poyarekar siddhesh@sourceware.org - -(cherry picked from commit 51cb52214fcd72849c640b12f5099ed3ac776181) ---- - sysdeps/x86_64/memcpy.S | 2 +- - sysdeps/x86_64/memmove.S | 3 +++ - sysdeps/x86_64/memset.S | 1 + - 3 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/x86_64/memcpy.S b/sysdeps/x86_64/memcpy.S -index d98500a78a..4922cba657 100644 ---- a/sysdeps/x86_64/memcpy.S -+++ b/sysdeps/x86_64/memcpy.S -@@ -1 +1 @@ --/* Implemented in memcpy.S. */ -+/* Implemented in memmove.S. */ -diff --git a/sysdeps/x86_64/memmove.S b/sysdeps/x86_64/memmove.S -index f0b84e3b52..c3c08165e1 100644 ---- a/sysdeps/x86_64/memmove.S -+++ b/sysdeps/x86_64/memmove.S -@@ -46,6 +46,9 @@ weak_alias (__mempcpy, mempcpy) - - #ifndef USE_MULTIARCH - libc_hidden_builtin_def (memmove) -+libc_hidden_builtin_def (__memmove_chk) -+libc_hidden_builtin_def (__memcpy_chk) -+libc_hidden_builtin_def (__mempcpy_chk) - # if defined SHARED && IS_IN (libc) - strong_alias (memmove, __memcpy) - libc_hidden_ver (memmove, memcpy) -diff --git a/sysdeps/x86_64/memset.S b/sysdeps/x86_64/memset.S -index 7c99df36db..c6df24e8de 100644 ---- a/sysdeps/x86_64/memset.S -+++ b/sysdeps/x86_64/memset.S -@@ -32,6 +32,7 @@ - #include "isa-default-impl.h" - - libc_hidden_builtin_def (memset) -+libc_hidden_builtin_def (__memset_chk) - - #if IS_IN (libc) - libc_hidden_def (__wmemset) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch b/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch deleted file mode 100644 index 925a31935a..0000000000 --- a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 7ac405a74c6069b0627dc2d8449a82a621f8ff06 Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella adhemerval.zanella@linaro.org -Date: Tue, 8 Aug 2023 09:27:55 -0300 -Subject: [PATCH 06/44] i686: Fix build with --disable-multiarch - -Since i686 provides the fortified wrappers for memcpy, mempcpy, -memmove, and memset on the same string implementation, the static -build tries to optimized it by not tying the fortified wrappers -to string routine (to avoid pulling the fortify function if -they are not required). - -Checked on i686-linux-gnu building with different option: -default and --disable-multi-arch plus default, --disable-default-pie, ---enable-fortify-source={2,3}, and --enable-fortify-source={2,3} -with --disable-default-pie. -Reviewed-by: Siddhesh Poyarekar siddhesh@sourceware.org - -(cherry picked from commit c73c96a4a1af1326df7f96eec58209e1e04066d8) ---- - sysdeps/i386/i686/memcpy.S | 2 +- - sysdeps/i386/i686/mempcpy.S | 2 +- - sysdeps/i386/i686/multiarch/memcpy_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/memmove_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/mempcpy_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/memset_chk.c | 2 ++ - 6 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S -index 9b48ec0ea1..b86af4aac9 100644 ---- a/sysdeps/i386/i686/memcpy.S -+++ b/sysdeps/i386/i686/memcpy.S -@@ -27,7 +27,7 @@ - #define LEN SRC+4 - - .text --#if defined PIC && IS_IN (libc) -+#if defined SHARED && IS_IN (libc) - ENTRY_CHK (__memcpy_chk) - movl 12(%esp), %eax - cmpl %eax, 16(%esp) -diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S -index 26f8501e7d..14d9dd681a 100644 ---- a/sysdeps/i386/i686/mempcpy.S -+++ b/sysdeps/i386/i686/mempcpy.S -@@ -27,7 +27,7 @@ - #define LEN SRC+4 - - .text --#if defined PIC && IS_IN (libc) -+#if defined SHARED && IS_IN (libc) - ENTRY_CHK (__mempcpy_chk) - movl 12(%esp), %eax - cmpl %eax, 16(%esp) -diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c -index ec945dc91f..c3a8aeaf18 100644 ---- a/sysdeps/i386/i686/multiarch/memcpy_chk.c -+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk, - __hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk); - # endif -+#else -+# include <debug/memcpy_chk.c> - #endif -diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c -index 55c7601d5d..070dde083a 100644 ---- a/sysdeps/i386/i686/multiarch/memmove_chk.c -+++ b/sysdeps/i386/i686/multiarch/memmove_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk, - __hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk); - # endif -+#else -+# include <debug/memmove_chk.c> - #endif -diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c -index 83569cf9d9..14360f1828 100644 ---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c -+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk, - __hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk); - # endif -+#else -+# include <debug/mempcpy_chk.c> - #endif -diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c -index 1a7503858d..8179ef7c0b 100644 ---- a/sysdeps/i386/i686/multiarch/memset_chk.c -+++ b/sysdeps/i386/i686/multiarch/memset_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memset_chk, __memset_chk, - __hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk); - # endif -+#else -+# include <debug/memset_chk.c> - #endif --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch b/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch deleted file mode 100644 index fa4a3704ad..0000000000 --- a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch +++ /dev/null @@ -1,301 +0,0 @@ -From 98c293c61f770b6b7a22f89a6ea81b711ecb1952 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Fri, 11 Aug 2023 11:18:17 +0200 -Subject: [PATCH 07/44] malloc: Enable merging of remainders in memalign (bug - 30723) - -Previously, calling _int_free from _int_memalign could put remainders -into the tcache or into fastbins, where they are invisible to the -low-level allocator. This results in missed merge opportunities -because once these freed chunks become available to the low-level -allocator, further memalign allocations (even of the same size are) -likely obstructing merges. - -Furthermore, during forwards merging in _int_memalign, do not -completely give up when the remainder is too small to serve as a -chunk on its own. We can still give it back if it can be merged -with the following unused chunk. This makes it more likely that -memalign calls in a loop achieve a compact memory layout, -independently of initial heap layout. - -Drop some useless (unsigned long) casts along the way, and tweak -the style to more closely match GNU on changed lines. - -Reviewed-by: DJ Delorie dj@redhat.com -(cherry picked from commit 542b1105852568c3ebc712225ae78b8c8ba31a78) ---- - malloc/malloc.c | 197 +++++++++++++++++++++++++++++------------------- - 1 file changed, 121 insertions(+), 76 deletions(-) - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index e2f1a615a4..948f9759af 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -1086,6 +1086,11 @@ typedef struct malloc_chunk* mchunkptr; - - static void* _int_malloc(mstate, size_t); - static void _int_free(mstate, mchunkptr, int); -+static void _int_free_merge_chunk (mstate, mchunkptr, INTERNAL_SIZE_T); -+static INTERNAL_SIZE_T _int_free_create_chunk (mstate, -+ mchunkptr, INTERNAL_SIZE_T, -+ mchunkptr, INTERNAL_SIZE_T); -+static void _int_free_maybe_consolidate (mstate, INTERNAL_SIZE_T); - static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T, - INTERNAL_SIZE_T); - static void* _int_memalign(mstate, size_t, size_t); -@@ -4637,31 +4642,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) - if (!have_lock) - __libc_lock_lock (av->mutex); - -- nextchunk = chunk_at_offset(p, size); -- -- /* Lightweight tests: check whether the block is already the -- top block. */ -- if (__glibc_unlikely (p == av->top)) -- malloc_printerr ("double free or corruption (top)"); -- /* Or whether the next chunk is beyond the boundaries of the arena. */ -- if (__builtin_expect (contiguous (av) -- && (char *) nextchunk -- >= ((char *) av->top + chunksize(av->top)), 0)) -- malloc_printerr ("double free or corruption (out)"); -- /* Or whether the block is actually not marked used. */ -- if (__glibc_unlikely (!prev_inuse(nextchunk))) -- malloc_printerr ("double free or corruption (!prev)"); -- -- nextsize = chunksize(nextchunk); -- if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) -- || __builtin_expect (nextsize >= av->system_mem, 0)) -- malloc_printerr ("free(): invalid next size (normal)"); -+ _int_free_merge_chunk (av, p, size); - -- free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); -+ if (!have_lock) -+ __libc_lock_unlock (av->mutex); -+ } -+ /* -+ If the chunk was allocated via mmap, release via munmap(). -+ */ -+ -+ else { -+ munmap_chunk (p); -+ } -+} -+ -+/* Try to merge chunk P of SIZE bytes with its neighbors. Put the -+ resulting chunk on the appropriate bin list. P must not be on a -+ bin list yet, and it can be in use. */ -+static void -+_int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size) -+{ -+ mchunkptr nextchunk = chunk_at_offset(p, size); -+ -+ /* Lightweight tests: check whether the block is already the -+ top block. */ -+ if (__glibc_unlikely (p == av->top)) -+ malloc_printerr ("double free or corruption (top)"); -+ /* Or whether the next chunk is beyond the boundaries of the arena. */ -+ if (__builtin_expect (contiguous (av) -+ && (char *) nextchunk -+ >= ((char *) av->top + chunksize(av->top)), 0)) -+ malloc_printerr ("double free or corruption (out)"); -+ /* Or whether the block is actually not marked used. */ -+ if (__glibc_unlikely (!prev_inuse(nextchunk))) -+ malloc_printerr ("double free or corruption (!prev)"); -+ -+ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); -+ if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) -+ || __builtin_expect (nextsize >= av->system_mem, 0)) -+ malloc_printerr ("free(): invalid next size (normal)"); -+ -+ free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); - -- /* consolidate backward */ -- if (!prev_inuse(p)) { -- prevsize = prev_size (p); -+ /* Consolidate backward. */ -+ if (!prev_inuse(p)) -+ { -+ INTERNAL_SIZE_T prevsize = prev_size (p); - size += prevsize; - p = chunk_at_offset(p, -((long) prevsize)); - if (__glibc_unlikely (chunksize(p) != prevsize)) -@@ -4669,9 +4695,25 @@ _int_free (mstate av, mchunkptr p, int have_lock) - unlink_chunk (av, p); - } - -- if (nextchunk != av->top) { -+ /* Write the chunk header, maybe after merging with the following chunk. */ -+ size = _int_free_create_chunk (av, p, size, nextchunk, nextsize); -+ _int_free_maybe_consolidate (av, size); -+} -+ -+/* Create a chunk at P of SIZE bytes, with SIZE potentially increased -+ to cover the immediately following chunk NEXTCHUNK of NEXTSIZE -+ bytes (if NEXTCHUNK is unused). The chunk at P is not actually -+ read and does not have to be initialized. After creation, it is -+ placed on the appropriate bin list. The function returns the size -+ of the new chunk. */ -+static INTERNAL_SIZE_T -+_int_free_create_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size, -+ mchunkptr nextchunk, INTERNAL_SIZE_T nextsize) -+{ -+ if (nextchunk != av->top) -+ { - /* get and clear inuse bit */ -- nextinuse = inuse_bit_at_offset(nextchunk, nextsize); -+ bool nextinuse = inuse_bit_at_offset (nextchunk, nextsize); - - /* consolidate forward */ - if (!nextinuse) { -@@ -4686,8 +4728,8 @@ _int_free (mstate av, mchunkptr p, int have_lock) - been given one chance to be used in malloc. - */ - -- bck = unsorted_chunks(av); -- fwd = bck->fd; -+ mchunkptr bck = unsorted_chunks (av); -+ mchunkptr fwd = bck->fd; - if (__glibc_unlikely (fwd->bk != bck)) - malloc_printerr ("free(): corrupted unsorted chunks"); - p->fd = fwd; -@@ -4706,61 +4748,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) - check_free_chunk(av, p); - } - -- /* -- If the chunk borders the current high end of memory, -- consolidate into top -- */ -- -- else { -+ else -+ { -+ /* If the chunk borders the current high end of memory, -+ consolidate into top. */ - size += nextsize; - set_head(p, size | PREV_INUSE); - av->top = p; - check_chunk(av, p); - } - -- /* -- If freeing a large space, consolidate possibly-surrounding -- chunks. Then, if the total unused topmost memory exceeds trim -- threshold, ask malloc_trim to reduce top. -- -- Unless max_fast is 0, we don't know if there are fastbins -- bordering top, so we cannot tell for sure whether threshold -- has been reached unless fastbins are consolidated. But we -- don't want to consolidate on each free. As a compromise, -- consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD -- is reached. -- */ -+ return size; -+} - -- if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) { -+/* If freeing a large space, consolidate possibly-surrounding -+ chunks. Then, if the total unused topmost memory exceeds trim -+ threshold, ask malloc_trim to reduce top. */ -+static void -+_int_free_maybe_consolidate (mstate av, INTERNAL_SIZE_T size) -+{ -+ /* Unless max_fast is 0, we don't know if there are fastbins -+ bordering top, so we cannot tell for sure whether threshold has -+ been reached unless fastbins are consolidated. But we don't want -+ to consolidate on each free. As a compromise, consolidation is -+ performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached. */ -+ if (size >= FASTBIN_CONSOLIDATION_THRESHOLD) -+ { - if (atomic_load_relaxed (&av->have_fastchunks)) - malloc_consolidate(av); - -- if (av == &main_arena) { -+ if (av == &main_arena) -+ { - #ifndef MORECORE_CANNOT_TRIM -- if ((unsigned long)(chunksize(av->top)) >= -- (unsigned long)(mp_.trim_threshold)) -- systrim(mp_.top_pad, av); -+ if (chunksize (av->top) >= mp_.trim_threshold) -+ systrim (mp_.top_pad, av); - #endif -- } else { -- /* Always try heap_trim(), even if the top chunk is not -- large, because the corresponding heap might go away. */ -- heap_info *heap = heap_for_ptr(top(av)); -+ } -+ else -+ { -+ /* Always try heap_trim, even if the top chunk is not large, -+ because the corresponding heap might go away. */ -+ heap_info *heap = heap_for_ptr (top (av)); - -- assert(heap->ar_ptr == av); -- heap_trim(heap, mp_.top_pad); -- } -+ assert (heap->ar_ptr == av); -+ heap_trim (heap, mp_.top_pad); -+ } - } -- -- if (!have_lock) -- __libc_lock_unlock (av->mutex); -- } -- /* -- If the chunk was allocated via mmap, release via munmap(). -- */ -- -- else { -- munmap_chunk (p); -- } - } - - /* -@@ -5221,7 +5254,7 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - (av != &main_arena ? NON_MAIN_ARENA : 0)); - set_inuse_bit_at_offset (newp, newsize); - set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0)); -- _int_free (av, p, 1); -+ _int_free_merge_chunk (av, p, leadsize); - p = newp; - - assert (newsize >= nb && -@@ -5232,15 +5265,27 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - if (!chunk_is_mmapped (p)) - { - size = chunksize (p); -- if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE)) -+ mchunkptr nextchunk = chunk_at_offset(p, size); -+ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); -+ if (size > nb) - { - remainder_size = size - nb; -- remainder = chunk_at_offset (p, nb); -- set_head (remainder, remainder_size | PREV_INUSE | -- (av != &main_arena ? NON_MAIN_ARENA : 0)); -- set_head_size (p, nb); -- _int_free (av, remainder, 1); -- } -+ if (remainder_size >= MINSIZE -+ || nextchunk == av->top -+ || !inuse_bit_at_offset (nextchunk, nextsize)) -+ { -+ /* We can only give back the tail if it is larger than -+ MINSIZE, or if the following chunk is unused (top -+ chunk or unused in-heap chunk). Otherwise we would -+ create a chunk that is smaller than MINSIZE. */ -+ remainder = chunk_at_offset (p, nb); -+ set_head_size (p, nb); -+ remainder_size = _int_free_create_chunk (av, remainder, -+ remainder_size, -+ nextchunk, nextsize); -+ _int_free_maybe_consolidate (av, remainder_size); -+ } -+ } - } - - check_inuse_chunk (av, p); --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch b/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch deleted file mode 100644 index f2b9acb494..0000000000 --- a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch +++ /dev/null @@ -1,269 +0,0 @@ -From 2af141bda3cd407abd4bedf615f9e45fe79518e2 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Thu, 10 Aug 2023 19:36:56 +0200 -Subject: [PATCH 08/44] malloc: Remove bin scanning from memalign (bug 30723) - -On the test workload (mpv --cache=yes with VP9 video decoding), the -bin scanning has a very poor success rate (less than 2%). The tcache -scanning has about 50% success rate, so keep that. - -Update comments in malloc/tst-memalign-2 to indicate the purpose -of the tests. Even with the scanning removed, the additional -merging opportunities since commit 542b1105852568c3ebc712225ae78b -("malloc: Enable merging of remainders in memalign (bug 30723)") -are sufficient to pass the existing large bins test. - -Remove leftover variables from _int_free from refactoring in the -same commit. - -Reviewed-by: DJ Delorie dj@redhat.com -(cherry picked from commit 0dc7fc1cf094406a138e4d1bcf9553e59edcf89d) ---- - NEWS | 1 + - malloc/malloc.c | 169 ++-------------------------------------- - malloc/tst-memalign-2.c | 7 +- - 3 files changed, 11 insertions(+), 166 deletions(-) - -diff --git a/NEWS b/NEWS -index 872bc8907b..c339cb444e 100644 ---- a/NEWS -+++ b/NEWS -@@ -132,6 +132,7 @@ The following bugs are resolved with this release: - [30555] string: strerror can incorrectly return NULL - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval -+ [30723] posix_memalign repeatedly scans long bin lists - - Version 2.37 - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 948f9759af..d0bbbf3710 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -4488,12 +4488,6 @@ _int_free (mstate av, mchunkptr p, int have_lock) - { - INTERNAL_SIZE_T size; /* its size */ - mfastbinptr *fb; /* associated fastbin */ -- mchunkptr nextchunk; /* next contiguous chunk */ -- INTERNAL_SIZE_T nextsize; /* its size */ -- int nextinuse; /* true if nextchunk is used */ -- INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */ -- mchunkptr bck; /* misc temp for linking */ -- mchunkptr fwd; /* misc temp for linking */ - - size = chunksize (p); - -@@ -5032,42 +5026,6 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize, - ------------------------------ memalign ------------------------------ - */ - --/* Returns 0 if the chunk is not and does not contain the requested -- aligned sub-chunk, else returns the amount of "waste" from -- trimming. NB is the *chunk* byte size, not the user byte -- size. */ --static size_t --chunk_ok_for_memalign (mchunkptr p, size_t alignment, size_t nb) --{ -- void *m = chunk2mem (p); -- INTERNAL_SIZE_T size = chunksize (p); -- void *aligned_m = m; -- -- if (__glibc_unlikely (misaligned_chunk (p))) -- malloc_printerr ("_int_memalign(): unaligned chunk detected"); -- -- aligned_m = PTR_ALIGN_UP (m, alignment); -- -- INTERNAL_SIZE_T front_extra = (intptr_t) aligned_m - (intptr_t) m; -- -- /* We can't trim off the front as it's too small. */ -- if (front_extra > 0 && front_extra < MINSIZE) -- return 0; -- -- /* If it's a perfect fit, it's an exception to the return value rule -- (we would return zero waste, which looks like "not usable"), so -- handle it here by returning a small non-zero value instead. */ -- if (size == nb && front_extra == 0) -- return 1; -- -- /* If the block we need fits in the chunk, calculate total waste. */ -- if (size > nb + front_extra) -- return size - nb; -- -- /* Can't use this chunk. */ -- return 0; --} -- - /* BYTES is user requested bytes, not requested chunksize bytes. */ - static void * - _int_memalign (mstate av, size_t alignment, size_t bytes) -@@ -5082,7 +5040,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - mchunkptr remainder; /* spare room at end to split off */ - unsigned long remainder_size; /* its size */ - INTERNAL_SIZE_T size; -- mchunkptr victim; - - nb = checked_request2size (bytes); - if (nb == 0) -@@ -5101,129 +5058,13 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - we don't find anything in those bins, the common malloc code will - scan starting at 2x. */ - -- /* This will be set if we found a candidate chunk. */ -- victim = NULL; -- -- /* Fast bins are singly-linked, hard to remove a chunk from the middle -- and unlikely to meet our alignment requirements. We have not done -- any experimentation with searching for aligned fastbins. */ -- -- if (av != NULL) -- { -- int first_bin_index; -- int first_largebin_index; -- int last_bin_index; -- -- if (in_smallbin_range (nb)) -- first_bin_index = smallbin_index (nb); -- else -- first_bin_index = largebin_index (nb); -- -- if (in_smallbin_range (nb * 2)) -- last_bin_index = smallbin_index (nb * 2); -- else -- last_bin_index = largebin_index (nb * 2); -- -- first_largebin_index = largebin_index (MIN_LARGE_SIZE); -- -- int victim_index; /* its bin index */ -- -- for (victim_index = first_bin_index; -- victim_index < last_bin_index; -- victim_index ++) -- { -- victim = NULL; -- -- if (victim_index < first_largebin_index) -- { -- /* Check small bins. Small bin chunks are doubly-linked despite -- being the same size. */ -- -- mchunkptr fwd; /* misc temp for linking */ -- mchunkptr bck; /* misc temp for linking */ -- -- bck = bin_at (av, victim_index); -- fwd = bck->fd; -- while (fwd != bck) -- { -- if (chunk_ok_for_memalign (fwd, alignment, nb) > 0) -- { -- victim = fwd; -- -- /* Unlink it */ -- victim->fd->bk = victim->bk; -- victim->bk->fd = victim->fd; -- break; -- } -- -- fwd = fwd->fd; -- } -- } -- else -- { -- /* Check large bins. */ -- mchunkptr fwd; /* misc temp for linking */ -- mchunkptr bck; /* misc temp for linking */ -- mchunkptr best = NULL; -- size_t best_size = 0; -- -- bck = bin_at (av, victim_index); -- fwd = bck->fd; -+ /* Call malloc with worst case padding to hit alignment. */ -+ m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); - -- while (fwd != bck) -- { -- int extra; -- -- if (chunksize (fwd) < nb) -- break; -- extra = chunk_ok_for_memalign (fwd, alignment, nb); -- if (extra > 0 -- && (extra <= best_size || best == NULL)) -- { -- best = fwd; -- best_size = extra; -- } -+ if (m == 0) -+ return 0; /* propagate failure */ - -- fwd = fwd->fd; -- } -- victim = best; -- -- if (victim != NULL) -- { -- unlink_chunk (av, victim); -- break; -- } -- } -- -- if (victim != NULL) -- break; -- } -- } -- -- /* Strategy: find a spot within that chunk that meets the alignment -- request, and then possibly free the leading and trailing space. -- This strategy is incredibly costly and can lead to external -- fragmentation if header and footer chunks are unused. */ -- -- if (victim != NULL) -- { -- p = victim; -- m = chunk2mem (p); -- set_inuse (p); -- if (av != &main_arena) -- set_non_main_arena (p); -- } -- else -- { -- /* Call malloc with worst case padding to hit alignment. */ -- -- m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); -- -- if (m == 0) -- return 0; /* propagate failure */ -- -- p = mem2chunk (m); -- } -+ p = mem2chunk (m); - - if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */ - { -diff --git a/malloc/tst-memalign-2.c b/malloc/tst-memalign-2.c -index f229283dbf..ecd6fa249e 100644 ---- a/malloc/tst-memalign-2.c -+++ b/malloc/tst-memalign-2.c -@@ -86,7 +86,8 @@ do_test (void) - TEST_VERIFY (tcache_allocs[i].ptr1 == tcache_allocs[i].ptr2); - } - -- /* Test for non-head tcache hits. */ -+ /* Test for non-head tcache hits. This exercises the memalign -+ scanning code to find matching allocations. */ - for (i = 0; i < array_length (ptr); ++ i) - { - if (i == 4) -@@ -113,7 +114,9 @@ do_test (void) - free (p); - TEST_VERIFY (count > 0); - -- /* Large bins test. */ -+ /* Large bins test. This verifies that the over-allocated parts -+ that memalign releases for future allocations can be reused by -+ memalign itself at least in some cases. */ - - for (i = 0; i < LN; ++ i) - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch b/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch deleted file mode 100644 index 20b92763f1..0000000000 --- a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c8ecda6251dd4a0dfe074e0a6011211cadeef742 Mon Sep 17 00:00:00 2001 -From: Sam James sam@gentoo.org -Date: Fri, 4 Aug 2023 23:58:27 +0100 -Subject: [PATCH 09/44] sysdeps: tst-bz21269: fix test parameter - -All callers pass 1 or 0x11 anyway (same meaning according to man page), -but still. - -Reviewed-by: DJ Delorie dj@redhat.com -Signed-off-by: Sam James sam@gentoo.org -(cherry picked from commit e0b712dd9183d527aae4506cd39564c14af3bb28) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index 51d4a1b082..f508ef8f16 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -52,7 +52,7 @@ xset_thread_area (struct user_desc *u_info) - static void - xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - { -- TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, 1, ptr, bytecount) == 0); -+ TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0); - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch b/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch deleted file mode 100644 index 18fd8450f6..0000000000 --- a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ad9b8399537670a990572c4b0c4da5411e3b68cf Mon Sep 17 00:00:00 2001 -From: Sam James sam@gentoo.org -Date: Sat, 5 Aug 2023 00:04:33 +0100 -Subject: [PATCH 10/44] sysdeps: tst-bz21269: handle ENOSYS & skip - appropriately - -SYS_modify_ldt requires CONFIG_MODIFY_LDT_SYSCALL to be set in the kernel, which -some distributions may disable for hardening. Check if that's the case (unset) -and mark the test as UNSUPPORTED if so. - -Reviewed-by: DJ Delorie dj@redhat.com -Signed-off-by: Sam James sam@gentoo.org -(cherry picked from commit 652b9fdb77d9fd056d4dd26dad2c14142768ab49) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index f508ef8f16..28f5359bea 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -52,7 +52,16 @@ xset_thread_area (struct user_desc *u_info) - static void - xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - { -- TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0); -+ long ret = syscall (SYS_modify_ldt, func, ptr, bytecount); -+ -+ if (ret == -1) -+ { -+ if (errno == ENOSYS) -+ FAIL_UNSUPPORTED ("modify_ldt not supported"); -+ FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno); -+ } -+ -+ return 0; - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch b/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch deleted file mode 100644 index a9681b8f24..0000000000 --- a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1 Mon Sep 17 00:00:00 2001 -From: Sam James sam@gentoo.org -Date: Thu, 17 Aug 2023 09:30:29 +0100 -Subject: [PATCH 11/44] sysdeps: tst-bz21269: fix -Wreturn-type - -Thanks to Andreas Schwab for reporting. - -Fixes: 652b9fdb77d9fd056d4dd26dad2c14142768ab49 -Signed-off-by: Sam James sam@gentoo.org -(cherry picked from commit 369f373057073c307938da91af16922bda3dff6a) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index 28f5359bea..822c41fceb 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -60,8 +60,6 @@ xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - FAIL_UNSUPPORTED ("modify_ldt not supported"); - FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno); - } -- -- return 0; - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch b/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch deleted file mode 100644 index 4752c800a5..0000000000 --- a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5bdef6f27c91f45505ed5444147be4ed0e9bc3c7 Mon Sep 17 00:00:00 2001 -From: Aurelien Jarno aurelien@aurel32.net -Date: Mon, 28 Aug 2023 23:30:37 +0200 -Subject: [PATCH 12/44] io: Fix record locking contants for powerpc64 with - __USE_FILE_OFFSET64 - -Commit 5f828ff824e3b7cd1 ("io: Fix F_GETLK, F_SETLK, and F_SETLKW for -powerpc64") fixed an issue with the value of the lock constants on -powerpc64 when not using __USE_FILE_OFFSET64, but it ended-up also -changing the value when using __USE_FILE_OFFSET64 causing an API change. - -Fix that by also checking that define, restoring the pre -4d0fe291aed3a476a commit values: - -Default values: -- F_GETLK: 5 -- F_SETLK: 6 -- F_SETLKW: 7 - -With -D_FILE_OFFSET_BITS=64: -- F_GETLK: 12 -- F_SETLK: 13 -- F_SETLKW: 14 - -At the same time, it has been noticed that there was no test for io lock -with __USE_FILE_OFFSET64, so just add one. - -Tested on x86_64-linux-gnu, i686-linux-gnu and -powerpc64le-unknown-linux-gnu. - -Resolves: BZ #30804. -Co-authored-by: Adhemerval Zanella adhemerval.zanella@linaro.org -Signed-off-by: Aurelien Jarno aurelien@aurel32.net -(cherry picked from commit 434bf72a94de68f0cc7fbf3c44bf38c1911b70cb) ---- - NEWS | 2 ++ - io/Makefile | 1 + - io/tst-fcntl-lock-lfs.c | 2 ++ - sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h | 2 +- - 4 files changed, 6 insertions(+), 1 deletion(-) - create mode 100644 io/tst-fcntl-lock-lfs.c - -diff --git a/NEWS b/NEWS -index c339cb444e..8156572cdf 100644 ---- a/NEWS -+++ b/NEWS -@@ -133,6 +133,8 @@ The following bugs are resolved with this release: - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval - [30723] posix_memalign repeatedly scans long bin lists -+ [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -+ -D_FILE_OFFSET_BITS=64 - - Version 2.37 - -diff --git a/io/Makefile b/io/Makefile -index 6ccc0e8691..8a3c83a3bb 100644 ---- a/io/Makefile -+++ b/io/Makefile -@@ -192,6 +192,7 @@ tests := \ - tst-fchownat \ - tst-fcntl \ - tst-fcntl-lock \ -+ tst-fcntl-lock-lfs \ - tst-fstatat \ - tst-fts \ - tst-fts-lfs \ -diff --git a/io/tst-fcntl-lock-lfs.c b/io/tst-fcntl-lock-lfs.c -new file mode 100644 -index 0000000000..f2a909fb02 ---- /dev/null -+++ b/io/tst-fcntl-lock-lfs.c -@@ -0,0 +1,2 @@ -+#define _FILE_OFFSET_BITS 64 -+#include <io/tst-fcntl-lock.c> -diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -index f7615a447e..d8a291a331 100644 ---- a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -+++ b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -@@ -33,7 +33,7 @@ - # define __O_LARGEFILE 0200000 - #endif - --#if __WORDSIZE == 64 -+#if __WORDSIZE == 64 && !defined __USE_FILE_OFFSET64 - # define F_GETLK 5 - # define F_SETLK 6 - # define F_SETLKW 7 --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch b/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch deleted file mode 100644 index 5e5520e3d3..0000000000 --- a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 92201f16cbcfd9eafe314ef6654be2ea7ba25675 Mon Sep 17 00:00:00 2001 -From: Adam Jackson ajax@redhat.com -Date: Fri, 8 Sep 2023 15:55:19 -0400 -Subject: [PATCH 13/44] libio: Fix oversized __io_vtables - -IO_VTABLES_LEN is the size of the struct array in bytes, not the number -of __IO_jump_t's in the array. Drops just under 384kb from .rodata on -LP64 machines. - -Fixes: 3020f72618e ("libio: Remove the usage of __libc_IO_vtables") -Signed-off-by: Adam Jackson ajax@redhat.com -Reviewed-by: Florian Weimer fweimer@redhat.com -Tested-by: Florian Weimer fweimer@redhat.com -(cherry picked from commit 8cb69e054386f980f9ff4d93b157861d72b2019e) ---- - libio/vtables.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libio/vtables.c b/libio/vtables.c -index 1d8ad612e9..34f7e15f1c 100644 ---- a/libio/vtables.c -+++ b/libio/vtables.c -@@ -20,6 +20,7 @@ - #include <libioP.h> - #include <stdio.h> - #include <ldsodefs.h> -+#include <array_length.h> - #include <pointer_guard.h> - #include <libio-macros.h> - -@@ -88,7 +89,7 @@ - # pragma weak __wprintf_buffer_as_file_xsputn - #endif - --const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro = -+const struct _IO_jump_t __io_vtables[] attribute_relro = - { - /* _IO_str_jumps */ - [IO_STR_JUMPS] = -@@ -485,6 +486,8 @@ const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro = - }, - #endif - }; -+_Static_assert (array_length (__io_vtables) == IO_VTABLES_NUM, -+ "initializer count"); - - #ifdef SHARED - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch b/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch deleted file mode 100644 index 4a15147da5..0000000000 --- a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7ae211a01b085d0bde54bd13b887ce8f9d57c2b4 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Tue, 22 Aug 2023 13:56:25 +0200 -Subject: [PATCH 14/44] elf: Do not run constructors for proxy objects - -Otherwise, the ld.so constructor runs for each audit namespace -and each dlmopen namespace. - -(cherry picked from commit f6c8204fd7fabf0cf4162eaf10ccf23258e4d10e) ---- - elf/dl-init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/elf/dl-init.c b/elf/dl-init.c -index 5b0732590f..ba4d2fdc85 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -25,10 +25,14 @@ - static void - call_init (struct link_map *l, int argc, char **argv, char **env) - { -+ /* Do not run constructors for proxy objects. */ -+ if (l != l->l_real) -+ return; -+ - /* If the object has not been relocated, this is a bug. The - function pointers are invalid in this case. (Executables do not -- need relocation, and neither do proxy objects.) */ -- assert (l->l_real->l_relocated || l->l_real->l_type == lt_executable); -+ need relocation.) */ -+ assert (l->l_relocated || l->l_type == lt_executable); - - if (l->l_init_called) - /* This object is all done. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch b/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch deleted file mode 100644 index bfc994bc8c..0000000000 --- a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch +++ /dev/null @@ -1,669 +0,0 @@ -From a3189f66a5f2fe86568286fa025fa153be04c6c0 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Fri, 8 Sep 2023 12:32:14 +0200 -Subject: [PATCH 15/44] elf: Always call destructors in reverse constructor - order (bug 30785) - -The current implementation of dlclose (and process exit) re-sorts the -link maps before calling ELF destructors. Destructor order is not the -reverse of the constructor order as a result: The second sort takes -relocation dependencies into account, and other differences can result -from ambiguous inputs, such as cycles. (The force_first handling in -_dl_sort_maps is not effective for dlclose.) After the changes in -this commit, there is still a required difference due to -dlopen/dlclose ordering by the application, but the previous -discrepancies went beyond that. - -A new global (namespace-spanning) list of link maps, -_dl_init_called_list, is updated right before ELF constructors are -called from _dl_init. - -In dl_close_worker, the maps variable, an on-stack variable length -array, is eliminated. (VLAs are problematic, and dlclose should not -call malloc because it cannot readily deal with malloc failure.) -Marking still-used objects uses the namespace list directly, with -next and next_idx replacing the done_index variable. - -After marking, _dl_init_called_list is used to call the destructors -of now-unused maps in reverse destructor order. These destructors -can call dlopen. Previously, new objects do not have l_map_used set. -This had to change: There is no copy of the link map list anymore, -so processing would cover newly opened (and unmarked) mappings, -unloading them. Now, _dl_init (indirectly) sets l_map_used, too. -(dlclose is handled by the existing reentrancy guard.) - -After _dl_init_called_list traversal, two more loops follow. The -processing order changes to the original link map order in the -namespace. Previously, dependency order was used. The difference -should not matter because relocation dependencies could already -reorder link maps in the old code. - -The changes to _dl_fini remove the sorting step and replace it with -a traversal of _dl_init_called_list. The l_direct_opencount -decrement outside the loader lock is removed because it appears -incorrect: the counter manipulation could race with other dynamic -loader operations. - -tst-audit23 needs adjustments to the changes in LA_ACT_DELETE -notifications. The new approach for checking la_activity should -make it clearer that la_activty calls come in pairs around namespace -updates. - -The dependency sorting test cases need updates because the destructor -order is always the opposite order of constructor order, even with -relocation dependencies or cycles present. - -There is a future cleanup opportunity to remove the now-constant -force_first and for_fini arguments from the _dl_sort_maps function. - -Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement -force_first handling in _dl_sort_maps_dfs (bug 28937)"). - -Reviewed-by: DJ Delorie dj@redhat.com -(cherry picked from commit 6985865bc3ad5b23147ee73466583dd7fdf65892) ---- - NEWS | 7 ++ - elf/dl-close.c | 113 +++++++++++++++++---------- - elf/dl-fini.c | 152 +++++++++++++------------------------ - elf/dl-init.c | 16 ++++ - elf/dso-sort-tests-1.def | 19 ++--- - elf/tst-audit23.c | 44 ++++++----- - include/link.h | 4 + - sysdeps/generic/ldsodefs.h | 4 + - 8 files changed, 186 insertions(+), 173 deletions(-) - -diff --git a/NEWS b/NEWS -index 8156572cdf..f1a14f45dd 100644 ---- a/NEWS -+++ b/NEWS -@@ -4,6 +4,13 @@ See the end for copying conditions. - - Please send GNU C library bug reports via https://sourceware.org/bugzilla/ - using `glibc' in the "product" field. -+ -+Version 2.38.1 -+ -+The following bugs are resolved with this release: -+ -+ [30785] Always call destructors in reverse constructor order -+ - - Version 2.38 - -diff --git a/elf/dl-close.c b/elf/dl-close.c -index b887a44888..ea62d0e601 100644 ---- a/elf/dl-close.c -+++ b/elf/dl-close.c -@@ -138,30 +138,31 @@ _dl_close_worker (struct link_map *map, bool force) - - bool any_tls = false; - const unsigned int nloaded = ns->_ns_nloaded; -- struct link_map *maps[nloaded]; - -- /* Run over the list and assign indexes to the link maps and enter -- them into the MAPS array. */ -+ /* Run over the list and assign indexes to the link maps. */ - int idx = 0; - for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next) - { - l->l_map_used = 0; - l->l_map_done = 0; - l->l_idx = idx; -- maps[idx] = l; - ++idx; - } - assert (idx == nloaded); - -- /* Keep track of the lowest index link map we have covered already. */ -- int done_index = -1; -- while (++done_index < nloaded) -+ /* Keep marking link maps until no new link maps are found. */ -+ for (struct link_map *l = ns->_ns_loaded; l != NULL; ) - { -- struct link_map *l = maps[done_index]; -+ /* next is reset to earlier link maps for remarking. */ -+ struct link_map *next = l->l_next; -+ int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */ - - if (l->l_map_done) -- /* Already handled. */ -- continue; -+ { -+ /* Already handled. */ -+ l = next; -+ continue; -+ } - - /* Check whether this object is still used. */ - if (l->l_type == lt_loaded -@@ -171,7 +172,10 @@ _dl_close_worker (struct link_map *map, bool force) - acquire is sufficient and correct. */ - && atomic_load_acquire (&l->l_tls_dtor_count) == 0 - && !l->l_map_used) -- continue; -+ { -+ l = next; -+ continue; -+ } - - /* We need this object and we handle it now. */ - l->l_map_used = 1; -@@ -198,8 +202,11 @@ _dl_close_worker (struct link_map *map, bool force) - already processed it, then we need to go back - and process again from that point forward to - ensure we keep all of its dependencies also. */ -- if ((*lp)->l_idx - 1 < done_index) -- done_index = (*lp)->l_idx - 1; -+ if ((*lp)->l_idx < next_idx) -+ { -+ next = *lp; -+ next_idx = next->l_idx; -+ } - } - } - -@@ -219,44 +226,65 @@ _dl_close_worker (struct link_map *map, bool force) - if (!jmap->l_map_used) - { - jmap->l_map_used = 1; -- if (jmap->l_idx - 1 < done_index) -- done_index = jmap->l_idx - 1; -+ if (jmap->l_idx < next_idx) -+ { -+ next = jmap; -+ next_idx = next->l_idx; -+ } - } - } - } -- } - -- /* Sort the entries. We can skip looking for the binary itself which is -- at the front of the search list for the main namespace. */ -- _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true); -+ l = next; -+ } - -- /* Call all termination functions at once. */ -- bool unload_any = false; -- bool scope_mem_left = false; -- unsigned int unload_global = 0; -- unsigned int first_loaded = ~0; -- for (unsigned int i = 0; i < nloaded; ++i) -+ /* Call the destructors in reverse constructor order, and remove the -+ closed link maps from the list. */ -+ for (struct link_map **init_called_head = &_dl_init_called_list; -+ *init_called_head != NULL; ) - { -- struct link_map *imap = maps[i]; -+ struct link_map *imap = *init_called_head; - -- /* All elements must be in the same namespace. */ -- assert (imap->l_ns == nsid); -- -- if (!imap->l_map_used) -+ /* _dl_init_called_list is global, to produce a global odering. -+ Ignore the other namespaces (and link maps that are still used). */ -+ if (imap->l_ns != nsid || imap->l_map_used) -+ init_called_head = &imap->l_init_called_next; -+ else - { - assert (imap->l_type == lt_loaded && !imap->l_nodelete_active); - -- /* Call its termination function. Do not do it for -- half-cooked objects. Temporarily disable exception -- handling, so that errors are fatal. */ -- if (imap->l_init_called) -+ /* _dl_init_called_list is updated at the same time as -+ l_init_called. */ -+ assert (imap->l_init_called); -+ -+ if (imap->l_info[DT_FINI_ARRAY] != NULL -+ || imap->l_info[DT_FINI] != NULL) - _dl_catch_exception (NULL, _dl_call_fini, imap); - - #ifdef SHARED - /* Auditing checkpoint: we remove an object. */ - _dl_audit_objclose (imap); - #endif -+ /* Unlink this link map. */ -+ *init_called_head = imap->l_init_called_next; -+ } -+ } -+ -+ -+ bool unload_any = false; -+ bool scope_mem_left = false; -+ unsigned int unload_global = 0; -+ -+ /* For skipping un-unloadable link maps in the second loop. */ -+ struct link_map *first_loaded = ns->_ns_loaded; - -+ /* Iterate over the namespace to find objects to unload. Some -+ unloadable objects may not be on _dl_init_called_list due to -+ dlopen failure. */ -+ for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next) -+ { -+ if (!imap->l_map_used) -+ { - /* This object must not be used anymore. */ - imap->l_removed = 1; - -@@ -267,8 +295,8 @@ _dl_close_worker (struct link_map *map, bool force) - ++unload_global; - - /* Remember where the first dynamically loaded object is. */ -- if (i < first_loaded) -- first_loaded = i; -+ if (first_loaded == NULL) -+ first_loaded = imap; - } - /* Else imap->l_map_used. */ - else if (imap->l_type == lt_loaded) -@@ -404,8 +432,8 @@ _dl_close_worker (struct link_map *map, bool force) - imap->l_loader = NULL; - - /* Remember where the first dynamically loaded object is. */ -- if (i < first_loaded) -- first_loaded = i; -+ if (first_loaded == NULL) -+ first_loaded = imap; - } - } - -@@ -476,10 +504,11 @@ _dl_close_worker (struct link_map *map, bool force) - - /* Check each element of the search list to see if all references to - it are gone. */ -- for (unsigned int i = first_loaded; i < nloaded; ++i) -+ for (struct link_map *imap = first_loaded; imap != NULL; ) - { -- struct link_map *imap = maps[i]; -- if (!imap->l_map_used) -+ if (imap->l_map_used) -+ imap = imap->l_next; -+ else - { - assert (imap->l_type == lt_loaded); - -@@ -690,7 +719,9 @@ _dl_close_worker (struct link_map *map, bool force) - if (imap == GL(dl_initfirst)) - GL(dl_initfirst) = NULL; - -+ struct link_map *next = imap->l_next; - free (imap); -+ imap = next; - } - } - -diff --git a/elf/dl-fini.c b/elf/dl-fini.c -index 9acb64f47c..e201d36651 100644 ---- a/elf/dl-fini.c -+++ b/elf/dl-fini.c -@@ -24,116 +24,68 @@ - void - _dl_fini (void) - { -- /* Lots of fun ahead. We have to call the destructors for all still -- loaded objects, in all namespaces. The problem is that the ELF -- specification now demands that dependencies between the modules -- are taken into account. I.e., the destructor for a module is -- called before the ones for any of its dependencies. -- -- To make things more complicated, we cannot simply use the reverse -- order of the constructors. Since the user might have loaded objects -- using `dlopen' there are possibly several other modules with its -- dependencies to be taken into account. Therefore we have to start -- determining the order of the modules once again from the beginning. */ -- -- /* We run the destructors of the main namespaces last. As for the -- other namespaces, we pick run the destructors in them in reverse -- order of the namespace ID. */ --#ifdef SHARED -- int do_audit = 0; -- again: --#endif -- for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns) -- { -- /* Protect against concurrent loads and unloads. */ -- __rtld_lock_lock_recursive (GL(dl_load_lock)); -- -- unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded; -- /* No need to do anything for empty namespaces or those used for -- auditing DSOs. */ -- if (nloaded == 0 --#ifdef SHARED -- || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit --#endif -- ) -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- else -- { -+ /* Call destructors strictly in the reverse order of constructors. -+ This causes fewer surprises than some arbitrary reordering based -+ on new (relocation) dependencies. None of the objects are -+ unmapped, so applications can deal with this if their DSOs remain -+ in a consistent state after destructors have run. */ -+ -+ /* Protect against concurrent loads and unloads. */ -+ __rtld_lock_lock_recursive (GL(dl_load_lock)); -+ -+ /* Ignore objects which are opened during shutdown. */ -+ struct link_map *local_init_called_list = _dl_init_called_list; -+ -+ for (struct link_map *l = local_init_called_list; l != NULL; -+ l = l->l_init_called_next) -+ /* Bump l_direct_opencount of all objects so that they -+ are not dlclose()ed from underneath us. */ -+ ++l->l_direct_opencount; -+ -+ /* After this point, everything linked from local_init_called_list -+ cannot be unloaded because of the reference counter update. */ -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ -+ /* Perform two passes: One for non-audit modules, one for audit -+ modules. This way, audit modules receive unload notifications -+ for non-audit objects, and the destructors for audit modules -+ still run. */ - #ifdef SHARED -- _dl_audit_activity_nsid (ns, LA_ACT_DELETE); -+ int last_pass = GLRO(dl_naudit) > 0; -+ Lmid_t last_ns = -1; -+ for (int do_audit = 0; do_audit <= last_pass; ++do_audit) - #endif -- -- /* Now we can allocate an array to hold all the pointers and -- copy the pointers in. */ -- struct link_map *maps[nloaded]; -- -- unsigned int i; -- struct link_map *l; -- assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL); -- for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next) -- /* Do not handle ld.so in secondary namespaces. */ -- if (l == l->l_real) -- { -- assert (i < nloaded); -- -- maps[i] = l; -- l->l_idx = i; -- ++i; -- -- /* Bump l_direct_opencount of all objects so that they -- are not dlclose()ed from underneath us. */ -- ++l->l_direct_opencount; -- } -- assert (ns != LM_ID_BASE || i == nloaded); -- assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1); -- unsigned int nmaps = i; -- -- /* Now we have to do the sorting. We can skip looking for the -- binary itself which is at the front of the search list for -- the main namespace. */ -- _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true); -- -- /* We do not rely on the linked list of loaded object anymore -- from this point on. We have our own list here (maps). The -- various members of this list cannot vanish since the open -- count is too high and will be decremented in this loop. So -- we release the lock so that some code which might be called -- from a destructor can directly or indirectly access the -- lock. */ -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- -- /* 'maps' now contains the objects in the right order. Now -- call the destructors. We have to process this array from -- the front. */ -- for (i = 0; i < nmaps; ++i) -- { -- struct link_map *l = maps[i]; -- -- if (l->l_init_called) -- { -- _dl_call_fini (l); -+ for (struct link_map *l = local_init_called_list; l != NULL; -+ l = l->l_init_called_next) -+ { - #ifdef SHARED -- /* Auditing checkpoint: another object closed. */ -- _dl_audit_objclose (l); -+ if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit) -+ continue; -+ -+ /* Avoid back-to-back calls of _dl_audit_activity_nsid for the -+ same namespace. */ -+ if (last_ns != l->l_ns) -+ { -+ if (last_ns >= 0) -+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -+ _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE); -+ last_ns = l->l_ns; -+ } - #endif -- } - -- /* Correct the previous increment. */ -- --l->l_direct_opencount; -- } -+ /* There is no need to re-enable exceptions because _dl_fini -+ is not called from a context where exceptions are caught. */ -+ _dl_call_fini (l); - - #ifdef SHARED -- _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT); -+ /* Auditing checkpoint: another object closed. */ -+ _dl_audit_objclose (l); - #endif -- } -- } -+ } - - #ifdef SHARED -- if (! do_audit && GLRO(dl_naudit) > 0) -- { -- do_audit = 1; -- goto again; -- } -+ if (last_ns >= 0) -+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); - - if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS)) - _dl_debug_printf ("\nruntime linker statistics:\n" -diff --git a/elf/dl-init.c b/elf/dl-init.c -index ba4d2fdc85..ffd05b7806 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -21,6 +21,7 @@ - #include <ldsodefs.h> - #include <elf-initfini.h> - -+struct link_map *_dl_init_called_list; - - static void - call_init (struct link_map *l, int argc, char **argv, char **env) -@@ -42,6 +43,21 @@ call_init (struct link_map *l, int argc, char **argv, char **env) - dependency. */ - l->l_init_called = 1; - -+ /* Help an already-running dlclose: The just-loaded object must not -+ be removed during the current pass. (No effect if no dlclose in -+ progress.) */ -+ l->l_map_used = 1; -+ -+ /* Record execution before starting any initializers. This way, if -+ the initializers themselves call dlopen, their ELF destructors -+ will eventually be run before this object is destructed, matching -+ that their ELF constructors have run before this object was -+ constructed. _dl_fini uses this list for audit callbacks, so -+ register objects on the list even if they do not have a -+ constructor. */ -+ l->l_init_called_next = _dl_init_called_list; -+ _dl_init_called_list = l; -+ - /* Check for object which constructors we do not run here. */ - if (__builtin_expect (l->l_name[0], 'a') == '\0' - && l->l_type == lt_executable) -diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def -index 4bf9052db1..61dc54f8ae 100644 ---- a/elf/dso-sort-tests-1.def -+++ b/elf/dso-sort-tests-1.def -@@ -53,21 +53,14 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c - output: b>a>{}<a<b - - # Complex example from Bugzilla #15311, under-linked and with circular --# relocation(dynamic) dependencies. While this is technically unspecified, the --# presumed reasonable practical behavior is for the destructor order to respect --# the static DT_NEEDED links (here this means the a->b->c->d order). --# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based --# dynamic_sort=2 algorithm does, although it is still arguable whether going --# beyond spec to do this is the right thing to do. --# The below expected outputs are what the two algorithms currently produce --# respectively, for regression testing purposes. -+# relocation(dynamic) dependencies. For both sorting algorithms, the -+# destruction order is the reverse of the construction order, and -+# relocation dependencies are not taken into account. - tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c --output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];} --output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];} -+output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];} - - # Test that even in the presence of dependency loops involving dlopen'ed - # object, that object is initialized last (and not unloaded prematurely). --# Final destructor order is indeterminate due to the cycle. -+# Final destructor order is the opposite of constructor order. - tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1 --output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1 --output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1 -+output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2 -diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c -index bb7d66c385..503699c36a 100644 ---- a/elf/tst-audit23.c -+++ b/elf/tst-audit23.c -@@ -98,6 +98,8 @@ do_test (int argc, char *argv[]) - char *lname; - uintptr_t laddr; - Lmid_t lmid; -+ uintptr_t cookie; -+ uintptr_t namespace; - bool closed; - } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } }; - size_t nobjs = 0; -@@ -117,6 +119,9 @@ do_test (int argc, char *argv[]) - size_t buffer_length = 0; - while (xgetline (&buffer, &buffer_length, out)) - { -+ *strchrnul (buffer, '\n') = '\0'; -+ printf ("info: subprocess output: %s\n", buffer); -+ - if (startswith (buffer, "la_activity: ")) - { - uintptr_t cookie; -@@ -125,29 +130,26 @@ do_test (int argc, char *argv[]) - &cookie); - TEST_COMPARE (r, 2); - -- /* The cookie identifies the object at the head of the link map, -- so we only add a new namespace if it changes from the previous -- one. This works since dlmopen is the last in the test body. */ -- if (cookie != last_act_cookie && last_act_cookie != -1) -- TEST_COMPARE (last_act, LA_ACT_CONSISTENT); -- - if (this_act == LA_ACT_ADD && acts[nacts] != cookie) - { -+ /* The cookie identifies the object at the head of the -+ link map, so we only add a new namespace if it -+ changes from the previous one. This works since -+ dlmopen is the last in the test body. */ -+ if (cookie != last_act_cookie && last_act_cookie != -1) -+ TEST_COMPARE (last_act, LA_ACT_CONSISTENT); -+ - acts[nacts++] = cookie; - last_act_cookie = cookie; - } -- /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD -- at program termination (if the tests adds a dlclose or a library -- with extra dependencies this will need to be adapted). */ -+ /* LA_ACT_DELETE is called multiple times for each -+ namespace, depending on destruction order. */ - else if (this_act == LA_ACT_DELETE) -- { -- last_act_cookie = acts[--nacts]; -- TEST_COMPARE (acts[nacts], cookie); -- acts[nacts] = 0; -- } -+ last_act_cookie = cookie; - else if (this_act == LA_ACT_CONSISTENT) - { - TEST_COMPARE (cookie, last_act_cookie); -+ last_act_cookie = -1; - - /* LA_ACT_DELETE must always be followed by an la_objclose. */ - if (last_act == LA_ACT_DELETE) -@@ -179,6 +181,8 @@ do_test (int argc, char *argv[]) - objs[nobjs].lname = lname; - objs[nobjs].laddr = laddr; - objs[nobjs].lmid = lmid; -+ objs[nobjs].cookie = cookie; -+ objs[nobjs].namespace = last_act_cookie; - objs[nobjs].closed = false; - nobjs++; - -@@ -201,6 +205,12 @@ do_test (int argc, char *argv[]) - if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid) - { - TEST_COMPARE (objs[i].closed, false); -+ TEST_COMPARE (objs[i].cookie, cookie); -+ if (objs[i].namespace == -1) -+ /* No LA_ACT_ADD before the first la_objopen call. */ -+ TEST_COMPARE (acts[0], last_act_cookie); -+ else -+ TEST_COMPARE (objs[i].namespace, last_act_cookie); - objs[i].closed = true; - break; - } -@@ -209,11 +219,7 @@ do_test (int argc, char *argv[]) - /* la_objclose should be called after la_activity(LA_ACT_DELETE) for - the closed object's namespace. */ - TEST_COMPARE (last_act, LA_ACT_DELETE); -- if (!seen_first_objclose) -- { -- TEST_COMPARE (last_act_cookie, cookie); -- seen_first_objclose = true; -- } -+ seen_first_objclose = true; - } - } - -diff --git a/include/link.h b/include/link.h -index 1d74feb2bd..69bda3ed17 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -278,6 +278,10 @@ struct link_map - /* List of object in order of the init and fini calls. */ - struct link_map **l_initfini; - -+ /* Linked list of objects in reverse ELF constructor execution -+ order. Head of list is stored in _dl_init_called_list. */ -+ struct link_map *l_init_called_next; -+ - /* List of the dependencies introduced through symbol binding. */ - struct link_map_reldeps - { -diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h -index e8b7359b04..9ea9389a39 100644 ---- a/sysdeps/generic/ldsodefs.h -+++ b/sysdeps/generic/ldsodefs.h -@@ -1037,6 +1037,10 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose, - extern void _dl_init (struct link_map *main_map, int argc, char **argv, - char **env) attribute_hidden; - -+/* List of ELF objects in reverse order of their constructor -+ invocation. */ -+extern struct link_map *_dl_init_called_list attribute_hidden; -+ - /* Call the finalizer functions of all shared objects whose - initializer functions have completed. */ - extern void _dl_fini (void) attribute_hidden; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch b/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch deleted file mode 100644 index 6115c1f0ea..0000000000 --- a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 750f19526ae71aac801c77a3f7ef5374890c09b7 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Fri, 8 Sep 2023 13:02:06 +0200 -Subject: [PATCH 16/44] elf: Remove unused l_text_end field from struct - link_map - -It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2 -("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]"). - -When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892 -("elf: Always call destructors in reverse constructor order -(bug 30785)"), we can move the l_init_called_next field to this -place, so that the internal GLIBC_PRIVATE ABI does not change. - -Reviewed-by: Carlos O'Donell carlos@redhat.com -Tested-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit 53df2ce6885da3d0e89e87dca7b095622296014f) ---- - elf/dl-load.c | 2 +- - elf/dl-load.h | 7 ++----- - elf/rtld.c | 6 ------ - elf/setup-vdso.h | 4 ---- - include/link.h | 2 -- - 5 files changed, 3 insertions(+), 18 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 9a87fda9c9..2923b1141d 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, - - /* Now process the load commands and map segments into memory. - This is responsible for filling in: -- l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr -+ l_map_start, l_map_end, l_addr, l_contiguous, l_phdr - */ - errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, - maplength, has_holes, loader); -diff --git a/elf/dl-load.h b/elf/dl-load.h -index ecf6910c68..1d5207694b 100644 ---- a/elf/dl-load.h -+++ b/elf/dl-load.h -@@ -83,14 +83,11 @@ struct loadcmd - - /* This is a subroutine of _dl_map_segments. It should be called for each - load command, some time after L->l_addr has been set correctly. It is -- responsible for setting up the l_text_end and l_phdr fields. */ -+ responsible for setting the l_phdr fields */ - static __always_inline void - _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - const struct loadcmd *c) - { -- if (c->prot & PROT_EXEC) -- l->l_text_end = l->l_addr + c->mapend; -- - if (l->l_phdr == 0 - && c->mapoff <= header->e_phoff - && ((size_t) (c->mapend - c->mapstart + c->mapoff) -@@ -103,7 +100,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - - /* This is a subroutine of _dl_map_object_from_fd. It is responsible - for filling in several fields in *L: l_map_start, l_map_end, l_addr, -- l_contiguous, l_text_end, l_phdr. On successful return, all the -+ l_contiguous, l_phdr. On successful return, all the - segments are mapped (or copied, or whatever) from the file into their - final places in the address space, with the correct page permissions, - and any bss-like regions already zeroed. It returns a null pointer -diff --git a/elf/rtld.c b/elf/rtld.c -index a91e2a4471..5107d16fe3 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -477,7 +477,6 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) - GL(dl_rtld_map).l_real = &GL(dl_rtld_map); - GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; - GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; -- GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext; - /* Copy the TLS related data if necessary. */ - #ifndef DONT_USE_BOOTSTRAP_MAP - # if NO_TLS_OFFSET != 0 -@@ -1119,7 +1118,6 @@ rtld_setup_main_map (struct link_map *main_map) - bool has_interp = false; - - main_map->l_map_end = 0; -- main_map->l_text_end = 0; - /* Perhaps the executable has no PT_LOAD header entries at all. */ - main_map->l_map_start = ~0; - /* And it was opened directly. */ -@@ -1211,8 +1209,6 @@ rtld_setup_main_map (struct link_map *main_map) - allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz; - if (main_map->l_map_end < allocend) - main_map->l_map_end = allocend; -- if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end) -- main_map->l_text_end = allocend; - - /* The next expected address is the page following this load - segment. */ -@@ -1272,8 +1268,6 @@ rtld_setup_main_map (struct link_map *main_map) - = (char *) main_map->l_tls_initimage + main_map->l_addr; - if (! main_map->l_map_end) - main_map->l_map_end = ~0; -- if (! main_map->l_text_end) -- main_map->l_text_end = ~0; - if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name) - { - /* We were invoked directly, so the program might not have a -diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h -index 0079842d1f..d92b12a7aa 100644 ---- a/elf/setup-vdso.h -+++ b/elf/setup-vdso.h -@@ -51,9 +51,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_addr = ph->p_vaddr; - if (ph->p_vaddr + ph->p_memsz >= l->l_map_end) - l->l_map_end = ph->p_vaddr + ph->p_memsz; -- if ((ph->p_flags & PF_X) -- && ph->p_vaddr + ph->p_memsz >= l->l_text_end) -- l->l_text_end = ph->p_vaddr + ph->p_memsz; - } - else - /* There must be no TLS segment. */ -@@ -62,7 +59,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso); - l->l_addr = l->l_map_start - l->l_addr; - l->l_map_end += l->l_addr; -- l->l_text_end += l->l_addr; - l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr); - elf_get_dynamic_info (l, false, false); - _dl_setup_hash (l); -diff --git a/include/link.h b/include/link.h -index 69bda3ed17..c6af095d87 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -253,8 +253,6 @@ struct link_map - /* Start and finish of memory map for this object. l_map_start - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; -- /* End of the executable part of the mapping. */ -- ElfW(Addr) l_text_end; - - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch b/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch deleted file mode 100644 index 924bead3e1..0000000000 --- a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d3ba6c1333b10680ce5900a628108507d9d4b844 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Mon, 11 Sep 2023 09:17:52 +0200 -Subject: [PATCH 17/44] elf: Move l_init_called_next to old place of l_text_end - in link map - -This preserves all member offsets and the GLIBC_PRIVATE ABI -for backporting. ---- - include/link.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/link.h b/include/link.h -index c6af095d87..686813f281 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -254,6 +254,10 @@ struct link_map - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; - -+ /* Linked list of objects in reverse ELF constructor execution -+ order. Head of list is stored in _dl_init_called_list. */ -+ struct link_map *l_init_called_next; -+ - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; - /* Size of array allocated for 'l_scope'. */ -@@ -276,10 +280,6 @@ struct link_map - /* List of object in order of the init and fini calls. */ - struct link_map **l_initfini; - -- /* Linked list of objects in reverse ELF constructor execution -- order. Head of list is stored in _dl_init_called_list. */ -- struct link_map *l_init_called_next; -- - /* List of the dependencies introduced through symbol binding. */ - struct link_map_reldeps - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch b/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch deleted file mode 100644 index 655b875031..0000000000 --- a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 89da8bc588c2296252543b049bf6d9272321f90d Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Mon, 11 Sep 2023 10:06:15 +0200 -Subject: [PATCH 18/44] NEWS: Add the 2.38.1 bug list - ---- - NEWS | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/NEWS b/NEWS -index f1a14f45dd..64596d5d09 100644 ---- a/NEWS -+++ b/NEWS -@@ -9,7 +9,10 @@ Version 2.38.1 - - The following bugs are resolved with this release: - -+ [30723] posix_memalign repeatedly scans long bin lists - [30785] Always call destructors in reverse constructor order -+ [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -+ -D_FILE_OFFSET_BITS=64 - - - Version 2.38 -@@ -139,9 +142,6 @@ The following bugs are resolved with this release: - [30555] string: strerror can incorrectly return NULL - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval -- [30723] posix_memalign repeatedly scans long bin lists -- [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -- -D_FILE_OFFSET_BITS=64 - - Version 2.37 - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch b/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch deleted file mode 100644 index aa21173939..0000000000 --- a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch +++ /dev/null @@ -1,221 +0,0 @@ -From b25508dd774b617f99419bdc3cf2ace4560cd2d6 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Wed, 13 Sep 2023 14:10:56 +0200 -Subject: [PATCH 19/44] CVE-2023-4527: Stack read overflow with large TCP - responses in no-aaaa mode - -Without passing alt_dns_packet_buffer, __res_context_search can only -store 2048 bytes (what fits into dns_packet_buffer). However, -the function returns the total packet size, and the subsequent -DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end -of the stack-allocated buffer. - -Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa -stub resolver option") and bug 30842. - -(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) ---- - NEWS | 9 +++ - resolv/Makefile | 2 + - resolv/nss_dns/dns-host.c | 2 +- - resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++ - 4 files changed, 141 insertions(+), 1 deletion(-) - create mode 100644 resolv/tst-resolv-noaaaa-vc.c - -diff --git a/NEWS b/NEWS -index 64596d5d09..dfee278a9c 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,12 +7,21 @@ using `glibc' in the "product" field. - - Version 2.38.1 - -+Security related changes: -+ -+ CVE-2023-4527: If the system is configured in no-aaaa mode via -+ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address -+ family, and a DNS response is received over TCP that is larger than -+ 2048 bytes, getaddrinfo may potentially disclose stack contents via -+ the returned address data, or crash. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists - [30785] Always call destructors in reverse constructor order - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 -+ [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - - - Version 2.38 -diff --git a/resolv/Makefile b/resolv/Makefile -index 054b1fa36c..2f99eb3862 100644 ---- a/resolv/Makefile -+++ b/resolv/Makefile -@@ -102,6 +102,7 @@ tests += \ - tst-resolv-invalid-cname \ - tst-resolv-network \ - tst-resolv-noaaaa \ -+ tst-resolv-noaaaa-vc \ - tst-resolv-nondecimal \ - tst-resolv-res_init-multi \ - tst-resolv-search \ -@@ -293,6 +294,7 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \ - $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ - $(shared-thread-library) - $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library) -+$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index 1d60c51f5e..5d0ab30de6 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, - { - n = __res_context_search (ctx, name, C_IN, T_A, - dns_packet_buffer, sizeof (dns_packet_buffer), -- NULL, NULL, NULL, NULL, NULL); -+ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL); - if (n >= 0) - status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n, - &abuf, pat, errnop, herrnop, ttlp); -diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c -new file mode 100644 -index 0000000000..9f5aebd99f ---- /dev/null -+++ b/resolv/tst-resolv-noaaaa-vc.c -@@ -0,0 +1,129 @@ -+/* Test the RES_NOAAAA resolver option with a large response. -+ Copyright (C) 2022-2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ https://www.gnu.org/licenses/. */ -+ -+#include <errno.h> -+#include <netdb.h> -+#include <resolv.h> -+#include <stdbool.h> -+#include <stdlib.h> -+#include <support/check.h> -+#include <support/check_nss.h> -+#include <support/resolv_test.h> -+#include <support/support.h> -+#include <support/xmemstream.h> -+ -+/* Used to keep track of the number of queries. */ -+static volatile unsigned int queries; -+ -+/* If true, add a large TXT record at the start of the answer section. */ -+static volatile bool stuff_txt; -+ -+static void -+response (const struct resolv_response_context *ctx, -+ struct resolv_response_builder *b, -+ const char *qname, uint16_t qclass, uint16_t qtype) -+{ -+ /* If not using TCP, just force its use. */ -+ if (!ctx->tcp) -+ { -+ struct resolv_response_flags flags = {.tc = true}; -+ resolv_response_init (b, flags); -+ resolv_response_add_question (b, qname, qclass, qtype); -+ return; -+ } -+ -+ /* The test needs to send four queries, the first three are used to -+ grow the NSS buffer via the ERANGE handshake. */ -+ ++queries; -+ TEST_VERIFY (queries <= 4); -+ -+ /* AAAA queries are supposed to be disabled. */ -+ TEST_COMPARE (qtype, T_A); -+ TEST_COMPARE (qclass, C_IN); -+ TEST_COMPARE_STRING (qname, "example.com"); -+ -+ struct resolv_response_flags flags = {}; -+ resolv_response_init (b, flags); -+ resolv_response_add_question (b, qname, qclass, qtype); -+ -+ resolv_response_section (b, ns_s_an); -+ -+ if (stuff_txt) -+ { -+ resolv_response_open_record (b, qname, qclass, T_TXT, 60); -+ int zero = 0; -+ for (int i = 0; i <= 15000; ++i) -+ resolv_response_add_data (b, &zero, sizeof (zero)); -+ resolv_response_close_record (b); -+ } -+ -+ for (int i = 0; i < 200; ++i) -+ { -+ resolv_response_open_record (b, qname, qclass, qtype, 60); -+ char ipv4[4] = {192, 0, 2, i + 1}; -+ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); -+ resolv_response_close_record (b); -+ } -+} -+ -+static int -+do_test (void) -+{ -+ struct resolv_test *obj = resolv_test_start -+ ((struct resolv_redirect_config) -+ { -+ .response_callback = response -+ }); -+ -+ _res.options |= RES_NOAAAA; -+ -+ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt) -+ { -+ queries = 0; -+ stuff_txt = do_stuff_txt; -+ -+ struct addrinfo *ai = NULL; -+ int ret; -+ ret = getaddrinfo ("example.com", "80", -+ &(struct addrinfo) -+ { -+ .ai_family = AF_UNSPEC, -+ .ai_socktype = SOCK_STREAM, -+ }, &ai); -+ -+ char *expected_result; -+ { -+ struct xmemstream mem; -+ xopen_memstream (&mem); -+ for (int i = 0; i < 200; ++i) -+ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1); -+ xfclose_memstream (&mem); -+ expected_result = mem.buffer; -+ } -+ -+ check_addrinfo ("example.com", ai, ret, expected_result); -+ -+ free (expected_result); -+ freeaddrinfo (ai); -+ } -+ -+ resolv_test_end (obj); -+ return 0; -+} -+ -+#include <support/test-driver.c> --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch b/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch deleted file mode 100644 index 708e617256..0000000000 --- a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar siddhesh@sourceware.org -Date: Fri, 15 Sep 2023 13:51:12 -0400 -Subject: [PATCH 20/44] getaddrinfo: Fix use after free in getcanonname - (CVE-2023-4806) - -When an NSS plugin only implements the _gethostbyname2_r and -_getcanonname_r callbacks, getaddrinfo could use memory that was freed -during tmpbuf resizing, through h_name in a previous query response. - -The backing store for res->at->name when doing a query with -gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in -gethosts during the query. For AF_INET6 lookup with AI_ALL | -AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second -for a v4 lookup. In this case, if the first call reallocates tmpbuf -enough number of times, resulting in a malloc, th->h_name (that -res->at->name refers to) ends up on a heap allocated storage in tmpbuf. -Now if the second call to gethosts also causes the plugin callback to -return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF -reference in res->at->name. This then gets dereferenced in the -getcanonname_r plugin call, resulting in the use after free. - -Fix this by copying h_name over and freeing it at the end. This -resolves BZ #30843, which is assigned CVE-2023-4806. - -Signed-off-by: Siddhesh Poyarekar siddhesh@sourceware.org -(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994) ---- - nss/Makefile | 15 ++++- - nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.h | 1 + - .../postclean.req | 0 - .../tst-nss-gai-hv2-canonname.script | 2 + - sysdeps/posix/getaddrinfo.c | 25 +++++--- - 7 files changed, 152 insertions(+), 10 deletions(-) - create mode 100644 nss/nss_test_gai_hv2_canonname.c - create mode 100644 nss/tst-nss-gai-hv2-canonname.c - create mode 100644 nss/tst-nss-gai-hv2-canonname.h - create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req - create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script - -diff --git a/nss/Makefile b/nss/Makefile -index 06fcdc450f..8a5126ecf3 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -82,6 +82,7 @@ tests-container := \ - tst-nss-test3 \ - tst-reload1 \ - tst-reload2 \ -+ tst-nss-gai-hv2-canonname \ - # tests-container - - # Tests which need libdl -@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) - ifeq ($(build-static-nss),yes) - tests-static += tst-nss-static - endif --extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os -+extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ -+ nss_test_gai_hv2_canonname.os - - include ../Rules - -@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver - libof-nss_test1 = extramodules - libof-nss_test2 = extramodules - libof-nss_test_errno = extramodules -+libof-nss_test_gai_hv2_canonname = extramodules - $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) - $(build-module) - $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) - $(build-module) - $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) - $(build-module) -+$(objpfx)/libnss_test_gai_hv2_canonname.so: \ -+ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) -+ $(build-module) - $(objpfx)nss_test2.os : nss_test1.c - # Use the nss_files suffix for these objects as well. - $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so -@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so - $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ - $(objpfx)/libnss_test_errno.so - $(make-link) -+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ -+ $(objpfx)/libnss_test_gai_hv2_canonname.so -+ $(make-link) - $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ - $(objpfx)/libnss_test1.so$(libnss_files.so-version) \ - $(objpfx)/libnss_test2.so$(libnss_files.so-version) \ -- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) -+ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ -+ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) - - ifeq (yes,$(have-thread-library)) - $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) -@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags -+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags -diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c -new file mode 100644 -index 0000000000..4439c83c9f ---- /dev/null -+++ b/nss/nss_test_gai_hv2_canonname.c -@@ -0,0 +1,56 @@ -+/* NSS service provider that only provides gethostbyname2_r. -+ Copyright The GNU Toolchain Authors. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ https://www.gnu.org/licenses/. */ -+ -+#include <nss.h> -+#include <stdlib.h> -+#include <string.h> -+#include "nss/tst-nss-gai-hv2-canonname.h" -+ -+/* Catch misnamed and functions. */ -+#pragma GCC diagnostic error "-Wmissing-prototypes" -+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname) -+ -+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int, -+ struct hostent *, char *, -+ size_t, int *, int *); -+ -+enum nss_status -+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af, -+ struct hostent *result, -+ char *buffer, size_t buflen, -+ int *errnop, int *herrnop) -+{ -+ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop, -+ herrnop); -+} -+ -+enum nss_status -+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer, -+ size_t buflen, char **result, -+ int *errnop, int *h_errnop) -+{ -+ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail -+ the test. */ -+ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME)) -+ || buflen < sizeof (QUERYNAME)) -+ abort (); -+ -+ strncpy (buffer, name, buflen); -+ *result = buffer; -+ return NSS_STATUS_SUCCESS; -+} -diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c -new file mode 100644 -index 0000000000..d5f10c07d6 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.c -@@ -0,0 +1,63 @@ -+/* Test NSS query path for plugins that only implement gethostbyname2 -+ (#30843). -+ Copyright The GNU Toolchain Authors. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ https://www.gnu.org/licenses/. */ -+ -+#include <nss.h> -+#include <netdb.h> -+#include <stdlib.h> -+#include <string.h> -+#include <support/check.h> -+#include <support/xstdio.h> -+#include "nss/tst-nss-gai-hv2-canonname.h" -+ -+#define PREPARE do_prepare -+ -+static void do_prepare (int a, char **av) -+{ -+ FILE *hosts = xfopen ("/etc/hosts", "w"); -+ for (unsigned i = 2; i < 255; i++) -+ { -+ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i); -+ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i); -+ } -+ xfclose (hosts); -+} -+ -+static int -+do_test (void) -+{ -+ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); -+ -+ struct addrinfo hints = {}; -+ struct addrinfo *result = NULL; -+ -+ hints.ai_family = AF_INET6; -+ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; -+ -+ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result); -+ -+ if (ret != 0) -+ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret)); -+ -+ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME); -+ -+ freeaddrinfo(result); -+ return 0; -+} -+ -+#include <support/test-driver.c> -diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h -new file mode 100644 -index 0000000000..14f2a9cb08 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.h -@@ -0,0 +1 @@ -+#define QUERYNAME "test.example.com" -diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req -new file mode 100644 -index 0000000000..e69de29bb2 -diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script -new file mode 100644 -index 0000000000..31848b4a28 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script -@@ -0,0 +1,2 @@ -+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2 -+su -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index 0356b622be..b2236b105c 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -120,6 +120,7 @@ struct gaih_result - { - struct gaih_addrtuple *at; - char *canon; -+ char *h_name; - bool free_at; - bool got_ipv6; - }; -@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) - if (res->free_at) - free (res->at); - free (res->canon); -+ free (res->h_name); - memset (res, 0, sizeof (*res)); - } - -@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - return 0; - } - --/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name -- is not copied, and the struct hostent object must not be deallocated -- prematurely. The new addresses are appended to the tuple array in RES. */ -+/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new -+ addresses are appended to the tuple array in RES. */ - static bool - convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - struct hostent *h, struct gaih_result *res) -@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - res->at = array; - res->free_at = true; - -+ /* Duplicate h_name because it may get reclaimed when the underlying storage -+ is freed. */ -+ if (res->h_name == NULL) -+ { -+ res->h_name = __strdup (h->h_name); -+ if (res->h_name == NULL) -+ return false; -+ } -+ - /* Update the next pointers on reallocation. */ - for (size_t i = 0; i < old; i++) - array[i].next = array + i + 1; -@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - } - array[i].next = array + i + 1; - } -- array[0].name = h->h_name; - array[count - 1].next = NULL; - - return true; -@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name, - memory allocation failure. The returned string is allocated on the - heap; the caller has to free it. */ - static char * --getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name) -+getcanonname (nss_action_list nip, const char *hname, const char *name) - { - nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r"); - char *s = (char *) name; - if (cfct != NULL) - { - char buf[256]; -- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), -- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) -+ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno, -+ &h_errno)) != NSS_STATUS_SUCCESS) - /* If the canonical name cannot be determined, use the passed - string. */ - s = (char *) name; -@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, - if ((req->ai_flags & AI_CANONNAME) != 0 - && res->canon == NULL) - { -- char *canonbuf = getcanonname (nip, res->at, name); -+ char *canonbuf = getcanonname (nip, res->h_name, name); - if (canonbuf == NULL) - { - __resolv_context_put (res_ctx); --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch b/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch deleted file mode 100644 index fb86f0f19d..0000000000 --- a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@suse.de -Date: Tue, 1 Aug 2023 17:01:37 +0200 -Subject: [PATCH 21/44] iconv: restore verbosity with unrecognized encoding - names (bug 30694) - -Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the -iconv program to call __gconv_open directly instead of the iconv_open -wrapper, but the former does not set errno. Update the caller to -interpret the return codes like iconv_open does. - -(cherry picked from commit fc72b6d7d818ab2868920af956d1542d03342a4d) ---- - iconv/iconv_prog.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c -index bee898c63c..cf32cf9b44 100644 ---- a/iconv/iconv_prog.c -+++ b/iconv/iconv_prog.c -@@ -187,7 +187,7 @@ main (int argc, char *argv[]) - - if (res != __GCONV_OK) - { -- if (errno == EINVAL) -+ if (res == __GCONV_NOCONV || res == __GCONV_NODB) - { - /* Try to be nice with the user and tell her which of the - two encoding names is wrong. This is possible because --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch b/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch deleted file mode 100644 index 38aec8638d..0000000000 --- a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001 -From: Mahesh Bodapati bmahi496@linux.ibm.com -Date: Fri, 11 Aug 2023 10:38:25 -0500 -Subject: [PATCH 22/44] string: Fix tester build with fortify enable with gcc < - 12 - -When building with fortify enabled, GCC < 12 issues a warning on the -fortify strncat wrapper might overflow the destination buffer (the -failure is tied to -Werror). - -Checked on ppc64 and x86_64. -Reviewed-by: Adhemerval Zanella adhemerval.zanella@linaro.org - -(cherry picked from commit f1c7ed0859a45929136836341741c7cd70f428cb) ---- - string/tester.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/string/tester.c b/string/tester.c -index f7d4bac5a8..824cf315ff 100644 ---- a/string/tester.c -+++ b/string/tester.c -@@ -34,6 +34,14 @@ - DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-truncation"); - #endif - -+/* When building with fortify enabled, GCC < 12 issues a warning on the -+ fortify strncat wrapper might overflow the destination buffer (the -+ failure is tied to -Werror). -+ Triggered by strncat fortify wrapper when it is enabled. */ -+#if __GNUC_PREREQ (11, 0) -+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); -+#endif -+ - #include <errno.h> - #include <stdint.h> - #include <stdio.h> -@@ -52,9 +60,6 @@ DIAG_IGNORE_NEEDS_COMMENT (5.0, "-Wmemset-transposed-args"); - DIAG_IGNORE_NEEDS_COMMENT (9, "-Wrestrict"); - DIAG_IGNORE_NEEDS_COMMENT (7, "-Wstringop-overflow="); - #endif --#if __GNUC_PREREQ (11, 0) --DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); --#endif - - - #define STREQ(a, b) (strcmp((a), (b)) == 0) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch b/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch deleted file mode 100644 index a103b95882..0000000000 --- a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001 -From: Mark Wielaard mark@klomp.org -Date: Thu, 24 Aug 2023 21:36:34 +0200 -Subject: [PATCH 23/44] manual/jobs.texi: Add missing @item EPERM for getpgid - -The missing @item makes it look like errno will be set to ESRCH -if a cross-session getpgid is not permitted. - -Found by ulfvonbelow on irc. - -(cherry picked from commit 5a21cefd5abab1b99eda1fbf84204a9bf41662ab) ---- - manual/job.texi | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/manual/job.texi b/manual/job.texi -index 42cb9fb26d..8157f13a1c 100644 ---- a/manual/job.texi -+++ b/manual/job.texi -@@ -1133,6 +1133,7 @@ following @code{errno} error conditions are defined for this function: - @table @code - @item ESRCH - There is no process with the given process ID @var{pid}. -+@item EPERM - The calling process and the process specified by @var{pid} are in - different sessions, and the implementation doesn't allow to access the - process group ID of the process with ID @var{pid} from the calling --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch b/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch deleted file mode 100644 index 90b01ebdee..0000000000 --- a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 5ee59ca371b99984232d7584fe2b1a758b4421d3 Mon Sep 17 00:00:00 2001 -From: Romain Geissler romain.geissler@amadeus.com -Date: Mon, 25 Sep 2023 01:21:51 +0100 -Subject: [PATCH 24/44] Fix leak in getaddrinfo introduced by the fix for - CVE-2023-4806 [BZ #30843] - -This patch fixes a very recently added leak in getaddrinfo. - -This was assigned CVE-2023-5156. - -Resolves: BZ #30884 -Related: BZ #30842 - -Reviewed-by: Siddhesh Poyarekar siddhesh@sourceware.org -(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796) ---- - nss/Makefile | 20 ++++++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.c | 3 +++ - sysdeps/posix/getaddrinfo.c | 4 +--- - 3 files changed, 24 insertions(+), 3 deletions(-) - -diff --git a/nss/Makefile b/nss/Makefile -index 8a5126ecf3..668ba34b18 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -149,6 +149,15 @@ endif - extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ - nss_test_gai_hv2_canonname.os - -+ifeq ($(run-built-tests),yes) -+ifneq (no,$(PERL)) -+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out -+endif -+endif -+ -+generated += mtrace-tst-nss-gai-hv2-canonname.out \ -+ tst-nss-gai-hv2-canonname.mtrace -+ - include ../Rules - - ifeq (yes,$(have-selinux)) -@@ -217,6 +226,17 @@ endif - $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so - $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so - -+tst-nss-gai-hv2-canonname-ENV = \ -+ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ -+ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so -+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \ -+ $(objpfx)tst-nss-gai-hv2-canonname.out -+ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \ -+ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \ -+ && $(common-objpfx)malloc/mtrace \ -+ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \ -+ $(evaluate-test) -+ - # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS - # functions can load testing NSS modules via DT_RPATH. - LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags -diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c -index d5f10c07d6..7db53cf09d 100644 ---- a/nss/tst-nss-gai-hv2-canonname.c -+++ b/nss/tst-nss-gai-hv2-canonname.c -@@ -21,6 +21,7 @@ - #include <netdb.h> - #include <stdlib.h> - #include <string.h> -+#include <mcheck.h> - #include <support/check.h> - #include <support/xstdio.h> - #include "nss/tst-nss-gai-hv2-canonname.h" -@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av) - static int - do_test (void) - { -+ mtrace (); -+ - __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); - - struct addrinfo hints = {}; -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index b2236b105c..13082305d3 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -1196,9 +1196,7 @@ free_and_return: - if (malloc_name) - free ((char *) name); - free (addrmem); -- if (res.free_at) -- free (res.at); -- free (res.canon); -+ gaih_result_reset (&res); - - return result; - } --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch b/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch deleted file mode 100644 index f2145fd8b5..0000000000 --- a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f6445dc94da185b3d1ee283f0ca0a34c4e1986cc Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar siddhesh@sourceware.org -Date: Tue, 26 Sep 2023 07:38:07 -0400 -Subject: [PATCH 25/44] Document CVE-2023-4806 and CVE-2023-5156 in NEWS - -These are tracked in BZ #30884 and BZ #30843. - -Signed-off-by: Siddhesh Poyarekar siddhesh@sourceware.org -(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd) ---- - NEWS | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/NEWS b/NEWS -index dfee278a9c..f1b1b0a3b4 100644 ---- a/NEWS -+++ b/NEWS -@@ -15,6 +15,15 @@ Security related changes: - 2048 bytes, getaddrinfo may potentially disclose stack contents via - the returned address data, or crash. - -+ CVE-2023-4806: When an NSS plugin only implements the -+ _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use -+ memory that was freed during buffer resizing, potentially causing a -+ crash or read or write to arbitrary memory. -+ -+ CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when -+ an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, -+ AI_ALL and AI_V4MAPPED flags set. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch b/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch deleted file mode 100644 index 18bd1e2f1a..0000000000 --- a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar siddhesh@sourceware.org -Date: Tue, 19 Sep 2023 13:25:40 -0400 -Subject: [PATCH 26/44] Propagate GLIBC_TUNABLES in setxid binaries - -GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some -tunables are required to propagate past setxid boundary, like their -env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like -before, restoring behaviour in glibc 2.37 and earlier. - -Signed-off-by: Siddhesh Poyarekar siddhesh@sourceware.org -Reviewed-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) ---- - sysdeps/generic/unsecvars.h | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h -index 81397fb90b..8278c50a84 100644 ---- a/sysdeps/generic/unsecvars.h -+++ b/sysdeps/generic/unsecvars.h -@@ -4,7 +4,6 @@ - #define UNSECURE_ENVVARS \ - "GCONV_PATH\0" \ - "GETCONF_DIR\0" \ -- "GLIBC_TUNABLES\0" \ - "HOSTALIASES\0" \ - "LD_AUDIT\0" \ - "LD_DEBUG\0" \ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch b/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch deleted file mode 100644 index 8f20f6c184..0000000000 --- a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch +++ /dev/null @@ -1,173 +0,0 @@ -From 750a45a783906a19591fb8ff6b7841470f1f5701 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar siddhesh@sourceware.org -Date: Tue, 19 Sep 2023 18:39:32 -0400 -Subject: [PATCH 27/44] tunables: Terminate if end of input is reached - (CVE-2023-4911) - -The string parsing routine may end up writing beyond bounds of tunestr -if the input tunable string is malformed, of the form name=name=val. -This gets processed twice, first as name=name=val and next as name=val, -resulting in tunestr being name=name=val:name=val, thus overflowing -tunestr. - -Terminate the parsing loop at the first instance itself so that tunestr -does not overflow. - -This also fixes up tst-env-setuid-tunables to actually handle failures -correct and add new tests to validate the fix for this CVE. - -Signed-off-by: Siddhesh Poyarekar siddhesh@sourceware.org -Reviewed-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa) ---- - NEWS | 5 +++++ - elf/dl-tunables.c | 17 +++++++++------- - elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++-------- - 3 files changed, 44 insertions(+), 15 deletions(-) - -diff --git a/NEWS b/NEWS -index f1b1b0a3b4..bfcd46efa9 100644 ---- a/NEWS -+++ b/NEWS -@@ -24,6 +24,11 @@ Security related changes: - an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, - AI_ALL and AI_V4MAPPED flags set. - -+ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the -+ environment of a setuid program and NAME is valid, it may result in a -+ buffer overflow, which could be exploited to achieve escalated -+ privileges. This flaw was introduced in glibc 2.34. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c -index 62b7332d95..cae67efa0a 100644 ---- a/elf/dl-tunables.c -+++ b/elf/dl-tunables.c -@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring) - /* If we reach the end of the string before getting a valid name-value - pair, bail out. */ - if (p[len] == '\0') -- { -- if (__libc_enable_secure) -- tunestr[off] = '\0'; -- return; -- } -+ break; - - /* We did not find a valid name-value pair before encountering the - colon. */ -@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring) - } - } - -- if (p[len] != '\0') -- p += len + 1; -+ /* We reached the end while processing the tunable string. */ -+ if (p[len] == '\0') -+ break; -+ -+ p += len + 1; - } -+ -+ /* Terminate tunestr before we leave. */ -+ if (__libc_enable_secure) -+ tunestr[off] = '\0'; - } - - /* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when -diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c -index 7dfb0e073a..f0b92c97e7 100644 ---- a/elf/tst-env-setuid-tunables.c -+++ b/elf/tst-env-setuid-tunables.c -@@ -50,6 +50,8 @@ const char *teststrings[] = - "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", - "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096", - "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.check=2", - "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2", - "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096", - ":glibc.malloc.garbage=2:glibc.malloc.check=1", -@@ -68,6 +70,8 @@ const char *resultstrings[] = - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", -+ "", - "", - "", - "", -@@ -81,11 +85,18 @@ test_child (int off) - { - const char *val = getenv ("GLIBC_TUNABLES"); - -+ printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); -+ fflush (stdout); - if (val != NULL && strcmp (val, resultstrings[off]) == 0) - return 0; - - if (val != NULL) -- printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); -+ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", -+ off, val, resultstrings[off]); -+ else -+ printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); -+ -+ fflush (stdout); - - return 1; - } -@@ -106,21 +117,26 @@ do_test (int argc, char **argv) - if (ret != 0) - exit (1); - -- exit (EXIT_SUCCESS); -+ /* Special return code to make sure that the child executed all the way -+ through. */ -+ exit (42); - } - else - { -- int ret = 0; -- - /* Spawn tests. */ - for (int i = 0; i < array_length (teststrings); i++) - { - char buf[INT_BUFSIZE_BOUND (int)]; - -- printf ("Spawned test for %s (%d)\n", teststrings[i], i); -+ printf ("[%d] Spawned test for %s\n", i, teststrings[i]); - snprintf (buf, sizeof (buf), "%d\n", i); -+ fflush (stdout); - if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0) -- exit (1); -+ { -+ printf (" [%d] Failed to set GLIBC_TUNABLES: %m", i); -+ support_record_failure (); -+ continue; -+ } - - int status = support_capture_subprogram_self_sgid (buf); - -@@ -128,9 +144,14 @@ do_test (int argc, char **argv) - if (WEXITSTATUS (status) == EXIT_UNSUPPORTED) - return EXIT_UNSUPPORTED; - -- ret |= status; -+ if (WEXITSTATUS (status) != 42) -+ { -+ printf (" [%d] child failed with status %d\n", i, -+ WEXITSTATUS (status)); -+ support_record_failure (); -+ } - } -- return ret; -+ return 0; - } - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch b/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch deleted file mode 100644 index 0ebfb5f06a..0000000000 --- a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e0b6c9706c91a642c781918eea52588ee8dc9f09 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Wed, 18 Oct 2023 14:22:59 +0200 -Subject: [PATCH 28/44] Revert "elf: Remove unused l_text_end field from struct - link_map" - -This reverts commit 750f19526ae71aac801c77a3f7ef5374890c09b7. - -Reason for revert: Restore ABI after revert of commit a3189f66a5f. ---- - elf/dl-load.c | 2 +- - elf/dl-load.h | 7 +++++-- - elf/rtld.c | 6 ++++++ - elf/setup-vdso.h | 4 ++++ - include/link.h | 2 ++ - 5 files changed, 18 insertions(+), 3 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 2923b1141d..9a87fda9c9 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, - - /* Now process the load commands and map segments into memory. - This is responsible for filling in: -- l_map_start, l_map_end, l_addr, l_contiguous, l_phdr -+ l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr - */ - errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, - maplength, has_holes, loader); -diff --git a/elf/dl-load.h b/elf/dl-load.h -index 1d5207694b..ecf6910c68 100644 ---- a/elf/dl-load.h -+++ b/elf/dl-load.h -@@ -83,11 +83,14 @@ struct loadcmd - - /* This is a subroutine of _dl_map_segments. It should be called for each - load command, some time after L->l_addr has been set correctly. It is -- responsible for setting the l_phdr fields */ -+ responsible for setting up the l_text_end and l_phdr fields. */ - static __always_inline void - _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - const struct loadcmd *c) - { -+ if (c->prot & PROT_EXEC) -+ l->l_text_end = l->l_addr + c->mapend; -+ - if (l->l_phdr == 0 - && c->mapoff <= header->e_phoff - && ((size_t) (c->mapend - c->mapstart + c->mapoff) -@@ -100,7 +103,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - - /* This is a subroutine of _dl_map_object_from_fd. It is responsible - for filling in several fields in *L: l_map_start, l_map_end, l_addr, -- l_contiguous, l_phdr. On successful return, all the -+ l_contiguous, l_text_end, l_phdr. On successful return, all the - segments are mapped (or copied, or whatever) from the file into their - final places in the address space, with the correct page permissions, - and any bss-like regions already zeroed. It returns a null pointer -diff --git a/elf/rtld.c b/elf/rtld.c -index 5107d16fe3..a91e2a4471 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -477,6 +477,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) - GL(dl_rtld_map).l_real = &GL(dl_rtld_map); - GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; - GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; -+ GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext; - /* Copy the TLS related data if necessary. */ - #ifndef DONT_USE_BOOTSTRAP_MAP - # if NO_TLS_OFFSET != 0 -@@ -1118,6 +1119,7 @@ rtld_setup_main_map (struct link_map *main_map) - bool has_interp = false; - - main_map->l_map_end = 0; -+ main_map->l_text_end = 0; - /* Perhaps the executable has no PT_LOAD header entries at all. */ - main_map->l_map_start = ~0; - /* And it was opened directly. */ -@@ -1209,6 +1211,8 @@ rtld_setup_main_map (struct link_map *main_map) - allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz; - if (main_map->l_map_end < allocend) - main_map->l_map_end = allocend; -+ if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end) -+ main_map->l_text_end = allocend; - - /* The next expected address is the page following this load - segment. */ -@@ -1268,6 +1272,8 @@ rtld_setup_main_map (struct link_map *main_map) - = (char *) main_map->l_tls_initimage + main_map->l_addr; - if (! main_map->l_map_end) - main_map->l_map_end = ~0; -+ if (! main_map->l_text_end) -+ main_map->l_text_end = ~0; - if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name) - { - /* We were invoked directly, so the program might not have a -diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h -index d92b12a7aa..0079842d1f 100644 ---- a/elf/setup-vdso.h -+++ b/elf/setup-vdso.h -@@ -51,6 +51,9 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_addr = ph->p_vaddr; - if (ph->p_vaddr + ph->p_memsz >= l->l_map_end) - l->l_map_end = ph->p_vaddr + ph->p_memsz; -+ if ((ph->p_flags & PF_X) -+ && ph->p_vaddr + ph->p_memsz >= l->l_text_end) -+ l->l_text_end = ph->p_vaddr + ph->p_memsz; - } - else - /* There must be no TLS segment. */ -@@ -59,6 +62,7 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso); - l->l_addr = l->l_map_start - l->l_addr; - l->l_map_end += l->l_addr; -+ l->l_text_end += l->l_addr; - l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr); - elf_get_dynamic_info (l, false, false); - _dl_setup_hash (l); -diff --git a/include/link.h b/include/link.h -index 686813f281..a02d5f2eba 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -253,6 +253,8 @@ struct link_map - /* Start and finish of memory map for this object. l_map_start - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; -+ /* End of the executable part of the mapping. */ -+ ElfW(Addr) l_text_end; - - /* Linked list of objects in reverse ELF constructor execution - order. Head of list is stored in _dl_init_called_list. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch b/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch deleted file mode 100644 index 50e57e82ee..0000000000 --- a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch +++ /dev/null @@ -1,593 +0,0 @@ -From 719866ab2ff0e6d514a04fb47e507d92e70ef7ee Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Wed, 18 Oct 2023 14:25:46 +0200 -Subject: [PATCH 29/44] Revert "elf: Always call destructors in reverse - constructor order (bug 30785)" - -This reverts commit a3189f66a5f2fe86568286fa025fa153be04c6c0. - -Reason for revert: Incompatibility with existing applications. ---- - NEWS | 1 - - elf/dl-close.c | 113 ++++++++++----------------- - elf/dl-fini.c | 152 ++++++++++++++++++++++++------------- - elf/dl-init.c | 16 ---- - elf/dso-sort-tests-1.def | 19 +++-- - elf/tst-audit23.c | 44 +++++------ - sysdeps/generic/ldsodefs.h | 4 - - 7 files changed, 173 insertions(+), 176 deletions(-) - -diff --git a/NEWS b/NEWS -index bfcd46efa9..f117874e34 100644 ---- a/NEWS -+++ b/NEWS -@@ -32,7 +32,6 @@ Security related changes: - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -- [30785] Always call destructors in reverse constructor order - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -diff --git a/elf/dl-close.c b/elf/dl-close.c -index ea62d0e601..b887a44888 100644 ---- a/elf/dl-close.c -+++ b/elf/dl-close.c -@@ -138,31 +138,30 @@ _dl_close_worker (struct link_map *map, bool force) - - bool any_tls = false; - const unsigned int nloaded = ns->_ns_nloaded; -+ struct link_map *maps[nloaded]; - -- /* Run over the list and assign indexes to the link maps. */ -+ /* Run over the list and assign indexes to the link maps and enter -+ them into the MAPS array. */ - int idx = 0; - for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next) - { - l->l_map_used = 0; - l->l_map_done = 0; - l->l_idx = idx; -+ maps[idx] = l; - ++idx; - } - assert (idx == nloaded); - -- /* Keep marking link maps until no new link maps are found. */ -- for (struct link_map *l = ns->_ns_loaded; l != NULL; ) -+ /* Keep track of the lowest index link map we have covered already. */ -+ int done_index = -1; -+ while (++done_index < nloaded) - { -- /* next is reset to earlier link maps for remarking. */ -- struct link_map *next = l->l_next; -- int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */ -+ struct link_map *l = maps[done_index]; - - if (l->l_map_done) -- { -- /* Already handled. */ -- l = next; -- continue; -- } -+ /* Already handled. */ -+ continue; - - /* Check whether this object is still used. */ - if (l->l_type == lt_loaded -@@ -172,10 +171,7 @@ _dl_close_worker (struct link_map *map, bool force) - acquire is sufficient and correct. */ - && atomic_load_acquire (&l->l_tls_dtor_count) == 0 - && !l->l_map_used) -- { -- l = next; -- continue; -- } -+ continue; - - /* We need this object and we handle it now. */ - l->l_map_used = 1; -@@ -202,11 +198,8 @@ _dl_close_worker (struct link_map *map, bool force) - already processed it, then we need to go back - and process again from that point forward to - ensure we keep all of its dependencies also. */ -- if ((*lp)->l_idx < next_idx) -- { -- next = *lp; -- next_idx = next->l_idx; -- } -+ if ((*lp)->l_idx - 1 < done_index) -+ done_index = (*lp)->l_idx - 1; - } - } - -@@ -226,65 +219,44 @@ _dl_close_worker (struct link_map *map, bool force) - if (!jmap->l_map_used) - { - jmap->l_map_used = 1; -- if (jmap->l_idx < next_idx) -- { -- next = jmap; -- next_idx = next->l_idx; -- } -+ if (jmap->l_idx - 1 < done_index) -+ done_index = jmap->l_idx - 1; - } - } - } -- -- l = next; - } - -- /* Call the destructors in reverse constructor order, and remove the -- closed link maps from the list. */ -- for (struct link_map **init_called_head = &_dl_init_called_list; -- *init_called_head != NULL; ) -+ /* Sort the entries. We can skip looking for the binary itself which is -+ at the front of the search list for the main namespace. */ -+ _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true); -+ -+ /* Call all termination functions at once. */ -+ bool unload_any = false; -+ bool scope_mem_left = false; -+ unsigned int unload_global = 0; -+ unsigned int first_loaded = ~0; -+ for (unsigned int i = 0; i < nloaded; ++i) - { -- struct link_map *imap = *init_called_head; -+ struct link_map *imap = maps[i]; - -- /* _dl_init_called_list is global, to produce a global odering. -- Ignore the other namespaces (and link maps that are still used). */ -- if (imap->l_ns != nsid || imap->l_map_used) -- init_called_head = &imap->l_init_called_next; -- else -+ /* All elements must be in the same namespace. */ -+ assert (imap->l_ns == nsid); -+ -+ if (!imap->l_map_used) - { - assert (imap->l_type == lt_loaded && !imap->l_nodelete_active); - -- /* _dl_init_called_list is updated at the same time as -- l_init_called. */ -- assert (imap->l_init_called); -- -- if (imap->l_info[DT_FINI_ARRAY] != NULL -- || imap->l_info[DT_FINI] != NULL) -+ /* Call its termination function. Do not do it for -+ half-cooked objects. Temporarily disable exception -+ handling, so that errors are fatal. */ -+ if (imap->l_init_called) - _dl_catch_exception (NULL, _dl_call_fini, imap); - - #ifdef SHARED - /* Auditing checkpoint: we remove an object. */ - _dl_audit_objclose (imap); - #endif -- /* Unlink this link map. */ -- *init_called_head = imap->l_init_called_next; -- } -- } -- -- -- bool unload_any = false; -- bool scope_mem_left = false; -- unsigned int unload_global = 0; -- -- /* For skipping un-unloadable link maps in the second loop. */ -- struct link_map *first_loaded = ns->_ns_loaded; - -- /* Iterate over the namespace to find objects to unload. Some -- unloadable objects may not be on _dl_init_called_list due to -- dlopen failure. */ -- for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next) -- { -- if (!imap->l_map_used) -- { - /* This object must not be used anymore. */ - imap->l_removed = 1; - -@@ -295,8 +267,8 @@ _dl_close_worker (struct link_map *map, bool force) - ++unload_global; - - /* Remember where the first dynamically loaded object is. */ -- if (first_loaded == NULL) -- first_loaded = imap; -+ if (i < first_loaded) -+ first_loaded = i; - } - /* Else imap->l_map_used. */ - else if (imap->l_type == lt_loaded) -@@ -432,8 +404,8 @@ _dl_close_worker (struct link_map *map, bool force) - imap->l_loader = NULL; - - /* Remember where the first dynamically loaded object is. */ -- if (first_loaded == NULL) -- first_loaded = imap; -+ if (i < first_loaded) -+ first_loaded = i; - } - } - -@@ -504,11 +476,10 @@ _dl_close_worker (struct link_map *map, bool force) - - /* Check each element of the search list to see if all references to - it are gone. */ -- for (struct link_map *imap = first_loaded; imap != NULL; ) -+ for (unsigned int i = first_loaded; i < nloaded; ++i) - { -- if (imap->l_map_used) -- imap = imap->l_next; -- else -+ struct link_map *imap = maps[i]; -+ if (!imap->l_map_used) - { - assert (imap->l_type == lt_loaded); - -@@ -719,9 +690,7 @@ _dl_close_worker (struct link_map *map, bool force) - if (imap == GL(dl_initfirst)) - GL(dl_initfirst) = NULL; - -- struct link_map *next = imap->l_next; - free (imap); -- imap = next; - } - } - -diff --git a/elf/dl-fini.c b/elf/dl-fini.c -index e201d36651..9acb64f47c 100644 ---- a/elf/dl-fini.c -+++ b/elf/dl-fini.c -@@ -24,68 +24,116 @@ - void - _dl_fini (void) - { -- /* Call destructors strictly in the reverse order of constructors. -- This causes fewer surprises than some arbitrary reordering based -- on new (relocation) dependencies. None of the objects are -- unmapped, so applications can deal with this if their DSOs remain -- in a consistent state after destructors have run. */ -- -- /* Protect against concurrent loads and unloads. */ -- __rtld_lock_lock_recursive (GL(dl_load_lock)); -- -- /* Ignore objects which are opened during shutdown. */ -- struct link_map *local_init_called_list = _dl_init_called_list; -- -- for (struct link_map *l = local_init_called_list; l != NULL; -- l = l->l_init_called_next) -- /* Bump l_direct_opencount of all objects so that they -- are not dlclose()ed from underneath us. */ -- ++l->l_direct_opencount; -- -- /* After this point, everything linked from local_init_called_list -- cannot be unloaded because of the reference counter update. */ -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- -- /* Perform two passes: One for non-audit modules, one for audit -- modules. This way, audit modules receive unload notifications -- for non-audit objects, and the destructors for audit modules -- still run. */ -+ /* Lots of fun ahead. We have to call the destructors for all still -+ loaded objects, in all namespaces. The problem is that the ELF -+ specification now demands that dependencies between the modules -+ are taken into account. I.e., the destructor for a module is -+ called before the ones for any of its dependencies. -+ -+ To make things more complicated, we cannot simply use the reverse -+ order of the constructors. Since the user might have loaded objects -+ using `dlopen' there are possibly several other modules with its -+ dependencies to be taken into account. Therefore we have to start -+ determining the order of the modules once again from the beginning. */ -+ -+ /* We run the destructors of the main namespaces last. As for the -+ other namespaces, we pick run the destructors in them in reverse -+ order of the namespace ID. */ -+#ifdef SHARED -+ int do_audit = 0; -+ again: -+#endif -+ for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns) -+ { -+ /* Protect against concurrent loads and unloads. */ -+ __rtld_lock_lock_recursive (GL(dl_load_lock)); -+ -+ unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded; -+ /* No need to do anything for empty namespaces or those used for -+ auditing DSOs. */ -+ if (nloaded == 0 -+#ifdef SHARED -+ || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit -+#endif -+ ) -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ else -+ { - #ifdef SHARED -- int last_pass = GLRO(dl_naudit) > 0; -- Lmid_t last_ns = -1; -- for (int do_audit = 0; do_audit <= last_pass; ++do_audit) -+ _dl_audit_activity_nsid (ns, LA_ACT_DELETE); - #endif -- for (struct link_map *l = local_init_called_list; l != NULL; -- l = l->l_init_called_next) -- { -+ -+ /* Now we can allocate an array to hold all the pointers and -+ copy the pointers in. */ -+ struct link_map *maps[nloaded]; -+ -+ unsigned int i; -+ struct link_map *l; -+ assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL); -+ for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next) -+ /* Do not handle ld.so in secondary namespaces. */ -+ if (l == l->l_real) -+ { -+ assert (i < nloaded); -+ -+ maps[i] = l; -+ l->l_idx = i; -+ ++i; -+ -+ /* Bump l_direct_opencount of all objects so that they -+ are not dlclose()ed from underneath us. */ -+ ++l->l_direct_opencount; -+ } -+ assert (ns != LM_ID_BASE || i == nloaded); -+ assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1); -+ unsigned int nmaps = i; -+ -+ /* Now we have to do the sorting. We can skip looking for the -+ binary itself which is at the front of the search list for -+ the main namespace. */ -+ _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true); -+ -+ /* We do not rely on the linked list of loaded object anymore -+ from this point on. We have our own list here (maps). The -+ various members of this list cannot vanish since the open -+ count is too high and will be decremented in this loop. So -+ we release the lock so that some code which might be called -+ from a destructor can directly or indirectly access the -+ lock. */ -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ -+ /* 'maps' now contains the objects in the right order. Now -+ call the destructors. We have to process this array from -+ the front. */ -+ for (i = 0; i < nmaps; ++i) -+ { -+ struct link_map *l = maps[i]; -+ -+ if (l->l_init_called) -+ { -+ _dl_call_fini (l); - #ifdef SHARED -- if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit) -- continue; -- -- /* Avoid back-to-back calls of _dl_audit_activity_nsid for the -- same namespace. */ -- if (last_ns != l->l_ns) -- { -- if (last_ns >= 0) -- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -- _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE); -- last_ns = l->l_ns; -- } -+ /* Auditing checkpoint: another object closed. */ -+ _dl_audit_objclose (l); - #endif -+ } - -- /* There is no need to re-enable exceptions because _dl_fini -- is not called from a context where exceptions are caught. */ -- _dl_call_fini (l); -+ /* Correct the previous increment. */ -+ --l->l_direct_opencount; -+ } - - #ifdef SHARED -- /* Auditing checkpoint: another object closed. */ -- _dl_audit_objclose (l); -+ _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT); - #endif -- } -+ } -+ } - - #ifdef SHARED -- if (last_ns >= 0) -- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -+ if (! do_audit && GLRO(dl_naudit) > 0) -+ { -+ do_audit = 1; -+ goto again; -+ } - - if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS)) - _dl_debug_printf ("\nruntime linker statistics:\n" -diff --git a/elf/dl-init.c b/elf/dl-init.c -index ffd05b7806..ba4d2fdc85 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -21,7 +21,6 @@ - #include <ldsodefs.h> - #include <elf-initfini.h> - --struct link_map *_dl_init_called_list; - - static void - call_init (struct link_map *l, int argc, char **argv, char **env) -@@ -43,21 +42,6 @@ call_init (struct link_map *l, int argc, char **argv, char **env) - dependency. */ - l->l_init_called = 1; - -- /* Help an already-running dlclose: The just-loaded object must not -- be removed during the current pass. (No effect if no dlclose in -- progress.) */ -- l->l_map_used = 1; -- -- /* Record execution before starting any initializers. This way, if -- the initializers themselves call dlopen, their ELF destructors -- will eventually be run before this object is destructed, matching -- that their ELF constructors have run before this object was -- constructed. _dl_fini uses this list for audit callbacks, so -- register objects on the list even if they do not have a -- constructor. */ -- l->l_init_called_next = _dl_init_called_list; -- _dl_init_called_list = l; -- - /* Check for object which constructors we do not run here. */ - if (__builtin_expect (l->l_name[0], 'a') == '\0' - && l->l_type == lt_executable) -diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def -index 61dc54f8ae..4bf9052db1 100644 ---- a/elf/dso-sort-tests-1.def -+++ b/elf/dso-sort-tests-1.def -@@ -53,14 +53,21 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c - output: b>a>{}<a<b - - # Complex example from Bugzilla #15311, under-linked and with circular --# relocation(dynamic) dependencies. For both sorting algorithms, the --# destruction order is the reverse of the construction order, and --# relocation dependencies are not taken into account. -+# relocation(dynamic) dependencies. While this is technically unspecified, the -+# presumed reasonable practical behavior is for the destructor order to respect -+# the static DT_NEEDED links (here this means the a->b->c->d order). -+# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based -+# dynamic_sort=2 algorithm does, although it is still arguable whether going -+# beyond spec to do this is the right thing to do. -+# The below expected outputs are what the two algorithms currently produce -+# respectively, for regression testing purposes. - tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c --output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];} -+output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];} -+output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];} - - # Test that even in the presence of dependency loops involving dlopen'ed - # object, that object is initialized last (and not unloaded prematurely). --# Final destructor order is the opposite of constructor order. -+# Final destructor order is indeterminate due to the cycle. - tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1 --output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2 -+output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1 -+output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1 -diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c -index 503699c36a..bb7d66c385 100644 ---- a/elf/tst-audit23.c -+++ b/elf/tst-audit23.c -@@ -98,8 +98,6 @@ do_test (int argc, char *argv[]) - char *lname; - uintptr_t laddr; - Lmid_t lmid; -- uintptr_t cookie; -- uintptr_t namespace; - bool closed; - } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } }; - size_t nobjs = 0; -@@ -119,9 +117,6 @@ do_test (int argc, char *argv[]) - size_t buffer_length = 0; - while (xgetline (&buffer, &buffer_length, out)) - { -- *strchrnul (buffer, '\n') = '\0'; -- printf ("info: subprocess output: %s\n", buffer); -- - if (startswith (buffer, "la_activity: ")) - { - uintptr_t cookie; -@@ -130,26 +125,29 @@ do_test (int argc, char *argv[]) - &cookie); - TEST_COMPARE (r, 2); - -+ /* The cookie identifies the object at the head of the link map, -+ so we only add a new namespace if it changes from the previous -+ one. This works since dlmopen is the last in the test body. */ -+ if (cookie != last_act_cookie && last_act_cookie != -1) -+ TEST_COMPARE (last_act, LA_ACT_CONSISTENT); -+ - if (this_act == LA_ACT_ADD && acts[nacts] != cookie) - { -- /* The cookie identifies the object at the head of the -- link map, so we only add a new namespace if it -- changes from the previous one. This works since -- dlmopen is the last in the test body. */ -- if (cookie != last_act_cookie && last_act_cookie != -1) -- TEST_COMPARE (last_act, LA_ACT_CONSISTENT); -- - acts[nacts++] = cookie; - last_act_cookie = cookie; - } -- /* LA_ACT_DELETE is called multiple times for each -- namespace, depending on destruction order. */ -+ /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD -+ at program termination (if the tests adds a dlclose or a library -+ with extra dependencies this will need to be adapted). */ - else if (this_act == LA_ACT_DELETE) -- last_act_cookie = cookie; -+ { -+ last_act_cookie = acts[--nacts]; -+ TEST_COMPARE (acts[nacts], cookie); -+ acts[nacts] = 0; -+ } - else if (this_act == LA_ACT_CONSISTENT) - { - TEST_COMPARE (cookie, last_act_cookie); -- last_act_cookie = -1; - - /* LA_ACT_DELETE must always be followed by an la_objclose. */ - if (last_act == LA_ACT_DELETE) -@@ -181,8 +179,6 @@ do_test (int argc, char *argv[]) - objs[nobjs].lname = lname; - objs[nobjs].laddr = laddr; - objs[nobjs].lmid = lmid; -- objs[nobjs].cookie = cookie; -- objs[nobjs].namespace = last_act_cookie; - objs[nobjs].closed = false; - nobjs++; - -@@ -205,12 +201,6 @@ do_test (int argc, char *argv[]) - if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid) - { - TEST_COMPARE (objs[i].closed, false); -- TEST_COMPARE (objs[i].cookie, cookie); -- if (objs[i].namespace == -1) -- /* No LA_ACT_ADD before the first la_objopen call. */ -- TEST_COMPARE (acts[0], last_act_cookie); -- else -- TEST_COMPARE (objs[i].namespace, last_act_cookie); - objs[i].closed = true; - break; - } -@@ -219,7 +209,11 @@ do_test (int argc, char *argv[]) - /* la_objclose should be called after la_activity(LA_ACT_DELETE) for - the closed object's namespace. */ - TEST_COMPARE (last_act, LA_ACT_DELETE); -- seen_first_objclose = true; -+ if (!seen_first_objclose) -+ { -+ TEST_COMPARE (last_act_cookie, cookie); -+ seen_first_objclose = true; -+ } - } - } - -diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h -index 9ea9389a39..e8b7359b04 100644 ---- a/sysdeps/generic/ldsodefs.h -+++ b/sysdeps/generic/ldsodefs.h -@@ -1037,10 +1037,6 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose, - extern void _dl_init (struct link_map *main_map, int argc, char **argv, - char **env) attribute_hidden; - --/* List of ELF objects in reverse order of their constructor -- invocation. */ --extern struct link_map *_dl_init_called_list attribute_hidden; -- - /* Call the finalizer functions of all shared objects whose - initializer functions have completed. */ - extern void _dl_fini (void) attribute_hidden; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch b/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch deleted file mode 100644 index dd4905c789..0000000000 --- a/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1e04dcec491bd8f48b5b74ce3e8414132578a645 Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Thu, 19 Oct 2023 09:17:38 +0200 -Subject: [PATCH 30/44] Revert "elf: Move l_init_called_next to old place of - l_text_end in link map" - -This reverts commit d3ba6c1333b10680ce5900a628108507d9d4b844. - -Reason: Preserve internal ABI. ---- - include/link.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/link.h b/include/link.h -index a02d5f2eba..69bda3ed17 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -256,10 +256,6 @@ struct link_map - /* End of the executable part of the mapping. */ - ElfW(Addr) l_text_end; - -- /* Linked list of objects in reverse ELF constructor execution -- order. Head of list is stored in _dl_init_called_list. */ -- struct link_map *l_init_called_next; -- - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; - /* Size of array allocated for 'l_scope'. */ -@@ -282,6 +278,10 @@ struct link_map - /* List of object in order of the init and fini calls. */ - struct link_map **l_initfini; - -+ /* Linked list of objects in reverse ELF constructor execution -+ order. Head of list is stored in _dl_init_called_list. */ -+ struct link_map *l_init_called_next; -+ - /* List of the dependencies introduced through symbol binding. */ - struct link_map_reldeps - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch b/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch deleted file mode 100644 index fd6fee261d..0000000000 --- a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001 -From: Sergio Durigan Junior sergiodj@sergiodj.net -Date: Wed, 1 Nov 2023 18:15:23 -0400 -Subject: [PATCH 31/44] sysdeps: sem_open: Clear O_CREAT when semaphore file is - expected to exist [BZ #30789] - -When invoking sem_open with O_CREAT as one of its flags, we'll end up -in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag -& O_EXCL) == 0)", which means that we don't expect the semaphore file -to exist. - -In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL -| O_CLOEXEC" and there's an attempt to open(2) the file, which will -likely fail because it won't exist. After that first (expected) -failure, some cleanup is done and we go back to the label "try_again", -which lives in the first part of the aforementioned "if". - -The problem is that, in that part of the code, we expect the semaphore -file to exist, and as such O_CREAT (this time the flag we pass to -open(2)) needs to be cleaned from open_flags, otherwise we'll see -another failure (this time unexpected) when trying to open the file, -which will lead the call to sem_open to fail as well. - -This can cause very strange bugs, especially with OpenMPI, which makes -extensive use of semaphores. - -Fix the bug by simplifying the logic when choosing open(2) flags and -making sure O_CREAT is not set when the semaphore file is expected to -exist. - -A regression test for this issue would require a complex and cpu time -consuming logic, since to trigger the wrong code path is not -straightforward due the racy condition. There is a somewhat reliable -reproducer in the bug, but it requires using OpenMPI. - -This resolves BZ #30789. - -See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912 - -Signed-off-by: Sergio Durigan Junior sergiodj@sergiodj.net -Co-Authored-By: Simon Chopin simon.chopin@canonical.com -Co-Authored-By: Adhemerval Zanella Netto adhemerval.zanella@linaro.org -Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)") -(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147) ---- - NEWS | 2 ++ - sysdeps/pthread/sem_open.c | 10 ++++------ - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/NEWS b/NEWS -index f117874e34..5ac488bf9b 100644 ---- a/NEWS -+++ b/NEWS -@@ -32,6 +32,8 @@ Security related changes: - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -+ [30789] sem_open will fail on multithreaded scenarios when semaphore -+ file doesn't exist (O_CREAT) - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c -index e5db929d20..0e331a7445 100644 ---- a/sysdeps/pthread/sem_open.c -+++ b/sysdeps/pthread/sem_open.c -@@ -32,11 +32,12 @@ - # define __unlink unlink - #endif - -+#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC) -+ - sem_t * - __sem_open (const char *name, int oflag, ...) - { - int fd; -- int open_flags; - sem_t *result; - - /* Check that shared futexes are supported. */ -@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...) - /* If the semaphore object has to exist simply open it. */ - if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0) - { -- open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC; -- open_flags |= (oflag & ~(O_CREAT|O_ACCMODE)); - try_again: -- fd = __open (dirname.name, open_flags); -+ fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS); - - if (fd == -1) - { -@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...) - } - - /* Open the file. Make sure we do not overwrite anything. */ -- open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC; -- fd = __open (tmpfname, open_flags, mode); -+ fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode); - if (fd == -1) - { - if (errno == EEXIST) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch b/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch deleted file mode 100644 index 42d3f96399..0000000000 --- a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch +++ /dev/null @@ -1,26 +0,0 @@ -From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella adhemerval.zanella@linaro.org -Date: Thu, 7 Dec 2023 11:17:35 -0300 -Subject: [PATCH 32/44] elf: Fix wrong break removal from 8ee878592c - -Reported-by: Alexander Monakov amonakov@ispras.ru -(cherry picked from commit 546a1ba664626603660b595662249d524e429013) ---- - elf/readelflib.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/elf/readelflib.c b/elf/readelflib.c -index f5b8c80e38..64f1d662a9 100644 ---- a/elf/readelflib.c -+++ b/elf/readelflib.c -@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag, - case PT_INTERP: - program_interpreter = (char *) (file_contents + segment->p_offset); - check_ptr (program_interpreter); -+ break; - - case PT_GNU_PROPERTY: - /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch b/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch deleted file mode 100644 index df64df3fd1..0000000000 --- a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 44f757a6364a546359809d48c76b3debd26e77d4 Mon Sep 17 00:00:00 2001 -From: caiyinyu caiyinyu@loongson.cn -Date: Thu, 26 Oct 2023 17:27:21 +0800 -Subject: [PATCH 33/44] LoongArch: Delete excessively allocated memory. - -Backported from glibc 2.39 development. ---- - sysdeps/loongarch/dl-trampoline.h | 68 +++++++++++++++---------------- - 1 file changed, 34 insertions(+), 34 deletions(-) - -diff --git a/sysdeps/loongarch/dl-trampoline.h b/sysdeps/loongarch/dl-trampoline.h -index 02375286f8..99fcacab76 100644 ---- a/sysdeps/loongarch/dl-trampoline.h -+++ b/sysdeps/loongarch/dl-trampoline.h -@@ -19,9 +19,9 @@ - /* Assembler veneer called from the PLT header code for lazy loading. - The PLT header passes its own args in t0-t2. */ - #ifdef USE_LASX --# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZXREG) & ALMASK)) -+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZXREG) & ALMASK)) - #elif defined USE_LSX --# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZVREG) & ALMASK)) -+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZVREG) & ALMASK)) - #elif !defined __loongarch_soft_float - # define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG) & ALMASK)) - #else -@@ -44,23 +44,23 @@ ENTRY (_dl_runtime_resolve) - REG_S a7, sp, 8*SZREG - - #ifdef USE_LASX -- xvst xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG -- xvst xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG -- xvst xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG -- xvst xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG -- xvst xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG -- xvst xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG -- xvst xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG -- xvst xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG -+ xvst xr0, sp, 9*SZREG + 0*SZXREG -+ xvst xr1, sp, 9*SZREG + 1*SZXREG -+ xvst xr2, sp, 9*SZREG + 2*SZXREG -+ xvst xr3, sp, 9*SZREG + 3*SZXREG -+ xvst xr4, sp, 9*SZREG + 4*SZXREG -+ xvst xr5, sp, 9*SZREG + 5*SZXREG -+ xvst xr6, sp, 9*SZREG + 6*SZXREG -+ xvst xr7, sp, 9*SZREG + 7*SZXREG - #elif defined USE_LSX -- vst vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG -- vst vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG -- vst vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG -- vst vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG -- vst vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG -- vst vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG -- vst vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG -- vst vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG -+ vst vr0, sp, 9*SZREG + 0*SZVREG -+ vst vr1, sp, 9*SZREG + 1*SZVREG -+ vst vr2, sp, 9*SZREG + 2*SZVREG -+ vst vr3, sp, 9*SZREG + 3*SZVREG -+ vst vr4, sp, 9*SZREG + 4*SZVREG -+ vst vr5, sp, 9*SZREG + 5*SZVREG -+ vst vr6, sp, 9*SZREG + 6*SZVREG -+ vst vr7, sp, 9*SZREG + 7*SZVREG - #elif !defined __loongarch_soft_float - FREG_S fa0, sp, 9*SZREG + 0*SZFREG - FREG_S fa1, sp, 9*SZREG + 1*SZFREG -@@ -92,23 +92,23 @@ ENTRY (_dl_runtime_resolve) - REG_L a7, sp, 8*SZREG - - #ifdef USE_LASX -- xvld xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG -- xvld xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG -- xvld xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG -- xvld xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG -- xvld xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG -- xvld xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG -- xvld xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG -- xvld xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG -+ xvld xr0, sp, 9*SZREG + 0*SZXREG -+ xvld xr1, sp, 9*SZREG + 1*SZXREG -+ xvld xr2, sp, 9*SZREG + 2*SZXREG -+ xvld xr3, sp, 9*SZREG + 3*SZXREG -+ xvld xr4, sp, 9*SZREG + 4*SZXREG -+ xvld xr5, sp, 9*SZREG + 5*SZXREG -+ xvld xr6, sp, 9*SZREG + 6*SZXREG -+ xvld xr7, sp, 9*SZREG + 7*SZXREG - #elif defined USE_LSX -- vld vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG -- vld vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG -- vld vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG -- vld vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG -- vld vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG -- vld vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG -- vld vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG -- vld vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG -+ vld vr0, sp, 9*SZREG + 0*SZVREG -+ vld vr1, sp, 9*SZREG + 1*SZVREG -+ vld vr2, sp, 9*SZREG + 2*SZVREG -+ vld vr3, sp, 9*SZREG + 3*SZVREG -+ vld vr4, sp, 9*SZREG + 4*SZVREG -+ vld vr5, sp, 9*SZREG + 5*SZVREG -+ vld vr6, sp, 9*SZREG + 6*SZVREG -+ vld vr7, sp, 9*SZREG + 7*SZVREG - #elif !defined __loongarch_soft_float - FREG_L fa0, sp, 9*SZREG + 0*SZFREG - FREG_L fa1, sp, 9*SZREG + 1*SZFREG --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch b/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch deleted file mode 100644 index 957ccf2b7a..0000000000 --- a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001 -From: Hector Martin marcan@marcan.st -Date: Tue, 28 Nov 2023 15:23:07 +0900 -Subject: [PATCH 34/44] elf: Fix TLS modid reuse generation assignment (BZ - 29039) - -_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but -does *not* do anything to the generation counter. The first time this -happens, the generation is zero and map_generation() returns the current -generation to be used during relocation processing. However, if -a slotinfo entry is later reused, it will already have a generation -assigned. If this generation has fallen behind the current global max -generation, then this causes an obsolete generation to be assigned -during relocation processing, as map_generation() returns this -generation if nonzero. _dl_add_to_slotinfo() eventually resets the -generation, but by then it is too late. This causes DTV updates to be -skipped, leading to NULL or broken TLS slot pointers and segfaults. - -Fix this by resetting the generation to zero in _dl_assign_tls_modid(), -so it behaves the same as the first time a slot is assigned. -_dl_add_to_slotinfo() will still assign the correct static generation -later during module load, but relocation processing will no longer use -an obsolete generation. - -Note that slotinfo entry (aka modid) reuse typically happens after a -dlclose and only TLS access via dynamic tlsdesc is affected. Because -tlsdesc is optimized to use the optional part of static TLS, dynamic -tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls -tunable to a large enough value, or by LD_PRELOAD-ing the affected -modules. - -Fixes bug 29039. - -Reviewed-by: Szabolcs Nagy szabolcs.nagy@arm.com -(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59) ---- - elf/dl-tls.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/elf/dl-tls.c b/elf/dl-tls.c -index 99b83ca696..1f6f820819 100644 ---- a/elf/dl-tls.c -+++ b/elf/dl-tls.c -@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l) - { - /* Mark the entry as used, so any dependency see it. */ - atomic_store_relaxed (&runp->slotinfo[result - disp].map, l); -+ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0); - break; - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch b/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch deleted file mode 100644 index 87b0235a52..0000000000 --- a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch +++ /dev/null @@ -1,208 +0,0 @@ -From 0de9082ed8d8f149ca87d569a73692046e236c18 Mon Sep 17 00:00:00 2001 -From: Szabolcs Nagy szabolcs.nagy@arm.com -Date: Wed, 29 Nov 2023 11:31:37 +0000 -Subject: [PATCH 35/44] elf: Add TLS modid reuse test for bug 29039 - -This is a minimal regression test for bug 29039 which only affects -targets with TLSDESC and a reproducer requires that - -1) Have modid gaps (closed modules) with old generation. -2) Update a DTV to a newer generation (needs a newer dlopen). -3) But do not update the closed gap entry in that DTV. -4) Reuse the modid gap for a new module (another dlopen). -5) Use dynamic TLSDESC in that new module with old generation (bug). -6) Access TLS via this TLSDESC and the now outdated DTV. - -However step (3) in practice rarely happens: during DTV update the -entries for closed modids are initialized to "unallocated" and then -dynamic TLSDESC calls __tls_get_addr independently of its generation. -The only exception to this is DTV setup at thread creation (gaps are -initialized to NULL instead of unallocated) or DTV resize where the -gap entries are outside the previous DTV array (again NULL instead -of unallocated, and this requires loading > DTV_SURPLUS modules). - -So the bug can only cause NULL (+ offset) dereference, not use after -free. And the easiest way to get (3) is via thread creation. - -Note that step (5) requires that the newly loaded module has larger -TLS than the remaining optional static TLS. And for (6) there cannot -be other TLS access or dlopen in the thread that updates the DTV. - -Tested on aarch64-linux-gnu. - -Reviewed-by: Adhemerval Zanella adhemerval.zanella@linaro.org -(cherry picked from commit 980450f12685326729d63ff72e93a996113bf073) ---- - elf/Makefile | 15 +++++++ - elf/tst-tlsgap-mod0.c | 2 + - elf/tst-tlsgap-mod1.c | 2 + - elf/tst-tlsgap-mod2.c | 2 + - elf/tst-tlsgap.c | 92 +++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 113 insertions(+) - create mode 100644 elf/tst-tlsgap-mod0.c - create mode 100644 elf/tst-tlsgap-mod1.c - create mode 100644 elf/tst-tlsgap-mod2.c - create mode 100644 elf/tst-tlsgap.c - -diff --git a/elf/Makefile b/elf/Makefile -index c00e2ccfc5..1a05a6aaca 100644 ---- a/elf/Makefile -+++ b/elf/Makefile -@@ -459,6 +459,7 @@ tests += \ - tst-tls21 \ - tst-tlsalign \ - tst-tlsalign-extern \ -+ tst-tlsgap \ - tst-unique1 \ - tst-unique2 \ - tst-unwind-ctor \ -@@ -883,6 +884,9 @@ modules-names += \ - tst-tls20mod-bad \ - tst-tls21mod \ - tst-tlsalign-lib \ -+ tst-tlsgap-mod0 \ -+ tst-tlsgap-mod1 \ -+ tst-tlsgap-mod2 \ - tst-tlsmod1 \ - tst-tlsmod10 \ - tst-tlsmod11 \ -@@ -3009,3 +3013,14 @@ LDFLAGS-tst-dlclose-lazy-mod1.so = -Wl,-z,lazy,--no-as-needed - $(objpfx)tst-dlclose-lazy-mod1.so: $(objpfx)tst-dlclose-lazy-mod2.so - $(objpfx)tst-dlclose-lazy.out: \ - $(objpfx)tst-dlclose-lazy-mod1.so $(objpfx)tst-dlclose-lazy-mod2.so -+ -+$(objpfx)tst-tlsgap: $(shared-thread-library) -+$(objpfx)tst-tlsgap.out: \ -+ $(objpfx)tst-tlsgap-mod0.so \ -+ $(objpfx)tst-tlsgap-mod1.so \ -+ $(objpfx)tst-tlsgap-mod2.so -+ifeq (yes,$(have-mtls-dialect-gnu2)) -+CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2 -+CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2 -+CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2 -+endif -diff --git a/elf/tst-tlsgap-mod0.c b/elf/tst-tlsgap-mod0.c -new file mode 100644 -index 0000000000..1478b0beac ---- /dev/null -+++ b/elf/tst-tlsgap-mod0.c -@@ -0,0 +1,2 @@ -+int __thread tls0; -+int *f0(void) { return &tls0; } -diff --git a/elf/tst-tlsgap-mod1.c b/elf/tst-tlsgap-mod1.c -new file mode 100644 -index 0000000000..b10fc3702c ---- /dev/null -+++ b/elf/tst-tlsgap-mod1.c -@@ -0,0 +1,2 @@ -+int __thread tls1[100]; /* Size > glibc.rtld.optional_static_tls / 2. */ -+int *f1(void) { return tls1; } -diff --git a/elf/tst-tlsgap-mod2.c b/elf/tst-tlsgap-mod2.c -new file mode 100644 -index 0000000000..166c27d7f3 ---- /dev/null -+++ b/elf/tst-tlsgap-mod2.c -@@ -0,0 +1,2 @@ -+int __thread tls2; -+int *f2(void) { return &tls2; } -diff --git a/elf/tst-tlsgap.c b/elf/tst-tlsgap.c -new file mode 100644 -index 0000000000..4932885076 ---- /dev/null -+++ b/elf/tst-tlsgap.c -@@ -0,0 +1,92 @@ -+/* TLS modid gap reuse regression test for bug 29039. -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ http://www.gnu.org/licenses/. */ -+ -+#include <stdio.h> -+#include <dlfcn.h> -+#include <pthread.h> -+#include <support/xdlfcn.h> -+#include <support/xthread.h> -+#include <support/check.h> -+ -+static void *mod[3]; -+#define MOD(i) "tst-tlsgap-mod" #i ".so" -+static const char *modname[3] = { MOD(0), MOD(1), MOD(2) }; -+#undef MOD -+ -+static void -+open_mod (int i) -+{ -+ mod[i] = xdlopen (modname[i], RTLD_LAZY); -+ printf ("open %s\n", modname[i]); -+} -+ -+static void -+close_mod (int i) -+{ -+ xdlclose (mod[i]); -+ mod[i] = NULL; -+ printf ("close %s\n", modname[i]); -+} -+ -+static void -+access_mod (int i, const char *sym) -+{ -+ int *(*f) (void) = xdlsym (mod[i], sym); -+ int *p = f (); -+ printf ("access %s: %s() = %p\n", modname[i], sym, p); -+ TEST_VERIFY_EXIT (p != NULL); -+ ++*p; -+} -+ -+static void * -+start (void *arg) -+{ -+ /* The DTV generation is at the last dlopen of mod0 and the -+ entry for mod1 is NULL. */ -+ -+ open_mod (1); /* Reuse modid of mod1. Uses dynamic TLS. */ -+ -+ /* DTV is unchanged: dlopen only updates the DTV to the latest -+ generation if static TLS is allocated for a loaded module. -+ -+ With bug 29039, the TLSDESC relocation in mod1 uses the old -+ dlclose generation of mod1 instead of the new dlopen one so -+ DTV is not updated on TLS access. */ -+ -+ access_mod (1, "f1"); -+ -+ return arg; -+} -+ -+static int -+do_test (void) -+{ -+ open_mod (0); -+ open_mod (1); -+ open_mod (2); -+ close_mod (0); -+ close_mod (1); /* Create modid gap at mod1. */ -+ open_mod (0); /* Reuse modid of mod0, bump generation count. */ -+ -+ /* Create a thread where DTV of mod1 is NULL. */ -+ pthread_t t = xpthread_create (NULL, start, NULL); -+ xpthread_join (t); -+ return 0; -+} -+ -+#include <support/test-driver.c> --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch b/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch deleted file mode 100644 index af173fbc34..0000000000 --- a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 35ea7549751d4f13a28c732e6ad68204f5e60a06 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" hjl.tools@gmail.com -Date: Wed, 20 Dec 2023 16:31:43 -0800 -Subject: [PATCH 36/44] x86-64: Fix the dtv field load for x32 [BZ #31184] - -On x32, I got - -FAIL: elf/tst-tlsgap - -$ gdb elf/tst-tlsgap -... -open tst-tlsgap-mod1.so - -Thread 2 "tst-tlsgap" received signal SIGSEGV, Segmentation fault. -[Switching to LWP 2268754] -_dl_tlsdesc_dynamic () at ../sysdeps/x86_64/dl-tlsdesc.S:108 -108 movq (%rsi), %rax -(gdb) p/x $rsi -$4 = 0xf7dbf9005655fb18 -(gdb) - -This is caused by - -_dl_tlsdesc_dynamic: - _CET_ENDBR - /* Preserve call-clobbered registers that we modify. - We need two scratch regs anyway. */ - movq %rsi, -16(%rsp) - movq %fs:DTV_OFFSET, %rsi - -Since the dtv field in TCB is a pointer, %fs:DTV_OFFSET is a 32-bit -location, not 64-bit. Load the dtv field to RSI_LP instead of rsi. -This fixes BZ #31184. - -(cherry picked from commit 3502440397bbb840e2f7223734aa5cc2cc0e29b6) ---- - NEWS | 1 + - sysdeps/x86_64/dl-tlsdesc.S | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index 5ac488bf9b..71057e4793 100644 ---- a/NEWS -+++ b/NEWS -@@ -37,6 +37,7 @@ The following bugs are resolved with this release: - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -+ [31184] FAIL: elf/tst-tlsgap - - - Version 2.38 -diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S -index 5593897e29..c4823547d7 100644 ---- a/sysdeps/x86_64/dl-tlsdesc.S -+++ b/sysdeps/x86_64/dl-tlsdesc.S -@@ -102,7 +102,7 @@ _dl_tlsdesc_dynamic: - /* Preserve call-clobbered registers that we modify. - We need two scratch regs anyway. */ - movq %rsi, -16(%rsp) -- movq %fs:DTV_OFFSET, %rsi -+ mov %fs:DTV_OFFSET, %RSI_LP - movq %rdi, -8(%rsp) - movq TLSDESC_ARG(%rax), %rdi - movq (%rsi), %rax --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch b/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch deleted file mode 100644 index 31959c2753..0000000000 --- a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" hjl.tools@gmail.com -Date: Wed, 20 Dec 2023 19:42:12 -0800 -Subject: [PATCH 37/44] x86-64: Fix the tcb field load for x32 [BZ #31185] - -_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer -via the tcb field in TCB: - -_dl_tlsdesc_undefweak: - _CET_ENDBR - movq 8(%rax), %rax - subq %fs:0, %rax - ret - -_dl_tlsdesc_dynamic: - ... - subq %fs:0, %rax - movq -8(%rsp), %rdi - ret - -Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location, -not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since -_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic -returns void *, RAX_LP is appropriate here for x32 and x86-64. This -fixes BZ #31185. - -(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3) ---- - NEWS | 1 + - sysdeps/x86_64/dl-tlsdesc.S | 4 ++-- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/NEWS b/NEWS -index 71057e4793..6fbb8a9e1d 100644 ---- a/NEWS -+++ b/NEWS -@@ -38,6 +38,7 @@ The following bugs are resolved with this release: - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - [31184] FAIL: elf/tst-tlsgap -+ [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - - - Version 2.38 -diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S -index c4823547d7..4579424bf7 100644 ---- a/sysdeps/x86_64/dl-tlsdesc.S -+++ b/sysdeps/x86_64/dl-tlsdesc.S -@@ -61,7 +61,7 @@ _dl_tlsdesc_return: - _dl_tlsdesc_undefweak: - _CET_ENDBR - movq 8(%rax), %rax -- subq %fs:0, %rax -+ sub %fs:0, %RAX_LP - ret - cfi_endproc - .size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak -@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic: - addq TLSDESC_MODOFF(%rdi), %rax - .Lret: - movq -16(%rsp), %rsi -- subq %fs:0, %rax -+ sub %fs:0, %RAX_LP - movq -8(%rsp), %rdi - ret - .Lslow: --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch b/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch deleted file mode 100644 index 84be4a1bf6..0000000000 --- a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d25e2c8d5cb0778ae87ad43b1f4c301abe5a932b Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" hjl.tools@gmail.com -Date: Sat, 23 Dec 2023 06:24:41 -0800 -Subject: [PATCH 38/44] NEWS: Mention bug fixes for 29039/30694/30709/30721 - ---- - NEWS | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/NEWS b/NEWS -index 6fbb8a9e1d..db4d6c8373 100644 ---- a/NEWS -+++ b/NEWS -@@ -31,6 +31,10 @@ Security related changes: - - The following bugs are resolved with this release: - -+ [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS -+ [30694] The iconv program no longer tells the user which given encoding name was wrong -+ [30709] nscd fails to build with cleanup handler if built with -fexceptions -+ [30721] x86_64: Fix build with --disable-multiarch - [30723] posix_memalign repeatedly scans long bin lists - [30789] sem_open will fail on multithreaded scenarios when semaphore - file doesn't exist (O_CREAT) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch b/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch deleted file mode 100644 index fc306dca2a..0000000000 --- a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 27339a3eb8f987eebae72b854af80256c1588ebd Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" hjl.tools@gmail.com -Date: Sat, 23 Dec 2023 06:27:50 -0800 -Subject: [PATCH 39/44] NEWS: Mention bug fixes for 30745/30843 - ---- - NEWS | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/NEWS b/NEWS -index db4d6c8373..905230b838 100644 ---- a/NEWS -+++ b/NEWS -@@ -36,11 +36,13 @@ The following bugs are resolved with this release: - [30709] nscd fails to build with cleanup handler if built with -fexceptions - [30721] x86_64: Fix build with --disable-multiarch - [30723] posix_memalign repeatedly scans long bin lists -+ [30745] Slight bug in cache info codes for x86 - [30789] sem_open will fail on multithreaded scenarios when semaphore - file doesn't exist (O_CREAT) - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -+ [30843] potential use-after-free in getcanonname (CVE-2023-4806) - [31184] FAIL: elf/tst-tlsgap - [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch b/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch deleted file mode 100644 index ce482f7a1a..0000000000 --- a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@suse.de -Date: Wed, 6 Dec 2023 14:48:22 +0100 -Subject: [PATCH 40/44] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163) - -When __resolv_context_get returns NULL due to out of memory, translate it -to a return value of EAI_MEMORY. - -(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f) ---- - sysdeps/posix/getaddrinfo.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index 13082305d3..da573bea24 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req, - function variant. */ - res_ctx = __resolv_context_get (); - if (res_ctx == NULL) -- no_more = 1; -+ { -+ if (errno == ENOMEM) -+ { -+ result = -EAI_MEMORY; -+ goto out; -+ } -+ no_more = 1; -+ } - - while (!no_more) - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch b/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch deleted file mode 100644 index b088dba706..0000000000 --- a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch +++ /dev/null @@ -1,48 +0,0 @@ -From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001 -From: Florian Weimer fweimer@redhat.com -Date: Tue, 2 Jan 2024 14:36:17 +0100 -Subject: [PATCH 41/44] libio: Check remaining buffer size in _IO_wdo_write - (bug 31183) - -The multibyte character needs to fit into the remaining buffer space, -not the already-written buffer space. Without the fix, we were never -moving the write pointer from the start of the buffer, always using -the single-character fallback buffer. - -Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing -a multibyte character to an unbuffered stream (bug 17522)"). - -(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60) ---- - NEWS | 1 + - libio/wfileops.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index 905230b838..6768c2da6f 100644 ---- a/NEWS -+++ b/NEWS -@@ -43,6 +43,7 @@ The following bugs are resolved with this release: - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - [30843] potential use-after-free in getcanonname (CVE-2023-4806) -+ [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix - [31184] FAIL: elf/tst-tlsgap - [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - -diff --git a/libio/wfileops.c b/libio/wfileops.c -index f16f6db1c3..9ab8f2e7f3 100644 ---- a/libio/wfileops.c -+++ b/libio/wfileops.c -@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do) - char mb_buf[MB_LEN_MAX]; - char *write_base, *write_ptr, *buf_end; - -- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf)) -+ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf)) - { - /* Make sure we have room for at least one multibyte - character. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch deleted file mode 100644 index a4229d9ecc..0000000000 --- a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 23514c72b780f3da097ecf33a793b7ba9c2070d2 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar arjun@redhat.com -Date: Mon, 15 Jan 2024 17:44:43 +0100 -Subject: [PATCH 42/44] syslog: Fix heap buffer overflow in __vsyslog_internal - (CVE-2023-6246) - -__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER -containing a long program name failed to update the required buffer -size, leading to the allocation and overflow of a too-small buffer on -the heap. This commit fixes that. It also adds a new regression test -that uses glibc.malloc.check. - -Reviewed-by: Adhemerval Zanella adhemerval.zanella@linaro.org -Reviewed-by: Carlos O'Donell carlos@redhat.com -Tested-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit 6bd0e4efcc78f3c0115e5ea9739a1642807450da) ---- - misc/Makefile | 8 ++- - misc/syslog.c | 50 +++++++++++++------ - misc/tst-syslog-long-progname.c | 39 +++++++++++++++ - .../postclean.req | 0 - 4 files changed, 82 insertions(+), 15 deletions(-) - create mode 100644 misc/tst-syslog-long-progname.c - create mode 100644 misc/tst-syslog-long-progname.root/postclean.req - -diff --git a/misc/Makefile b/misc/Makefile -index fe0d49c1de..90b31952c5 100644 ---- a/misc/Makefile -+++ b/misc/Makefile -@@ -289,7 +289,10 @@ tests-special += $(objpfx)tst-error1-mem.out \ - $(objpfx)tst-allocate_once-mem.out - endif - --tests-container := tst-syslog -+tests-container := \ -+ tst-syslog \ -+ tst-syslog-long-progname \ -+ # tests-container - - CFLAGS-select.c += -fexceptions -fasynchronous-unwind-tables - CFLAGS-tsearch.c += $(uses-callbacks) -@@ -351,6 +354,9 @@ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out - $(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \ - $(evaluate-test) - -+tst-syslog-long-progname-ENV = GLIBC_TUNABLES=glibc.malloc.check=3 \ -+ LD_PRELOAD=libc_malloc_debug.so.0 -+ - $(objpfx)tst-select: $(librt) - $(objpfx)tst-select-time64: $(librt) - $(objpfx)tst-pselect: $(librt) -diff --git a/misc/syslog.c b/misc/syslog.c -index 1b8cb722c5..814d224a1e 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -124,8 +124,9 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - { - /* Try to use a static buffer as an optimization. */ - char bufs[1024]; -- char *buf = NULL; -- size_t bufsize = 0; -+ char *buf = bufs; -+ size_t bufsize; -+ - int msgoff; - int saved_errno = errno; - -@@ -177,29 +178,50 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - #define SYSLOG_HEADER_WITHOUT_TS(__pri, __msgoff) \ - "<%d>: %n", __pri, __msgoff - -- int l; -+ int l, vl; - if (has_ts) - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); - else - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ -+ char *pos; -+ size_t len; -+ - if (0 <= l && l < sizeof bufs) - { -- va_list apc; -- va_copy (apc, ap); -+ /* At this point, there is still a chance that we can print the -+ remaining part of the log into bufs and use that. */ -+ pos = bufs + l; -+ len = sizeof (bufs) - l; -+ } -+ else -+ { -+ buf = NULL; -+ /* We already know that bufs is too small to use for this log message. -+ The next vsnprintf into bufs is used only to calculate the total -+ required buffer length. We will discard bufs contents and allocate -+ an appropriately sized buffer later instead. */ -+ pos = bufs; -+ len = sizeof (bufs); -+ } - -- /* Restore errno for %m format. */ -- __set_errno (saved_errno); -+ { -+ va_list apc; -+ va_copy (apc, ap); - -- int vl = __vsnprintf_internal (bufs + l, sizeof bufs - l, fmt, apc, -- mode_flags); -- if (0 <= vl && vl < sizeof bufs - l) -- buf = bufs; -- bufsize = l + vl; -+ /* Restore errno for %m format. */ -+ __set_errno (saved_errno); - -- va_end (apc); -- } -+ vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); -+ -+ if (!(0 <= vl && vl < len)) -+ buf = NULL; -+ -+ bufsize = l + vl; -+ va_end (apc); -+ } - - if (buf == NULL) - { -diff --git a/misc/tst-syslog-long-progname.c b/misc/tst-syslog-long-progname.c -new file mode 100644 -index 0000000000..88f37a8a00 ---- /dev/null -+++ b/misc/tst-syslog-long-progname.c -@@ -0,0 +1,39 @@ -+/* Test heap buffer overflow in syslog with long __progname (CVE-2023-6246) -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ https://www.gnu.org/licenses/. */ -+ -+#include <syslog.h> -+#include <string.h> -+ -+extern char * __progname; -+ -+static int -+do_test (void) -+{ -+ char long_progname[2048]; -+ -+ memset (long_progname, 'X', sizeof (long_progname) - 1); -+ long_progname[sizeof (long_progname) - 1] = '\0'; -+ -+ __progname = long_progname; -+ -+ syslog (LOG_INFO, "Hello, World!"); -+ -+ return 0; -+} -+ -+#include <support/test-driver.c> -diff --git a/misc/tst-syslog-long-progname.root/postclean.req b/misc/tst-syslog-long-progname.root/postclean.req -new file mode 100644 -index 0000000000..e69de29bb2 --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch deleted file mode 100644 index 1ee6993bd5..0000000000 --- a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch +++ /dev/null @@ -1,106 +0,0 @@ -From d0338312aace5bbfef85e03055e1212dd0e49578 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar arjun@redhat.com -Date: Mon, 15 Jan 2024 17:44:44 +0100 -Subject: [PATCH 43/44] syslog: Fix heap buffer overflow in __vsyslog_internal - (CVE-2023-6779) - -__vsyslog_internal used the return value of snprintf/vsnprintf to -calculate buffer sizes for memory allocation. If these functions (for -any reason) failed and returned -1, the resulting buffer would be too -small to hold output. This commit fixes that. - -All snprintf/vsnprintf calls are checked for negative return values and -the function silently returns upon encountering them. - -Reviewed-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit 7e5a0c286da33159d47d0122007aac016f3e02cd) ---- - misc/syslog.c | 39 ++++++++++++++++++++++++++++----------- - 1 file changed, 28 insertions(+), 11 deletions(-) - -diff --git a/misc/syslog.c b/misc/syslog.c -index 814d224a1e..53440e47ad 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -185,11 +185,13 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - else - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ if (l < 0) -+ goto out; - - char *pos; - size_t len; - -- if (0 <= l && l < sizeof bufs) -+ if (l < sizeof bufs) - { - /* At this point, there is still a chance that we can print the - remaining part of the log into bufs and use that. */ -@@ -215,12 +217,15 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - __set_errno (saved_errno); - - vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); -+ va_end (apc); -+ -+ if (vl < 0) -+ goto out; - -- if (!(0 <= vl && vl < len)) -+ if (vl >= len) - buf = NULL; - - bufsize = l + vl; -- va_end (apc); - } - - if (buf == NULL) -@@ -231,25 +236,37 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - /* Tell the cancellation handler to free this buffer. */ - clarg.buf = buf; - -+ int cl; - if (has_ts) -- __snprintf (buf, l + 1, -- SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); -+ cl = __snprintf (buf, l + 1, -+ SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); - else -- __snprintf (buf, l + 1, -- SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ cl = __snprintf (buf, l + 1, -+ SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ if (cl != l) -+ goto out; - - va_list apc; - va_copy (apc, ap); -- __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, -- mode_flags); -+ cl = __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, -+ mode_flags); - va_end (apc); -+ -+ if (cl != vl) -+ goto out; - } - else - { -+ int bl; - /* Nothing much to do but emit an error message. */ -- bufsize = __snprintf (bufs, sizeof bufs, -- "out of memory[%d]", __getpid ()); -+ bl = __snprintf (bufs, sizeof bufs, -+ "out of memory[%d]", __getpid ()); -+ if (bl < 0 || bl >= sizeof bufs) -+ goto out; -+ -+ bufsize = bl; - buf = bufs; -+ msgoff = 0; - } - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch b/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch deleted file mode 100644 index b7ff1f94fe..0000000000 --- a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d37c2b20a4787463d192b32041c3406c2bd91de0 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar arjun@redhat.com -Date: Mon, 15 Jan 2024 17:44:45 +0100 -Subject: [PATCH 44/44] syslog: Fix integer overflow in __vsyslog_internal - (CVE-2023-6780) - -__vsyslog_internal calculated a buffer size by adding two integers, but -did not first check if the addition would overflow. This commit fixes -that. - -Reviewed-by: Carlos O'Donell carlos@redhat.com -Tested-by: Carlos O'Donell carlos@redhat.com -(cherry picked from commit ddf542da94caf97ff43cc2875c88749880b7259b) ---- - misc/syslog.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/misc/syslog.c b/misc/syslog.c -index 53440e47ad..4af87f54fd 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)syslog.c 8.4 (Berkeley) 3/18/94"; - #include <sys/uio.h> - #include <sys/un.h> - #include <syslog.h> -+#include <limits.h> - - static int LogType = SOCK_DGRAM; /* type of socket connection */ - static int LogFile = -1; /* fd for log */ -@@ -219,7 +220,7 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); - va_end (apc); - -- if (vl < 0) -+ if (vl < 0 || vl >= INT_MAX - l) - goto out; - - if (vl >= len) --- -2.39.2 - diff --git a/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch b/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch deleted file mode 100644 index 9df561f67b..0000000000 --- a/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f982a712979619dbae2c6e0d741757e2ce94be11 Mon Sep 17 00:00:00 2001 -From: Bruce Rogers brogers@suse.com -Date: Wed, 6 May 2020 15:03:02 -0600 -Subject: [PATCH] [build] Be explicit about -fcommon compiler directive - -gcc10 switched default behavior from -fcommon to -fno-common. Since -"__shared" relies on the legacy behavior, explicitly specify it. - -Signed-off-by: Bruce Rogers brogers@suse.com -Modified-by: Michael Brown mcb30@ipxe.org -Signed-off-by: Michael Brown mcb30@ipxe.org ---- - src/Makefile.housekeeping | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping -index 66d6dd449..b6c61c112 100644 ---- a/src/Makefile.housekeeping -+++ b/src/Makefile.housekeeping -@@ -418,6 +418,7 @@ CFLAGS += -Os - CFLAGS += -g - ifeq ($(CCTYPE),gcc) - CFLAGS += -ffreestanding -+CFLAGS += -fcommon - CFLAGS += -Wall -W -Wformat-nonliteral - HOST_CFLAGS += -Wall -W -Wformat-nonliteral - endif diff --git a/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch b/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch deleted file mode 100644 index af4bd5926a..0000000000 --- a/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ddfb60813c74e988ba7c16dbbe1b163593c9da4e Mon Sep 17 00:00:00 2001 -From: Christian Hesse mail@eworm.de -Date: Tue, 15 May 2018 23:25:01 +0200 -Subject: [PATCH] [build] fix stringop truncation warning with GCC 8.x -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -GCC 8.x gives a warning about stringop truncation: - -util/elf2efi.c:497:2: error: ‘strncpy’ specified bound 8 equals destination -size [-Werror=stringop-truncation] - -It assumes that strncpy() is intended to copy strings, which are NULL -terminated. We do copy fixed size memory regions, so use memcpy() instead. ---- - src/util/elf2efi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c -index 6718df777..de3c92463 100644 ---- a/src/util/elf2efi.c -+++ b/src/util/elf2efi.c -@@ -494,7 +494,7 @@ static struct pe_section * process_section ( struct elf_file *elf, - memset ( new, 0, sizeof ( *new ) + section_filesz ); - - /* Fill in section header details */ -- strncpy ( ( char * ) new->hdr.Name, name, sizeof ( new->hdr.Name ) ); -+ memcpy ( ( char * ) new->hdr.Name, name, sizeof ( new->hdr.Name ) ); - new->hdr.Misc.VirtualSize = section_memsz; - new->hdr.VirtualAddress = shdr->sh_addr; - new->hdr.SizeOfRawData = section_filesz; diff --git a/src/patches/ipxe-handle-R_X86_64_PLT32.patch b/src/patches/ipxe-handle-R_X86_64_PLT32.patch deleted file mode 100644 index ef2d4343e1..0000000000 --- a/src/patches/ipxe-handle-R_X86_64_PLT32.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 5dce2d454b2829431e0484ac0f993b7a2759e0df Mon Sep 17 00:00:00 2001 -From: Christian Hesse mail@eworm.de -Date: Sat, 25 Aug 2018 13:53:08 +0200 -Subject: [PATCH] [build] handle R_X86_64_PLT32 from binutils 2.31 - -Starting from binutils 2.31.0 (commit bd7ab16b) x86-64 assembler -generates R_X86_64_PLT32 instead of R_X86_64_PC32. ---- - src/util/elf2efi.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c -index 6718df777..2c5b9df8a 100644 ---- a/src/util/elf2efi.c -+++ b/src/util/elf2efi.c -@@ -636,6 +636,7 @@ static void process_reloc ( struct elf_file *elf, const Elf_Shdr *shdr, - case ELF_MREL ( EM_ARM, R_ARM_THM_JUMP24 ) : - case ELF_MREL ( EM_ARM, R_ARM_V4BX ): - case ELF_MREL ( EM_X86_64, R_X86_64_PC32 ) : -+ case ELF_MREL ( EM_X86_64, R_X86_64_PLT32 ) : - case ELF_MREL ( EM_AARCH64, R_AARCH64_CALL26 ) : - case ELF_MREL ( EM_AARCH64, R_AARCH64_JUMP26 ) : - case ELF_MREL ( EM_AARCH64, R_AARCH64_ADR_PREL_LO21 ) : diff --git a/src/patches/ipxe-use-the-right-sized-register-for-push.patch b/src/patches/ipxe-use-the-right-sized-register-for-push.patch deleted file mode 100644 index 99b76de662..0000000000 --- a/src/patches/ipxe-use-the-right-sized-register-for-push.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 08caa8be3a143d6f33782f398b7937efb39ff283 Mon Sep 17 00:00:00 2001 -From: Justin Cano 5184128+jstncno@users.noreply.github.com -Date: Thu, 3 Aug 2023 09:58:11 -0700 -Subject: [PATCH] Use the right sized register for the push operand based on - the size of the value being pushed - -Fixes https://github.com/ipxe/ipxe/issues/997 ---- - src/arch/x86/include/librm.h | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/arch/x86/include/librm.h b/src/arch/x86/include/librm.h -index 5196d390fa..d9e748adfc 100644 ---- a/src/arch/x86/include/librm.h -+++ b/src/arch/x86/include/librm.h -@@ -250,8 +250,10 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size ); - /* CODE_DEFAULT: restore default .code32/.code64 directive */ - #ifdef __x86_64__ - #define CODE_DEFAULT ".code64" -+#define PUSH "pushq" - #else - #define CODE_DEFAULT ".code32" -+#define PUSH "pushl" - #endif - - /* LINE_SYMBOL: declare a symbol for the current source code line */ -@@ -268,7 +270,7 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size ); - - /* REAL_CODE: declare a fragment of code that executes in real mode */ - #define REAL_CODE( asm_code_str ) \ -- "push $1f\n\t" \ -+ PUSH " $1f\n\t" \ - "call real_call\n\t" \ - TEXT16_CODE ( "\n1:\n\t" \ - asm_code_str \ -@@ -277,7 +279,7 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size ); - - /* PHYS_CODE: declare a fragment of code that executes in flat physical mode */ - #define PHYS_CODE( asm_code_str ) \ -- "push $1f\n\t" \ -+ PUSH " $1f\n\t" \ - "call phys_call\n\t" \ - ".section ".text.phys", "ax", @progbits\n\t"\ - "\n" LINE_SYMBOL "\n\t" \ diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch deleted file mode 100644 index f1529812db..0000000000 --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d56d3a550..81abf8f00 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2424,7 +2424,7 @@ fi - AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") - if test "$HAVE_GETCONF_CMD" != "no"; then - CLS=$(getconf LEVEL1_DCACHE_LINESIZE) -- if [test "$CLS" != "" && test "$CLS" != "0"]; then -+ if [test "$CLS" != "" && test "$CLS" != "0" && test "$CLS" != "undefined"]; then - AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size]) - else - AC_DEFINE([CLS],[64],[L1 cache line size]) diff --git a/tools/checkrootfiles b/tools/checkrootfiles index 5036ce2d0f..9437de6f14 100755 --- a/tools/checkrootfiles +++ b/tools/checkrootfiles @@ -19,49 +19,96 @@ # # ###############################################################################
-grep -r "^etc/init.d//*" ./config/rootfiles/ >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'etc/init.d/...' in rootfiles files found!" - grep -r "^etc/init.d//*" ./config/rootfiles/ - echo "Change this to 'etc/rc.d/init.d/...' !" -fi - -grep -r "^var/run//*" ./config/rootfiles/ >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'var/run/...' in rootfiles files found!" - grep -r "^var/run//*" ./config/rootfiles/ - echo "Comment this and create it at initskript if needed !" -fi - -grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ - --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \ - --exclude update.sh --exclude qemu --exclude cmake --exclude xfsprogs \ - --exclude-dir oldcore --exclude-dir x86_64 >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! '/x86_64' in rootfiles files found!" - grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ - --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \ - --exclude update.sh --exclude qemu --exclude cmake --exclude xfsprogs \ - --exclude-dir oldcore --exclude-dir x86_64 - echo "Replace by xxxMACHINExxx !" -fi - -grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb \ - --exclude qemu --exclude liburcu --exclude abseil-cpp \ - --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'aarch64' in rootfiles files found!" - grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb \ - --exclude qemu --exclude liburcu --exclude abseil-cpp \ - --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 - echo "Replace by xxxMACHINExxx !" -fi - -grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude qemu \ - --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'riscv64' in rootfiles files found!" - grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude go --exclude qemu \ - --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 - echo "Replace by xxxMACHINExxx !" -fi +# All supported architectures +ARCHES=( + aarch64 + riscv64 + x86_64 +) + +# A list of files that are not scanned +# because they probably cause some false positives. +EXCLUDED_FILES=( + qemu +) + +ARGS=( + # Search path + "config/rootfiles" + + # Exclude old core updates + "--exclude-dir" "oldcore" + + # Ignore the update scripts + "--exclude" "update.sh" +) + +check_for_arch() { + local arch="${1}" + + local args=( + "${ARGS[@]}" + ) + + # Exclude any architecture-specific directories + local a + for a in ${ARCHES[@]}; do + args+=( "--exclude-dir" "${a}" ) + done + + # Exclude all excluded files + local x + for x in ${EXCLUDED_FILES[@]}; do + args+=( "--exclude" "${x}" ) + done + + # Search for all lines that contain the architecture, but exclude commented lines + grep -r "^[^#].*${arch}" "${args[@]}" +} + +check_for_pattern() { + local pattern="${1}" + local message="${2}" + + local args=( + "${ARGS[@]}" + ) + + if grep -r "${pattern}" "${args[@]}"; then + if [ -n "${message}" ]; then + echo "ERROR: ${message}" + else + echo "ERROR: Files matching '${pattern}' have been found in the rootfiles" + fi + return 1 + fi + + return 0 +} + +main() { + local failed=0 + + # Check for /etc/init.d + if ! check_for_pattern "^etc/init.d/" \ + "/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then + failed=1 + fi + + # Check for /var/run + if ! check_for_pattern "^var/run/.*" \ + "You cannot ship files in /var/run as it is a ramdisk"; then + failed=1 + fi + + # Check architectures + local arch + for arch in ${ARCHES[@]}; do + check_for_arch "${arch}" || failed=$? + done + + # Return the error + return ${failed} +} + +main "$@" || exit $?
hooks/post-receive -- IPFire 2.x development tree