This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 30b904fb80dc589faec04d2ad590110211a45b08 (commit) via 31620ed428b4ef033fce55f42f97c6c393695b45 (commit) via 34864407201f4e53b68a7cbd9f50ec1a69761f0d (commit) via cf1b407f05cdf095331b478553a8fcb0c6ddb810 (commit) via b2e7b0a28b882e9a55b9d7e4bb3eb9fbf3cbfde5 (commit) via 3e501253bdb14d51e01a04d1d2172ea4b5a6ed89 (commit) via 133b2ae6bb594c969253f04eebdaa211b3adee0c (commit) via 173f1ffca394319437bd215719242229a8298bfe (commit) via cef4daddf7bef15683a9106dbe759088eb9471f8 (commit) via 0921556c85e430566ba3e2a6ed384ff46c0befc1 (commit) via ad6ad54f18042e92c4d90dcf1f9a28e341565cf4 (commit) via c797789c1f45dc76f4cf933ad3e3d24376c2b76e (commit) via 4e28814b6f9378ec1dad7bf62243bf4ccf214397 (commit) via 238a0468da6a6d1fdfa236969e5dd43029dcb85a (commit) via 908f3783ec544ea0da998c5840a47d5f138882b2 (commit) via d83b6fc6df76b9feefdb53ebd7c7516820004e92 (commit) via 9a671e7ae4cb53cba2f479e02afae864ad06298d (commit) via 34a9705d95da4d48e775c7c3ec60721d58adfc40 (commit) via e155e2f99938555576b25b1be4a31a3c0a492ae4 (commit) via b4f19c6d93503b2c1be6258715b133bde91bb674 (commit) via 957b6f92b920d511e88320ba4bf803e6b72c9b61 (commit) via ce195c328ecd4a8a632aaace236b502762d99d65 (commit) via 2c21437bef63f58a33f2c6e8955c0dfce7d208d6 (commit) via a475adc183212b07fca5808e43e035c041df7d74 (commit) via 747fbd6507aa986263a3518051c8aff81c555c1c (commit) via 4cc36e3861a144ff4c1edbfd3545e26b049d8e9c (commit) via c1ef4566cfe85f25a624ab56acd9c835a27c1688 (commit) via cb73ca19a6152689e130502a6d28fec5145ef288 (commit) from cb251d2fbb258eb1cd2484dc129c01e14c1f35af (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 30b904fb80dc589faec04d2ad590110211a45b08 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:29:21 2023 +0000
Core Update 175: Remove orphaned qpdf libraries, if present
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 31620ed428b4ef033fce55f42f97c6c393695b45 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:28:45 2023 +0000
Core Update 175: Ship more files dependant on OpenSSL
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 34864407201f4e53b68a7cbd9f50ec1a69761f0d Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:19:20 2023 +0000
Housekeeping: Only mark files as executable if they have to be
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit cf1b407f05cdf095331b478553a8fcb0c6ddb810 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:11:04 2023 +0000
Core Update 175: Ship mpfr
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b2e7b0a28b882e9a55b9d7e4bb3eb9fbf3cbfde5 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu May 11 14:39:42 2023 +0200
mpfr: Update to include the latest four bug patches
- The base version has not changed but patches to fix 4 bugs have been released. - Update to rootfile not required. - Bug fix changelog 1 A test of the thousands separator in tsprintf.c is based on the output from the GNU C Library up to 2.36, which is incorrect. The output has changed in 2.37 (partly fixed), so that tsprintf fails with glibc 2.37. The tsprintf-thousands patch modifies the test to conform to POSIX and also avoid the buggy case in 2.36 and below. However, this new test, which was expected to succeed, triggers a serious bug in 2.37 (bug 30068 / CVE-2023-25139). We did not modify the test again since this bug affects MPFR's mpfr_sprintf function, with a possible buffer overflow in particular cases. This bug has been fixed in the 2.37 branch. In short, this patch is useful (and needed) for a fixed glibc 2.37 and some other libraries, depending on the current locales. Corresponding changesets in the 4.2 branch: 4f03d40b5, 78ff7526d, e66bb7121. 2 The mpfr_ui_pow_ui function has infinite loop in case of overflow. This can affect mpfr_log10, which uses this function (this is how this bug was found). This bug is fixed by the ui_pow_ui-overflow patch (with testcases). Corresponding changeset in the 4.2 branch: 0216f40ed. 3 The tfprintf and tprintf tests may fail in locales where decimal_point has several bytes, such as ps_AF. This is fixed by the multibyte-decimal_point patch, which makes the tests aware of the length of decimal_point. Corresponding changeset in the 4.2 branch: 0383bea85. 4 In particular cases that are very hard to round, mpfr_rec_sqrt may yield a stack overflow due to many small allocations in the stack, based on alloca(). This is due to the fact that the working precision is increased each step (Ziv loop) by 32 or 64 bits only, until the approximate result can be rounded (thus we have an arithmetic progression here, while a geometric progression is used for the other functions), and that at each iteration, the previous allocations in the stack cannot be freed. Individual allocations in the stack are limited to 16384 bytes, so that the issue can occur only when there are many iterations in working precisions that are not too large, which is possible with an arithmetic progression. This bug is fixed by the rec_sqrt-zivloop patch, which changes the Ziv loop to use the standard MPFR_ZIV_* macros; the patch also provides a testcase obtained by a function that constructs a hard-to-round case involving large enough precisions (this function is commonly used in the MPFR testsuite, but not with so large precisions). This bug was originally reported by Fredrik Johansson. Corresponding changeset in the 4.2 branch: 934dd8842.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 3e501253bdb14d51e01a04d1d2172ea4b5a6ed89 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu May 11 14:39:41 2023 +0200
lvm2: housekeeping - remove invalid configure option
- Since lvmetad was removed then the configure option --enable-lvmetad is no longer valid. A warning is now shown - configure: WARNING: unrecognized options: --enable-lvmetad
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 133b2ae6bb594c969253f04eebdaa211b3adee0c Author: Adolf Belka adolf.belka@ipfire.org Date: Wed May 10 22:41:10 2023 +0200
libcap: Adjust the lfs file to place pkg-config files in the correct place
- libcap places the files by default in /lib and not /usr/lib etc. To fix this libcap made a symlink for the library file from /lib to /usr/lib. However the .pc files were left in /lib/pkgconfig and not /usr/lib/pkgconfig and were therefore not found by the update of rng-tools which now required libcap to be found. - Changed the prefix settings for libcap which placed the libraries and .pc files in the correct locations while keeping the executables in their existing location. - This removed the need for symlinking /usr/lib/libcap.so to /lib/libcap.so.2.67 as the libraries are now placed in /usr/lib - Installed the ipfire build with these changes into a vm system and confirmed that everything worked. Input from Michael Tremer that if ping worked then libcap was functioning correctly. - The prefixes have to be applied to both make and make install to end up with the files in the correct places.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 173f1ffca394319437bd215719242229a8298bfe Author: Adolf Belka adolf.belka@ipfire.org Date: Wed May 10 22:41:09 2023 +0200
rng-tools: Update to version 2.16
- This v2 version corrects an error where a debug echo statement was left in the lfs file - Update from version 2.14 to 2.16 - Update of rootfile not required - Version 2.16 required libcap to be available, which it is, but it could not be found by rng-tools. This is because rng-tools is using pkg-config and the required libcap.pc file was not stored in the standard directory location for .pc files. Therefore a patch for libcap is bundled together with this update to fix this.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit cef4daddf7bef15683a9106dbe759088eb9471f8 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:09:23 2023 +0000
Core Update 175: Remove orphaned lvmetad initscript
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 0921556c85e430566ba3e2a6ed384ff46c0befc1 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed May 10 19:17:46 2023 +0200
initscripts: removal of lvmetad initscript
- With the last update of lvm2 lvmetad was removed from lvm2. I did not recognise that lvmetad had been setup as an automatic initscript, so it no longer works as the binary is no longer provided. - This patch removes the lvmetad initscript, the reference to lvmetad in the initscript lfs file and the lvmetad initscript entries in the rootfile for each architecture.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ad6ad54f18042e92c4d90dcf1f9a28e341565cf4 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:07:33 2023 +0000
Core Update 175: Ship backup.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c797789c1f45dc76f4cf933ad3e3d24376c2b76e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed May 10 11:52:03 2023 +0200
backup.cgi: Read and deliver the requested backup in pieces
Read-in the requested backup file line by line and directly deliver this as stream to the client.
This fixes the problem with very big backups on systems with very limited RAM, which resulted in an OOM kill of the CGI and delivery process.
Fixes #13096.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4e28814b6f9378ec1dad7bf62243bf4ccf214397 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon May 8 19:07:23 2023 +0200
alsa: Uncomment the conf file names in the rootfile
- Based on input from Arne Fitzenreiter there are conf files that alsa complains about if they are not present. This patch uncomments all the default conf files - The backup include file is also added to the rootfile.
Suggested-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 238a0468da6a6d1fdfa236969e5dd43029dcb85a Author: Adolf Belka adolf.belka@ipfire.org Date: Mon May 8 19:07:22 2023 +0200
alsa: Fixes Bug#13087 - module removal & path correction for asound.state file
- start_service added to install.sh and stop_service to uninstall.sh This ensures that the modules are loaded after install - The /etc/asound.state file was touched by the install.sh cript but the alsactl store and restore commands have default location of /var/lib/alsa/ so the touch command created an asound.state file that was then not used subsequently. It also meant that the first start of alsa would fail as it would try and restore from /var/lib/alsa/asound.state but the file did not exist. - This patch corrects the path for the touch command for asound.state - The install.sh script also checks if /etc/asound.state, that was never used, exists and if it does removes it. - Uninstalling alsa left the sound modules installed until a reboot was carried out. Uninstallation should unload the alsa kernel modules. This patch adds the modprobe -r commands to the uninstall.sh file to unload all the snd modules when alsa is uninstalled. - make_backup and restore_backup commands added to ther install.sh and uninstall.sh scripts
Fixes: Bug#13087 Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 908f3783ec544ea0da998c5840a47d5f138882b2 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon May 8 19:07:21 2023 +0200
alsa: Add in a backup include file for alsa specifying the asound.state file
- This will backup the sound card status with the asound.state file when the addon is uninstalled so that if it is re-installed in the future the status can be rerstored.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d83b6fc6df76b9feefdb53ebd7c7516820004e92 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon May 8 19:07:20 2023 +0200
alsa: Fix bug#13087 remove services entry
- alsa has an initscript but it is not starting and stopping a traditional daemon service. The initscript loads some alsa modules and then restores the asound.state file - This patch updates the PAK_VER number and removes the services entry and explicitly adds alsa in for the initscript installation. - Additionally this patch also adds the installation of a backup include file for alsa which savces the soundcards status file asound.state
Fixes: Bug#13087 Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9a671e7ae4cb53cba2f479e02afae864ad06298d Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:06:06 2023 +0000
Core Update 175: Ship and restart Squid
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 34a9705d95da4d48e775c7c3ec60721d58adfc40 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed May 3 21:00:34 2023 +0200
squid: Update to 5.9
For details see: https://github.com/squid-cache/squid/commits/v5
The translation files are back in the source code... ;-)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit e155e2f99938555576b25b1be4a31a3c0a492ae4 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Apr 18 20:52:00 2023 +0000
linux: Compile "Intel XHCI USB Role Switch" as a module on x86_64
From the kernel documentation:
> Driver for the internal USB role switch for switching the USB data > lines between the xHCI host controller and the dwc3 gadget controller > found on various Intel SoCs. [...]
This may unblock USB-LAN-adaptor usage on certain boards, as reported once in #12750. Overall affected devices seem to be scanty; nevertheless, enabling this as a module only is highly unlikely to cause any harm, so let's give it a try.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b4f19c6d93503b2c1be6258715b133bde91bb674 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:04:12 2023 +0000
Core Update 175: Ship log.dat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 957b6f92b920d511e88320ba4bf803e6b72c9b61 Author: Robin Roevens robin.roevens@disroot.org Date: Tue Apr 18 20:45:12 2023 +0200
Add Zabbix Agent to logviewer
- Configure Zabbix Agent to log to syslog instead of its own logs. - Remove old zabbix log-dir and logrotate settings from rootfile, lfs and install-script. - Update log.dat to view Zabbix Agent logging from syslog.
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit ce195c328ecd4a8a632aaace236b502762d99d65 Author: Robin Roevens robin.roevens@disroot.org Date: Tue Apr 18 20:45:11 2023 +0200
Bugfix: compatibility with grep 3.8+
Fix "grep: warning: stray \ before /" message on Zabbix Agent ipfire.net.fw.hits item introduced by grep 3.8 in https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=40b5df3942149738529c22c9...
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 2c21437bef63f58a33f2c6e8955c0dfce7d208d6 Author: Robin Roevens robin.roevens@disroot.org Date: Tue Apr 18 20:45:10 2023 +0200
zabbix_agentd: Update to 6.0.16 (LTS)
- Update from version 6.0.6 to 6.0.16 - Update of rootfile not required - Changelog No substantial changes for Agent Linux version Changelogs since 6.0.6: - https://www.zabbix.com/rn/rn6.0.7 - https://www.zabbix.com/rn/rn6.0.8 - https://www.zabbix.com/rn/rn6.0.9 - https://www.zabbix.com/rn/rn6.0.10 - https://www.zabbix.com/rn/rn6.0.11 - https://www.zabbix.com/rn/rn6.0.12 - https://www.zabbix.com/rn/rn6.0.13 - https://www.zabbix.com/rn/rn6.0.14 - https://www.zabbix.com/rn/rn6.0.15 - https://www.zabbix.com/rn/rn6.0.16
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit a475adc183212b07fca5808e43e035c041df7d74 Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:02:12 2023 +0000
Core Update 175: Ship and restart Suricata
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 747fbd6507aa986263a3518051c8aff81c555c1c Author: Peter Müller peter.mueller@ipfire.org Date: Thu May 11 20:01:34 2023 +0000
Core Update 175: Ship libhtp
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4cc36e3861a144ff4c1edbfd3545e26b049d8e9c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 14 10:20:28 2023 +0200
libhtp: Update to 0.5.43
For details see: https://github.com/OISF/libhtp/releases/tag/0.5.43
"htp: do not log content-encoding: none htp: do not error on multiple 100 Continue readme: remove note on libhtp not being stable uri: fix compile warning strict-prototypes bstr: fix compile warning strict-prototypes fuzz_diff: Free the rust test object. github: add CIFuzz workflow"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit c1ef4566cfe85f25a624ab56acd9c835a27c1688 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 14 10:20:27 2023 +0200
suricata: Update to 6.0.11
Excerpt from changelog:
"6.0.11 -- 2023-04-13
Security #5947: byte_math: Division by zero possible. (6.0.x backport) Bug #5970: detect: reload can stall if flow housekeeping takes too long (6.0.x backport) Bug #5967: flowworker: Assertion in CheckWorkQueue (6.0.x backport) Bug #5953: http: multipart data is not filled up to request.body-limit (6.0.x backport) Bug #5951: detect: multi-tenancy crash (6.0.x backport) Bug #5950: http2: quadratic complexity when reducing dynamic headers table size (6.0.x backport) Bug #5949: smtp: quadratic complexity for tx iterator with linked list (6.0.x backport) Bug #5948: fast_pattern assignment of specific content in combination with urilen results in FN (6.0.x backport) Bug #5946: flow/manager: fix unhandled division by 0 (prealloc: 0) (6.0.x backport) Bug #5942: exception/policy: flow action doesn't fall back to packet action when there's no flow (6.0.x backports) Bug #5933: smb: tx logs sometimes have duplicate `tree_id` output (6.0.x backport) Bug #5932: rfb/eve: depth in pixel format logged twice (6.0.x backport) Bug #5906: dns: unused events field can overflow as an integer Bug #5903: UBSAN: undefined shift in DetectByteMathDoMatch (6.0.x backport) Bug #5899: smb: no consistency check between NBSS length and length field for some SMB operations (6.0.x backport) Bug #5898: smb: possible evasion with trailing nbss data (6.0.x backport) Bug #5896: base64_decode not populating up to an invalid character (6.0.x backport) Bug #5895: stream: connections time out too early (6.0.x backport) Bug #5889: stream: SYN/ACK timestamp checking blocks valid traffic (6.0.x backport) Bug #5888: false-positive drop event_types possible on passed packets (6.0.x backport) Bug #5887: stream: overlap with different data false positive (6.0.x backport) Bug #5886: mime: debug assertion on fuzz input (6.0.x backport) Bug #5879: netmap: Module registration displays whether info about new API usage Bug #5863: netmap: packet stalls (6.0.x backport) Bug #5854: SMTP does not handle LF post line limit properly (6.0.x backport) Bug #5852: tcp/stream: session reuse on tcp flows w/o sessions (6.0.x backport) Feature #5853: yaml: set suricata version in generated config (6.0.x backport) Task #5985: libhtp 0.5.43 (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit cb73ca19a6152689e130502a6d28fec5145ef288 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed May 10 14:23:24 2023 +0200
kernel: patch CVE-2023-32233
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/includes/alsa | 1 + config/kernel/kernel.config.x86_64-ipfire | 2 +- config/rootfiles/common/aarch64/initscripts | 2 - config/rootfiles/common/libcap | 17 +- config/rootfiles/common/riscv64/initscripts | 2 - config/rootfiles/common/x86_64/initscripts | 2 - .../{oldcore/125 => core/175}/filelists/collectd | 0 config/rootfiles/core/175/filelists/files | 2 + .../{oldcore/106 => core/175}/filelists/gnupg | 0 .../{oldcore/169 => core/175}/filelists/krb5 | 0 .../{oldcore/111 => core/175}/filelists/libevent2 | 0 .../{oldcore/131 => core/175}/filelists/libhtp | 0 .../{oldcore/101 => core/175}/filelists/mpfr | 0 .../{oldcore/128 => core/175}/filelists/openldap | 0 .../{oldcore/100 => core/175}/filelists/squid | 0 .../{oldcore/131 => core/175}/filelists/suricata | 0 config/rootfiles/core/175/update.sh | 11 + config/rootfiles/packages/alsa | 187 ++++---- config/rootfiles/packages/zabbix_agentd | 2 - config/zabbix_agentd/logrotate | 9 - config/zabbix_agentd/userparameter_ipfire.conf | 2 +- .../zabbix_agentd_ipfire_mandatory.conf | 5 +- html/cgi-bin/backup.cgi | 9 +- html/cgi-bin/logs.cgi/log.dat | 6 +- lfs/alsa | 9 +- lfs/initscripts | 3 +- lfs/libcap | 13 +- lfs/libhtp | 6 +- lfs/linux | 3 + lfs/lvm2 | 1 - lfs/mpfr | 8 +- lfs/rng-tools | 8 +- lfs/squid | 13 +- lfs/suricata | 4 +- lfs/zabbix_agentd | 15 +- src/initscripts/packages/avahi | 0 src/initscripts/packages/bird | 0 src/initscripts/packages/frr | 0 src/initscripts/packages/guardian | 0 src/initscripts/packages/nqptp | 0 src/initscripts/packages/qemu-ga | 0 src/initscripts/packages/shairport-sync | 0 src/initscripts/system/conntrackd | 0 src/initscripts/system/lvmetad | 53 --- src/initscripts/system/vnstat | 0 src/paks/alsa/install.sh | 8 +- src/paks/alsa/uninstall.sh | 6 + src/paks/zabbix_agentd/install.sh | 4 +- ...etfilter_nftables_deactivate_anonymus_set.patch | 121 +++++ .../mpfr-4.2.0-cumulative-patches-1-to-4.patch | 521 +++++++++++++++++++++ src/scripts/archive.files | 0 src/scripts/captive-cleanup | 0 src/scripts/convert-dns-settings | 0 src/scripts/convert-to-location | 0 src/scripts/openvpn-metrics | 0 55 files changed, 827 insertions(+), 228 deletions(-) create mode 100644 config/backup/includes/alsa copy config/rootfiles/{oldcore/125 => core/175}/filelists/collectd (100%) copy config/rootfiles/{oldcore/106 => core/175}/filelists/gnupg (100%) copy config/rootfiles/{oldcore/169 => core/175}/filelists/krb5 (100%) copy config/rootfiles/{oldcore/111 => core/175}/filelists/libevent2 (100%) copy config/rootfiles/{oldcore/131 => core/175}/filelists/libhtp (100%) copy config/rootfiles/{oldcore/101 => core/175}/filelists/mpfr (100%) copy config/rootfiles/{oldcore/128 => core/175}/filelists/openldap (100%) copy config/rootfiles/{oldcore/100 => core/175}/filelists/squid (100%) copy config/rootfiles/{oldcore/131 => core/175}/filelists/suricata (100%) delete mode 100644 config/zabbix_agentd/logrotate mode change 100755 => 100644 src/initscripts/packages/avahi mode change 100755 => 100644 src/initscripts/packages/bird mode change 100755 => 100644 src/initscripts/packages/frr mode change 100755 => 100644 src/initscripts/packages/guardian mode change 100755 => 100644 src/initscripts/packages/nqptp mode change 100755 => 100644 src/initscripts/packages/qemu-ga mode change 100755 => 100644 src/initscripts/packages/shairport-sync mode change 100755 => 100644 src/initscripts/system/conntrackd delete mode 100755 src/initscripts/system/lvmetad mode change 100755 => 100644 src/initscripts/system/vnstat create mode 100644 src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch create mode 100644 src/patches/mpfr-4.2.0-cumulative-patches-1-to-4.patch mode change 100755 => 100644 src/scripts/archive.files mode change 100755 => 100644 src/scripts/captive-cleanup mode change 100755 => 100644 src/scripts/convert-dns-settings mode change 100755 => 100644 src/scripts/convert-to-location mode change 100755 => 100644 src/scripts/openvpn-metrics
Difference in files: diff --git a/config/backup/includes/alsa b/config/backup/includes/alsa new file mode 100644 index 000000000..93db0bd79 --- /dev/null +++ b/config/backup/includes/alsa @@ -0,0 +1 @@ +/var/lib/alsa/asound.state diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index db0271d94..c8985b482 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6060,7 +6060,7 @@ CONFIG_UCSI_ACPI=m # end of USB Type-C Alternate Mode drivers
CONFIG_USB_ROLE_SWITCH=m -# CONFIG_USB_ROLES_INTEL_XHCI is not set +CONFIG_USB_ROLES_INTEL_XHCI=m CONFIG_MMC=m CONFIG_MMC_BLOCK=m CONFIG_MMC_BLOCK_MINORS=8 diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index dc6c0fd24..e2a8a11d5 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -29,7 +29,6 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/halt etc/rc.d/init.d/ipsec etc/rc.d/init.d/leds -etc/rc.d/init.d/lvmetad etc/rc.d/init.d/localnet etc/rc.d/init.d/modules etc/rc.d/init.d/mountfs @@ -171,7 +170,6 @@ etc/rc.d/rc6.d/S99reboot etc/rc.d/rcsysinit.d/S00mountkernfs etc/rc.d/rcsysinit.d/S01sysctl etc/rc.d/rcsysinit.d/S05modules -etc/rc.d/rcsysinit.d/S09lvmetad etc/rc.d/rcsysinit.d/S10udev etc/rc.d/rcsysinit.d/S19waitdrives etc/rc.d/rcsysinit.d/S25partresize diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index 194fc7f19..af1c22e83 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,11 +1,3 @@ -lib/libcap.so.2 -lib/libcap.so.2.67 -#lib/libpsx.so -#lib/libpsx.so.2 -lib/libpsx.so.2.67 -#lib/pkgconfig/libcap.pc -#lib/pkgconfig/libpsx.pc -lib/security/pam_cap.so sbin/capsh sbin/getcap sbin/getpcaps @@ -13,6 +5,15 @@ sbin/setcap #usr/include/sys/capability.h #usr/include/sys/psx_syscall.h usr/lib/libcap.so +usr/lib/libcap.so.2 +usr/lib/libcap.so.2.67 +#usr/lib/libpsx.so +#usr/lib/libpsx.so.2 +usr/lib/libpsx.so.2.67 +#usr/lib/pkgconfig/libcap.pc +#usr/lib/pkgconfig/libpsx.pc +#usr/lib/security +usr/lib/security/pam_cap.so #usr/share/man/man1/capsh.1 #usr/share/man/man3/cap_clear.3 #usr/share/man/man3/cap_clear_flag.3 diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts index 1848f8ebc..0c12af138 100644 --- a/config/rootfiles/common/riscv64/initscripts +++ b/config/rootfiles/common/riscv64/initscripts @@ -29,7 +29,6 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/halt etc/rc.d/init.d/ipsec etc/rc.d/init.d/leds -etc/rc.d/init.d/lvmetad etc/rc.d/init.d/localnet etc/rc.d/init.d/modules etc/rc.d/init.d/mountfs @@ -170,7 +169,6 @@ etc/rc.d/rc6.d/S99reboot etc/rc.d/rcsysinit.d/S00mountkernfs etc/rc.d/rcsysinit.d/S01sysctl etc/rc.d/rcsysinit.d/S05modules -etc/rc.d/rcsysinit.d/S09lvmetad etc/rc.d/rcsysinit.d/S10udev etc/rc.d/rcsysinit.d/S19waitdrives etc/rc.d/rcsysinit.d/S25partresize diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 1848f8ebc..0c12af138 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -29,7 +29,6 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/halt etc/rc.d/init.d/ipsec etc/rc.d/init.d/leds -etc/rc.d/init.d/lvmetad etc/rc.d/init.d/localnet etc/rc.d/init.d/modules etc/rc.d/init.d/mountfs @@ -170,7 +169,6 @@ etc/rc.d/rc6.d/S99reboot etc/rc.d/rcsysinit.d/S00mountkernfs etc/rc.d/rcsysinit.d/S01sysctl etc/rc.d/rcsysinit.d/S05modules -etc/rc.d/rcsysinit.d/S09lvmetad etc/rc.d/rcsysinit.d/S10udev etc/rc.d/rcsysinit.d/S19waitdrives etc/rc.d/rcsysinit.d/S25partresize diff --git a/config/rootfiles/core/175/filelists/collectd b/config/rootfiles/core/175/filelists/collectd new file mode 120000 index 000000000..871b32f14 --- /dev/null +++ b/config/rootfiles/core/175/filelists/collectd @@ -0,0 +1 @@ +../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/files b/config/rootfiles/core/175/filelists/files index dad266e7e..d2b3c79f8 100644 --- a/config/rootfiles/core/175/filelists/files +++ b/config/rootfiles/core/175/filelists/files @@ -82,4 +82,6 @@ lib/firmware/rtlwifi/rtl8710bufw_SMIC.bin lib/firmware/rtlwifi/rtl8710bufw_UMC.bin lib/firmware/rtw88/rtw8822c_fw.bin lib/firmware/rtw89/rtw8852b_fw-1.bin +srv/web/ipfire/cgi-bin/backup.cgi +srv/web/ipfire/cgi-bin/logs.cgi/log.dat usr/lib/firewall/rules.pl diff --git a/config/rootfiles/core/175/filelists/gnupg b/config/rootfiles/core/175/filelists/gnupg new file mode 120000 index 000000000..a1a156447 --- /dev/null +++ b/config/rootfiles/core/175/filelists/gnupg @@ -0,0 +1 @@ +../../../common/gnupg \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/krb5 b/config/rootfiles/core/175/filelists/krb5 new file mode 120000 index 000000000..082c3cbcd --- /dev/null +++ b/config/rootfiles/core/175/filelists/krb5 @@ -0,0 +1 @@ +../../../common/krb5 \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/libevent2 b/config/rootfiles/core/175/filelists/libevent2 new file mode 120000 index 000000000..42edc99c3 --- /dev/null +++ b/config/rootfiles/core/175/filelists/libevent2 @@ -0,0 +1 @@ +../../../common/libevent2 \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/libhtp b/config/rootfiles/core/175/filelists/libhtp new file mode 120000 index 000000000..676e2c5e8 --- /dev/null +++ b/config/rootfiles/core/175/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/mpfr b/config/rootfiles/core/175/filelists/mpfr new file mode 120000 index 000000000..c8468bf42 --- /dev/null +++ b/config/rootfiles/core/175/filelists/mpfr @@ -0,0 +1 @@ +../../../common/mpfr \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/openldap b/config/rootfiles/core/175/filelists/openldap new file mode 120000 index 000000000..80c324f76 --- /dev/null +++ b/config/rootfiles/core/175/filelists/openldap @@ -0,0 +1 @@ +../../../common/openldap \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/squid b/config/rootfiles/core/175/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/175/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/175/filelists/suricata b/config/rootfiles/core/175/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/175/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh index 7615a52b0..03ce4a93d 100644 --- a/config/rootfiles/core/175/update.sh +++ b/config/rootfiles/core/175/update.sh @@ -47,7 +47,9 @@ done /etc/rc.d/init.d/apache stop /etc/rc.d/init.d/ntp stop /etc/rc.d/init.d/sshd stop +/etc/rc.d/init.d/squid stop /etc/rc.d/init.d/unbound stop +/etc/rc.d/init.d/suricata stop
KVER="xxxKVERxxx"
@@ -103,6 +105,8 @@ extract_files
# Remove files rm -rvf \ + /etc/rc.d/init.d/lvmetad \ + /etc/rc.d/rcsysinit.d/S09lvmetad \ /lib/firmware/liquidio/lio_23xx_vsw.bin \ /usr/lib/libbind9-9.16.38.so \ /usr/lib/libdns-9.16.38.so \ @@ -111,6 +115,7 @@ rm -rvf \ /usr/lib/libisccc-9.16.38.so \ /usr/lib/libisccfg-9.16.38.so \ /usr/lib/libns-9.16.38.so \ + /usr/lib/libqpdf.so.28* \ /var/ipfire/menu.d/EX-addonsvc.menu \ /var/ipfire/menu.d/EX-asterisk.menu \ /var/ipfire/menu.d/EX-bluetooth.menu @@ -134,12 +139,18 @@ chmod -v 644 /var/log/pakfire.log /etc/rc.d/init.d/firewall restart
# Start services +if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then + /etc/rc.d/init.d/suricata start +fi /etc/rc.d/init.d/unbound start /etc/rc.d/init.d/apache start /etc/rc.d/init.d/ntp start if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then /etc/init.d/sshd start fi +if [ -f /var/ipfire/proxy/enable ]; then + /etc/init.d/squid start +fi
# Regenerate all initrds dracut --regenerate-all --force diff --git a/config/rootfiles/packages/alsa b/config/rootfiles/packages/alsa index 987e7f372..bce2ff5cc 100644 --- a/config/rootfiles/packages/alsa +++ b/config/rootfiles/packages/alsa @@ -197,7 +197,7 @@ usr/local/share/alsa #usr/local/share/alsa/firmware/hdsploader/multiface_firmware_rev11.bin usr/local/share/alsa/firmware/hdsploader/rpm_firmware.bin #usr/local/share/alsa/firmware/mixartloader -#usr/local/share/alsa/firmware/mixartloader/miXart.conf +usr/local/share/alsa/firmware/mixartloader/miXart.conf #usr/local/share/alsa/firmware/mixartloader/miXart8.elf #usr/local/share/alsa/firmware/mixartloader/miXart8.xlx #usr/local/share/alsa/firmware/mixartloader/miXart8AES.xlx @@ -215,13 +215,13 @@ usr/local/share/alsa/firmware/hdsploader/rpm_firmware.bin #usr/local/share/alsa/firmware/pcxhrloader/dspe882.e56 #usr/local/share/alsa/firmware/pcxhrloader/dspe924.e56 #usr/local/share/alsa/firmware/pcxhrloader/e321_512.e56 -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr0.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr1.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr2.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr3.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr4.conf -#usr/local/share/alsa/firmware/pcxhrloader/pcxhr5.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr0.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr1.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr2.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr3.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr4.conf +usr/local/share/alsa/firmware/pcxhrloader/pcxhr5.conf #usr/local/share/alsa/firmware/pcxhrloader/xc_1_882.dat #usr/local/share/alsa/firmware/pcxhrloader/xi_1_882.dat #usr/local/share/alsa/firmware/pcxhrloader/xlxc1222e.dat @@ -233,15 +233,15 @@ usr/local/share/alsa/firmware/hdsploader/rpm_firmware.bin #usr/local/share/alsa/firmware/pcxhrloader/xlxint.dat #usr/local/share/alsa/firmware/usx2yloader #usr/local/share/alsa/firmware/usx2yloader/tascam_loader.ihx -#usr/local/share/alsa/firmware/usx2yloader/us122.conf +usr/local/share/alsa/firmware/usx2yloader/us122.conf #usr/local/share/alsa/firmware/usx2yloader/us122.prepad #usr/local/share/alsa/firmware/usx2yloader/us122.rbt #usr/local/share/alsa/firmware/usx2yloader/us122fw.ihx -#usr/local/share/alsa/firmware/usx2yloader/us224.conf +usr/local/share/alsa/firmware/usx2yloader/us224.conf #usr/local/share/alsa/firmware/usx2yloader/us224.prepad #usr/local/share/alsa/firmware/usx2yloader/us224.rbt #usr/local/share/alsa/firmware/usx2yloader/us224fw.ihx -#usr/local/share/alsa/firmware/usx2yloader/us428.conf +usr/local/share/alsa/firmware/usx2yloader/us428.conf #usr/local/share/alsa/firmware/usx2yloader/us428.prepad #usr/local/share/alsa/firmware/usx2yloader/us428.rbt #usr/local/share/alsa/firmware/usx2yloader/us428fw.ihx @@ -255,10 +255,10 @@ usr/local/share/alsa/firmware/hdsploader/rpm_firmware.bin #usr/local/share/alsa/firmware/vxloader/l_1_vp4.d56 #usr/local/share/alsa/firmware/vxloader/l_1_vx2.d56 #usr/local/share/alsa/firmware/vxloader/l_1_vxp.d56 -#usr/local/share/alsa/firmware/vxloader/vx222.conf -#usr/local/share/alsa/firmware/vxloader/vxboard.conf -#usr/local/share/alsa/firmware/vxloader/vxp440.conf -#usr/local/share/alsa/firmware/vxloader/vxpocket.conf +usr/local/share/alsa/firmware/vxloader/vx222.conf +usr/local/share/alsa/firmware/vxloader/vxboard.conf +usr/local/share/alsa/firmware/vxloader/vxp440.conf +usr/local/share/alsa/firmware/vxloader/vxpocket.conf #usr/local/share/alsa/firmware/vxloader/x1_1_vp4.rbt #usr/local/share/alsa/firmware/vxloader/x1_1_vx2.rbt #usr/local/share/alsa/firmware/vxloader/x1_1_vxp.rbt @@ -269,69 +269,69 @@ usr/sbin/alsaconf usr/sbin/alsactl #usr/share/aclocal/alsa.m4 usr/share/alsa -#usr/share/alsa/alsa.conf +usr/share/alsa/alsa.conf #usr/share/alsa/cards -#usr/share/alsa/cards/AACI.conf -#usr/share/alsa/cards/ATIIXP-MODEM.conf -#usr/share/alsa/cards/ATIIXP-SPDMA.conf -#usr/share/alsa/cards/ATIIXP.conf -#usr/share/alsa/cards/AU8810.conf -#usr/share/alsa/cards/AU8820.conf -#usr/share/alsa/cards/AU8830.conf -#usr/share/alsa/cards/Audigy.conf -#usr/share/alsa/cards/Audigy2.conf -#usr/share/alsa/cards/Aureon51.conf -#usr/share/alsa/cards/Aureon71.conf -#usr/share/alsa/cards/CA0106.conf -#usr/share/alsa/cards/CMI8338-SWIEC.conf -#usr/share/alsa/cards/CMI8338.conf -#usr/share/alsa/cards/CMI8738-MC6.conf -#usr/share/alsa/cards/CMI8738-MC8.conf -#usr/share/alsa/cards/CMI8788.conf -#usr/share/alsa/cards/CS46xx.conf -#usr/share/alsa/cards/EMU10K1.conf -#usr/share/alsa/cards/EMU10K1X.conf -#usr/share/alsa/cards/ENS1370.conf -#usr/share/alsa/cards/ENS1371.conf -#usr/share/alsa/cards/ES1968.conf -#usr/share/alsa/cards/Echo_Echo3G.conf -#usr/share/alsa/cards/FM801.conf -#usr/share/alsa/cards/FWSpeakers.conf -#usr/share/alsa/cards/FireWave.conf -#usr/share/alsa/cards/GUS.conf -#usr/share/alsa/cards/HDA-Intel.conf -#usr/share/alsa/cards/HdmiLpeAudio.conf -#usr/share/alsa/cards/ICE1712.conf -#usr/share/alsa/cards/ICE1724.conf -#usr/share/alsa/cards/ICH-MODEM.conf -#usr/share/alsa/cards/ICH.conf -#usr/share/alsa/cards/ICH4.conf -#usr/share/alsa/cards/Loopback.conf -#usr/share/alsa/cards/Maestro3.conf -#usr/share/alsa/cards/NFORCE.conf -#usr/share/alsa/cards/PC-Speaker.conf -#usr/share/alsa/cards/PMac.conf -#usr/share/alsa/cards/PMacToonie.conf -#usr/share/alsa/cards/PS3.conf -#usr/share/alsa/cards/RME9636.conf -#usr/share/alsa/cards/RME9652.conf -#usr/share/alsa/cards/SB-XFi.conf -#usr/share/alsa/cards/SI7018.conf -#usr/share/alsa/cards/TRID4DWAVENX.conf -#usr/share/alsa/cards/USB-Audio.conf -#usr/share/alsa/cards/VIA686A.conf -#usr/share/alsa/cards/VIA8233.conf -#usr/share/alsa/cards/VIA8233A.conf -#usr/share/alsa/cards/VIA8237.conf -#usr/share/alsa/cards/VX222.conf -#usr/share/alsa/cards/VXPocket.conf -#usr/share/alsa/cards/VXPocket440.conf -#usr/share/alsa/cards/YMF744.conf -#usr/share/alsa/cards/aliases.conf -#usr/share/alsa/cards/pistachio-card.conf -#usr/share/alsa/cards/vc4-hdmi.conf +usr/share/alsa/cards/AACI.conf +usr/share/alsa/cards/ATIIXP-MODEM.conf +usr/share/alsa/cards/ATIIXP-SPDMA.conf +usr/share/alsa/cards/ATIIXP.conf +usr/share/alsa/cards/AU8810.conf +usr/share/alsa/cards/AU8820.conf +usr/share/alsa/cards/AU8830.conf +usr/share/alsa/cards/Audigy.conf +usr/share/alsa/cards/Audigy2.conf +usr/share/alsa/cards/Aureon51.conf +usr/share/alsa/cards/Aureon71.conf +usr/share/alsa/cards/CA0106.conf +usr/share/alsa/cards/CMI8338-SWIEC.conf +usr/share/alsa/cards/CMI8338.conf +usr/share/alsa/cards/CMI8738-MC6.conf +usr/share/alsa/cards/CMI8738-MC8.conf +usr/share/alsa/cards/CMI8788.conf +usr/share/alsa/cards/CS46xx.conf +usr/share/alsa/cards/EMU10K1.conf +usr/share/alsa/cards/EMU10K1X.conf +usr/share/alsa/cards/ENS1370.conf +usr/share/alsa/cards/ENS1371.conf +usr/share/alsa/cards/ES1968.conf +usr/share/alsa/cards/Echo_Echo3G.conf +usr/share/alsa/cards/FM801.conf +usr/share/alsa/cards/FWSpeakers.conf +usr/share/alsa/cards/FireWave.conf +usr/share/alsa/cards/GUS.conf +usr/share/alsa/cards/HDA-Intel.conf +usr/share/alsa/cards/HdmiLpeAudio.conf +usr/share/alsa/cards/ICE1712.conf +usr/share/alsa/cards/ICE1724.conf +usr/share/alsa/cards/ICH-MODEM.conf +usr/share/alsa/cards/ICH.conf +usr/share/alsa/cards/ICH4.conf +usr/share/alsa/cards/Loopback.conf +usr/share/alsa/cards/Maestro3.conf +usr/share/alsa/cards/NFORCE.conf +usr/share/alsa/cards/PC-Speaker.conf +usr/share/alsa/cards/PMac.conf +usr/share/alsa/cards/PMacToonie.conf +usr/share/alsa/cards/PS3.conf +usr/share/alsa/cards/RME9636.conf +usr/share/alsa/cards/RME9652.conf +usr/share/alsa/cards/SB-XFi.conf +usr/share/alsa/cards/SI7018.conf +usr/share/alsa/cards/TRID4DWAVENX.conf +usr/share/alsa/cards/USB-Audio.conf +usr/share/alsa/cards/VIA686A.conf +usr/share/alsa/cards/VIA8233.conf +usr/share/alsa/cards/VIA8233A.conf +usr/share/alsa/cards/VIA8237.conf +usr/share/alsa/cards/VX222.conf +usr/share/alsa/cards/VXPocket.conf +usr/share/alsa/cards/VXPocket440.conf +usr/share/alsa/cards/YMF744.conf +usr/share/alsa/cards/aliases.conf +usr/share/alsa/cards/pistachio-card.conf +usr/share/alsa/cards/vc4-hdmi.conf #usr/share/alsa/ctl -#usr/share/alsa/ctl/default.conf +usr/share/alsa/ctl/default.conf #usr/share/alsa/init #usr/share/alsa/init/00main #usr/share/alsa/init/ca0106 @@ -341,23 +341,23 @@ usr/share/alsa #usr/share/alsa/init/info #usr/share/alsa/init/test #usr/share/alsa/pcm -#usr/share/alsa/pcm/center_lfe.conf -#usr/share/alsa/pcm/default.conf -#usr/share/alsa/pcm/dmix.conf -#usr/share/alsa/pcm/dpl.conf -#usr/share/alsa/pcm/dsnoop.conf -#usr/share/alsa/pcm/front.conf -#usr/share/alsa/pcm/hdmi.conf -#usr/share/alsa/pcm/iec958.conf -#usr/share/alsa/pcm/modem.conf -#usr/share/alsa/pcm/rear.conf -#usr/share/alsa/pcm/side.conf -#usr/share/alsa/pcm/surround21.conf -#usr/share/alsa/pcm/surround40.conf -#usr/share/alsa/pcm/surround41.conf -#usr/share/alsa/pcm/surround50.conf -#usr/share/alsa/pcm/surround51.conf -#usr/share/alsa/pcm/surround71.conf +usr/share/alsa/pcm/center_lfe.conf +usr/share/alsa/pcm/default.conf +usr/share/alsa/pcm/dmix.conf +usr/share/alsa/pcm/dpl.conf +usr/share/alsa/pcm/dsnoop.conf +usr/share/alsa/pcm/front.conf +usr/share/alsa/pcm/hdmi.conf +usr/share/alsa/pcm/iec958.conf +usr/share/alsa/pcm/modem.conf +usr/share/alsa/pcm/rear.conf +usr/share/alsa/pcm/side.conf +usr/share/alsa/pcm/surround21.conf +usr/share/alsa/pcm/surround40.conf +usr/share/alsa/pcm/surround41.conf +usr/share/alsa/pcm/surround50.conf +usr/share/alsa/pcm/surround51.conf +usr/share/alsa/pcm/surround71.conf #usr/share/locale/de/LC_MESSAGES/alsa-utils.mo #usr/share/locale/eu/LC_MESSAGES/alsa-utils.mo #usr/share/locale/fr/LC_MESSAGES/alsa-utils.mo @@ -397,4 +397,5 @@ usr/share/sounds/alsa #usr/share/sounds/alsa/Rear_Right.wav #usr/share/sounds/alsa/Side_Left.wav #usr/share/sounds/alsa/Side_Right.wav +var/ipfire/backup/addons/includes/alsa var/lib/alsa diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 6f2c831d7..729a47ac6 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -1,4 +1,3 @@ -etc/logrotate.d/zabbix_agentd etc/rc.d/init.d/zabbix_agentd etc/sudoers.d/zabbix_agentd etc/sudoers.d/zabbix_agentd_user @@ -21,4 +20,3 @@ var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf var/ipfire/zabbix_agentd/userparameters var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf -#var/log/zabbix diff --git a/config/zabbix_agentd/logrotate b/config/zabbix_agentd/logrotate deleted file mode 100644 index 83bbca9fb..000000000 --- a/config/zabbix_agentd/logrotate +++ /dev/null @@ -1,9 +0,0 @@ -/var/log/zabbix/zabbix_agentd.log { - monthly - rotate 12 - compress - delaycompress - missingok - notifempty - create 0640 zabbix zabbix -} diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf index 10c09c25d..c5a636edf 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -5,7 +5,7 @@ UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 # Internet Gateway availability, can be used to check Internet connection UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? ]; echo $? # Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain -UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/* DROP_.* */$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{"chain": "%s", "bytes": "%s"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' +UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/* DROP_.* */$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{"chain": "%s", "bytes": "%s"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' # Number of currently Active DHCP leases UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l # Number of Captive Portal clients diff --git a/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf b/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf index c6be948be..f6580f3ba 100644 --- a/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf +++ b/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf @@ -1,8 +1,7 @@ PidFile=/var/run/zabbix/zabbix_agentd.pid
-# Log rotation is managed by logrotate -LogFile=/var/log/zabbix/zabbix_agentd.log -LogFileSize=0 +# Logs go to syslog so it can be viewed in WUI logviewer +LogType=system
# These paths are included in the IPFire backups. Do not put user modules # or configuration files in other locations if you want them included in the diff --git a/html/cgi-bin/backup.cgi b/html/cgi-bin/backup.cgi index 1c01cb286..3888ccbff 100644 --- a/html/cgi-bin/backup.cgi +++ b/html/cgi-bin/backup.cgi @@ -366,6 +366,13 @@ sub deliver_file() {
# Deliver content open(FILE, "<$file") or die "Unable to open $file: $!"; - print <FILE>; + + # Read the file line by line and send it + # to the client. + while (<FILE>) { + print $_; + } + + # Close file handle. close(FILE); } diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat index 53b9073fc..01c382a0d 100644 --- a/html/cgi-bin/logs.cgi/log.dat +++ b/html/cgi-bin/logs.cgi/log.dat @@ -78,7 +78,8 @@ my %sections = ( 'ssh' => '(sshd(?:(.*))?[.*]: )', 'unbound' => '(unbound: [.*?])(.*:.*$)', 'urlfilter bl' => '(installpackage[urlfilter]: )', - 'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:)' + 'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:)', + 'zabbix_agentd' => '(zabbix_agentd[.*?]: )' );
# Translations for the %sections array. @@ -112,7 +113,8 @@ my %trsections = ( 'ssh' => 'SSH', 'unbound' => 'DNS: Unbound', 'urlfilter bl' => 'URLFilter Blacklist', - 'wireless' => 'Wireless' + 'wireless' => 'Wireless', + 'zabbix_agentd' => 'Zabbix Agent' );
diff --git a/lfs/alsa b/lfs/alsa index 2d89af880..db7afe4b1 100644 --- a/lfs/alsa +++ b/lfs/alsa @@ -37,11 +37,11 @@ DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) PROG = alsa -PAK_VER = 15 +PAK_VER = 16
DEPS =
-SERVICES = alsa +SERVICES =
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -104,6 +104,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP)/alsa-firmware-$(FVER) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP)/alsa-firmware-$(FVER) && make install # install initscript - $(call INSTALL_INITSCRIPTS,$(SERVICES)) + $(call INSTALL_INITSCRIPTS,alsa) + # install backup include file + install -v -m 644 ${DIR_SRC}/config/backup/includes/alsa \ + /var/ipfire/backup/addons/includes/alsa @rm -rf $(DIR_SRC)/alsa* @$(POSTBUILD) diff --git a/lfs/initscripts b/lfs/initscripts index 55f0066e5..0312d8ae4 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -155,7 +155,6 @@ $(TARGET) : ln -sf ../init.d/mountkernfs /etc/rc.d/rcsysinit.d/S00mountkernfs ln -sf ../init.d/sysctl /etc/rc.d/rcsysinit.d/S01sysctl ln -sf ../init.d/modules /etc/rc.d/rcsysinit.d/S05modules - ln -sf ../init.d/lvmetad /etc/rc.d/rcsysinit.d/S09lvmetad ln -sf ../init.d/udev /etc/rc.d/rcsysinit.d/S10udev ln -sf ../init.d/waitdrives /etc/rc.d/rcsysinit.d/S19waitdrives ln -sf ../init.d/partresize /etc/rc.d/rcsysinit.d/S25partresize diff --git a/lfs/libcap b/lfs/libcap index 9eab679ff..63f4ef8b0 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -72,10 +72,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) # Prevent a static library from being installed cd $(DIR_APP) && sed -i '/install -m.*STA/d' libcap/Makefile - cd $(DIR_APP) && make GOLANG=no - cd $(DIR_APP) && make install GOLANG=no - rm -vf /lib/libcap.so - ln -svf /lib/libcap.so.2.67 /usr/lib/libcap.so - chmod +x /lib/libcap.so.* + cd $(DIR_APP) && make GOLANG=no \ + prefix=/usr \ + exec_prefix= \ + lib_prefix=/usr + cd $(DIR_APP) && make install GOLANG=no \ + prefix=/usr \ + exec_prefix= \ + lib_prefix=/usr @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/libhtp b/lfs/libhtp index 80963c013..0b6015cde 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.5.42 +VER = 0.5.43
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8e1446992c40c2c2e9e7dd096803752245eebf3b5e48e0215430dbfe225ae029b2e01fadca61bdd994b534a0ed140b0a0149aa9a0dde64409ebf0afdd2bf6fd7 +$(DL_FILE)_BLAKE2 = 071cadc254b7af55bf410db5689429ca7588005b2f74fbd8468f2d6eeaf00c55ae99e8dd78552a5bf11ace5c8047b28a844db343937827a428b6d8b8d9036d29
install : $(TARGET)
diff --git a/lfs/linux b/lfs/linux index 489715424..a95c6aea4 100644 --- a/lfs/linux +++ b/lfs/linux @@ -147,6 +147,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Fix pmc compile dependency errors cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
+ # Patch netfilter CVE-2023-32233 + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch + ifeq "$(BUILD_ARCH)" "aarch64" # Apply Arm-multiarch kernel patches. cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1 diff --git a/lfs/lvm2 b/lfs/lvm2 index 5b39f05f5..2f1e921fc 100644 --- a/lfs/lvm2 +++ b/lfs/lvm2 @@ -81,7 +81,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-pkgconfig \ --with-udevdir=/lib/udev/rules.d \ --with-default-locking-dir=/run/lvm \ - --enable-lvmetad \ --enable-udev_rules \ --enable-udev_sync cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/mpfr b/lfs/mpfr index 818566390..c799086d9 100644 --- a/lfs/mpfr +++ b/lfs/mpfr @@ -70,10 +70,10 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) -# No patches yet for version 4.2.0 -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mpfr-4.1.1-cumulative-patches-1-to-1.patch - cd $(DIR_APP) && $(CONFIGURE_ARGS) ./configure --prefix=/usr \ - --enable-thread-safe + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mpfr-4.2.0-cumulative-patches-1-to-4.patch + cd $(DIR_APP) && $(CONFIGURE_ARGS) ./configure \ + --prefix=/usr \ + --enable-thread-safe cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/rng-tools b/lfs/rng-tools index 6a85a8482..86fc0ce3d 100644 --- a/lfs/rng-tools +++ b/lfs/rng-tools @@ -24,7 +24,7 @@
include Config
-VER = 6.14 +VER = 6.16 SUMMARY = This is a random number generator daemon
THISAPP = rng-tools-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rng-tools -PAK_VER = 1 +PAK_VER = 2
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 177065f9ea68b68459d034d38278f866a0c9d5c499578fabcc29ceb387b49667393f23dcae9f13ff401599846e872dbada73f5e319a99dfa4605cdb77ee3e896 +$(DL_FILE)_BLAKE2 = ab1a84c9a298e71ea5cdc1e91004ac069199a0128ee9701b1b3e24b6c705c63a642ab3db260a2c6c910c185e8fc75d5775caa3b7c370f102c75fac496e9bca17
install : $(TARGET)
@@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./autogen.sh cd $(DIR_APP) && ./configure \ - --prefix=/usr \ + --prefix=/usr \ --without-pkcs11 \ --without-rtlsdr cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) diff --git a/lfs/squid b/lfs/squid index 5d79bf382..bc0682031 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,8 +24,7 @@
include Config
-VER = 5.8 -LANGPACK = 20230225 +VER = 5.9
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,14 +42,11 @@ endif # Top-level Rules ###############################################################################
-objects = $(DL_FILE) \ - squid-langpack-$(LANGPACK).tar.gz +objects = $(DL_FILE)
-$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) -squid-langpack-$(LANGPACK).tar.gz = $(URL_IPFIRE)/squid-langpack-$(LANGPACK).tar.gz +$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c9d1ae9464e68beabdf7ae1641a70d6c614bc4d4f4bae3fc5946c2bf61510634992cbd5abe63f071104edb2fa487a6c5c7fb8fbf8f06ac723a6522ec9ade8b68 -squid-langpack-$(LANGPACK).tar.gz_BLAKE2 = 169a05d16770f56e515fd633658e8bcd9464fb01ccba76256b119932c833af7bc22e3e8d3a7d5fde37638546f15822a4d1548a78af13be9f4e3b8989758250b6 +$(DL_FILE)_BLAKE2 = 898a34357f8019291379ea37c66fa312e1a6437e8f643987dd4e54d7d52728248e16129b00195c5f6e0378c0f32c9f9ade3f98ca0ec4bb952f9f443357face82
install : $(TARGET)
@@ -80,7 +76,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP)/errors && tar zxf $(DIR_DL)/squid-langpack-$(LANGPACK).tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squid/01_squid-gcc11.patch
diff --git a/lfs/suricata b/lfs/suricata index 98710d9e2..75698b0b1 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.10 +VER = 6.0.11
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 +$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4
install : $(TARGET)
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index d7b5a4b37..4f2a8b5d8 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 6.0.6 +VER = 6.0.16
THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 6 +PAK_VER = 7
DEPS = fping
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f9d07ca8938ae4e5e47048c32872644caeda0ecdef17513c63c63d1ce2aaa4ac0c92e6c70932bc598ff908419dae05bab32924f5973a5528b5668f7c7c2c5a17 +$(DL_FILE)_BLAKE2 = 87f7c043f30ef9902b3673e2d444e37b32ef998d178fa5718ed9aa098f841f23237d79e54985ba3a415a86433a685387af33810f53a78837be6a1aa2870ed65a
install : $(TARGET)
@@ -114,10 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix
- # Create directory for logging - -mkdir -pv /var/log/zabbix - chown zabbix.zabbix /var/log/zabbix - # Create directory for pid. -mkdir -pv /var/run/zabbix chown zabbix.zabbix /var/run/zabbix @@ -135,10 +131,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ /var/ipfire/backup/addons/includes/zabbix_agentd
- # Install include file for Logrotate - -mkdir -pv /etc/logrotate.d - install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/logrotate \ - /etc/logrotate.d/zabbix_agentd - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/packages/avahi b/src/initscripts/packages/avahi old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/bird b/src/initscripts/packages/bird old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/frr b/src/initscripts/packages/frr old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/guardian b/src/initscripts/packages/guardian old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/nqptp b/src/initscripts/packages/nqptp old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/qemu-ga b/src/initscripts/packages/qemu-ga old mode 100755 new mode 100644 diff --git a/src/initscripts/packages/shairport-sync b/src/initscripts/packages/shairport-sync old mode 100755 new mode 100644 diff --git a/src/initscripts/system/conntrackd b/src/initscripts/system/conntrackd old mode 100755 new mode 100644 diff --git a/src/initscripts/system/lvmetad b/src/initscripts/system/lvmetad deleted file mode 100755 index 87cf87d33..000000000 --- a/src/initscripts/system/lvmetad +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /etc/sysconfig/rc -. ${rc_functions} - -case "${1}" in - start) - # Create diretory for control socket - mkdir -p /run/lvm - - boot_mesg "Starting LVM2 Metadata Daemon..." - loadproc /usr/sbin/lvmetad - ;; - - stop) - boot_mesg "Stopping LVM2 Metadata Daemon..." - killproc /usr/sbin/lvmetad - ;; - - restart) - ${0} stop - sleep 1 - ${0} start - ;; - - status) - statusproc /usr/sbin/lvmetad - ;; - - *) - echo "Usage: ${0} {start|stop|restart|status}" - exit 1 - ;; -esac diff --git a/src/initscripts/system/vnstat b/src/initscripts/system/vnstat old mode 100755 new mode 100644 diff --git a/src/paks/alsa/install.sh b/src/paks/alsa/install.sh index 7b6b3dc80..ee0092195 100644 --- a/src/paks/alsa/install.sh +++ b/src/paks/alsa/install.sh @@ -24,7 +24,13 @@ . /opt/pakfire/lib/functions.sh extract_files groupadd audio 2>/dev/null -touch /etc/asound.state +touch /var/lib/alsa/asound.state +if [ -f /etc/asound.state ]; then + rm /etc/asound.state +fi +restore_backup ${NAME} ln -svf ../init.d/alsa /etc/rc.d/rc3.d/S65alsa ln -svf ../init.d/alsa /etc/rc.d/rc0.d/K35alsa ln -svf ../init.d/alsa /etc/rc.d/rc6.d/K35alsa +start_service ${NAME} +exit 0 diff --git a/src/paks/alsa/uninstall.sh b/src/paks/alsa/uninstall.sh index 62e27008d..ce88c294b 100644 --- a/src/paks/alsa/uninstall.sh +++ b/src/paks/alsa/uninstall.sh @@ -22,5 +22,11 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} +# unload alsa related modules +modprobe -r snd_pcm_oss >/dev/null 2>&1 || failed=1 +modprobe -r snd_timer >/dev/null 2>&1 || failed=1 remove_files rm -rf /etc/rc.d/rc*.d/*alsa +exit 0 diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index 80632d1ec..e3f988c34 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -39,7 +39,6 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc0.d/K02zabbix_agentd ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd
# Create additonal directories and set permissions -[ -d /var/log/zabbix ] || ( mkdir -pv /var/log/zabbix && chown zabbix.zabbix /var/log/zabbix ) [ -d /usr/lib/zabbix ] || ( mkdir -pv /usr/lib/zabbix && chown zabbix.zabbix /usr/lib/zabbix )
restore_backup ${NAME} @@ -66,8 +65,7 @@ grep -q "Include=/var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf" if [ $? -eq 1 ]; then # Remove settings that are now in our own config sed -i -e "|^PidFile=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf - sed -i -e "|^LogFile=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf - sed -i -e "|^LogFileSize=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf + sed -i -e "|^LogType=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf sed -i -e "|^LoadModulePath=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf sed -i -e "|^Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf$|d" /etc/zabbix_agentd/zabbix_agentd.conf # Include our own config in main config diff --git a/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch b/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch new file mode 100644 index 000000000..cd75de5c2 --- /dev/null +++ b/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch @@ -0,0 +1,121 @@ +From c1592a89942e9678f7d9c8030efa777c0d57edab Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso pablo@netfilter.org +Date: Tue, 2 May 2023 10:25:24 +0200 +Subject: netfilter: nf_tables: deactivate anonymous set from preparation phase + +Toggle deleted anonymous sets as inactive in the next generation, so +users cannot perform any update on it. Clear the generation bitmask +in case the transaction is aborted. + +The following KASAN splat shows a set element deletion for a bound +anonymous set that has been already removed in the same transaction. + +[ 64.921510] ================================================================== +[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables] +[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890 +[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253 +[ 64.931120] Call Trace: +[ 64.932699] <TASK> +[ 64.934292] dump_stack_lvl+0x33/0x50 +[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables] +[ 64.937551] kasan_report+0xda/0x120 +[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables] +[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables] +[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60 +[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables] +[ 64.945710] ? kasan_set_track+0x21/0x30 +[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink] +[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink] + +Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org +--- + include/net/netfilter/nf_tables.h | 1 + + net/netfilter/nf_tables_api.c | 12 ++++++++++++ + net/netfilter/nft_dynset.c | 2 +- + net/netfilter/nft_lookup.c | 2 +- + net/netfilter/nft_objref.c | 2 +- + 5 files changed, 16 insertions(+), 3 deletions(-) + +diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h +index 3ed21d2d56590..2e24ea1d744c2 100644 +--- a/include/net/netfilter/nf_tables.h ++++ b/include/net/netfilter/nf_tables.h +@@ -619,6 +619,7 @@ struct nft_set_binding { + }; + + enum nft_trans_phase; ++void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set); + void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, + struct nft_set_binding *binding, + enum nft_trans_phase phase); +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 8b6c61a2196cb..59fb8320ab4d7 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -5127,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, + } + } + ++void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set) ++{ ++ if (nft_set_is_anonymous(set)) ++ nft_clear(ctx->net, set); ++ ++ set->use++; ++} ++EXPORT_SYMBOL_GPL(nf_tables_activate_set); ++ + void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, + struct nft_set_binding *binding, + enum nft_trans_phase phase) + { + switch (phase) { + case NFT_TRANS_PREPARE: ++ if (nft_set_is_anonymous(set)) ++ nft_deactivate_next(ctx->net, set); ++ + set->use--; + return; + case NFT_TRANS_ABORT: +diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c +index 274579b1696e0..bd19c7aec92ee 100644 +--- a/net/netfilter/nft_dynset.c ++++ b/net/netfilter/nft_dynset.c +@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx, + { + struct nft_dynset *priv = nft_expr_priv(expr); + +- priv->set->use++; ++ nf_tables_activate_set(ctx, priv->set); + } + + static void nft_dynset_destroy(const struct nft_ctx *ctx, +diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c +index cecf8ab90e58f..03ef4fdaa460b 100644 +--- a/net/netfilter/nft_lookup.c ++++ b/net/netfilter/nft_lookup.c +@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx, + { + struct nft_lookup *priv = nft_expr_priv(expr); + +- priv->set->use++; ++ nf_tables_activate_set(ctx, priv->set); + } + + static void nft_lookup_destroy(const struct nft_ctx *ctx, +diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c +index cb37169608bab..a48dd5b5d45b1 100644 +--- a/net/netfilter/nft_objref.c ++++ b/net/netfilter/nft_objref.c +@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx, + { + struct nft_objref_map *priv = nft_expr_priv(expr); + +- priv->set->use++; ++ nf_tables_activate_set(ctx, priv->set); + } + + static void nft_objref_map_destroy(const struct nft_ctx *ctx, +-- +cgit + diff --git a/src/patches/mpfr-4.2.0-cumulative-patches-1-to-4.patch b/src/patches/mpfr-4.2.0-cumulative-patches-1-to-4.patch new file mode 100644 index 000000000..e12ed4708 --- /dev/null +++ b/src/patches/mpfr-4.2.0-cumulative-patches-1-to-4.patch @@ -0,0 +1,521 @@ +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-04-17 21:17:39.748645280 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-04-17 21:17:39.792645218 +0000 +@@ -0,0 +1 @@ ++tsprintf-thousands +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-04-17 21:17:39.792645218 +0000 +@@ -1 +1 @@ +-4.2.0 ++4.2.0-p1 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-04-17 21:17:39.788645224 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0" ++#define MPFR_VERSION_STRING "4.2.0-p1" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-01-06 10:55:57.000000000 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-04-17 21:17:39.792645218 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0"; ++ return "4.2.0-p1"; + } +diff -Naurd mpfr-4.2.0-a/tests/tsprintf.c mpfr-4.2.0-b/tests/tsprintf.c +--- mpfr-4.2.0-a/tests/tsprintf.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tsprintf.c 2023-04-17 21:17:39.784645229 +0000 +@@ -1715,7 +1715,25 @@ + check_sprintf ("000000001,000", "%'013.4Rg", x); + + #ifdef PRINTF_GROUPFLAG +- check_vsprintf ("+01,234,567 :", "%0+ -'13.10Pd:", (mpfr_prec_t) 1234567); ++ /* Do not test the thousands separator with a precision field larger ++ than the number of digits (thus needing leading zeros), such as ++ "%0+ -'13.10Pd:" (used up to MPFR 4.2.0), since the GNU libc is ++ buggy: https://sourceware.org/bugzilla/show_bug.cgi?id=23432 ++ We don't know about the other implementations. ++ This new test works fine with glibc up to 2.36, but fails with 2.37 ++ (as reported by Klaus Dittrich in the MPFR mailing-list); this is ++ actually a bug introduced in glibc 2.37, not in MPFR: ++ https://sourceware.org/bugzilla/show_bug.cgi?id=30068 ++ Since this bug can yield a buffer overflow (CVE-2023-25139), possibly ++ affecting MPFR users, let us rather require a fix in glibc. This bug ++ has been fixed in the 2.37 branch: ++ https://sourceware.org/git/?p=glibc.git;a=commit;h=07b9521fc6 ++ If we wanted to check that and avoid a failure of the test because of ++ a buggy C library (while MPFR would be consistent with the C library), ++ we could compare the MPFR output with both the correct output and the ++ output from the C library (possibly buggy). But to do that in a clean ++ way, this would require a change in the check_vsprintf() call. */ ++ check_vsprintf ("+1,234,567 :", "%0+ -'13Pd:", (mpfr_prec_t) 1234567); + #endif + + mpfr_clear (x); +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-04-17 21:18:00.464616127 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-04-17 21:18:00.512616059 +0000 +@@ -0,0 +1 @@ ++ui_pow_ui-overflow +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-04-17 21:17:39.792645218 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-04-17 21:18:00.512616059 +0000 +@@ -1 +1 @@ +-4.2.0-p1 ++4.2.0-p2 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-04-17 21:17:39.788645224 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-04-17 21:18:00.508616065 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p1" ++#define MPFR_VERSION_STRING "4.2.0-p2" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/ui_pow_ui.c mpfr-4.2.0-b/src/ui_pow_ui.c +--- mpfr-4.2.0-a/src/ui_pow_ui.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/src/ui_pow_ui.c 2023-04-17 21:18:00.504616070 +0000 +@@ -23,7 +23,7 @@ + #include "mpfr-impl.h" + + int +-mpfr_ui_pow_ui (mpfr_ptr x, unsigned long int y, unsigned long int n, ++mpfr_ui_pow_ui (mpfr_ptr x, unsigned long int k, unsigned long int n, + mpfr_rnd_t rnd) + { + mpfr_exp_t err; +@@ -35,22 +35,28 @@ + MPFR_ZIV_DECL (loop); + MPFR_SAVE_EXPO_DECL (expo); + ++ MPFR_LOG_FUNC ++ (("k=%lu n=%lu rnd=%d", k, n, rnd), ++ ("y[%Pu]=%.*Rg inexact=%d", ++ mpfr_get_prec (x), mpfr_log_prec, x, inexact)); ++ + if (MPFR_UNLIKELY (n <= 1)) + { + if (n == 1) +- return mpfr_set_ui (x, y, rnd); /* y^1 = y */ ++ return mpfr_set_ui (x, k, rnd); /* k^1 = k */ + else +- return mpfr_set_ui (x, 1, rnd); /* y^0 = 1 for any y */ ++ return mpfr_set_ui (x, 1, rnd); /* k^0 = 1 for any k */ + } +- else if (MPFR_UNLIKELY (y <= 1)) ++ else if (MPFR_UNLIKELY (k <= 1)) + { +- if (y == 1) ++ if (k == 1) + return mpfr_set_ui (x, 1, rnd); /* 1^n = 1 for any n > 0 */ + else + return mpfr_set_ui (x, 0, rnd); /* 0^n = 0 for any n > 0 */ + } + +- for (size_n = 0, m = n; m; size_n++, m >>= 1); ++ for (size_n = 0, m = n; m != 0; size_n++, m >>= 1) ++ ; + + MPFR_SAVE_EXPO_MARK (expo); + prec = MPFR_PREC (x) + 3 + size_n; +@@ -60,23 +66,55 @@ + for (;;) + { + int i = size_n; ++ unsigned int inex_res; + +- inexact = mpfr_set_ui (res, y, MPFR_RNDU); ++ inex_res = mpfr_set_ui (res, k, MPFR_RNDU); + err = 1; + /* now 2^(i-1) <= n < 2^i: i=1+floor(log2(n)) */ + for (i -= 2; i >= 0; i--) + { +- inexact |= mpfr_sqr (res, res, MPFR_RNDU); ++ inex_res |= mpfr_sqr (res, res, MPFR_RNDU); + err++; + if (n & (1UL << i)) +- inexact |= mpfr_mul_ui (res, res, y, MPFR_RNDU); ++ inex_res |= mpfr_mul_ui (res, res, k, MPFR_RNDU); + } ++ ++ if (MPFR_UNLIKELY (MPFR_IS_INF (res))) ++ { ++ mpfr_t kf; ++ mpz_t z; ++ int size_k; ++ MPFR_BLOCK_DECL (flags); ++ ++ /* Let's handle the overflow by calling mpfr_pow_z. ++ Alternatively, we could call mpfr_pow_ui; this would ++ need a bit shorter code below, but mpfr_pow_ui handles ++ the overflow by calling mpfr_pow_z, so that calling ++ mpfr_pow_z directly should be a bit more efficient. */ ++ ++ MPFR_ZIV_FREE (loop); ++ mpfr_clear (res); ++ for (size_k = 0, m = k; m != 0; size_k++, m >>= 1) ++ ; ++ mpfr_init2 (kf, size_k); ++ inexact = mpfr_set_ui (kf, k, MPFR_RNDN); ++ MPFR_ASSERTD (inexact == 0); ++ mpz_init (z); ++ mpz_set_ui (z, n); ++ MPFR_BLOCK (flags, inexact = mpfr_pow_z (x, kf, z, rnd);); ++ mpz_clear (z); ++ mpfr_clear (kf); ++ MPFR_SAVE_EXPO_UPDATE_FLAGS (expo, flags); ++ goto end; ++ } ++ + /* since the loop is executed floor(log2(n)) times, + we have err = 1+floor(log2(n)). + Since prec >= MPFR_PREC(x) + 4 + floor(log2(n)), prec > err */ + err = prec - err; + +- if (MPFR_LIKELY (inexact == 0 ++ MPFR_LOG_VAR (res); ++ if (MPFR_LIKELY (!inex_res + || MPFR_CAN_ROUND (res, err, MPFR_PREC (x), rnd))) + break; + +@@ -90,6 +128,7 @@ + + mpfr_clear (res); + ++ end: + MPFR_SAVE_EXPO_FREE (expo); + return mpfr_check_range (x, inexact, rnd); + } +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-04-17 21:17:39.792645218 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-04-17 21:18:00.512616059 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p1"; ++ return "4.2.0-p2"; + } +diff -Naurd mpfr-4.2.0-a/tests/tlog10.c mpfr-4.2.0-b/tests/tlog10.c +--- mpfr-4.2.0-a/tests/tlog10.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tlog10.c 2023-04-17 21:18:00.504616070 +0000 +@@ -49,6 +49,60 @@ + #define TEST_RANDOM_POS 8 + #include "tgeneric.c" + ++/* On 2023-02-13, one gets an infinite loop in mpfr_log10 on both ++ 32-bit and 64-bit hosts when the precision is not large enough ++ (precision 12 and below). */ ++static void ++bug20230213 (void) ++{ ++ mpfr_exp_t old_emin, old_emax, e; ++ mpfr_t t, x, y0, y1, y2; ++ int prec; ++ ++ old_emin = mpfr_get_emin (); ++ old_emax = mpfr_get_emax (); ++ ++ set_emin (MPFR_EMIN_MIN); ++ set_emax (MPFR_EMAX_MAX); ++ e = mpfr_get_emax () - 1; ++ ++ /* The precisions of t and y0 should be large enough to avoid ++ a hard-to-round case for the target precisions. */ ++ mpfr_inits2 (64, t, y0, (mpfr_ptr) 0); ++ mpfr_set_exp_t (y0, e, MPFR_RNDN); ++ mpfr_log_ui (t, 10, MPFR_RNDN); ++ mpfr_div (y0, y0, t, MPFR_RNDN); ++ mpfr_log_ui (t, 2, MPFR_RNDN); ++ mpfr_mul (y0, y0, t, MPFR_RNDN); ++ ++ for (prec = 16; prec >= MPFR_PREC_MIN; prec--) ++ { ++ mpfr_inits2 (prec, x, y1, y2, (mpfr_ptr) 0); ++ mpfr_set (y1, y0, MPFR_RNDN); ++ ++ mpfr_set_ui_2exp (x, 1, e, MPFR_RNDN); ++ mpfr_log10 (y2, x, MPFR_RNDN); ++ MPFR_ASSERTN (MPFR_IS_PURE_FP (y2)); ++ MPFR_ASSERTN (MPFR_IS_POS (y2)); ++ ++ if (! mpfr_equal_p (y1, y2)) ++ { ++ printf ("Error in bug20230213.\n"); ++ printf ("Expected "); ++ mpfr_dump (y1); ++ printf ("Got "); ++ mpfr_dump (y2); ++ exit (1); ++ } ++ mpfr_clears (x, y1, y2, (mpfr_ptr) 0); ++ } ++ ++ mpfr_clears (t, y0, (mpfr_ptr) 0); ++ ++ set_emin (old_emin); ++ set_emax (old_emax); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -112,6 +166,8 @@ + mpfr_clear (x); + mpfr_clear (y); + ++ bug20230213 (); ++ + data_check ("data/log10", mpfr_log10, "mpfr_log10"); + + tests_end_mpfr (); +diff -Naurd mpfr-4.2.0-a/tests/tui_pow.c mpfr-4.2.0-b/tests/tui_pow.c +--- mpfr-4.2.0-a/tests/tui_pow.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tui_pow.c 2023-04-17 21:18:00.504616070 +0000 +@@ -142,6 +142,37 @@ + mpfr_clear (t); + } + ++static void ++huge (void) ++{ ++ mpfr_exp_t old_emin, old_emax; ++ mpfr_t x; ++ ++ old_emin = mpfr_get_emin (); ++ old_emax = mpfr_get_emax (); ++ ++ set_emin (MPFR_EMIN_MIN); ++ set_emax (MPFR_EMAX_MAX); ++ ++ mpfr_init2 (x, 8); ++ ++ /* The purpose of this test is more to check that mpfr_ui_pow_ui ++ terminates (without taking much memory) rather than checking ++ the value of x. On 2023-02-13, the +Inf case was not handled ++ in the Ziv iteration, yielding an infinite loop, affecting ++ mpfr_log10 in particular. See ++ commit 90de094f0d9c309daca707aa227470d810866616 ++ */ ++ mpfr_ui_pow_ui (x, 5, ULONG_MAX, MPFR_RNDN); ++ if (MPFR_EMAX_MAX <= ULONG_MAX) /* true with default _MPFR_EXP_FORMAT */ ++ MPFR_ASSERTN (MPFR_IS_INF (x)); ++ ++ mpfr_clear (x); ++ ++ set_emin (old_emin); ++ set_emax (old_emax); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -180,6 +211,7 @@ + } + + test1 (); ++ huge (); + + { + mpfr_t z, t; +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-04-17 21:18:26.860579184 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-04-17 21:18:26.904579122 +0000 +@@ -0,0 +1 @@ ++multibyte-decimal_point +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-04-17 21:18:00.512616059 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-04-17 21:18:26.904579122 +0000 +@@ -1 +1 @@ +-4.2.0-p2 ++4.2.0-p3 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-04-17 21:18:00.508616065 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-04-17 21:18:26.900579128 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p2" ++#define MPFR_VERSION_STRING "4.2.0-p3" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-04-17 21:18:00.512616059 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-04-17 21:18:26.904579122 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p2"; ++ return "4.2.0-p3"; + } +diff -Naurd mpfr-4.2.0-a/tests/tfprintf.c mpfr-4.2.0-b/tests/tfprintf.c +--- mpfr-4.2.0-a/tests/tfprintf.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tfprintf.c 2023-04-17 21:18:26.896579133 +0000 +@@ -61,6 +61,12 @@ + exit (1); \ + } + ++#if MPFR_LCONV_DPTS ++#define DPLEN ((int) strlen (localeconv()->decimal_point)) ++#else ++#define DPLEN 1 ++#endif ++ + /* limit for random precision in random() */ + const int prec_max_printf = 5000; + +@@ -195,12 +201,12 @@ + lo, &ulo); + check_length (2, ulo, 36, lu); + check_vfprintf (fout, "a. %hi, b. %*f, c. %Re%hn", ush, 3, f, mpfr, &ush); +- check_length (3, ush, 46, hu); ++ check_length (3, ush, 45 + DPLEN, hu); + check_vfprintf (fout, "a. %hi, b. %f, c. %#.2Rf%n", sh, d, mpfr, &i); +- check_length (4, i, 29, d); ++ check_length (4, i, 28 + DPLEN, d); + check_vfprintf (fout, "a. %R*A, b. %Fe, c. %i%zn", rnd, mpfr, mpf, sz, + &sz); +- check_length (5, (unsigned long) sz, 34, lu); /* no format specifier "%zu" in C90 */ ++ check_length (5, (unsigned long) sz, 33 + DPLEN, lu); /* no format specifier "%zu" in C90 */ + check_vfprintf (fout, "a. %Pu, b. %c, c. %Zi%Zn", prec, ch, mpz, &mpz); + check_length_with_cmp (6, mpz, 17, mpz_cmp_ui (mpz, 17), Zi); + check_vfprintf (fout, "%% a. %#.0RNg, b. %Qx%Rn, c. %p", mpfr, mpq, &mpfr, +@@ -224,7 +230,7 @@ + + #ifdef PRINTF_L + check_vfprintf (fout, "a. %RA, b. %Lf, c. %QX%zn", mpfr, ld, mpq, &sz); +- check_length (9, (unsigned long) sz, 30, lu); /* no format specifier "%zu" in C90 */ ++ check_length (9, (unsigned long) sz, 29 + DPLEN, lu); /* no format specifier "%zu" in C90 */ + #endif + + #ifndef NPRINTF_HH +diff -Naurd mpfr-4.2.0-a/tests/tprintf.c mpfr-4.2.0-b/tests/tprintf.c +--- mpfr-4.2.0-a/tests/tprintf.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tprintf.c 2023-04-17 21:18:26.896579133 +0000 +@@ -68,6 +68,12 @@ + exit (1); \ + } + ++#if MPFR_LCONV_DPTS ++#define DPLEN ((int) strlen (localeconv()->decimal_point)) ++#else ++#define DPLEN 1 ++#endif ++ + /* limit for random precision in random() */ + const int prec_max_printf = 5000; + /* boolean: is stdout redirected to a file ? */ +@@ -316,11 +322,11 @@ + check_vprintf ("a. %c, b. %Rb, c. %u, d. %li%ln", i, mpfr, i, lo, &ulo); + check_length (2, ulo, 36, lu); + check_vprintf ("a. %hi, b. %*f, c. %Re%hn", ush, 3, f, mpfr, &ush); +- check_length (3, ush, 46, hu); ++ check_length (3, ush, 45 + DPLEN, hu); + check_vprintf ("a. %hi, b. %f, c. %#.2Rf%n", sh, d, mpfr, &i); +- check_length (4, i, 29, d); ++ check_length (4, i, 28 + DPLEN, d); + check_vprintf ("a. %R*A, b. %Fe, c. %i%zn", rnd, mpfr, mpf, sz, &sz); +- check_length (5, (unsigned long) sz, 34, lu); /* no format specifier '%zu' in C90 */ ++ check_length (5, (unsigned long) sz, 33 + DPLEN, lu); /* no format specifier '%zu' in C90 */ + check_vprintf ("a. %Pu, b. %c, c. %RUG, d. %Zi%Zn", prec, ch, mpfr, mpz, &mpz); + check_length_with_cmp (6, mpz, 24, mpz_cmp_ui (mpz, 24), Zi); + check_vprintf ("%% a. %#.0RNg, b. %Qx%Rn c. %p", +@@ -344,7 +350,7 @@ + + #ifdef PRINTF_L + check_vprintf ("a. %RA, b. %Lf, c. %QX%zn", mpfr, ld, mpq, &sz); +- check_length (9, (unsigned long) sz, 30, lu); /* no format specifier '%zu' in C90 */ ++ check_length (9, (unsigned long) sz, 29 + DPLEN, lu); /* no format specifier '%zu' in C90 */ + #endif + + #ifndef NPRINTF_HH +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-04-17 21:19:01.988530337 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-04-17 21:19:02.032530276 +0000 +@@ -0,0 +1 @@ ++rec_sqrt-zivloop +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-04-17 21:18:26.904579122 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-04-17 21:19:02.032530276 +0000 +@@ -1 +1 @@ +-4.2.0-p3 ++4.2.0-p4 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-04-17 21:18:26.900579128 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-04-17 21:19:02.032530276 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p3" ++#define MPFR_VERSION_STRING "4.2.0-p4" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/rec_sqrt.c mpfr-4.2.0-b/src/rec_sqrt.c +--- mpfr-4.2.0-a/src/rec_sqrt.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/src/rec_sqrt.c 2023-04-17 21:19:02.024530287 +0000 +@@ -463,6 +463,7 @@ + int s, cy, inex; + mpfr_limb_ptr x; + MPFR_TMP_DECL(marker); ++ MPFR_ZIV_DECL (loop); + + MPFR_LOG_FUNC + (("x[%Pu]=%.*Rg rnd=%d", mpfr_get_prec (u), mpfr_log_prec, u, rnd_mode), +@@ -530,6 +531,7 @@ + wp = rp + 11; + if (wp < rn * GMP_NUMB_BITS) + wp = rn * GMP_NUMB_BITS; ++ MPFR_ZIV_INIT (loop, wp); + for (;;) + { + MPFR_TMP_MARK (marker); +@@ -561,8 +563,9 @@ + } + MPFR_TMP_FREE(marker); + +- wp += GMP_NUMB_BITS; ++ MPFR_ZIV_NEXT (loop, wp); + } ++ MPFR_ZIV_FREE (loop); + cy = mpfr_round_raw (MPFR_MANT(r), x, wp, 0, rp, rnd_mode, &inex); + MPFR_EXP(r) = - (MPFR_EXP(u) - 1 - s) / 2; + if (MPFR_UNLIKELY(cy != 0)) +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-04-17 21:18:26.904579122 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-04-17 21:19:02.032530276 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p3"; ++ return "4.2.0-p4"; + } +diff -Naurd mpfr-4.2.0-a/tests/trec_sqrt.c mpfr-4.2.0-b/tests/trec_sqrt.c +--- mpfr-4.2.0-a/tests/trec_sqrt.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/trec_sqrt.c 2023-04-17 21:19:02.028530282 +0000 +@@ -242,6 +242,8 @@ + data_check ("data/rec_sqrt", mpfr_rec_sqrt, "mpfr_rec_sqrt"); + bad_cases (mpfr_rec_sqrt, pm2, "mpfr_rec_sqrt", 0, -256, 255, 4, 128, + 800, 50); ++ bad_cases (mpfr_rec_sqrt, pm2, "mpfr_rec_sqrt", 0, -256, 255, 9999, 9999, ++ 120000, 1); + + end: + tests_end_mpfr (); diff --git a/src/scripts/archive.files b/src/scripts/archive.files old mode 100755 new mode 100644 diff --git a/src/scripts/captive-cleanup b/src/scripts/captive-cleanup old mode 100755 new mode 100644 diff --git a/src/scripts/convert-dns-settings b/src/scripts/convert-dns-settings old mode 100755 new mode 100644 diff --git a/src/scripts/convert-to-location b/src/scripts/convert-to-location old mode 100755 new mode 100644 diff --git a/src/scripts/openvpn-metrics b/src/scripts/openvpn-metrics old mode 100755 new mode 100644
hooks/post-receive -- IPFire 2.x development tree