[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 - IPFire-SCM

5 Sep 2024

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit)
       via  4eae0fae0bfd5002fab4c719bd369f0200d624cf (commit)
       via  4c672e3b9692927d4d3319cb25283098b9075a46 (commit)
       via  ea1d59e31e45fe598280d62449ba157ac8926f70 (commit)
       via  dbaba25987706f0fe451705a908b5e6b98b95809 (commit)
      from  f91d2f48c032221a9cc4ce5d9ca0aea9334ab1c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Sep 5 09:31:40 2024 +0000
core189: Ship dhcpcd
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4eae0fae0bfd5002fab4c719bd369f0200d624cf
Author: Adolf Belka adolf.belka@ipfire.org
Date:   Thu Sep 5 10:44:49 2024 +0200
dhcpcd: Update to version 10.0.10
- Update from version 10.0.8 to 10.0.10
    - Update of rootfile not required
    - Patch for free selection of MTU has been removed as in version 10.0.9 the MTU code
       was changed to not apply limits to it.
    - Changelog
        10.0.10
    	Reversion of commit "linux: make if_getnetworknamespace static"
        10.0.9
    	Option 2: Fix stdin parsing by @holmanb in #289
    	IPv4LL: Restart ARP probling on address conflict by @LeoRuan in #340
    	DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER by @taoyl-g
    	 in #342
    	DHCP: No longer set interface mtu by @rsmarples in #346
    	Update privsep-linux.c to allow statx by @Jabrwock in #349
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4c672e3b9692927d4d3319cb25283098b9075a46
Author: Adolf Belka adolf.belka@ipfire.org
Date:   Thu Sep 5 10:31:53 2024 +0200
clamav: Update to version 1.3.2
- Update from version 1.3.1 to 1.3.2
    - Update of rootfile
    - 2 CVE Fixes
    - Changelog
        1.3.2
    	- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
    	  Changed the logging module to disable following symlinks on Linux and Unix
    	  systems so as to prevent an attacker with existing access to the 'clamd' or
    	  'freshclam' services from using a symlink to corrupt system files.
    	  This issue affects all currently supported versions. It will be fixed in:
    	  - 1.4.1
    	  - 1.3.2
    	  - 1.0.7
    	  - 0.103.12
    	  Thank you to Detlef for identifying this issue.
    	- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
    	  Fixed a possible out-of-bounds read bug in the PDF file parser that could
    	  cause a denial-of-service (DoS) condition.
    	  This issue affects all currently supported versions. It will be fixed in:
    	  - 1.4.1
    	  - 1.3.2
    	  - 1.0.7
    	  - 0.103.12
    	  Thank you to OSS-Fuzz for identifying this issue.
    	- Removed unused Python modules from freshclam tests including deprecated
    	  'cgi' module that is expected to cause test failures in Python 3.13.
    	- Fix unit test caused by expiring signing certificate.
    	  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305)
    	- Fixed a build issue on Windows with newer versions of Rust.
    	  Also upgraded GitHub Actions imports to fix CI failures.
    	  Fixes courtesy of liushuyu.
    	  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
    	- Fixed an unaligned pointer dereference issue on select architectures.
    	  Fix courtesy of Sebastian Andrzej Siewior.
    	  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
    	- Fixes to Jenkins CI pipeline.
    	  For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1330)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ea1d59e31e45fe598280d62449ba157ac8926f70
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Sep 5 08:56:52 2024 +0000
core189: Ship expat
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dbaba25987706f0fe451705a908b5e6b98b95809
Author: Adolf Belka adolf.belka@ipfire.org
Date:   Wed Sep 4 23:49:24 2024 +0200
expat: Update to version 2.6.3
- Update from version 2.6.2 to 2.6.3
    - Update of rootfile
    - 3 CVE Fixes in this release.
    - Changelog
        2.6.3
    	Security fixes:
    	       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
    	                    len < 0 without noticing and then calling XML_GetBuffer
    	                    will have XML_ParseBuffer fail to recognize the problem
    	                    and XML_GetBuffer corrupt memory.
    	                    With the fix, XML_ParseBuffer now complains with error
    	                    XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
    	                    has been doing since Expat 2.2.1, and now documented.
    	                    Impact is denial of service to potentially artitrary code
    	                    execution.
    	       #888 #891  CVE-2024-45491 -- Internal function dtdCopy can have an
    	                    integer overflow for nDefaultAtts on 32-bit platforms
    	                    (where UINT_MAX equals SIZE_MAX).
    	                    Impact is denial of service to potentially artitrary code
    	                    execution.
    	       #889 #892  CVE-2024-45492 -- Internal function nextScaffoldPart can
    	                    have an integer overflow for m_groupSize on 32-bit
    	                    platforms (where UINT_MAX equals SIZE_MAX).
    	                    Impact is denial of service to potentially artitrary code
    	                    execution.
    	Other changes:
    	       #851 #879  Autotools: Sync CMake templates with CMake 3.28
    	            #853  Autotools: Always provide path to find(1) for portability
    	            #861  Autotools: Ensure that the m4 directory always exists.
    	            #870  Autotools: Simplify handling of SIZEOF_VOID_P
    	            #869  Autotools: Support non-GNU sed
    	            #856  Autotools|CMake: Fix main() to main(void)
    	            #865  Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
    	            #863  Autotools|CMake: Stop requiring dos2unix
    	       #854 #855  CMake: Fix check for symbols size_t and off_t
    	            #864  docs|tests: Convert README to Markdown and update
    	            #741  Windows: Drop support for Visual Studio <=15.0/2017
    	            #886  Drop needless XML_DTD guards around is_param access
    	            #885  Fix typo in a code comment
    	       #894 #896  Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
    	                    to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
    	                    for what these numbers do
    	Infrastructure:
    	            #880  Readme: Promote the call for help
    	            #868  CI: Fix various issues
    	            #849  CI: Allow triggering GitHub Actions workflows manually
    	    #851 #872 ..
    	       #873 #879  CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/expat                      | 21 +++++------
 .../{oldcore/125 => core/189}/filelists/dhcpcd     |  0
 .../{oldcore/106 => core/189}/filelists/expat      |  0
 config/rootfiles/packages/clamav                   |  4 +-
 lfs/clamav                                         |  6 +--
 lfs/dhcpcd                                         |  5 +--
 lfs/expat                                          |  4 +-
 ...2-Allow-free-selection-of-MTU-by-the-user.patch | 44 ----------------------
 8 files changed, 19 insertions(+), 65 deletions(-)
 copy config/rootfiles/{oldcore/125 => core/189}/filelists/dhcpcd (100%)
 copy config/rootfiles/{oldcore/106 => core/189}/filelists/expat (100%)
 delete mode 100644 src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
Difference in files:

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 2ab49e910..51a4de2f7 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,21 @@
 #usr/include/expat.h
 #usr/include/expat_config.h
 #usr/include/expat_external.h
-#usr/lib/cmake
-#usr/lib/cmake/expat-2.6.2
-#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.2/expat-config.cmake
-#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.2/expat.cmake
+#usr/lib/cmake/expat-2.6.3
+#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.3/expat-config.cmake
+#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.3/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.9.2
+usr/lib/libexpat.so.1.9.3
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.6.2
-#usr/share/doc/expat-2.6.2/ok.min.css
-#usr/share/doc/expat-2.6.2/reference.html
-#usr/share/doc/expat-2.6.2/style.css
+#usr/share/doc/expat-2.6.3
+#usr/share/doc/expat-2.6.3/ok.min.css
+#usr/share/doc/expat-2.6.3/reference.html
+#usr/share/doc/expat-2.6.3/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1
diff --git a/config/rootfiles/core/189/filelists/dhcpcd b/config/rootfiles/core/189/filelists/dhcpcd
new file mode 120000
index 000000000..1e799dabb
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/dhcpcd
@@ -0,0 +1 @@
+../../../common/dhcpcd
\ No newline at end of file
diff --git a/config/rootfiles/core/189/filelists/expat b/config/rootfiles/core/189/filelists/expat
new file mode 120000
index 000000000..e1923cf63
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/expat
@@ -0,0 +1 @@
+../../../common/expat
\ No newline at end of file
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 2c7242d7e..f8deb9479 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -105,14 +105,13 @@ usr/sbin/clamd
 #usr/share/doc/ClamAV/html/images
 #usr/share/doc/ClamAV/html/images/change-fork-name.png
 #usr/share/doc/ClamAV/html/images/cisco.png
+#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png
 #usr/share/doc/ClamAV/html/images/clone-your-fork.png
 #usr/share/doc/ClamAV/html/images/create-a-fork.png
 #usr/share/doc/ClamAV/html/images/demon.png
 #usr/share/doc/ClamAV/html/images/flamegraph.svg
 #usr/share/doc/ClamAV/html/images/fork-is-behind.png
 #usr/share/doc/ClamAV/html/images/logo.png
-#usr/share/doc/ClamAV/html/images/new-git-workflow.png
-#usr/share/doc/ClamAV/html/images/old-git-workflow.png
 #usr/share/doc/ClamAV/html/index.html
 #usr/share/doc/ClamAV/html/manual
 #usr/share/doc/ClamAV/html/manual/Development
@@ -163,6 +162,7 @@ usr/sbin/clamd
 #usr/share/doc/ClamAV/html/manual/Usage/Scanning.html
 #usr/share/doc/ClamAV/html/manual/Usage/Services.html
 #usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html
+#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg
 #usr/share/doc/ClamAV/html/mark.min.js
 #usr/share/doc/ClamAV/html/mode-rust.js
 #usr/share/doc/ClamAV/html/print.html
diff --git a/lfs/clamav b/lfs/clamav
index 32b4aa4f9..f98d52532 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
SUMMARY    = Antivirus Toolkit
-VER        = 1.3.1
+VER        = 1.3.2
THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 72
+PAK_VER    = 73
DEPS       =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362
+$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8
install : $(TARGET)
diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 3bac681d8..10b7b0212 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -24,7 +24,7 @@
include Config
-VER        = 10.0.8
+VER        = 10.0.10
THISAPP    = dhcpcd-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1bf27387c13f192c6216e2f1ecad06bfa82267d5d6e08ddaa123789699fe9154222c33b1aa1f603e65ae8dce510cb24d48e72701494e0793c766e81f024f8bc5
+$(DL_FILE)_BLAKE2 = 2ecf52009f3fd4442863e1927a8d9e777ee6f34ff4d50a6f1e67821fb23fd12221df1e3a0a04ea0874df8feac15785772b4aa75af407f74448e442db36410e30
install : $(TARGET)
@@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
    cd $(DIR_APP) && ./configure \
    		--prefix="" \
    		--sysconfdir=/var/ipfire/dhcpc \
diff --git a/lfs/expat b/lfs/expat
index 3a37bf2d2..91e4f32af 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
include Config
-VER        = 2.6.2
+VER        = 2.6.3
THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
+$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a
install : $(TARGET)
diff --git a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
deleted file mode 100644
index 69a35daf5..000000000
--- a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 1acff721a3874a74efc9921a1e07bd48bd7efab0 Mon Sep 17 00:00:00 2001
-From: Michael Tremer michael.tremer@ipfire.org
-Date: Tue, 22 Feb 2022 12:07:15 +0000
-Subject: [PATCH] Allow free selection of MTU by the user
-
-Various ISPs (or equipment?) seem to hand out an MTU of only 576 bytes.
-Hwoever, this does not seem to be intentional which is why we would like
-to manually overwrite this in the configuration.
-
-dhcpcd only allows setting a maximum MTU of 1472 bytes which does not
-seem to have any rationale (any more). Although Ethernet might limit any
-MTU to less, IPv6 and IPv4 support MTUs of up to 64KiB.
-
-This patch allows the user to configure the MTU freely with providing
-some sanity check.
-
-Signed-off-by: Michael Tremer michael.tremer@ipfire.org
----
- src/dhcp-common.h | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/dhcp-common.h b/src/dhcp-common.h
-index a82fcd4c..d6620822 100644
---- a/src/dhcp-common.h
-+++ b/src/dhcp-common.h
-@@ -46,10 +46,11 @@
- #define NS_MAXLABEL MAXLABEL
- #endif
- 
--/* Max MTU - defines dhcp option length */
--#define	IP_UDP_SIZE		  28
--#define	MTU_MAX			1500 - IP_UDP_SIZE
--#define	MTU_MIN			 576 + IP_UDP_SIZE
-+/* Max/Min MTU */
-+#define	MTU_MAX			65536
-+#define	MTU_MIN			  576
-+
-+#define	IP_UDP_SIZE		   28
- 
- #define	OT_REQUEST		(1 << 0)
- #define	OT_UINT8		(1 << 1)
--- 
-2.30.2
-
hooks/post-receive
--
IPFire 2.x development tree

    