From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 305e6ea60b0d1808b98e8dacd2f4d7cf182733b6
Date: Fri, 10 Sep 2021 20:13:29 +0000 [thread overview]
Message-ID: <4H5nBL0ZgQz2xkM@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 115341 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 305e6ea60b0d1808b98e8dacd2f4d7cf182733b6 (commit)
via 919a0943ffff96141feeb522ab63ab6849946ab8 (commit)
via 710838b0455085e19a4c6307eb93ff3ba8a217cf (commit)
via 7c5041698cb424035b8dbcebed01497f75889366 (commit)
via fbd7a03e78e2ce227cbfdc433ea818e5e7d8d116 (commit)
via 40cdf8962a9a2772e8f6e3e6384265540c746ac6 (commit)
via 043abb984b016421873aeb3120b2bd04975c5051 (commit)
via 5b4fc4c8493747af7a6772e1085ef0d45c9ab6af (commit)
via c1418e6fc8adc765de60a0c15a977e445c260c72 (commit)
via 6cc834c9875f45030a9d209ff1669dd2f28ab5de (commit)
via e9af24f34cf93b54da8b577e10233f509d968e2d (commit)
via b5b19f370d275aeaef4135bc024a46bfbe5050c8 (commit)
via aec1c53cf184863b06012e8ef8a747a7f3d38cde (commit)
via 6688e0bc7ac5526fb934f1c01acb4001b6f21930 (commit)
via a41e24d4145a6163eb8f1ad5ba81a88162a532df (commit)
via fd0e08feb9510bd248034d24cad00e9d04da707c (commit)
via 15c01e309de1ca3f81c6e9c999c922d3b191ee85 (commit)
via 264cd5b03eb424ad5131c2a0ff61556f9604458b (commit)
via 77e25390bc04f0de83961f67f1799179763c90de (commit)
via c20e5ec2725d6fa09de28a44020f8fa101e8505b (commit)
via f9821c853160060cbaacfe77aed72c25b36bdac8 (commit)
via bf77aa2e3083545ddbe2d8c4f7b9ea2b2f76bf6a (commit)
via 96ba695913e1d558a132cc1abb6c7e0d722ae6ec (commit)
via 37aa3a110c33321b9f94922945dbc466cbc65e14 (commit)
via 8885bc7672130e1b0307bb0221de3632e663d36c (commit)
via b2ea81c3231306d739a680ffed6063fbe1f53d96 (commit)
via 8be8ac63cafef9952f35c4b87883135e1b33ca4d (commit)
via f7627d868767e853e4f7f3db73d6191c082c1dc3 (commit)
from 0783042c7f5198944cea34e420c74b8873feb444 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 305e6ea60b0d1808b98e8dacd2f4d7cf182733b6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:10:59 2021 +0200
spice-protocol: Update to 0.14.3 and enable build without python2
- v2 version adds $(MAKETUNING) variable to ninja build command
- Update from 0.12.13 to 0.14.3
- Update rootfile
- Remove automake py-compile line from lfs. This only works with python2
Not clear why this line was put into the lfs. Searched the documentation of spice
and qemu and could not find any reference to needing any of the python modules in spice
to be installed either as modules or compiled in. The only references found in general
searches were to modules such as python-virtinst, python-spice-client-gtk or
python-websockify, none of which are in the python modules in spice.
- Removing the automake py-compile line from the lfs enables spice-protocol, spice and
qemu to build without python2 being present.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 919a0943ffff96141feeb522ab63ab6849946ab8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:10:58 2021 +0200
spice: Update version to 0.15.0
- v2 version of series to add $(MAKETUNING) variable to ninja in spice-protocol
- Update from 0.14.0 to 0.15.0
- Update rootfile
- Version 0.15.0 of spice requires version 0.14.3 or higher of spice-protocol
- Changelog
Major Changes in 0.15:
This is the first release in the new 0.15.x stable series. This release should
be ready for production use.
* Minor updates to CI
* Some compatibility with OpenSSL
* Change the behavior of handle_dev_start ignoring multiple start requests
* Ignore multiple calls to handle_dev_stop
* Pick up newer spice-common to fix a buffer overflow issue
Major Changes in 0.14.91:
**IMPORTANT**
0.14.91 is the first release candidate for the stable 0.15.x series. While some
bugs might still be present, it should be reasonably stable. If you are looking
for stability for daily use, please keep using the latest 0.14.x release.
* Support UNIX abstract sockets
* Fix some potential thread race condition in RedClient
* Many cleanups in the code
* Improve migration test script
* Update in protocol documentation
* Improve Meson build
* Removed CELT support
* Update CI
* Removed QXLWorker definition, it was deprecated 6 years ago
* Fix some compatibility with MacOS
* Fix some compatibility with Windows
* Move the project to C++
* Some fixes for SASL dealing with WebDAV
* Fix minor Coverity reports
* Add Doxygen support, manually built with "make doxy"
* Support more mouse buttons (up to 16 buttons)
* CVE-2020-14355 multiple buffer overflow vulnerabilities in QUIC decoding
code
Major Changes in 0.14.3:
Main changes are WebSocket and support for Windows.
* Add support for WebSocket, this will allow to use spice-html5 without proxy
* Support Windows, now Qemu Windows can be build enabling Spice
* Fix some alignment problem
* Converted some documentation to Asciidoc format to make easier to update,
updated some
* Minor compatibility fix for PPC64EL and ARMHF
* Minor fixes for big endian machines like MIPS
* Avoid some crashes with some buggy guest drivers, simply ignore the invalid
request
* Fix for old OpenSSL versions
* Minor fix for Windows clients and brushes, fixed an issue with Photoshop
under Windows 7
* Add ability to query video-codecs
* Small use-after-free fix
* Fix for debugging recording/replaying using QUIC images
* Fix a regression where spice reported no monitors to the client
* Fix DoS in spicevmc if WebDAV used
* Updated and improved test migration script
* Some minor fixes to smartcard support
* Avoid possible disconnection using proxies using a in-flow keepalive
mechanism
Major Changes in 0.14.2:
Main changes are support for Meson build and graphic device info
messages allowing to better support multi-monitor configurations.
* CVE-2019-3813: fix off-by-one error in group/slot boundary check
* support H265 in stream-channel
* add support for building with meson/ninja
* minor tests fixes improving CI
* set char device state for smartcard, allowing Qemu optimization
* improve red-parse-qxl.c interface making it more consistent
* add some instrumentation for streaming device
* QXL interface: add a function to identify monitors in the guest
(spice_qxl_set_device_info)
* add support for GraphicsDeviceInfo messages
* video-stream: prevent crash on stream reattach
* make channel client callbacks virtual functions
* bumped minimum required glib version to 2.38
* attempt to have a reliable led state for keyboard modifiers
Major Changes in 0.14.1:
The main change in this release is the addition of a new protocol extension
in order to support streaming the remote display as a video stream rather than
going through the QXL protocol. Together with spice-streaming-agent, and/or with
more work on the qemu/spice-server side, this should allow streaming of 3D
accelerated VMs in the future. At this point, this part of spice-server is
still a work in progress (multi-monitor support and various features are
missing).
* add new org.spice-space.stream.0 channel used for passing an encoded video
stream from the guest to the client
* add support for TCP_CORK to reduce the amount of packets that we send
* fix CVE-2018-10873
* fix cursor related migration crash
* fix regression causing sound recording to be muted after
client disconnection/reconnection (introduced in 0.13.90)
* fix regression in corner cases where images could be sent uncompressed
when they used to be compressed with QUIC
* disable TLS 1.0 support
* CELT 0.5.1 support is now disabled by default. If celt051-devel is installed
at build-time, --enable-celt051/--disable-celt051 must be explicitly specified
* drop support for unsupported OpenSSL version. OpenSSL 1.0.0 or newer is now
required
* bumped minimum required glib version to 2.32
* endianness fixes
* (small) leak fixes
* usual round of code cleanups
* not directly related to this release, but the upstream git repository is now
hosted on gitlab.freedesktop.org
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 710838b0455085e19a4c6307eb93ff3ba8a217cf
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 13:07:35 2021 +0000
core160: add libtasn1 and p11-kit
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7c5041698cb424035b8dbcebed01497f75889366
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 20 22:04:28 2021 +0200
libtasn1: New program required as build dependency for p11-kit
- creation of lfs and rootfile for libtasn1
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit fbd7a03e78e2ce227cbfdc433ea818e5e7d8d116
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 20 22:04:27 2021 +0200
p11-kit: New program required for python3 compatibility of ca-certificates
- creation of lfs and rootfile for implementation of p11-kit
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 40cdf8962a9a2772e8f6e3e6384265540c746ac6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 20 22:04:26 2021 +0200
make.sh: Added p11-kit and libtasn1 for python3 based ca-certificates approach
- p11-kit required for certs extraction in building of python3 compatible ca-certificates
- p11-kit requires libtasn1 as a build dependency
- p11-kit and libtasn1 added to make.sh
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 043abb984b016421873aeb3120b2bd04975c5051
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 20 22:04:25 2021 +0200
ca-certificates: Update to work with python3 version of certdata2pem.py
- Implement python3 version of certdata2pem.py script from fedora
- Modify build.sh to work with python3 script that uses p11-kit based on fedora
approach - https://src.fedoraproject.org/rpms/ca-certificates/tree/rawhide
- Extraction of cert files now uses p11-kit which requires libtasn1 as a build
dependency
- Updated rootfile
- Updated ca-certificates installed into a vm and confirmed to download a file from an
https site with the same results as with existing ca-certfictaes system
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5b4fc4c8493747af7a6772e1085ef0d45c9ab6af
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 11:12:03 2021 +0000
core160: add ssh changes and stop/start ipsec at update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c1418e6fc8adc765de60a0c15a977e445c260c72
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Sep 5 13:30:47 2021 +0200
openssh: Update version to 8.7p1
- Update from 8.6p1 to 8.7p1
- Update of rootfile not required
- Changelog is too long to include here. Full details can be found in the ChangeLog file
in the source tarball or at
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6cc834c9875f45030a9d209ff1669dd2f28ab5de
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Sep 5 13:30:32 2021 +0200
libssh: Update to version 0.9.6
- Update from 0.9.3 to 0.9.6
0.9.4 and 0.9.6 are security releases
- Update rootfile
- Changelog
libssh 0.9.6 security release
This is a security release of libssh to address CVE-2021-3634 (moderate impact), a
possible heap-buffer overflow when rekeying. A workaround exists. More details can be
found in the advisory.
In addition the 0.9.6 version addresses some memory leaks in error path, an AEAD
handshake and some more.
CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
Fix several memory leaks on error paths
Reset pending_call_state on disconnect
Fix handshake bug with AEAD ciphers and no HMAC overlap
Use OPENSSL_CRYPTO_LIBRARIES in CMake
Ignore request success and failure message if they are not expected
Support more identity files in configuration
Avoid setting compiler flags directly in CMake
Support build directories with special characters
Include stdlib.h to avoid crash in Windows
Fix sftp_new_channel constructs an invalid object
Fix Ninja multiple rules error
Several tests fixes
libssh 0.9.5
The libssh team is happy to announce another bugfix release of libssh as version
0.9.5. It offers bug fixes for several issues found by our users.
This includes a fix for CVE-2020-16135, however we do not see how this would be
exploitable at all. If you find a security bug in libssh please don’t just assign a
CVE, talk to us first.
CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
Improve handling of library initialization (T222)
Fix parsing of subsecond times in SFTP (T219)
Make the documentation reproducible
Remove deprecated API usage in OpenSSL
Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
Define version in one place (T226)
Prevent invalid free when using different C runtimes than OpenSSL (T229)
Compatibility improvements to testsuite
libssh 0.9.4 security release
This is a security release of libssh to address CVE-2020-1730 (moderate impact), a
possible Denial of Service (DoS) in client and server when handling AES-CTR keys with
OpenSSL. A workaround exists. More details can be found in the advisory.
In addition the this version addresses several memory leaks and adds support for
diffie-hellman-group14-sha256 key exchange.
Fixed CVE-2020-1730 (Possible DoS in client and server when handling AES-CTR keys with OpenSSL)
Added diffie-hellman-group14-sha256
Fixed several possible memory leaks
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e9af24f34cf93b54da8b577e10233f509d968e2d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 11:03:58 2021 +0000
core160: add IPSec changes (stongswan, vpnmain.cgi)
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b5b19f370d275aeaef4135bc024a46bfbe5050c8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Aug 24 15:50:48 2021 +0000
vpnmain.cgi: Do not interpret $? as error code of move()
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit aec1c53cf184863b06012e8ef8a747a7f3d38cde
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 24 15:50:47 2021 +0000
IPsec: Do not interpret $? as error code of move()
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6688e0bc7ac5526fb934f1c01acb4001b6f21930
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 24 15:50:46 2021 +0000
IPsec: Fix extra whitespace in exported certificates
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a41e24d4145a6163eb8f1ad5ba81a88162a532df
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Aug 24 23:29:04 2021 +0200
strongswan: Update to version 5.9.3
- Update from 5.9.2 to 5.9.3
- Update of rootfile not required
- Changelog
strongswan-5.9.3
- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.
- Added AES_CCM and SHA-3 signature support to openssl plugin.
- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
available, before verifying signatures, which avoids unnecessary signature
verifications after a CA key rollover if both certificates are loaded.
- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
previously depended on a version check.
- charon-nm now supports using SANs as client identities, not only full DNs.
- charon-tkm now handles IKE encryption.
- A MOBIKE update is sent again if a a change in the NAT mappings is detected
but the endpoints stay the same.
- Converted most of the test case scenarios to the vici interface
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit fd0e08feb9510bd248034d24cad00e9d04da707c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Sep 1 22:21:00 2021 +0200
ffmpeg: Update deps to use sdl2 in place of sdl
- This patch needs to go together with the patch updating sdl to sdl2
https://patchwork.ipfire.org/project/ipfire/patch/20210824212848.1311257-1-adolf.belka(a)ipfire.org/
- Update deps line in lfs to use sdl2 in place of sdl
- Update rootfile
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 15c01e309de1ca3f81c6e9c999c922d3b191ee85
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Aug 24 23:28:48 2021 +0200
sdl2: Replace sdl with sdl2. Update to version 2.0.16
- Update from 1.2.15 (2013) to 2.0.16 (2021)
- Source file name changed from SDL to SDL2 so also deleted old sdl and created sdl2
files for rootfile and lfs
- Changelog is too large to include here. Details can be found in the WhatsNew.txt file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 264cd5b03eb424ad5131c2a0ff61556f9604458b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:13 2021 +0200
sshfs: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 77e25390bc04f0de83961f67f1799179763c90de
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:12 2021 +0200
mpd: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c20e5ec2725d6fa09de28a44020f8fa101e8505b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:11 2021 +0200
mpc: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f9821c853160060cbaacfe77aed72c25b36bdac8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:10 2021 +0200
libmpdclient: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bf77aa2e3083545ddbe2d8c4f7b9ea2b2f76bf6a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:09 2021 +0200
libinih: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 96ba695913e1d558a132cc1abb6c7e0d722ae6ec
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 2 16:13:08 2021 +0200
glib: Add $(MAKETUNING) variable to ninja build
- $(MAKETUNING) variable added to ninja build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 37aa3a110c33321b9f94922945dbc466cbc65e14
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 4 15:55:39 2021 +0200
Postfix: update to 3.6.2
Please refer to http://www.postfix.org/announcements/postfix-3.6.2.html
for this version's release announcement.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8885bc7672130e1b0307bb0221de3632e663d36c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 4 15:53:11 2021 +0200
Tor: update to 0.4.6.7
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.7:
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
running an earlier version, whether as a client, a relay, or an onion
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between
our batch-signature verification code and our single-signature
verification code. This assertion failure could be triggered
remotely, leading to a denial of service attack. We fix this issue
by disabling batch verification. Fixes bug 40078; bugfix on
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
CVE-2021-38385. Found by Henry de Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna.
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
Address) for a v2 onion address. Fixes bug 40421; bugfix
on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW
in order to reduce CPU load on the directory relays. Fixes bug
40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating voting
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b2ea81c3231306d739a680ffed6063fbe1f53d96
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 10:49:59 2021 +0000
core160: add udev
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8be8ac63cafef9952f35c4b87883135e1b33ca4d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Sep 7 15:01:25 2021 +0000
udev: Enable ntuple offloading feature in supported NICs
We are using CPU-affinity and packet steering functions in various
places in IPFire, but packets might still be received on a random CPU
core.
This feature enables that packets that belong to the same connection
(i.e. have the save tuple) will be steered to the same queue. This will
increase cache locality and decrease locking which results in higher
throughput.
https://www.kernel.org/doc/Documentation/networking/scaling.txt
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f7627d868767e853e4f7f3db73d6191c082c1dc3
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Sep 8 18:28:31 2021 +0200
clamav: Update to 0.104.0
For details see:
https://blog.clamav.net/2021/09/clamav-01040-released.html
New requirements and major changes:
"As of ClamAV 0.104, CMake is required to build ClamAV
...
The built-in LLVM for the bytecode runtime has been removed."
But since the current 'llvm 12.0.1' version refused to be build
"...you will need to supply the development libraries for LLVM
version 3.6.2" - which is ~6 years old - I gave up with 'llvm'
and stayed with the bytecode "interpreter".
Cited:
"The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
@ALL:
In 'clamav 0.104.0' there is no appropriate cmake option for
"CONFIGURE_FLAGS = --disable-fanotify" for ARM buildings anymore.
Perhaps there is a kernel option for this?
=> https://docs.clamav.net/manual/OnAccess.html#requirements
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/ca-certificates/build.sh | 48 ++--
config/ca-certificates/certdata2pem.py | 260 +++++++++++++++++----
config/rootfiles/common/ca-certificates | 5 +-
config/rootfiles/common/libssh | 3 +-
config/rootfiles/common/libtasn1 | 54 +++++
config/rootfiles/common/p11-kit | 74 ++++++
config/rootfiles/common/spice-protocol | 6 +-
config/rootfiles/common/udev | 2 +
config/rootfiles/core/160/filelists/files | 1 +
.../{oldcore/137 => core/160}/filelists/libssh | 0
config/rootfiles/core/160/filelists/libtasn1 | 1 +
.../{oldcore/100 => core/160}/filelists/openssh | 0
config/rootfiles/core/160/filelists/p11-kit | 1 +
.../{oldcore/106 => core/160}/filelists/strongswan | 0
.../{oldcore/125 => core/160}/filelists/udev | 0
config/rootfiles/oldcore/151/update.sh | 21 +-
config/rootfiles/packages/clamav | 164 +++++++++++--
config/rootfiles/packages/ffmpeg | 5 +
config/rootfiles/packages/sdl | 217 -----------------
config/rootfiles/packages/sdl2 | 91 ++++++++
config/rootfiles/packages/spice | 3 +-
config/udev/99-offloading.rules | 2 +
.../uninstall.sh => config/udev/network-offloading | 28 ++-
html/cgi-bin/vpnmain.cgi | 39 ++--
lfs/ca-certificates | 2 +-
lfs/clamav | 40 ++--
lfs/ffmpeg | 4 +-
lfs/glib | 2 +-
lfs/libinih | 2 +-
lfs/libmpdclient | 4 +-
lfs/libssh | 4 +-
lfs/{json-c => libtasn1} | 15 +-
lfs/mpc | 4 +-
lfs/mpd | 4 +-
lfs/openssh | 4 +-
lfs/{nasm => p11-kit} | 13 +-
lfs/postfix | 6 +-
lfs/{sdl => sdl2} | 14 +-
lfs/spice | 6 +-
lfs/spice-protocol | 17 +-
lfs/sshfs | 4 +-
lfs/strongswan | 4 +-
lfs/tor | 6 +-
lfs/udev | 6 +
make.sh | 4 +-
45 files changed, 765 insertions(+), 425 deletions(-)
create mode 100644 config/rootfiles/common/libtasn1
create mode 100644 config/rootfiles/common/p11-kit
copy config/rootfiles/{oldcore/137 => core/160}/filelists/libssh (100%)
create mode 120000 config/rootfiles/core/160/filelists/libtasn1
copy config/rootfiles/{oldcore/100 => core/160}/filelists/openssh (100%)
create mode 120000 config/rootfiles/core/160/filelists/p11-kit
copy config/rootfiles/{oldcore/106 => core/160}/filelists/strongswan (100%)
copy config/rootfiles/{oldcore/125 => core/160}/filelists/udev (100%)
delete mode 100644 config/rootfiles/packages/sdl
create mode 100644 config/rootfiles/packages/sdl2
create mode 100644 config/udev/99-offloading.rules
copy src/paks/netatalk/uninstall.sh => config/udev/network-offloading (79%)
copy lfs/{json-c => libtasn1} (93%)
copy lfs/{nasm => p11-kit} (92%)
rename lfs/{sdl => sdl2} (93%)
Difference in files:
diff --git a/config/ca-certificates/build.sh b/config/ca-certificates/build.sh
index c868ed94a..8e64f9e9f 100644
--- a/config/ca-certificates/build.sh
+++ b/config/ca-certificates/build.sh
@@ -3,13 +3,34 @@
set -e
# Create file layout.
-mkdir -pv certs certs/legacy-default certs/legacy-disable
+mkdir -pv certs
+mkdir -pv /etc/pki/ca-trust/source
cp certdata.txt certs
cd certs
-python ../certdata2pem.py
+python3 ../certdata2pem.py
cd ..
+
+
+cat <<EOF > ca-bundle.trust.p11-kit
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities. It was generated from the Mozilla root CA list.
+# These certificates and trust/distrust attributes use the file format accepted
+# by the p11-kit-trust module.
+#
+# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+#
+EOF
+
+
+P11FILES=`find certs -name \*.tmp-p11-kit | wc -l`
+if [ $P11FILES -ne 0 ]; then
+ for p in certs/*.tmp-p11-kit; do
+ cat "$p" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
+ done
+fi
+
cat <<EOF > ca-bundle.crt
# This is a bundle of X.509 certificates of public Certificate
# Authorities. It was generated from the Mozilla root CA list.
@@ -28,24 +49,11 @@ cat <<EOF > ca-bundle.trust.crt
#
EOF
-for f in certs/*.crt; do
- [ -z "${f}" ] && continue
-
- tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
- case "${tbits}" in
- *serverAuth*)
- openssl x509 -text -in "${f}" >> ca-bundle.crt
- ;;
- esac
+trust extract --comment --filter=certificates --format=openssl-bundle --overwrite ca-bundle.trust
+cat ca-bundle.trust >> ca-bundle.trust.crt
- if [ -n "$tbits" ]; then
- targs=""
- for t in ${tbits}; do
- targs="${targs} -addtrust ${t}"
- done
+trust extract --comment --filter=ca-anchors --format=pem-bundle --overwrite --purpose server-auth ca-bundle
+cat ca-bundle >> ca-bundle.crt
- openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
- fi
-done
-exit 0
+exit 0
\ No newline at end of file
diff --git a/config/ca-certificates/certdata2pem.py b/config/ca-certificates/certdata2pem.py
index 44cc9e03b..a52ce9c74 100644
--- a/config/ca-certificates/certdata2pem.py
+++ b/config/ca-certificates/certdata2pem.py
@@ -26,16 +26,17 @@ import os.path
import re
import sys
import textwrap
-import urllib
+import urllib.request, urllib.parse, urllib.error
+import subprocess
objects = []
def printable_serial(obj):
- return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+ return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']])
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
-field, type, value, obj = None, None, None, dict()
+field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
@@ -55,33 +56,36 @@ for line in open('certdata.txt', 'r'):
continue
if in_multiline:
if not line.startswith('END'):
- if type == 'MULTILINE_OCTAL':
+ if ftype == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
- value += chr(int(i.group(1), 8))
+ integ = int(i.group(1), 8)
+ binval.extend((integ).to_bytes(1, sys.byteorder))
+ obj[field] = binval
else:
value += line
+ obj[field] = value
continue
- obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
- field, type = line_parts[0:2]
+ field, ftype = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
- field, type = line_parts
+ field, ftype = line_parts
value = None
else:
- raise NotImplementedError, 'line_parts < 2 not supported.\n' + line
- if type == 'MULTILINE_OCTAL':
+ raise NotImplementedError('line_parts < 2 not supported.\n' + line)
+ if ftype == 'MULTILINE_OCTAL':
in_multiline = True
value = ""
+ binval = bytearray()
continue
obj[field] = value
-if len(obj.items()) > 0:
+if len(list(obj.items())) > 0:
objects.append(obj)
# Build up trust database.
@@ -91,7 +95,7 @@ for obj in objects:
continue
key = obj['CKA_LABEL'] + printable_serial(obj)
trustmap[key] = obj
- print " added trust", key
+ print(" added trust", key)
# Build up cert database.
certmap = dict()
@@ -100,7 +104,7 @@ for obj in objects:
continue
key = obj['CKA_LABEL'] + printable_serial(obj)
certmap[key] = obj
- print " added cert", key
+ print(" added cert", key)
def obj_to_filename(obj):
label = obj['CKA_LABEL'][1:-1]
@@ -109,10 +113,32 @@ def obj_to_filename(obj):
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
- label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label)
+ labelbytes = bytearray()
+ i = 0
+ imax = len(label)
+ while i < imax:
+ if i < imax-3 and label[i] == '\\' and label[i+1] == 'x':
+ labelbytes.extend(bytes.fromhex(label[i+2:i+4]))
+ i += 4
+ continue
+ labelbytes.extend(str.encode(label[i]))
+ i = i+1
+ continue
+ label = labelbytes.decode('utf-8')
serial = printable_serial(obj)
return label + ":" + serial
+def write_cert_ext_to_file(f, oid, value, public_key):
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ f.write("class: x-certificate-extension\n");
+ f.write("object-id: " + oid + "\n")
+ f.write("value: \"" + value + "\"\n")
+ f.write("modifiable: false\n");
+ f.write(public_key)
+
trust_types = {
"CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature",
"CKA_TRUST_NON_REPUDIATION": "non-repudiation",
@@ -151,34 +177,39 @@ openssl_trust = {
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
}
+cert_distrust_types = {
+ "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
+ "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
+}
+
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj)
- print "producing trust for " + key
+ print("producing trust for " + key)
trustbits = []
distrustbits = []
openssl_trustflags = []
openssl_distrustflags = []
legacy_trustbits = []
legacy_openssl_trustflags = []
- for t in trust_types.keys():
- if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ for t in list(trust_types.keys()):
+ if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
trustbits.append(t)
if t in openssl_trust:
openssl_trustflags.append(openssl_trust[t])
- if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
+ if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
distrustbits.append(t)
if t in openssl_trust:
openssl_distrustflags.append(openssl_trust[t])
- for t in legacy_trust_types.keys():
- if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ for t in list(legacy_trust_types.keys()):
+ if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
real_t = legacy_to_real_trust_types[t]
legacy_trustbits.append(real_t)
if real_t in openssl_trust:
legacy_openssl_trustflags.append(openssl_trust[real_t])
- if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
- raise NotImplementedError, 'legacy distrust not supported.\n' + line
+ if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
+ raise NotImplementedError('legacy distrust not supported.\n' + line)
fname = obj_to_filename(tobj)
try:
@@ -186,43 +217,181 @@ for tobj in objects:
except:
obj = None
- if obj != None:
- fname += ".crt"
- else:
- fname += ".p11-kit"
+ # optional debug code, that dumps the parsed input to files
+ #fulldump = "dump-" + fname
+ #dumpf = open(fulldump, 'w')
+ #dumpf.write(str(obj));
+ #dumpf.write(str(tobj));
+ #dumpf.close();
is_legacy = 0
- if tobj.has_key('LEGACY_CKA_TRUST_SERVER_AUTH') or tobj.has_key('LEGACY_CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('LEGACY_CKA_TRUST_CODE_SIGNING'):
+ if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
is_legacy = 1
if obj == None:
- raise NotImplementedError, 'found legacy trust without certificate.\n' + line
- legacy_fname = "legacy-default/" + fname
+ raise NotImplementedError('found legacy trust without certificate.\n' + line)
+
+ legacy_fname = "legacy-default/" + fname + ".crt"
f = open(legacy_fname, 'w')
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
if legacy_openssl_trustflags:
f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
f.write("-----BEGIN CERTIFICATE-----\n")
- f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
f.write("\n-----END CERTIFICATE-----\n")
f.close()
- if tobj.has_key('CKA_TRUST_SERVER_AUTH') or tobj.has_key('CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('CKA_TRUST_CODE_SIGNING'):
- fname = "legacy-disable/" + fname
- else:
- continue
+ if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
+ legacy_fname = "legacy-disable/" + fname + ".crt"
+ f = open(legacy_fname, 'w')
+ f.write("# alias=%s\n"%tobj['CKA_LABEL'])
+ f.write("# trust=" + " ".join(trustbits) + "\n")
+ if openssl_trustflags:
+ f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.close()
+
+ # don't produce p11-kit output for legacy certificates
+ continue
+
+ pk = ''
+ cert_comment = ''
+ if obj != None:
+ # must extract the public key from the cert, let's use openssl
+ cert_fname = "cert-" + fname
+ fc = open(cert_fname, 'w')
+ fc.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ fc.write("\n".join(temp_wrapped))
+ fc.write("\n-----END CERTIFICATE-----\n")
+ fc.close();
+ pk_fname = "pubkey-" + fname
+ fpkout = open(pk_fname, "w")
+ dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"]
+ subprocess.call(dump_pk_command, stdout=fpkout)
+ fpkout.close()
+ with open (pk_fname, "r") as myfile:
+ pk=myfile.read()
+ # obtain certificate information suitable as a comment
+ comment_fname = "comment-" + fname
+ fcout = open(comment_fname, "w")
+ comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"]
+ subprocess.call(comment_command, stdout=fcout)
+ fcout.close()
+ sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
+ subprocess.call(sed_command)
+ with open (comment_fname, "r", errors = 'replace') as myfile:
+ cert_comment=myfile.read()
+
+ fname += ".tmp-p11-kit"
f = open(fname, 'w')
+
if obj != None:
- f.write("# alias=%s\n"%tobj['CKA_LABEL'])
- f.write("# trust=" + " ".join(trustbits) + "\n")
- f.write("# distrust=" + " ".join(distrustbits) + "\n")
- if openssl_trustflags:
- f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
- if openssl_distrustflags:
- f.write("# openssl-distrust=" + " ".join(openssl_distrustflags) + "\n")
+ is_distrusted = False
+ has_server_trust = False
+ has_email_trust = False
+ has_code_trust = False
+
+ if 'CKA_TRUST_SERVER_AUTH' in tobj:
+ if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_server_trust = True
+
+ if 'CKA_TRUST_EMAIL_PROTECTION' in tobj:
+ if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_email_trust = True
+
+ if 'CKA_TRUST_CODE_SIGNING' in tobj:
+ if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_code_trust = True
+
+ if is_distrusted:
+ trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1"
+ trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ trust_ext_oid = "2.5.29.37"
+ if has_server_trust:
+ if has_email_trust:
+ if has_code_trust:
+ # server + email + code
+ trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server + email
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_code_trust:
+ # server + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_email_trust:
+ if has_code_trust:
+ # email + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # email
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
+ else:
+ if has_code_trust:
+ # code
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # none
+ trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
+
+ # no 2.5.29.37 for neutral certificates
+ if (is_distrusted or has_server_trust or has_email_trust or has_code_trust):
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ pk = ''
+ f.write("\n")
+
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ if is_distrusted:
+ f.write("x-distrusted: true\n")
+ elif has_server_trust or has_email_trust or has_code_trust:
+ f.write("trusted: true\n")
+ else:
+ f.write("trusted: false\n")
+
+ # requires p11-kit >= 0.23.4
+ f.write("nss-mozilla-ca-policy: true\n")
+ f.write("modifiable: false\n");
+
+ # requires p11-kit >= 0.23.19
+ for t in list(cert_distrust_types.keys()):
+ if t in obj:
+ value = obj[t]
+ if value == 'CK_FALSE':
+ value = bytearray(1)
+ f.write(cert_distrust_types[t] + ": \"")
+ f.write(urllib.parse.quote(value));
+ f.write("\"\n")
+
f.write("-----BEGIN CERTIFICATE-----\n")
- f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
f.write("\n-----END CERTIFICATE-----\n")
+ f.write(cert_comment)
+ f.write("\n")
+
else:
f.write("[p11-kit-object-v1]\n")
f.write("label: ");
@@ -230,14 +399,15 @@ for tobj in objects:
f.write("\n")
f.write("class: certificate\n")
f.write("certificate-type: x-509\n")
+ f.write("modifiable: false\n");
f.write("issuer: \"");
- f.write(urllib.quote(tobj['CKA_ISSUER']));
+ f.write(urllib.parse.quote(tobj['CKA_ISSUER']));
f.write("\"\n")
f.write("serial-number: \"");
- f.write(urllib.quote(tobj['CKA_SERIAL_NUMBER']));
+ f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER']));
f.write("\"\n")
if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
f.write("x-distrusted: true\n")
f.write("\n\n")
f.close()
- print " -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags)
+ print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))
diff --git a/config/rootfiles/common/ca-certificates b/config/rootfiles/common/ca-certificates
index 087c3e450..06eb66f3b 100644
--- a/config/rootfiles/common/ca-certificates
+++ b/config/rootfiles/common/ca-certificates
@@ -1,4 +1,7 @@
+#etc/pki
+#etc/pki/ca-trust
+#etc/pki/ca-trust/source
+etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
etc/ssl/cert.pem
-#etc/ssl/certs
etc/ssl/certs/ca-bundle.crt
etc/ssl/certs/ca-bundle.trust.crt
diff --git a/config/rootfiles/common/libssh b/config/rootfiles/common/libssh
index 0bde1b45d..ffb5ad59e 100644
--- a/config/rootfiles/common/libssh
+++ b/config/rootfiles/common/libssh
@@ -2,6 +2,7 @@
#usr/include/libssh/callbacks.h
#usr/include/libssh/legacy.h
#usr/include/libssh/libssh.h
+#usr/include/libssh/libssh_version.h
#usr/include/libssh/libsshpp.hpp
#usr/include/libssh/server.h
#usr/include/libssh/sftp.h
@@ -12,5 +13,5 @@
#usr/lib/cmake/libssh/libssh-config.cmake
#usr/lib/libssh.so
usr/lib/libssh.so.4
-usr/lib/libssh.so.4.8.4
+usr/lib/libssh.so.4.8.7
#usr/lib/pkgconfig/libssh.pc
diff --git a/config/rootfiles/common/libtasn1 b/config/rootfiles/common/libtasn1
new file mode 100644
index 000000000..33c729cf5
--- /dev/null
+++ b/config/rootfiles/common/libtasn1
@@ -0,0 +1,54 @@
+#usr/bin/asn1Coding
+#usr/bin/asn1Decoding
+#usr/bin/asn1Parser
+#usr/include/libtasn1.h
+#usr/lib/libtasn1.la
+#usr/lib/libtasn1.so
+usr/lib/libtasn1.so.6
+usr/lib/libtasn1.so.6.6.1
+#usr/lib/pkgconfig/libtasn1.pc
+#usr/share/info/libtasn1.info
+#usr/share/man/man1/asn1Coding.1
+#usr/share/man/man1/asn1Decoding.1
+#usr/share/man/man1/asn1Parser.1
+#usr/share/man/man3/asn1_array2tree.3
+#usr/share/man/man3/asn1_bit_der.3
+#usr/share/man/man3/asn1_check_version.3
+#usr/share/man/man3/asn1_copy_node.3
+#usr/share/man/man3/asn1_create_element.3
+#usr/share/man/man3/asn1_decode_simple_ber.3
+#usr/share/man/man3/asn1_decode_simple_der.3
+#usr/share/man/man3/asn1_delete_element.3
+#usr/share/man/man3/asn1_delete_structure.3
+#usr/share/man/man3/asn1_delete_structure2.3
+#usr/share/man/man3/asn1_der_coding.3
+#usr/share/man/man3/asn1_der_decoding.3
+#usr/share/man/man3/asn1_der_decoding2.3
+#usr/share/man/man3/asn1_der_decoding_element.3
+#usr/share/man/man3/asn1_der_decoding_startEnd.3
+#usr/share/man/man3/asn1_dup_node.3
+#usr/share/man/man3/asn1_encode_simple_der.3
+#usr/share/man/man3/asn1_expand_any_defined_by.3
+#usr/share/man/man3/asn1_expand_octet_string.3
+#usr/share/man/man3/asn1_find_node.3
+#usr/share/man/man3/asn1_find_structure_from_oid.3
+#usr/share/man/man3/asn1_get_bit_der.3
+#usr/share/man/man3/asn1_get_length_ber.3
+#usr/share/man/man3/asn1_get_length_der.3
+#usr/share/man/man3/asn1_get_object_id_der.3
+#usr/share/man/man3/asn1_get_octet_der.3
+#usr/share/man/man3/asn1_get_tag_der.3
+#usr/share/man/man3/asn1_length_der.3
+#usr/share/man/man3/asn1_number_of_elements.3
+#usr/share/man/man3/asn1_object_id_der.3
+#usr/share/man/man3/asn1_octet_der.3
+#usr/share/man/man3/asn1_parser2array.3
+#usr/share/man/man3/asn1_parser2tree.3
+#usr/share/man/man3/asn1_perror.3
+#usr/share/man/man3/asn1_print_structure.3
+#usr/share/man/man3/asn1_read_node_value.3
+#usr/share/man/man3/asn1_read_tag.3
+#usr/share/man/man3/asn1_read_value.3
+#usr/share/man/man3/asn1_read_value_type.3
+#usr/share/man/man3/asn1_strerror.3
+#usr/share/man/man3/asn1_write_value.3
diff --git a/config/rootfiles/common/p11-kit b/config/rootfiles/common/p11-kit
new file mode 100644
index 000000000..df9001e27
--- /dev/null
+++ b/config/rootfiles/common/p11-kit
@@ -0,0 +1,74 @@
+usr/bin/p11-kit
+usr/bin/trust
+#usr/etc/pkcs11
+#usr/etc/pkcs11/pkcs11.conf.example
+#usr/include/p11-kit-1
+#usr/include/p11-kit-1/p11-kit
+#usr/include/p11-kit-1/p11-kit/deprecated.h
+#usr/include/p11-kit-1/p11-kit/iter.h
+#usr/include/p11-kit-1/p11-kit/p11-kit.h
+#usr/include/p11-kit-1/p11-kit/pin.h
+#usr/include/p11-kit-1/p11-kit/pkcs11.h
+#usr/include/p11-kit-1/p11-kit/pkcs11x.h
+#usr/include/p11-kit-1/p11-kit/remote.h
+#usr/include/p11-kit-1/p11-kit/uri.h
+#usr/lib/libp11-kit.la
+#usr/lib/libp11-kit.so
+usr/lib/libp11-kit.so.0
+usr/lib/libp11-kit.so.0.3.0
+usr/lib/p11-kit-proxy.so
+#usr/lib/pkcs11
+#usr/lib/pkcs11/p11-kit-client.la
+usr/lib/pkcs11/p11-kit-client.so
+#usr/lib/pkcs11/p11-kit-trust.la
+usr/lib/pkcs11/p11-kit-trust.so
+#usr/lib/pkgconfig/p11-kit-1.pc
+#usr/libexec/p11-kit
+#usr/libexec/p11-kit/p11-kit-remote
+#usr/libexec/p11-kit/p11-kit-server
+#usr/libexec/p11-kit/trust-extract-compat
+#usr/share/gtk-doc
+#usr/share/gtk-doc/html
+#usr/share/gtk-doc/html/p11-kit
+#usr/share/gtk-doc/html/p11-kit/config-example.html
+#usr/share/gtk-doc/html/p11-kit/config-files.html
+#usr/share/gtk-doc/html/p11-kit/config.html
+#usr/share/gtk-doc/html/p11-kit/devel-building-style.html
+#usr/share/gtk-doc/html/p11-kit/devel-building.html
+#usr/share/gtk-doc/html/p11-kit/devel-commands.html
+#usr/share/gtk-doc/html/p11-kit/devel-debugging.html
+#usr/share/gtk-doc/html/p11-kit/devel-paths.html
+#usr/share/gtk-doc/html/p11-kit/devel-testing.html
+#usr/share/gtk-doc/html/p11-kit/devel.html
+#usr/share/gtk-doc/html/p11-kit/gtk-doc.css
+#usr/share/gtk-doc/html/p11-kit/home.png
+#usr/share/gtk-doc/html/p11-kit/index.html
+#usr/share/gtk-doc/html/p11-kit/left-insensitive.png
+#usr/share/gtk-doc/html/p11-kit/left.png
+#usr/share/gtk-doc/html/p11-kit/p11-kit-Deprecated.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit-Future.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit-Modules.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit-PIN-Callbacks.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit-URIs.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit-Utilities.html
+#usr/share/gtk-doc/html/p11-kit/p11-kit.devhelp2
+#usr/share/gtk-doc/html/p11-kit/p11-kit.html
+#usr/share/gtk-doc/html/p11-kit/pkcs11-conf.html
+#usr/share/gtk-doc/html/p11-kit/reference.html
+#usr/share/gtk-doc/html/p11-kit/remoting.html
+#usr/share/gtk-doc/html/p11-kit/right-insensitive.png
+#usr/share/gtk-doc/html/p11-kit/right.png
+#usr/share/gtk-doc/html/p11-kit/sharing-managed.html
+#usr/share/gtk-doc/html/p11-kit/sharing.html
+#usr/share/gtk-doc/html/p11-kit/style.css
+#usr/share/gtk-doc/html/p11-kit/tools.html
+#usr/share/gtk-doc/html/p11-kit/trust-disable.html
+#usr/share/gtk-doc/html/p11-kit/trust-glib-networking.html
+#usr/share/gtk-doc/html/p11-kit/trust-module.html
+#usr/share/gtk-doc/html/p11-kit/trust-nss.html
+#usr/share/gtk-doc/html/p11-kit/trust.html
+#usr/share/gtk-doc/html/p11-kit/up-insensitive.png
+#usr/share/gtk-doc/html/p11-kit/up.png
+#usr/share/p11-kit
+#usr/share/p11-kit/modules
+#usr/share/p11-kit/modules/p11-kit-trust.module
diff --git a/config/rootfiles/common/spice-protocol b/config/rootfiles/common/spice-protocol
index 26cdc2102..d7d6e7470 100644
--- a/config/rootfiles/common/spice-protocol
+++ b/config/rootfiles/common/spice-protocol
@@ -1,11 +1,8 @@
#usr/include/spice-1
#usr/include/spice-1/spice
#usr/include/spice-1/spice/barrier.h
-#usr/include/spice-1/spice/controller_prot.h
#usr/include/spice-1/spice/end-packed.h
#usr/include/spice-1/spice/enums.h
-#usr/include/spice-1/spice/error_codes.h
-#usr/include/spice-1/spice/foreign_menu_prot.h
#usr/include/spice-1/spice/ipc_ring.h
#usr/include/spice-1/spice/macros.h
#usr/include/spice-1/spice/protocol.h
@@ -13,8 +10,7 @@
#usr/include/spice-1/spice/qxl_windows.h
#usr/include/spice-1/spice/start-packed.h
#usr/include/spice-1/spice/stats.h
+#usr/include/spice-1/spice/stream-device.h
#usr/include/spice-1/spice/types.h
#usr/include/spice-1/spice/vd_agent.h
-#usr/include/spice-1/spice/vdi_dev.h
-#usr/share/pkgconfig
#usr/share/pkgconfig/spice-protocol.pc
diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 877a832a3..4a01f3eef 100644
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -37,6 +37,7 @@ lib/udev/mtd_probe
lib/udev/network-hotplug-bridges
lib/udev/network-hotplug-rename
lib/udev/network-hotplug-vlan
+lib/udev/network-offloading
lib/udev/rule_generator.functions
#lib/udev/rules.d
lib/udev/rules.d/25-alsa.rules
@@ -64,6 +65,7 @@ lib/udev/rules.d/78-sound-card.rules
lib/udev/rules.d/80-drivers.rules
lib/udev/rules.d/90-hwrng.rules
lib/udev/rules.d/99-codel.rules
+lib/udev/rules.d/99-offloading.rules
lib/udev/scsi_id
lib/udev/v4l_id
lib/udev/write_cd_rules
diff --git a/config/rootfiles/core/160/filelists/files b/config/rootfiles/core/160/filelists/files
index 2ef9aaaf6..6606962d9 100644
--- a/config/rootfiles/core/160/filelists/files
+++ b/config/rootfiles/core/160/filelists/files
@@ -16,6 +16,7 @@ srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/qos.cgi
srv/web/ipfire/cgi-bin/shutdown.cgi
srv/web/ipfire/cgi-bin/system.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
var/ipfire/general-functions.pl
var/ipfire/graphs.pl
diff --git a/config/rootfiles/core/160/filelists/libssh b/config/rootfiles/core/160/filelists/libssh
new file mode 120000
index 000000000..ecbb67053
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/libssh
@@ -0,0 +1 @@
+../../../common/libssh
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/libtasn1 b/config/rootfiles/core/160/filelists/libtasn1
new file mode 120000
index 000000000..b6297f1fe
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/libtasn1
@@ -0,0 +1 @@
+../../../common/libtasn1
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/openssh b/config/rootfiles/core/160/filelists/openssh
new file mode 120000
index 000000000..d8c77fd8e
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/p11-kit b/config/rootfiles/core/160/filelists/p11-kit
new file mode 120000
index 000000000..e652deb67
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/p11-kit
@@ -0,0 +1 @@
+../../../common/p11-kit
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/strongswan b/config/rootfiles/core/160/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/udev b/config/rootfiles/core/160/filelists/udev
new file mode 120000
index 000000000..e967a1c92
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/udev
@@ -0,0 +1 @@
+../../../common/udev
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/151/update.sh b/config/rootfiles/oldcore/151/update.sh
index 5fb05488b..cec3066c1 100644
--- a/config/rootfiles/oldcore/151/update.sh
+++ b/config/rootfiles/oldcore/151/update.sh
@@ -17,14 +17,14 @@
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2020 IPFire-Team <info(a)ipfire.org>. #
+# Copyright (C) 2021 IPFire-Team <info(a)ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
-core=151
+core=160
# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
@@ -32,13 +32,13 @@ for (( i=1; i<=$core; i++ )); do
done
# Remove files
-rm -rfv \
- /usr/lib/perl5/site_perl/5.30.0/Locale \
- /usr/lib/perl5/site_perl/5.30.0/*/Net/DNS \
- /usr/lib/perl5/site_perl/5.30.0/*/Net/DNS.pm
+rm -vf /lib/udev/rules.d/85-regulatory.rules
+rm -vf /sbin/crda
+rm -vf /sbin/regdbdump
+rm -vf /usr/lib/libreg.so
# Stop services
-/etc/init.d/ipsec stop
+/etc/init.d/ipsec start
# Extract files
extract_files
@@ -46,6 +46,9 @@ extract_files
# update linker config
ldconfig
+# restart init (glibc update)
+telinit u
+
# Update Language cache
/usr/local/bin/update-lang-cache
@@ -60,10 +63,6 @@ ldconfig
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
/etc/init.d/ipsec start
fi
-/etc/init.d/collectd restart
-
-# Reload sysctl.conf
-sysctl -p
# This update needs a reboot...
#touch /var/run/need_reboot
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index a27bb584f..5240b71c6 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -12,46 +12,162 @@ usr/bin/sigtool
#usr/include/clamav-version.h
#usr/include/clamav.h
#usr/include/libfreshclam.h
-#usr/lib/libclamav.la
usr/lib/libclamav.so
usr/lib/libclamav.so.9
-usr/lib/libclamav.so.9.0.5
-#usr/lib/libclammspack.la
+usr/lib/libclamav.so.9.1.0
usr/lib/libclammspack.so
usr/lib/libclammspack.so.0
-usr/lib/libclammspack.so.0.1.0
-#usr/lib/libclamunrar.la
+usr/lib/libclammspack.so.0.8.0
usr/lib/libclamunrar.so
usr/lib/libclamunrar.so.9
-usr/lib/libclamunrar.so.9.0.5
-#usr/lib/libclamunrar_iface.la
+usr/lib/libclamunrar.so.9.1.0
usr/lib/libclamunrar_iface.so
usr/lib/libclamunrar_iface.so.9
-usr/lib/libclamunrar_iface.so.9.0.5
-#usr/lib/libfreshclam.la
+usr/lib/libclamunrar_iface.so.9.1.0
usr/lib/libfreshclam.so
usr/lib/libfreshclam.so.2
-usr/lib/libfreshclam.so.2.0.1
+usr/lib/libfreshclam.so.2.0.2
#usr/lib/pkgconfig/libclamav.pc
usr/sbin/clamd
-#usr/share/man/man1/clambc.1
-#usr/share/man/man1/clamconf.1
-#usr/share/man/man1/clamdscan.1
-#usr/share/man/man1/clamdtop.1
-#usr/share/man/man1/clamscan.1
-#usr/share/man/man1/clamsubmit.1
-#usr/share/man/man1/freshclam.1
-#usr/share/man/man1/sigtool.1
-#usr/share/man/man5/clamav-milter.conf.5
-#usr/share/man/man5/clamd.conf.5
-#usr/share/man/man5/freshclam.conf.5
-#usr/share/man/man8/clamav-milter.8
-#usr/share/man/man8/clamd.8
+#usr/share/doc/ClamAV
+#usr/share/doc/ClamAV/html
+#usr/share/doc/ClamAV/html/404.html
+#usr/share/doc/ClamAV/html/FontAwesome
+#usr/share/doc/ClamAV/html/FontAwesome/css
+#usr/share/doc/ClamAV/html/FontAwesome/css/font-awesome.css
+#usr/share/doc/ClamAV/html/FontAwesome/fonts
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/FontAwesome.ttf
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.eot
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.svg
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.ttf
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.woff
+#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.woff2
+#usr/share/doc/ClamAV/html/Introduction.html
+#usr/share/doc/ClamAV/html/ace.js
+#usr/share/doc/ClamAV/html/appendix
+#usr/share/doc/ClamAV/html/appendix/Appendix.html
+#usr/share/doc/ClamAV/html/appendix/Authenticode.html
+#usr/share/doc/ClamAV/html/appendix/CvdPrivateMirror.html
+#usr/share/doc/ClamAV/html/appendix/FileTypes.html
+#usr/share/doc/ClamAV/html/appendix/FunctionalityLevels.html
+#usr/share/doc/ClamAV/html/appendix/Terminology.html
+#usr/share/doc/ClamAV/html/ayu-highlight.css
+#usr/share/doc/ClamAV/html/book.js
+#usr/share/doc/ClamAV/html/clipboard.min.js
+#usr/share/doc/ClamAV/html/css
+#usr/share/doc/ClamAV/html/css/chrome.css
+#usr/share/doc/ClamAV/html/css/general.css
+#usr/share/doc/ClamAV/html/css/print.css
+#usr/share/doc/ClamAV/html/css/variables.css
+#usr/share/doc/ClamAV/html/editor.js
+#usr/share/doc/ClamAV/html/elasticlunr.min.js
+#usr/share/doc/ClamAV/html/faq
+#usr/share/doc/ClamAV/html/faq/faq-cvd.html
+#usr/share/doc/ClamAV/html/faq/faq-eol.html
+#usr/share/doc/ClamAV/html/faq/faq-freshclam.html
+#usr/share/doc/ClamAV/html/faq/faq-ignore.html
+#usr/share/doc/ClamAV/html/faq/faq-misc.html
+#usr/share/doc/ClamAV/html/faq/faq-ml.html
+#usr/share/doc/ClamAV/html/faq/faq-pua.html
+#usr/share/doc/ClamAV/html/faq/faq-safebrowsing.html
+#usr/share/doc/ClamAV/html/faq/faq-scan-alerts.html
+#usr/share/doc/ClamAV/html/faq/faq-troubleshoot.html
+#usr/share/doc/ClamAV/html/faq/faq-uninstall.html
+#usr/share/doc/ClamAV/html/faq/faq-upgrade.html
+#usr/share/doc/ClamAV/html/faq/faq-whichversion.html
+#usr/share/doc/ClamAV/html/faq/faq-win32.html
+#usr/share/doc/ClamAV/html/faq/faq.html
+#usr/share/doc/ClamAV/html/favicon.png
+#usr/share/doc/ClamAV/html/fonts
+#usr/share/doc/ClamAV/html/fonts/OPEN-SANS-LICENSE.txt
+#usr/share/doc/ClamAV/html/fonts/SOURCE-CODE-PRO-LICENSE.txt
+#usr/share/doc/ClamAV/html/fonts/fonts.css
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300italic.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600italic.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700italic.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800italic.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-italic.woff2
+#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-regular.woff2
+#usr/share/doc/ClamAV/html/fonts/source-code-pro-v11-all-charsets-500.woff2
+#usr/share/doc/ClamAV/html/highlight.css
+#usr/share/doc/ClamAV/html/highlight.js
+#usr/share/doc/ClamAV/html/images
+#usr/share/doc/ClamAV/html/images/change-fork-name.png
+#usr/share/doc/ClamAV/html/images/cisco.png
+#usr/share/doc/ClamAV/html/images/clone-your-fork.png
+#usr/share/doc/ClamAV/html/images/create-a-fork.png
+#usr/share/doc/ClamAV/html/images/demon.png
+#usr/share/doc/ClamAV/html/images/flamegraph.svg
+#usr/share/doc/ClamAV/html/images/fork-is-behind.png
+#usr/share/doc/ClamAV/html/images/logo.png
+#usr/share/doc/ClamAV/html/images/new-git-workflow.png
+#usr/share/doc/ClamAV/html/images/old-git-workflow.png
+#usr/share/doc/ClamAV/html/index.html
+#usr/share/doc/ClamAV/html/manual
+#usr/share/doc/ClamAV/html/manual/Development
+#usr/share/doc/ClamAV/html/manual/Development.html
+#usr/share/doc/ClamAV/html/manual/Development/Contribute.html
+#usr/share/doc/ClamAV/html/manual/Development/build-installer-packages.html
+#usr/share/doc/ClamAV/html/manual/Development/clamav-git-work-flow.html
+#usr/share/doc/ClamAV/html/manual/Development/code-coverage.html
+#usr/share/doc/ClamAV/html/manual/Development/development-builds.html
+#usr/share/doc/ClamAV/html/manual/Development/fuzzing-sanitizers.html
+#usr/share/doc/ClamAV/html/manual/Development/github-pr-basics.html
+#usr/share/doc/ClamAV/html/manual/Development/libclamav.html
+#usr/share/doc/ClamAV/html/manual/Development/performance-profiling.html
+#usr/share/doc/ClamAV/html/manual/Development/personal-forks.html
+#usr/share/doc/ClamAV/html/manual/Development/testing-pull-requests.html
+#usr/share/doc/ClamAV/html/manual/Development/tips-and-tricks.html
+#usr/share/doc/ClamAV/html/manual/Installing
+#usr/share/doc/ClamAV/html/manual/Installing.html
+#usr/share/doc/ClamAV/html/manual/Installing/Add-clamav-user.html
+#usr/share/doc/ClamAV/html/manual/Installing/Community-projects.html
+#usr/share/doc/ClamAV/html/manual/Installing/Docker.html
+#usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix-old.html
+#usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Unix.html
+#usr/share/doc/ClamAV/html/manual/Installing/Installing-from-source-Windows.html
+#usr/share/doc/ClamAV/html/manual/Installing/Packages.html
+#usr/share/doc/ClamAV/html/manual/OnAccess.html
+#usr/share/doc/ClamAV/html/manual/Signatures
+#usr/share/doc/ClamAV/html/manual/Signatures.html
+#usr/share/doc/ClamAV/html/manual/Signatures/AllowLists.html
+#usr/share/doc/ClamAV/html/manual/Signatures/AuthenticodeRules.html
+#usr/share/doc/ClamAV/html/manual/Signatures/BodySignatureFormat.html
+#usr/share/doc/ClamAV/html/manual/Signatures/BytecodeSignatures.html
+#usr/share/doc/ClamAV/html/manual/Signatures/ContainerMetadata.html
+#usr/share/doc/ClamAV/html/manual/Signatures/DatabaseInfo.html
+#usr/share/doc/ClamAV/html/manual/Signatures/DynamicConfig.html
+#usr/share/doc/ClamAV/html/manual/Signatures/EncryptedArchives.html
+#usr/share/doc/ClamAV/html/manual/Signatures/ExtendedSignatures.html
+#usr/share/doc/ClamAV/html/manual/Signatures/FileTypeMagic.html
+#usr/share/doc/ClamAV/html/manual/Signatures/HashSignatures.html
+#usr/share/doc/ClamAV/html/manual/Signatures/LogicalSignatures.html
+#usr/share/doc/ClamAV/html/manual/Signatures/PhishSigs.html
+#usr/share/doc/ClamAV/html/manual/Signatures/YaraRules.html
+#usr/share/doc/ClamAV/html/manual/Usage
+#usr/share/doc/ClamAV/html/manual/Usage.html
+#usr/share/doc/ClamAV/html/manual/Usage/Configuration.html
+#usr/share/doc/ClamAV/html/manual/Usage/ReportABug.html
+#usr/share/doc/ClamAV/html/manual/Usage/Scanning.html
+#usr/share/doc/ClamAV/html/manual/Usage/Services.html
+#usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html
+#usr/share/doc/ClamAV/html/mark.min.js
+#usr/share/doc/ClamAV/html/mode-rust.js
+#usr/share/doc/ClamAV/html/print.html
+#usr/share/doc/ClamAV/html/searcher.js
+#usr/share/doc/ClamAV/html/searchindex.js
+#usr/share/doc/ClamAV/html/searchindex.json
+#usr/share/doc/ClamAV/html/theme-dawn.js
+#usr/share/doc/ClamAV/html/theme-tomorrow_night.js
+#usr/share/doc/ClamAV/html/tomorrow-night.css
#var/ipfire/clamav
var/ipfire/clamav/clamd.conf
var/ipfire/clamav/clamd.conf.sample
var/ipfire/clamav/freshclam.conf
var/ipfire/clamav/freshclam.conf.sample
var/lib/clamav
-etc/rc.d/init.d/clamav
usr/local/bin/clamavctrl
diff --git a/config/rootfiles/packages/ffmpeg b/config/rootfiles/packages/ffmpeg
index b388d18f1..65dd0d360 100644
--- a/config/rootfiles/packages/ffmpeg
+++ b/config/rootfiles/packages/ffmpeg
@@ -1,4 +1,5 @@
usr/bin/ffmpeg
+usr/bin/ffplay
usr/bin/ffprobe
#usr/include/libavcodec
#usr/include/libavcodec/ac3_parser.h
@@ -188,6 +189,8 @@ usr/lib/libswscale.so.5.9.100
#usr/share/doc/ffmpeg/ffmpeg-scaler.html
#usr/share/doc/ffmpeg/ffmpeg-utils.html
#usr/share/doc/ffmpeg/ffmpeg.html
+#usr/share/doc/ffmpeg/ffplay-all.html
+#usr/share/doc/ffmpeg/ffplay.html
#usr/share/doc/ffmpeg/ffprobe-all.html
#usr/share/doc/ffmpeg/ffprobe.html
#usr/share/doc/ffmpeg/general.html
@@ -246,6 +249,8 @@ usr/lib/libswscale.so.5.9.100
#usr/share/man/man1/ffmpeg-scaler.1
#usr/share/man/man1/ffmpeg-utils.1
#usr/share/man/man1/ffmpeg.1
+#usr/share/man/man1/ffplay-all.1
+#usr/share/man/man1/ffplay.1
#usr/share/man/man1/ffprobe-all.1
#usr/share/man/man1/ffprobe.1
#usr/share/man/man3/libavcodec.3
diff --git a/config/rootfiles/packages/sdl b/config/rootfiles/packages/sdl
deleted file mode 100644
index 5aefece3d..000000000
--- a/config/rootfiles/packages/sdl
+++ /dev/null
@@ -1,217 +0,0 @@
-#usr/bin/sdl-config
-#usr/include/SDL
-#usr/include/SDL/SDL.h
-#usr/include/SDL/SDL_active.h
-#usr/include/SDL/SDL_audio.h
-#usr/include/SDL/SDL_byteorder.h
-#usr/include/SDL/SDL_cdrom.h
-#usr/include/SDL/SDL_config.h
-#usr/include/SDL/SDL_cpuinfo.h
-#usr/include/SDL/SDL_endian.h
-#usr/include/SDL/SDL_error.h
-#usr/include/SDL/SDL_events.h
-#usr/include/SDL/SDL_getenv.h
-#usr/include/SDL/SDL_joystick.h
-#usr/include/SDL/SDL_keyboard.h
-#usr/include/SDL/SDL_keysym.h
-#usr/include/SDL/SDL_loadso.h
-#usr/include/SDL/SDL_main.h
-#usr/include/SDL/SDL_mouse.h
-#usr/include/SDL/SDL_mutex.h
-#usr/include/SDL/SDL_name.h
-#usr/include/SDL/SDL_opengl.h
-#usr/include/SDL/SDL_platform.h
-#usr/include/SDL/SDL_quit.h
-#usr/include/SDL/SDL_rwops.h
-#usr/include/SDL/SDL_stdinc.h
-#usr/include/SDL/SDL_syswm.h
-#usr/include/SDL/SDL_thread.h
-#usr/include/SDL/SDL_timer.h
-#usr/include/SDL/SDL_types.h
-#usr/include/SDL/SDL_version.h
-#usr/include/SDL/SDL_video.h
-#usr/include/SDL/begin_code.h
-#usr/include/SDL/close_code.h
-usr/lib/libSDL-1.2.so.0
-usr/lib/libSDL-1.2.so.0.11.4
-#usr/lib/libSDL.a
-#usr/lib/libSDL.la
-usr/lib/libSDL.so
-#usr/lib/libSDLmain.a
-#usr/lib/libSDLmain.la
-#usr/lib/pkgconfig/sdl.pc
-#usr/share/aclocal/sdl.m4
-#usr/share/man/man3/SDLKey.3
-#usr/share/man/man3/SDL_ActiveEvent.3
-#usr/share/man/man3/SDL_AddTimer.3
-#usr/share/man/man3/SDL_AudioCVT.3
-#usr/share/man/man3/SDL_AudioSpec.3
-#usr/share/man/man3/SDL_BlitSurface.3
-#usr/share/man/man3/SDL_BuildAudioCVT.3
-#usr/share/man/man3/SDL_CD.3
-#usr/share/man/man3/SDL_CDClose.3
-#usr/share/man/man3/SDL_CDEject.3
-#usr/share/man/man3/SDL_CDName.3
-#usr/share/man/man3/SDL_CDNumDrives.3
-#usr/share/man/man3/SDL_CDOpen.3
-#usr/share/man/man3/SDL_CDPause.3
-#usr/share/man/man3/SDL_CDPlay.3
-#usr/share/man/man3/SDL_CDPlayTracks.3
-#usr/share/man/man3/SDL_CDResume.3
-#usr/share/man/man3/SDL_CDStatus.3
-#usr/share/man/man3/SDL_CDStop.3
-#usr/share/man/man3/SDL_CDtrack.3
-#usr/share/man/man3/SDL_CloseAudio.3
-#usr/share/man/man3/SDL_Color.3
-#usr/share/man/man3/SDL_CondBroadcast.3
-#usr/share/man/man3/SDL_CondSignal.3
-#usr/share/man/man3/SDL_CondWait.3
-#usr/share/man/man3/SDL_CondWaitTimeout.3
-#usr/share/man/man3/SDL_ConvertAudio.3
-#usr/share/man/man3/SDL_ConvertSurface.3
-#usr/share/man/man3/SDL_CreateCond.3
-#usr/share/man/man3/SDL_CreateCursor.3
-#usr/share/man/man3/SDL_CreateMutex.3
-#usr/share/man/man3/SDL_CreateRGBSurface.3
-#usr/share/man/man3/SDL_CreateRGBSurfaceFrom.3
-#usr/share/man/man3/SDL_CreateSemaphore.3
-#usr/share/man/man3/SDL_CreateThread.3
-#usr/share/man/man3/SDL_CreateYUVOverlay.3
-#usr/share/man/man3/SDL_Delay.3
-#usr/share/man/man3/SDL_DestroyCond.3
-#usr/share/man/man3/SDL_DestroyMutex.3
-#usr/share/man/man3/SDL_DestroySemaphore.3
-#usr/share/man/man3/SDL_DisplayFormat.3
-#usr/share/man/man3/SDL_DisplayFormatAlpha.3
-#usr/share/man/man3/SDL_DisplayYUVOverlay.3
-#usr/share/man/man3/SDL_EnableKeyRepeat.3
-#usr/share/man/man3/SDL_EnableUNICODE.3
-#usr/share/man/man3/SDL_Event.3
-#usr/share/man/man3/SDL_EventState.3
-#usr/share/man/man3/SDL_ExposeEvent.3
-#usr/share/man/man3/SDL_FillRect.3
-#usr/share/man/man3/SDL_Flip.3
-#usr/share/man/man3/SDL_FreeCursor.3
-#usr/share/man/man3/SDL_FreeSurface.3
-#usr/share/man/man3/SDL_FreeWAV.3
-#usr/share/man/man3/SDL_FreeYUVOverlay.3
-#usr/share/man/man3/SDL_GL_GetAttribute.3
-#usr/share/man/man3/SDL_GL_GetProcAddress.3
-#usr/share/man/man3/SDL_GL_LoadLibrary.3
-#usr/share/man/man3/SDL_GL_SetAttribute.3
-#usr/share/man/man3/SDL_GL_SwapBuffers.3
-#usr/share/man/man3/SDL_GLattr.3
-#usr/share/man/man3/SDL_GetAppState.3
-#usr/share/man/man3/SDL_GetAudioStatus.3
-#usr/share/man/man3/SDL_GetClipRect.3
-#usr/share/man/man3/SDL_GetCursor.3
-#usr/share/man/man3/SDL_GetError.3
-#usr/share/man/man3/SDL_GetEventFilter.3
-#usr/share/man/man3/SDL_GetGamma.3
-#usr/share/man/man3/SDL_GetGammaRamp.3
-#usr/share/man/man3/SDL_GetKeyName.3
-#usr/share/man/man3/SDL_GetKeyState.3
-#usr/share/man/man3/SDL_GetModState.3
-#usr/share/man/man3/SDL_GetMouseState.3
-#usr/share/man/man3/SDL_GetRGB.3
-#usr/share/man/man3/SDL_GetRGBA.3
-#usr/share/man/man3/SDL_GetRelativeMouseState.3
-#usr/share/man/man3/SDL_GetThreadID.3
-#usr/share/man/man3/SDL_GetTicks.3
-#usr/share/man/man3/SDL_GetVideoInfo.3
-#usr/share/man/man3/SDL_GetVideoSurface.3
-#usr/share/man/man3/SDL_Init.3
-#usr/share/man/man3/SDL_InitSubSystem.3
-#usr/share/man/man3/SDL_JoyAxisEvent.3
-#usr/share/man/man3/SDL_JoyBallEvent.3
-#usr/share/man/man3/SDL_JoyButtonEvent.3
-#usr/share/man/man3/SDL_JoyHatEvent.3
-#usr/share/man/man3/SDL_JoystickClose.3
-#usr/share/man/man3/SDL_JoystickEventState.3
-#usr/share/man/man3/SDL_JoystickGetAxis.3
-#usr/share/man/man3/SDL_JoystickGetBall.3
-#usr/share/man/man3/SDL_JoystickGetButton.3
-#usr/share/man/man3/SDL_JoystickGetHat.3
-#usr/share/man/man3/SDL_JoystickIndex.3
-#usr/share/man/man3/SDL_JoystickName.3
-#usr/share/man/man3/SDL_JoystickNumAxes.3
-#usr/share/man/man3/SDL_JoystickNumBalls.3
-#usr/share/man/man3/SDL_JoystickNumButtons.3
-#usr/share/man/man3/SDL_JoystickNumHats.3
-#usr/share/man/man3/SDL_JoystickOpen.3
-#usr/share/man/man3/SDL_JoystickOpened.3
-#usr/share/man/man3/SDL_JoystickUpdate.3
-#usr/share/man/man3/SDL_KeyboardEvent.3
-#usr/share/man/man3/SDL_KillThread.3
-#usr/share/man/man3/SDL_ListModes.3
-#usr/share/man/man3/SDL_LoadBMP.3
-#usr/share/man/man3/SDL_LoadWAV.3
-#usr/share/man/man3/SDL_LockAudio.3
-#usr/share/man/man3/SDL_LockSurface.3
-#usr/share/man/man3/SDL_LockYUVOverlay.3
-#usr/share/man/man3/SDL_MapRGB.3
-#usr/share/man/man3/SDL_MapRGBA.3
-#usr/share/man/man3/SDL_MixAudio.3
-#usr/share/man/man3/SDL_MouseButtonEvent.3
-#usr/share/man/man3/SDL_MouseMotionEvent.3
-#usr/share/man/man3/SDL_NumJoysticks.3
-#usr/share/man/man3/SDL_OpenAudio.3
-#usr/share/man/man3/SDL_Overlay.3
-#usr/share/man/man3/SDL_Palette.3
-#usr/share/man/man3/SDL_PauseAudio.3
-#usr/share/man/man3/SDL_PeepEvents.3
-#usr/share/man/man3/SDL_PixelFormat.3
-#usr/share/man/man3/SDL_PollEvent.3
-#usr/share/man/man3/SDL_PumpEvents.3
-#usr/share/man/man3/SDL_PushEvent.3
-#usr/share/man/man3/SDL_Quit.3
-#usr/share/man/man3/SDL_QuitEvent.3
-#usr/share/man/man3/SDL_QuitSubSystem.3
-#usr/share/man/man3/SDL_RWFromFile.3
-#usr/share/man/man3/SDL_Rect.3
-#usr/share/man/man3/SDL_RemoveTimer.3
-#usr/share/man/man3/SDL_ResizeEvent.3
-#usr/share/man/man3/SDL_SaveBMP.3
-#usr/share/man/man3/SDL_SemPost.3
-#usr/share/man/man3/SDL_SemTryWait.3
-#usr/share/man/man3/SDL_SemValue.3
-#usr/share/man/man3/SDL_SemWait.3
-#usr/share/man/man3/SDL_SemWaitTimeout.3
-#usr/share/man/man3/SDL_SetAlpha.3
-#usr/share/man/man3/SDL_SetClipRect.3
-#usr/share/man/man3/SDL_SetColorKey.3
-#usr/share/man/man3/SDL_SetColors.3
-#usr/share/man/man3/SDL_SetCursor.3
-#usr/share/man/man3/SDL_SetEventFilter.3
-#usr/share/man/man3/SDL_SetGamma.3
-#usr/share/man/man3/SDL_SetGammaRamp.3
-#usr/share/man/man3/SDL_SetModState.3
-#usr/share/man/man3/SDL_SetPalette.3
-#usr/share/man/man3/SDL_SetTimer.3
-#usr/share/man/man3/SDL_SetVideoMode.3
-#usr/share/man/man3/SDL_ShowCursor.3
-#usr/share/man/man3/SDL_Surface.3
-#usr/share/man/man3/SDL_SysWMEvent.3
-#usr/share/man/man3/SDL_ThreadID.3
-#usr/share/man/man3/SDL_UnlockAudio.3
-#usr/share/man/man3/SDL_UnlockSurface.3
-#usr/share/man/man3/SDL_UnlockYUVOverlay.3
-#usr/share/man/man3/SDL_UpdateRect.3
-#usr/share/man/man3/SDL_UpdateRects.3
-#usr/share/man/man3/SDL_UserEvent.3
-#usr/share/man/man3/SDL_VideoDriverName.3
-#usr/share/man/man3/SDL_VideoInfo.3
-#usr/share/man/man3/SDL_VideoModeOK.3
-#usr/share/man/man3/SDL_WM_GetCaption.3
-#usr/share/man/man3/SDL_WM_GrabInput.3
-#usr/share/man/man3/SDL_WM_IconifyWindow.3
-#usr/share/man/man3/SDL_WM_SetCaption.3
-#usr/share/man/man3/SDL_WM_SetIcon.3
-#usr/share/man/man3/SDL_WM_ToggleFullScreen.3
-#usr/share/man/man3/SDL_WaitEvent.3
-#usr/share/man/man3/SDL_WaitThread.3
-#usr/share/man/man3/SDL_WarpMouse.3
-#usr/share/man/man3/SDL_WasInit.3
-#usr/share/man/man3/SDL_keysym.3
-#usr/share/man/man3/SDL_mutexP.3
-#usr/share/man/man3/SDL_mutexV.3
diff --git a/config/rootfiles/packages/sdl2 b/config/rootfiles/packages/sdl2
new file mode 100644
index 000000000..53b5716c8
--- /dev/null
+++ b/config/rootfiles/packages/sdl2
@@ -0,0 +1,91 @@
+#usr/bin/sdl2-config
+#usr/include/SDL2
+#usr/include/SDL2/SDL.h
+#usr/include/SDL2/SDL_assert.h
+#usr/include/SDL2/SDL_atomic.h
+#usr/include/SDL2/SDL_audio.h
+#usr/include/SDL2/SDL_bits.h
+#usr/include/SDL2/SDL_blendmode.h
+#usr/include/SDL2/SDL_clipboard.h
+#usr/include/SDL2/SDL_config.h
+#usr/include/SDL2/SDL_cpuinfo.h
+#usr/include/SDL2/SDL_egl.h
+#usr/include/SDL2/SDL_endian.h
+#usr/include/SDL2/SDL_error.h
+#usr/include/SDL2/SDL_events.h
+#usr/include/SDL2/SDL_filesystem.h
+#usr/include/SDL2/SDL_gamecontroller.h
+#usr/include/SDL2/SDL_gesture.h
+#usr/include/SDL2/SDL_haptic.h
+#usr/include/SDL2/SDL_hints.h
+#usr/include/SDL2/SDL_joystick.h
+#usr/include/SDL2/SDL_keyboard.h
+#usr/include/SDL2/SDL_keycode.h
+#usr/include/SDL2/SDL_loadso.h
+#usr/include/SDL2/SDL_locale.h
+#usr/include/SDL2/SDL_log.h
+#usr/include/SDL2/SDL_main.h
+#usr/include/SDL2/SDL_messagebox.h
+#usr/include/SDL2/SDL_metal.h
+#usr/include/SDL2/SDL_misc.h
+#usr/include/SDL2/SDL_mouse.h
+#usr/include/SDL2/SDL_mutex.h
+#usr/include/SDL2/SDL_name.h
+#usr/include/SDL2/SDL_opengl.h
+#usr/include/SDL2/SDL_opengl_glext.h
+#usr/include/SDL2/SDL_opengles.h
+#usr/include/SDL2/SDL_opengles2.h
+#usr/include/SDL2/SDL_opengles2_gl2.h
+#usr/include/SDL2/SDL_opengles2_gl2ext.h
+#usr/include/SDL2/SDL_opengles2_gl2platform.h
+#usr/include/SDL2/SDL_opengles2_khrplatform.h
+#usr/include/SDL2/SDL_pixels.h
+#usr/include/SDL2/SDL_platform.h
+#usr/include/SDL2/SDL_power.h
+#usr/include/SDL2/SDL_quit.h
+#usr/include/SDL2/SDL_rect.h
+#usr/include/SDL2/SDL_render.h
+#usr/include/SDL2/SDL_revision.h
+#usr/include/SDL2/SDL_rwops.h
+#usr/include/SDL2/SDL_scancode.h
+#usr/include/SDL2/SDL_sensor.h
+#usr/include/SDL2/SDL_shape.h
+#usr/include/SDL2/SDL_stdinc.h
+#usr/include/SDL2/SDL_surface.h
+#usr/include/SDL2/SDL_system.h
+#usr/include/SDL2/SDL_syswm.h
+#usr/include/SDL2/SDL_test.h
+#usr/include/SDL2/SDL_test_assert.h
+#usr/include/SDL2/SDL_test_common.h
+#usr/include/SDL2/SDL_test_compare.h
+#usr/include/SDL2/SDL_test_crc32.h
+#usr/include/SDL2/SDL_test_font.h
+#usr/include/SDL2/SDL_test_fuzzer.h
+#usr/include/SDL2/SDL_test_harness.h
+#usr/include/SDL2/SDL_test_images.h
+#usr/include/SDL2/SDL_test_log.h
+#usr/include/SDL2/SDL_test_md5.h
+#usr/include/SDL2/SDL_test_memory.h
+#usr/include/SDL2/SDL_test_random.h
+#usr/include/SDL2/SDL_thread.h
+#usr/include/SDL2/SDL_timer.h
+#usr/include/SDL2/SDL_touch.h
+#usr/include/SDL2/SDL_types.h
+#usr/include/SDL2/SDL_version.h
+#usr/include/SDL2/SDL_video.h
+#usr/include/SDL2/SDL_vulkan.h
+#usr/include/SDL2/begin_code.h
+#usr/include/SDL2/close_code.h
+#usr/lib/cmake/SDL2
+#usr/lib/cmake/SDL2/sdl2-config-version.cmake
+#usr/lib/cmake/SDL2/sdl2-config.cmake
+usr/lib/libSDL2-2.0.so.0
+usr/lib/libSDL2-2.0.so.0.16.0
+#usr/lib/libSDL2.la
+usr/lib/libSDL2.so
+#usr/lib/libSDL2_test.a
+#usr/lib/libSDL2_test.la
+#usr/lib/libSDL2main.a
+#usr/lib/libSDL2main.la
+#usr/lib/pkgconfig/sdl2.pc
+#usr/share/aclocal/sdl2.m4
diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/spice
index 9ee1f9179..b56a90329 100644
--- a/config/rootfiles/packages/spice
+++ b/config/rootfiles/packages/spice
@@ -2,7 +2,6 @@
#usr/include/spice-server/spice-audio.h
#usr/include/spice-server/spice-char.h
#usr/include/spice-server/spice-core.h
-#usr/include/spice-server/spice-experimental.h
#usr/include/spice-server/spice-input.h
#usr/include/spice-server/spice-migration.h
#usr/include/spice-server/spice-qxl.h
@@ -13,5 +12,5 @@
#usr/lib/libspice-server.la
#usr/lib/libspice-server.so
usr/lib/libspice-server.so.1
-usr/lib/libspice-server.so.1.12.4
+usr/lib/libspice-server.so.1.14.1
#usr/lib/pkgconfig/spice-server.pc
diff --git a/config/udev/99-offloading.rules b/config/udev/99-offloading.rules
new file mode 100644
index 000000000..5387971ac
--- /dev/null
+++ b/config/udev/99-offloading.rules
@@ -0,0 +1,2 @@
+# Call the offloading script
+SUBSYSTEM=="net", RUN+="/lib/udev/network-offloading"
diff --git a/config/udev/network-offloading b/config/udev/network-offloading
new file mode 100644
index 000000000..dfdf51ee9
--- /dev/null
+++ b/config/udev/network-offloading
@@ -0,0 +1,44 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2021 IPFire Team <info(a)ipfire.org>. #
+# #
+############################################################################
+
+if [ -z "${INTERFACE}" ]; then
+ echo "INTERFACE variable was not set" >&2
+ exit 1
+fi
+
+case "${ACTION}" in
+ add|register)
+ # Try to enable ntuple (and ignore if not supported)
+ ethtool --features "${INTERFACE}" ntuple on &>/dev/null
+ ;;
+
+ remove|unregister)
+ # Nothing to do here.
+ ;;
+
+ *)
+ echo "No or unkown ACTION set" >&2
+ exit 1
+esac
+
+exit 0
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index d54b56577..7bb0d1b35 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -675,8 +675,7 @@ END
unlink ($filename);
goto UPLOADCA_ERROR;
} else {
- move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem");
- if ($? ne 0) {
+ unless(move($filename, "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) {
$errormessage = "$Lang::tr{'certificate file move failed'}: $!";
unlink ($filename);
goto UPLOADCA_ERROR;
@@ -849,7 +848,7 @@ END
print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n";
my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ca/cacert.pem");
- print "@cert";
+ print join("", @cert);
exit(0);
}
###
@@ -861,7 +860,7 @@ END
print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n";
my @cert = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/certs/hostcert.pem");
- print "@cert";
+ print join("", @cert);
exit(0);
}
###
@@ -947,20 +946,23 @@ END
if (!$errormessage) {
&General::log("ipsec", "Moving cacert...");
- move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem");
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+ unless(move("/tmp/newcacert", "${General::swroot}/ca/cacert.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ }
}
if (!$errormessage) {
&General::log("ipsec", "Moving host cert...");
- move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem");
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+ unless(move("/tmp/newhostcert", "${General::swroot}/certs/hostcert.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ }
}
if (!$errormessage) {
&General::log("ipsec", "Moving private key...");
- move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem");
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+ unless(move("/tmp/newhostkey", "${General::swroot}/certs/hostkey.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ }
}
#cleanup temp files
@@ -1979,8 +1981,11 @@ END
while (grep(/Imported-$idx/, @names) ) {$idx++};
$cgiparams{'CA_NAME'}="Imported-$idx";
$cgiparams{'CERT_NAME'}=&Header::cleanhtml(getCNfromcert ('/tmp/newhostcert'));
- move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem");
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+
+ unless(move("/tmp/newcacert", "${General::swroot}/ca/$cgiparams{'CA_NAME'}cert.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ }
+
if (!$errormessage) {
my $key = &General::findhasharraykey (\%cahash);
$cahash{$key}[0] = $cgiparams{'CA_NAME'};
@@ -1993,8 +1998,9 @@ END
}
if (!$errormessage) {
&General::log("ipsec", "Moving host cert...");
- move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem");
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!" if ($? ne 0);
+ unless(move("/tmp/newhostcert", "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ }
}
#cleanup temp files
@@ -2042,9 +2048,8 @@ END
unlink ($filename);
goto VPNCONF_ERROR;
} else {
- move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem");
- if ($? ne 0) {
- $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ unless (move($filename, "${General::swroot}/certs/$cgiparams{'NAME'}cert.pem")) {
+ $errormessage = "$Lang::tr{'certificate file move failed'} ($filename): $!";
unlink ($filename);
goto VPNCONF_ERROR;
}
diff --git a/lfs/ca-certificates b/lfs/ca-certificates
index f3c68a7c0..9e37687da 100644
--- a/lfs/ca-certificates
+++ b/lfs/ca-certificates
@@ -24,7 +24,7 @@
include Config
-VER = 20210611
+VER = 20210819
THISAPP = ca-certificates
DIR_APP = $(DIR_SRC)/$(THISAPP)
diff --git a/lfs/clamav b/lfs/clamav
index 4dc996ea4..9076d0f71 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
include Config
-VER = 0.103.3
+VER = 0.104.0
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,14 +32,10 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 56
+PAK_VER = 57
DEPS =
-ifeq "$(BUILD_PLATFORM)" "arm"
-CONFIGURE_FLAGS = --disable-fanotify
-endif
-
DATABASE_DIR = /var/lib/clamav
###############################################################################
@@ -50,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f8dcf678953f6af056ddd5917bcc50c3
+$(DL_FILE)_MD5 = 3f4789c09f5a35e9ea580edd5c3e54b6
install : $(TARGET)
@@ -83,19 +79,31 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --disable-clamonacc \
- --sysconfdir=/var/ipfire/clamav \
- --with-dbdir=$(DATABASE_DIR) \
- $(CONFIGURE_FLAGS)
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
+
+ cd $(DIR_APP) && mkdir -pv build
+ cd $(DIR_APP)/build && cmake .. -G Ninja \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=/usr/lib \
+ -DOPTIMIZE=ON \
+ -DBYTECODE_RUNTIME="interpreter" \
+ -DENABLE_TESTS=OFF \
+ -DENABLE_CLAMONACC=OFF \
+ -DENABLE_MILTER=OFF \
+ -DENABLE_MAN_PAGES=OFF \
+ -DENABLE_EXTERNAL_MSPACK=OFF \
+ -DENABLE_FRESHCLAM_DNS_FIX=ON \
+ -DAPP_CONFIG_DIRECTORY=/var/ipfire/clamav \
+ -DDATABASE_DIRECTORY=$(DATABASE_DIR)
+
+ cd $(DIR_APP)/build && ninja $(MAKETUNING) && ninja install
+
mkdir -pv $(DATABASE_DIR)
chown clamav.clamav -R $(DATABASE_DIR)
rm -rfv $(DATABASE_DIR)/*.cvd
+ mkdir -pv /var/ipfire/clamav
cp -rf $(DIR_SRC)/config/clamav/* /var/ipfire/clamav/
- mkdir -p /var/run/clamav
+ mkdir -pv /var/run/clamav
chown clamav:clamav /var/run/clamav
#install initscripts
$(call INSTALL_INITSCRIPT,clamav)
diff --git a/lfs/ffmpeg b/lfs/ffmpeg
index 1efa14a36..21c21cc88 100644
--- a/lfs/ffmpeg
+++ b/lfs/ffmpeg
@@ -32,9 +32,9 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = ffmpeg
-PAK_VER = 12
+PAK_VER = 13
-DEPS = sdl lame libvorbis xvid
+DEPS = sdl2 lame libvorbis xvid
ifeq "$(BUILD_ARCH)" "armv6l"
LDFLAGS += -latomic
diff --git a/lfs/glib b/lfs/glib
index cbf666f70..58c45415a 100644
--- a/lfs/glib
+++ b/lfs/glib
@@ -75,7 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--sysconfdir=/etc \
-D internal_pcre=false \
builddir/
- cd $(DIR_APP) && ninja -C builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/libinih b/lfs/libinih
index bfecc35de..3c25bdbfa 100644
--- a/lfs/libinih
+++ b/lfs/libinih
@@ -77,7 +77,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && meson --prefix=/usr builddir/
- cd $(DIR_APP) && ninja -C builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/libmpdclient b/lfs/libmpdclient
index 24f516d01..ee18a37a6 100644
--- a/lfs/libmpdclient
+++ b/lfs/libmpdclient
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libmpdclient
-PAK_VER = 4
+PAK_VER = 5
DEPS =
@@ -79,7 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && meson --prefix=/usr builddir/
- cd $(DIR_APP) && ninja -C builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/libssh b/lfs/libssh
index 4eaddcd70..d08e91146 100644
--- a/lfs/libssh
+++ b/lfs/libssh
@@ -24,7 +24,7 @@
include Config
-VER = 0.9.3
+VER = 0.9.6
THISAPP = libssh-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f35e9ad384f29375718682a88a3885da
+$(DL_FILE)_MD5 = 0174df377361221a31a9576afbaba330
install : $(TARGET)
diff --git a/lfs/libtasn1 b/lfs/libtasn1
new file mode 100644
index 000000000..155608807
--- /dev/null
+++ b/lfs/libtasn1
@@ -0,0 +1,82 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 4.17.0
+
+THISAPP = libtasn1-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+CFLAGS += -fcommon
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c46f6eb3bd1287031ae5d36465094402
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ $(UPDATE_AUTOMAKE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/mpc b/lfs/mpc
index 2060685cc..47b069401 100644
--- a/lfs/mpc
+++ b/lfs/mpc
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mpc
-PAK_VER = 7
+PAK_VER = 8
DEPS = mpd libmpdclient
@@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && meson --prefix=/usr builddir/
- cd $(DIR_APP) && ninja -C builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/mpd b/lfs/mpd
index 012100b0e..c1871d8b5 100644
--- a/lfs/mpd
+++ b/lfs/mpd
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/${THISAPP}
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mpd
-PAK_VER = 23
+PAK_VER = 24
SUP_ARCH = aarch64 armv6l x86_64 i586
DEPS = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr
@@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-D upnp=disabled \
-D icu=disabled \
builddir/
- cd $(DIR_APP) && ninja -C builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
cd $(DIR_APP) && ninja -C builddir/ install
#install initscripts
diff --git a/lfs/openssh b/lfs/openssh
index 3117e996c..ec8ac1e55 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@
include Config
-VER = 8.6p1
+VER = 8.7p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 805f7048aec6dd752584e570383a6f00
+$(DL_FILE)_MD5 = f545230799f131aecca04da56e61990a
install : $(TARGET)
diff --git a/lfs/p11-kit b/lfs/p11-kit
new file mode 100644
index 000000000..df3f51df1
--- /dev/null
+++ b/lfs/p11-kit
@@ -0,0 +1,82 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.24.0
+
+THISAPP = p11-kit-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+CFLAGS += -fcommon
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 8ccf11c4a2e2e505b8e516d8549e64a5
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ $(UPDATE_AUTOMAKE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --with-trust-paths=/etc/pki/ca-trust/source
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/postfix b/lfs/postfix
index 3735f7e69..f6892c1c1 100644
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -24,7 +24,7 @@
include Config
-VER = 3.6.1
+VER = 3.6.2
THISAPP = postfix-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = postfix
-PAK_VER = 31
+PAK_VER = 32
DEPS =
@@ -66,7 +66,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 85d1c2b06a469ba6cc61946c7042e40e
+$(DL_FILE)_MD5 = 4718b498fa4285cf275f506c169f4746
install : $(TARGET)
diff --git a/lfs/sdl b/lfs/sdl2
similarity index 93%
rename from lfs/sdl
rename to lfs/sdl2
index 0e96af04d..ea5f15ce2 100644
--- a/lfs/sdl
+++ b/lfs/sdl2
@@ -24,15 +24,15 @@
include Config
-VER = 1.2.15
+VER = 2.0.16
-THISAPP = SDL-$(VER)
+THISAPP = SDL2-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = sdl
-PAK_VER = 3
+PROG = sdl2
+PAK_VER = 4
DEPS = alsa
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9d96df8417572a2afb781a7c4c811a85
+$(DL_FILE)_MD5 = 98b8a1535a757ea1d03ae44e2fb20247
install : $(TARGET)
@@ -78,7 +78,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/spice b/lfs/spice
index d1f56e708..72b132ebd 100644
--- a/lfs/spice
+++ b/lfs/spice
@@ -24,7 +24,7 @@
include Config
-VER = 0.14.0
+VER = 0.15.0
THISAPP = spice-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spice
-PAK_VER = 5
+PAK_VER = 6
DEPS = opus
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6622aa7dfb5cd026a4d0d7e659216d26
+$(DL_FILE)_MD5 = 840c5284ebc78c15fc7c3a146931bc01
install : $(TARGET)
diff --git a/lfs/spice-protocol b/lfs/spice-protocol
index 00f2e57b3..ead597438 100644
--- a/lfs/spice-protocol
+++ b/lfs/spice-protocol
@@ -24,15 +24,15 @@
include Config
-VER = 0.12.13
+VER = 0.14.3
THISAPP = spice-protocol-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spice-protocol
-PAK_VER = 3
+PAK_VER = 4
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 50a1d951d1fa96d1478ff0cc7f3b1442
+$(DL_FILE)_MD5 = 950e08044497ca9cf64e368cb3ceb395
install : $(TARGET)
@@ -76,10 +76,9 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
- cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
- cd $(DIR_APP) && make install
- /usr/share/automake-*/py-compile /usr/lib/spice-protocol/python_modules/*
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && meson --prefix=/usr builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
+ cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/sshfs b/lfs/sshfs
index 1e7706194..23b68c541 100644
--- a/lfs/sshfs
+++ b/lfs/sshfs
@@ -73,6 +73,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && meson --prefix=/usr builddir && cd builddir && ninja && ninja install
+ cd $(DIR_APP) && meson --prefix=/usr builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
+ cd $(DIR_APP) && ninja -C builddir/ install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/strongswan b/lfs/strongswan
index 0f00b071f..3b481ac2e 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
include Config
-VER = 5.9.2
+VER = 5.9.3
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8918e6675e1be3784817641f07eadeb8
+$(DL_FILE)_MD5 = 80ecabe0ce72d550d2d5de0118f89143
install : $(TARGET)
diff --git a/lfs/tor b/lfs/tor
index 97f2cf04e..56280b936 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@
include Config
-VER = 0.4.6.5
+VER = 0.4.6.7
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 62
+PAK_VER = 63
DEPS = libseccomp
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5a678a32c5a8b4bf97c9cb541df22b71
+$(DL_FILE)_MD5 = ff80309cfaa0719b197fdaf83f9d5443
install : $(TARGET)
diff --git a/lfs/udev b/lfs/udev
index b578ab54c..cfad0398b 100644
--- a/lfs/udev
+++ b/lfs/udev
@@ -132,5 +132,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
install -m 755 $(DIR_SRC)/config/udev/enable_codel \
/lib/udev/enable_codel
+ # Install offloading rules
+ install -v -m 644 $(DIR_SRC)/config/udev/99-offloading.rules \
+ /lib/udev/rules.d
+ install -m 755 $(DIR_SRC)/config/udev/network-offloading \
+ /lib/udev/network-offloading
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index a6d29ca77..a44a6e4bc 100755
--- a/make.sh
+++ b/make.sh
@@ -1234,6 +1234,8 @@ buildipfire() {
lfsmake2 grub
lfsmake2 efivar
lfsmake2 efibootmgr
+ lfsmake2 libtasn1
+ lfsmake2 p11-kit
lfsmake2 ca-certificates
lfsmake2 fireinfo
lfsmake2 libnet
@@ -1444,7 +1446,7 @@ buildipfire() {
lfsmake2 python3-pyparsing
lfsmake2 spice-protocol
lfsmake2 spice
- lfsmake2 sdl
+ lfsmake2 sdl2
lfsmake2 libusbredir
lfsmake2 libseccomp
lfsmake2 qemu
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2021-09-10 20:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4H5nBL0ZgQz2xkM@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox