From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 1452738c2e22562d84a7c6af683a2f9bce88fd55
Date: Sun, 19 Jun 2022 12:18:32 +0000
Message-ID: <4LQsJ83ZTpz2xv4@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8018798278838628024=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============8018798278838628024==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  1452738c2e22562d84a7c6af683a2f9bce88fd55 (commit)
       via  43b9482a26e7bb265f464180d20cb3beee91b8f4 (commit)
      from  480202725b872018667ce0cdc337c25c94cef72b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1452738c2e22562d84a7c6af683a2f9bce88fd55
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date:   Sun Jun 19 09:41:05 2022 +0000

    Tor: Update to 0.4.7.8
   =20
    Changes in version 0.4.7.8 - 2022-06-17
      This version fixes several bugfixes including a High severity security =
issue
      categorized as a Denial of Service. Everyone running an earlier version
      should upgrade to this version.
   =20
      o Major bugfixes (congestion control, TROVE-2022-001):
        - Fix a scenario where RTT estimation can become wedged, seriously
          degrading congestion control performance on all circuits. This
          impacts clients, onion services, and relays, and can be triggered
          remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
          bug 40626; bugfix on 0.4.7.5-alpha.
   =20
      o Minor features (fallbackdir):
        - Regenerate fallback directories generated on June 17, 2022.
   =20
      o Minor features (geoip data):
        - Update the geoip files to match the IPFire Location Database, as
          retrieved on 2022/06/17.
   =20
      o Minor bugfixes (linux seccomp2 sandbox):
        - Allow the rseq system call in the sandbox. This solves a crash
          issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
          40601; bugfix on 0.3.5.11.
   =20
      o Minor bugfixes (logging):
        - Demote a harmless warn log message about finding a second hop to
          from warn level to info level, if we do not have enough
          descriptors yet. Leave it at notice level for other cases. Fixes
          bug 40603; bugfix on 0.4.7.1-alpha.
        - Demote a notice log message about "Unexpected path length" to info
          level. These cases seem to happen arbitrarily, and we likely will
          never find all of them before the switch to arti. Fixes bug 40612;
          bugfix on 0.4.7.5-alpha.
   =20
      o Minor bugfixes (relay, logging):
        - Demote a harmless XOFF log message to from notice level to info
          level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
    Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

commit 43b9482a26e7bb265f464180d20cb3beee91b8f4
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date:   Sun Jun 19 09:42:20 2022 +0000

    Postfix: Update to 3.7.2
   =20
    Please refer to https://www.postfix.org/announcements/postfix-3.7.2.html
    for this versions' release announcement.
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
    Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 lfs/postfix                                                |  6 +++---
 lfs/tor                                                    |  9 +++------
 .../Tor-Sandbox-permit-the-clone3-system-call.patch        | 14 ------------=
--
 3 files changed, 6 insertions(+), 23 deletions(-)
 delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.pat=
ch

Difference in files:
diff --git a/lfs/postfix b/lfs/postfix
index 6fe12c9c8..d5fdadbbe 100644
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -26,7 +26,7 @@ include Config
=20
 SUMMARY    =3D A fast, secure, and flexible mailer
=20
-VER        =3D 3.7.1
+VER        =3D 3.7.2
=20
 THISAPP    =3D postfix-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D postfix
-PAK_VER    =3D 35
+PAK_VER    =3D 36
=20
 DEPS       =3D
=20
@@ -70,7 +70,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D d0bfdbc5105407e5143823e8e14b49e60d5c248eac435279a5fe80=
3b370b46a56de9aff39fdf94398758863f753e43e889e2dffbb393ab63cf486d4fd3f5cf99
+$(DL_FILE)_BLAKE2 =3D 3f7aaba222b64274f756ea37b8ac06c29469d9183879deb4942a70=
9d75783f4a8ca81204971b6658aba4b5bea46ed9c21b14e1f8fc6b613f257acd3aad16c170
=20
 install : $(TARGET)
=20
diff --git a/lfs/tor b/lfs/tor
index e6751fb84..628ed63a2 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -26,7 +26,7 @@ include Config
=20
 SUMMARY    =3D Anonymizing overlay network for TCP (The onion router)
=20
-VER        =3D 0.4.7.7
+VER        =3D 0.4.7.8
=20
 THISAPP    =3D tor-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D tor
-PAK_VER    =3D 69
+PAK_VER    =3D 70
=20
 DEPS       =3D libseccomp
=20
@@ -48,7 +48,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241=
a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97
+$(DL_FILE)_BLAKE2 =3D 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add=
6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
=20
 install : $(TARGET)
=20
@@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 			--with-tor-user=3Dtor \
 			--with-tor-group=3Dtor
=20
-	# https://bugzilla.ipfire.org/show_bug.cgi?id=3D12807
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-th=
e-clone3-system-call.patch
-
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
=20
diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/sr=
c/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
deleted file mode 100644
index 7e819ce73..000000000
--- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/=
sandbox/sandbox.c
---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c	2022-04-09 07:58:00.28118956=
4 +0000
-+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c	2022-04-09 08:00:55.861698856 +00=
00
-@@ -151,6 +151,10 @@
-     SCMP_SYS(clock_gettime),
-     SCMP_SYS(close),
-     SCMP_SYS(clone),
-+#ifdef __NR_clone3
-+    SCMP_SYS(clone3),
-+#endif
-+    SCMP_SYS(rseq),
-     SCMP_SYS(dup),
-     SCMP_SYS(epoll_create),
-     SCMP_SYS(epoll_wait),


hooks/post-receive
--
IPFire 2.x development tree

--===============8018798278838628024==--