From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ca4de263184e2d62239cc6d63caf2a0812d492b5 Date: Tue, 04 Oct 2022 14:53:48 +0000 Message-ID: <4Mhggw6DqBz2xQV@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1758394642801659304==" List-Id: --===============1758394642801659304== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via ca4de263184e2d62239cc6d63caf2a0812d492b5 (commit) via a308f5bcdefa59a744584a8276b03d80acd97517 (commit) via 9745a212d4aff2b9cd50de34e30c79c624d21b3c (commit) via 6efb611cbc97908cbd893806ceb82c167cddeb6a (commit) via e77ef3639579e88f1fe86ef332d9c831b4e200ca (commit) via 8399123461b7b790b43d4a8c6ebf27928a44929d (commit) via a4e5b6d689a7f3094b916251b52e04ff0825add4 (commit) from 6d0e3c5a5719ea66a47f1859871808d8b2095fa4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ca4de263184e2d62239cc6d63caf2a0812d492b5 Author: Michael Tremer Date: Tue Oct 4 13:32:47 2022 +0000 unbound-dhcp-leases-bridge: Fall back to the default domain =20 When the bridge cannot detect a domain name for any of the leases, it uses localdomain which is not always the best choice. So instead, this patches changes the behaviour that we read the default domain of the firewall. =20 Signed-off-by: Michael Tremer Reviewed-by: Bernhard Bitsch commit a308f5bcdefa59a744584a8276b03d80acd97517 Author: Peter M=C3=BCller Date: Tue Oct 4 14:48:04 2022 +0000 Core Update 171: Ship setclock initscript =20 Signed-off-by: Peter M=C3=BCller commit 9745a212d4aff2b9cd50de34e30c79c624d21b3c Author: Mathew McBride Date: Mon Oct 3 06:20:19 2022 +0000 initscripts: load RTC module (RX8025) for Ten64 board =20 For reasons I have not been able to determine, the RTC module for the Ten64 board (rtc-rx8025) is not automatically loaded at startup, despite every other relevant modules being loaded. =20 modprobe it manually if we are on a Ten64 board. =20 Signed-off-by: Mathew McBride Reviewed-by: Michael Tremer commit 6efb611cbc97908cbd893806ceb82c167cddeb6a Author: Mathew McBride Date: Mon Oct 3 06:20:18 2022 +0000 config: u-boot: bypass the u-boot script on Traverse Ten64 =20 The Ten64 board runs a U-Boot which works best directly booting EFI. Attempting to load your own DTB or other steps will cause issues. (see https://ten64doc.traverse.com.au/faq/#common-issues) =20 The current stable Ten64 firmware unfortunately searches for boot.scr before bootaa64.efi. So redirect it back to the EFI path. =20 A future Ten64 firmware package will prefer EFI first before any boot script avoiding this issue. I will provide a patch reversing this when that day comes. =20 Signed-off-by: Mathew McBride Reviewed-by: Michael Tremer commit e77ef3639579e88f1fe86ef332d9c831b4e200ca Author: Mathew McBride Date: Mon Oct 3 06:20:17 2022 +0000 kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64) =20 These two patches are needed to support SFP's on NXP DPAA2 platforms (e.g Traverse Ten64). =20 The deadlock issue patch was submitted upstream a while ago and rejected, however I am not aware of any better solutions at present. =20 The 10G mode additions are part of mainline since 5.16. =20 These two .patches were sourced from our patchset over here: https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/p= atches =20 Signed-off-by: Mathew McBride Reviewed-by: Michael Tremer commit 8399123461b7b790b43d4a8c6ebf27928a44929d Author: Mathew McBride Date: Mon Oct 3 06:20:16 2022 +0000 linux: enable options for NXP Layerscape =20 This change enables support for NXP's QorIQ/Layerscape platforms, specifically the Traverse Technologies Ten64 (LS1088A). =20 Signed-off-by: Mathew McBride Reviewed-by: Michael Tremer commit a4e5b6d689a7f3094b916251b52e04ff0825add4 Author: Adolf Belka Date: Tue Oct 4 12:54:42 2022 +0200 rsync: Update to version 3.2.6 and fix Bug#12947 =20 - Update from version 3.2.4 plus CVE-2022-29154 patch to 3.2.6 - Patch for CVE-2022-29154 applied in CU170 turned out to have a bug wit= hin it causing rsync to fail with an error. Four additional commits were done to fix = this bug and its consequences but these were all applied in the rsync git repo afte= r the patch had been merged into CU170. - Version 3.2.5 onwards contains the CVE-2022-29154 fix and associated co= mmits. - No update of rootfile required. - Changelog NEWS for rsync 3.2.6 (9 Sep 2022) BUG FIXES: More path-cleaning improvements in the file-list validation code to = avoid rejecting of valid args. A file-list validation fix for a --files-from file that ends without= a line-terminating character. Added a safety check that prevents the sender from removing destinat= ion files when a local copy using --remove-source-files has some= files that are shared between the sending & receiving hierarchies, includin= g the case where the source dir & destination dir are identical. Fixed a bug in the internal MD4 checksum code that could cause the d= igest to be sporadically incorrect (the openssl version was/is fine). A minor tweak to rrsync added "copy-devices" to the list of known ar= gs, but left it disabled by default. ENHANCEMENTS: Rename --protect-args to --secluded-args to make it clearer how it d= iffers from the default backslash-escaped arg-protecting behavior o= f rsync. The old option names are still accepted. The environment-variabl= e override did not change its name. PACKAGING RELATED: The configure option --with-protected-args was renamed to --with-secluded-args. This option makes --secluded-args the = default rsync behavior instead of using backslash escaping for protecting = args. The mkgitver script now makes sure that a .git dir/file is in the to= p-level source dir before calling git describe. It also runs a basic= check on the version value. This should avoid using an unrelated git desc= ription for rsync's version. DEVELOPER RELATED: The configure script no longer sets the -=E2=81=A0pedantic-errors CF= LAG (which it used to try to do only for gcc). The name_num_obj struct was modified to allow its dynamic name_num_i= tem list to be initialized in a better way. NEWS for rsync 3.2.5 (14 Aug 2022) SECURITY FIXES: Added some file-list safety checking that helps to ensure that a rog= ue sending rsync can't add unrequested top-level names and/or i= nclude recursive names that should have been excluded by the sender= . These extra safety checks only require the receiver rsync to be updated.= When dealing with an untrusted sending host, it is safest to copy into a = dedicated destination directory for the remote content (i.e. don't cop= y into a destination directory that contains files that aren't from t= he remote host unless you trust the remote host). Fixes CVE-2022-29154. A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). BUG FIXES: Fixed the handling of filenames specified with backslash-quoted wild= cards when the default remote-arg-escaping is enabled. Fixed the configure check for signed char that was causing a host th= at defaults to unsigned characters to generate bogus rolling ch= ecksums. This made rsync send mostly literal data for a copy instead of fi= nding matching data in the receiver's basis file (for a file that contains = high-bit characters). Lots of manpage improvements, including an attempt to better describ= e how include/exclude filters work. If rsync is compiled with an xxhash 0.8 library and then moved to a = system with a dynamically linked xxhash 0.7 library, we now detect = this and disable the XX3 hashes (since these routines didn't stabiliz= e until 0.8). ENHANCEMENTS: The --trust-sender option was added as a way to bypass the extra fil= e-list safety checking (should that be required). PACKAGING RELATED: A note to those wanting to patch older rsync versions: the changes i= n this release requires the quoted argument change from 3.2.4. Then= , you'll want every single code change from 3.2.5 since there is no fluff = in this release. The build date that goes into the manpages is now based on the devel= oper's release date, not on the build's local-timezone interpretati= on of the date. DEVELOPER RELATED: Configure now defaults GETGROUPS_T to gid_t when cross compiling. Configure now looks for the bsd/string.h include file in order to fi= x the build on a host that has strlcpy() in the main libc but not = defined in the main string.h file. =20 Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 76 ++++- config/rootfiles/core/171/filelists/files | 1 + config/u-boot/boot.cmd | 9 + config/unbound/unbound-dhcp-leases-bridge | 7 +- lfs/linux | 3 + lfs/rsync | 9 +- src/initscripts/system/setclock | 8 + ...-15-arm64-dpaa2-add-support-for-10g-modes.patch | 39 +++ .../linux-5.15-arm64-dpaa2-fix-lock-issue.patch | 81 ++++++ src/patches/rsync-CVE-2022-29154.patch | 322 -------------------= -- 10 files changed, 211 insertions(+), 344 deletions(-) create mode 100644 src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-= 10g-modes.patch create mode 100644 src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.p= atch delete mode 100644 src/patches/rsync-CVE-2022-29154.patch Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne= l.config.aarch64-ipfire index e2ae8da17..63dc80d4a 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -297,7 +297,7 @@ CONFIG_ARCH_BERLIN=3Dy # CONFIG_ARCH_EXYNOS is not set # CONFIG_ARCH_SPARX5 is not set # CONFIG_ARCH_K3 is not set -# CONFIG_ARCH_LAYERSCAPE is not set +CONFIG_ARCH_LAYERSCAPE=3Dy # CONFIG_ARCH_LG1K is not set # CONFIG_ARCH_HISI is not set # CONFIG_ARCH_KEEMBAY is not set @@ -372,9 +372,9 @@ CONFIG_SOCIONEXT_SYNQUACER_PREITS=3Dy CONFIG_ARM64_4K_PAGES=3Dy # CONFIG_ARM64_16K_PAGES is not set # CONFIG_ARM64_64K_PAGES is not set -CONFIG_ARM64_VA_BITS_39=3Dy -# CONFIG_ARM64_VA_BITS_48 is not set -CONFIG_ARM64_VA_BITS=3D39 +# CONFIG_ARM64_VA_BITS_39 is not set +CONFIG_ARM64_VA_BITS_48=3Dy +CONFIG_ARM64_VA_BITS=3D48 CONFIG_ARM64_PA_BITS_48=3Dy CONFIG_ARM64_PA_BITS=3D48 # CONFIG_CPU_BIG_ENDIAN is not set @@ -559,6 +559,7 @@ CONFIG_ARM_ARMADA_37XX_CPUFREQ=3Dm CONFIG_ARM_ARMADA_8K_CPUFREQ=3Dm CONFIG_ARM_IMX_CPUFREQ_DT=3Dm CONFIG_ARM_SCMI_CPUFREQ=3Dm +CONFIG_QORIQ_CPUFREQ=3Dm # end of CPU Frequency scaling # end of CPU Power Management =20 @@ -1760,6 +1761,7 @@ CONFIG_PCIE_DW_HOST=3Dy CONFIG_PCIE_DW_PLAT=3Dy CONFIG_PCIE_DW_PLAT_HOST=3Dy CONFIG_PCI_IMX6=3Dy +CONFIG_PCI_LAYERSCAPE=3Dy # CONFIG_PCI_HISI is not set # CONFIG_PCIE_ARMADA_8K is not set CONFIG_PCIE_ROCKCHIP_DW_HOST=3Dy @@ -1771,6 +1773,7 @@ CONFIG_PCIE_AL=3Dy # # Mobiveil PCIe Core Support # +# CONFIG_PCIE_LAYERSCAPE_GEN4 is not set # end of Mobiveil PCIe Core Support =20 # @@ -1847,6 +1850,8 @@ CONFIG_GENERIC_ARCH_TOPOLOGY=3Dy CONFIG_SUN50I_DE2_BUS=3Dy CONFIG_SUNXI_RSB=3Dy CONFIG_VEXPRESS_CONFIG=3Dy +CONFIG_FSL_MC_BUS=3Dy +CONFIG_FSL_MC_UAPI_SUPPORT=3Dy CONFIG_MHI_BUS=3Dm # CONFIG_MHI_BUS_PCI_GENERIC is not set # end of Bus devices @@ -2597,9 +2602,14 @@ CONFIG_NET_VENDOR_EZCHIP=3Dy CONFIG_EZCHIP_NPS_MANAGEMENT_ENET=3Dm CONFIG_NET_VENDOR_FREESCALE=3Dy CONFIG_FEC=3Dm +CONFIG_FSL_FMAN=3Dm +CONFIG_DPAA_ERRATUM_A050385=3Dy CONFIG_FSL_PQ_MDIO=3Dm CONFIG_FSL_XGMAC_MDIO=3Dm CONFIG_GIANFAR=3Dm +CONFIG_FSL_DPAA_ETH=3Dm +CONFIG_FSL_DPAA2_ETH=3Dm +# CONFIG_FSL_DPAA2_PTP_CLOCK is not set CONFIG_FSL_DPAA2_SWITCH=3Dm CONFIG_FSL_ENETC=3Dm CONFIG_FSL_ENETC_VF=3Dm @@ -3598,7 +3608,7 @@ CONFIG_I2C_CBUS_GPIO=3Dm CONFIG_I2C_GPIO=3Dm # CONFIG_I2C_GPIO_FAULT_INJECTOR is not set CONFIG_I2C_HISI=3Dm -# CONFIG_I2C_IMX is not set +CONFIG_I2C_IMX=3Dm CONFIG_I2C_IMX_LPI2C=3Dm CONFIG_I2C_MESON=3Dm CONFIG_I2C_MV64XXX=3Dy @@ -3760,6 +3770,7 @@ CONFIG_GPIO_SYSFS=3Dy CONFIG_GPIO_CDEV=3Dy CONFIG_GPIO_CDEV_V1=3Dy CONFIG_GPIO_GENERIC=3Dy +CONFIG_GPIO_REGMAP=3Dm =20 # # Memory mapped GPIO drivers @@ -3778,6 +3789,7 @@ CONFIG_GPIO_GENERIC_PLATFORM=3Dy # CONFIG_GPIO_HLWD is not set # CONFIG_GPIO_LOGICVC is not set # CONFIG_GPIO_MB86S7X is not set +CONFIG_GPIO_MPC8XXX=3Dy CONFIG_GPIO_MVEBU=3Dy CONFIG_GPIO_MXC=3Dm CONFIG_GPIO_PL061=3Dy @@ -3798,7 +3810,8 @@ CONFIG_GPIO_ADNP=3Dm # CONFIG_GPIO_GW_PLD is not set # CONFIG_GPIO_MAX7300 is not set # CONFIG_GPIO_MAX732X is not set -# CONFIG_GPIO_PCA953X is not set +CONFIG_GPIO_PCA953X=3Dm +CONFIG_GPIO_PCA953X_IRQ=3Dy # CONFIG_GPIO_PCA9570 is not set # CONFIG_GPIO_PCF857X is not set # CONFIG_GPIO_TPIC2810 is not set @@ -4306,6 +4319,8 @@ CONFIG_MFD_RK808=3Dy # CONFIG_MFD_RN5T618 is not set # CONFIG_MFD_SEC_CORE is not set # CONFIG_MFD_SI476X_CORE is not set +CONFIG_MFD_SIMPLE_MFD_I2C=3Dm +# CONFIG_MFD_SL28CPLD is not set CONFIG_MFD_SM501=3Dm CONFIG_MFD_SM501_GPIO=3Dy # CONFIG_MFD_SKY81452 is not set @@ -6413,10 +6428,10 @@ CONFIG_MMC_SDHCI_PLTFM=3Dy CONFIG_MMC_SDHCI_OF_ARASAN=3Dm # CONFIG_MMC_SDHCI_OF_ASPEED is not set # CONFIG_MMC_SDHCI_OF_AT91 is not set -# CONFIG_MMC_SDHCI_OF_ESDHC is not set +CONFIG_MMC_SDHCI_OF_ESDHC=3Dm # CONFIG_MMC_SDHCI_OF_DWCMSHC is not set # CONFIG_MMC_SDHCI_CADENCE is not set -# CONFIG_MMC_SDHCI_ESDHC_IMX is not set +CONFIG_MMC_SDHCI_ESDHC_IMX=3Dm CONFIG_MMC_SDHCI_PXAV3=3Dm # CONFIG_MMC_SDHCI_F_SDH30 is not set # CONFIG_MMC_SDHCI_MILBEAUT is not set @@ -6635,6 +6650,7 @@ CONFIG_RTC_DRV_V3020=3Dm # on-CPU RTC drivers # # CONFIG_RTC_DRV_IMXDI is not set +# CONFIG_RTC_DRV_FSL_FTM_ALARM is not set CONFIG_RTC_DRV_MESON_VRTC=3Dm CONFIG_RTC_DRV_PL030=3Dm CONFIG_RTC_DRV_PL031=3Dm @@ -6693,6 +6709,7 @@ CONFIG_DW_DMAC_PCI=3Dm # CONFIG_DW_EDMA is not set # CONFIG_DW_EDMA_PCIE is not set # CONFIG_SF_PDMA is not set +# CONFIG_FSL_DPAA2_QDMA is not set =20 # # DMA Clients @@ -6735,6 +6752,7 @@ CONFIG_VFIO_PCI_INTX=3Dy CONFIG_VFIO_PCI=3Dm # CONFIG_VFIO_PLATFORM is not set # CONFIG_VFIO_MDEV is not set +# CONFIG_VFIO_FSL_MC is not set CONFIG_VIRT_DRIVERS=3Dy CONFIG_VIRTIO=3Dy CONFIG_VIRTIO_PCI_LIB=3Dy @@ -6821,8 +6839,12 @@ CONFIG_COMMON_CLK_SI570=3Dm # CONFIG_COMMON_CLK_CDCE706 is not set # CONFIG_COMMON_CLK_CDCE925 is not set # CONFIG_COMMON_CLK_CS2000_CP is not set +CONFIG_COMMON_CLK_FSL_FLEXSPI=3Dm +# CONFIG_COMMON_CLK_FSL_SAI is not set CONFIG_CLK_TWL6040=3Dm # CONFIG_COMMON_CLK_AXI_CLKGEN is not set +CONFIG_CLK_QORIQ=3Dy +CONFIG_CLK_LS1028A_PLLDIG=3Dm CONFIG_COMMON_CLK_XGENE=3Dy # CONFIG_COMMON_CLK_PWM is not set # CONFIG_COMMON_CLK_VC5 is not set @@ -6934,13 +6956,16 @@ CONFIG_IOMMU_SUPPORT=3Dy =20 CONFIG_IOMMU_DEFAULT_DMA_STRICT=3Dy # CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set -# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DEFAULT_PASSTHROUGH=3Dy CONFIG_OF_IOMMU=3Dy CONFIG_IOMMU_DMA=3Dy CONFIG_ROCKCHIP_IOMMU=3Dy CONFIG_SUN50I_IOMMU=3Dy -# CONFIG_ARM_SMMU is not set -# CONFIG_ARM_SMMU_V3 is not set +CONFIG_ARM_SMMU=3Dy +# CONFIG_ARM_SMMU_LEGACY_DT_BINDINGS is not set +# CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT is not set +CONFIG_ARM_SMMU_V3=3Dy +# CONFIG_ARM_SMMU_V3_SVA is not set # CONFIG_VIRTIO_IOMMU is not set =20 # @@ -6984,7 +7009,14 @@ CONFIG_RASPBERRYPI_POWER=3Dy # # NXP/Freescale QorIQ SoC drivers # +CONFIG_FSL_DPAA=3Dy +# CONFIG_FSL_DPAA_CHECKING is not set +# CONFIG_FSL_BMAN_TEST is not set +# CONFIG_FSL_QMAN_TEST is not set # CONFIG_QUICC_ENGINE is not set +CONFIG_FSL_GUTS=3Dy +CONFIG_FSL_MC_DPIO=3Dy +CONFIG_DPAA2_CONSOLE=3Dy # end of NXP/Freescale QorIQ SoC drivers =20 # @@ -7085,6 +7117,7 @@ CONFIG_ARM_GIC_V2M=3Dy CONFIG_ARM_GIC_V3=3Dy CONFIG_ARM_GIC_V3_ITS=3Dy CONFIG_ARM_GIC_V3_ITS_PCI=3Dy +CONFIG_ARM_GIC_V3_ITS_FSL_MC=3Dy # CONFIG_AL_FIC is not set CONFIG_BRCMSTB_L2_IRQ=3Dy CONFIG_DW_APB_ICTL=3Dy @@ -7094,6 +7127,8 @@ CONFIG_MVEBU_ICU=3Dy CONFIG_MVEBU_ODMI=3Dy CONFIG_MVEBU_PIC=3Dy CONFIG_MVEBU_SEI=3Dy +CONFIG_LS_EXTIRQ=3Dy +CONFIG_LS_SCFG_MSI=3Dy CONFIG_PARTITION_PERCPU=3Dy CONFIG_MESON_IRQ_GPIO=3Dy CONFIG_IMX_IRQSTEER=3Dy @@ -7621,7 +7656,7 @@ CONFIG_CRYPTO_NULL=3Dy CONFIG_CRYPTO_NULL2=3Dy CONFIG_CRYPTO_PCRYPT=3Dm CONFIG_CRYPTO_CRYPTD=3Dy -CONFIG_CRYPTO_AUTHENC=3Dm +CONFIG_CRYPTO_AUTHENC=3Dy CONFIG_CRYPTO_TEST=3Dm CONFIG_CRYPTO_SIMD=3Dm CONFIG_CRYPTO_ENGINE=3Dm @@ -7659,7 +7694,7 @@ CONFIG_CRYPTO_ECB=3Dy CONFIG_CRYPTO_LRW=3Dm # CONFIG_CRYPTO_OFB is not set CONFIG_CRYPTO_PCBC=3Dm -CONFIG_CRYPTO_XTS=3Dm +CONFIG_CRYPTO_XTS=3Dy # CONFIG_CRYPTO_KEYWRAP is not set CONFIG_CRYPTO_NHPOLY1305=3Dm # CONFIG_CRYPTO_ADIANTUM is not set @@ -7751,7 +7786,20 @@ CONFIG_CRYPTO_DEV_ALLWINNER=3Dy # CONFIG_CRYPTO_DEV_SUN4I_SS is not set # CONFIG_CRYPTO_DEV_SUN8I_CE is not set # CONFIG_CRYPTO_DEV_SUN8I_SS is not set -# CONFIG_CRYPTO_DEV_FSL_CAAM is not set +CONFIG_CRYPTO_DEV_FSL_CAAM_COMMON=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API_DESC=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM=3Dm +# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set +CONFIG_CRYPTO_DEV_FSL_CAAM_JR=3Dm +CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=3D9 +# CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set +CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=3Dy +CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=3Dy +CONFIG_CRYPTO_DEV_FSL_DPAA2_CAAM=3Dy # CONFIG_CRYPTO_DEV_SAHARA is not set # CONFIG_CRYPTO_DEV_ATMEL_ECC is not set # CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set diff --git a/config/rootfiles/core/171/filelists/files b/config/rootfiles/cor= e/171/filelists/files index 99f93cd89..50d76c958 100644 --- a/config/rootfiles/core/171/filelists/files +++ b/config/rootfiles/core/171/filelists/files @@ -1,3 +1,4 @@ +etc/rc.d/init.d/setclock lib/firmware/amdgpu/aldebaran_mec2.bin lib/firmware/amdgpu/aldebaran_mec.bin lib/firmware/amdgpu/beige_goby_ce.bin diff --git a/config/u-boot/boot.cmd b/config/u-boot/boot.cmd index 64e9c05bc..a27996780 100644 --- a/config/u-boot/boot.cmd +++ b/config/u-boot/boot.cmd @@ -1,3 +1,12 @@ +# Traverse Ten64 board can boot EFI directly +# Redirect it to the EFI process already in the +# bootloader +# (Remove on release of the 1.x Ten64 firmwire package) +if test "${board}" =3D "ten64"; then + load ${devtype} ${devnum}:2 ${kernel_addr_r} efi/boot/bootaa64.efi + bootefi ${kernel_addr_r} ${fdt_addr_r} +fi; + if test ${boot_dev} =3D ""; then setenv boot_dev mmc; setenv root_dev /dev/mmcblk0p3; diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbou= nd-dhcp-leases-bridge index 1446c88df..e89e0446b 100644 --- a/config/unbound/unbound-dhcp-leases-bridge +++ b/config/unbound/unbound-dhcp-leases-bridge @@ -441,8 +441,11 @@ class Lease(object): if address in subnet: return subnets[subnet] =20 - # Fall back to localdomain if no match could be found - return "localdomain" + # Load main settings + settings =3D self.read_settings("/var/ipfire/main/settings") + + # Fall back to the host domain if no match could be found + return settings.get("DOMAINNAME", "localdomain") =20 @staticmethod @functools.cache diff --git a/lfs/linux b/lfs/linux index d35057b22..ae9745d53 100644 --- a/lfs/linux +++ b/lfs/linux @@ -153,6 +153,9 @@ endif ifeq "$(BUILD_ARCH)" "aarch64" # Apply Arm-multiarch kernel patches. cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz = | patch -Np1 + # Apply NXP DPAA2 specific patches + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-arm64= -dpaa2-fix-lock-issue.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5-15-arm64= -dpaa2-add-support-for-10g-modes.patch endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-am= ba-fix.patch =20 diff --git a/lfs/rsync b/lfs/rsync index c27258929..07a56f96d 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -26,7 +26,7 @@ include Config =20 SUMMARY =3D Versatile tool for fast incremental file transfer =20 -VER =3D 3.2.4 +VER =3D 3.2.6 =20 THISAPP =3D rsync-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D rsync -PAK_VER =3D 15 +PAK_VER =3D 16 =20 DEPS =3D =20 @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D a67fcb9619874f1c5346a876138e59f4bf508a90736f830fb2b4ea= f180ab11f15a0a7db9b3b28c3b990b77c2b0973d8e668bf509e4134f464159ed3172f53d80 +$(DL_FILE)_BLAKE2 =3D fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d705= e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73 =20 install : $(TARGET) =20 @@ -85,9 +85,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Replace shebang in rsync-ssl cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl =20 - # Fix for CVE-2022-29154 - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/rsync-CVE-2022-29154.p= atch - cd $(DIR_APP) && ./configure \ --prefix=3D/usr \ --without-included-popt \ diff --git a/src/initscripts/system/setclock b/src/initscripts/system/setclock index b566eb716..963507f9a 100644 --- a/src/initscripts/system/setclock +++ b/src/initscripts/system/setclock @@ -29,6 +29,14 @@ case ${1} in =20 boot_mesg "Setting system clock..." =20 + FDT_COMPAT_FILE=3D"/sys/firmware/devicetree/base/compatible" + # RTC may not be automatically loaded on some + # non-x86 machines + if [ -f "${FDT_COMPAT_FILE}" ] && \ + ( grep -q "traverse,ten64" "${FDT_COMPAT_FILE}" ); then + modprobe rtc-rx8025 + fi + # udev not create the rtc symlink if rtc is in the kernel if [ ! -e /dev/rtc ]; then if [ -e /dev/rtc0 ]; then diff --git a/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-mod= es.patch b/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes= .patch new file mode 100644 index 000000000..ef8d459b7 --- /dev/null +++ b/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch @@ -0,0 +1,39 @@ +From c314138bd045e050432158ab021160de3ba51c5e Mon Sep 17 00:00:00 2001 +From: Russell King +Date: Thu, 30 Jan 2020 22:42:38 +0000 +Subject: [PATCH 2/4] net: dpaa2-mac: add support for more 10G modes + +Phylink documentation says: + * Note that the PHY may be able to transform from one connection + * technology to another, so, eg, don't clear 1000BaseX just + * because the MAC is unable to BaseX mode. This is more about + * clearing unsupported speeds and duplex settings. The port modes + * should not be cleared; phylink_set_port_modes() will help with this. + +So add the missing 10G modes. + +Signed-off-by: Russell King +--- + drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/= ethernet/freescale/dpaa2/dpaa2-mac.c +index 8fe32ed4f6dc..3be849cee47b 100644 +--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c ++++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c +@@ -140,6 +140,12 @@ static void dpaa2_mac_validate(struct phylink_config *c= onfig, + case PHY_INTERFACE_MODE_10GBASER: + case PHY_INTERFACE_MODE_USXGMII: + phylink_set(mask, 10000baseT_Full); ++ phylink_set(mask, 10000baseKR_Full); ++ phylink_set(mask, 10000baseCR_Full); ++ phylink_set(mask, 10000baseSR_Full); ++ phylink_set(mask, 10000baseLR_Full); ++ phylink_set(mask, 10000baseLRM_Full); ++ phylink_set(mask, 10000baseER_Full); + if (state->interface =3D=3D PHY_INTERFACE_MODE_10GBASER) + break; + phylink_set(mask, 5000baseT_Full); +--=20 +2.30.1 + diff --git a/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch b/= src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch new file mode 100644 index 000000000..587821bac --- /dev/null +++ b/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch @@ -0,0 +1,81 @@ +From 3a39dbe0c0c41f8dba5246ce6e2c5c4bcd6ba661 Mon Sep 17 00:00:00 2001 +From: Ioana Ciornei +Date: Thu, 21 Nov 2019 21:15:25 +0200 +Subject: [PATCH 1/4] dpaa2-eth: do not hold rtnl_lock on phylink_create() or + _destroy() + +The rtnl_lock should not be held when calling phylink_create() or +phylink_destroy() since it leads to the deadlock listed below: + +[ 18.656576] rtnl_lock+0x18/0x20 +[ 18.659798] sfp_bus_add_upstream+0x28/0x90 +[ 18.663974] phylink_create+0x2cc/0x828 +[ 18.667803] dpaa2_mac_connect+0x14c/0x2a8 +[ 18.671890] dpaa2_eth_connect_mac+0x94/0xd8 + +Fix this by moving the _lock() and _unlock() calls just outside of +phylink_of_phy_connect() and phylink_disconnect_phy(). + +Fixes: 719479230893 ("dpaa2-eth: add MAC/PHY support through phylink") +Reported-by: Russell King +Signed-off-by: Ioana Ciornei +Signed-off-by: Russell King +--- + drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 ---- + drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 4 ++++ + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/= ethernet/freescale/dpaa2/dpaa2-eth.c +index 8b7a29e1e221..20e65053f036 100644 +--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c ++++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c +@@ -4214,12 +4214,10 @@ static irqreturn_t dpni_irq0_handler_thread(int irq_= num, void *arg) + dpaa2_eth_set_mac_addr(netdev_priv(net_dev)); + dpaa2_eth_update_tx_fqids(priv); +=20 +- rtnl_lock(); + if (dpaa2_eth_has_mac(priv)) + dpaa2_eth_disconnect_mac(priv); + else + dpaa2_eth_connect_mac(priv); +- rtnl_unlock(); + } +=20 + return IRQ_HANDLED; +@@ -4513,9 +4511,7 @@ static int dpaa2_eth_remove(struct fsl_mc_device *ls_d= ev) + #endif +=20 + unregister_netdev(net_dev); +- rtnl_lock(); + dpaa2_eth_disconnect_mac(priv); +- rtnl_unlock(); +=20 + dpaa2_eth_dl_port_del(priv); + dpaa2_eth_dl_traps_unregister(priv); +diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/= ethernet/freescale/dpaa2/dpaa2-mac.c +index ae6d382d8735..8fe32ed4f6dc 100644 +--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c ++++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c +@@ -351,7 +351,9 @@ int dpaa2_mac_connect(struct dpaa2_mac *mac) + if (mac->pcs) + phylink_set_pcs(mac->phylink, &mac->pcs->pcs); +=20 ++ rtnl_lock(); + err =3D phylink_fwnode_phy_connect(mac->phylink, dpmac_node, 0); ++ rtnl_unlock(); + if (err) { + netdev_err(net_dev, "phylink_fwnode_phy_connect() =3D %d\n", err); + goto err_phylink_destroy; +@@ -372,7 +374,9 @@ void dpaa2_mac_disconnect(struct dpaa2_mac *mac) + if (!mac->phylink) + return; +=20 ++ rtnl_lock(); + phylink_disconnect_phy(mac->phylink); ++ rtnl_unlock(); + phylink_destroy(mac->phylink); + dpaa2_pcs_destroy(mac); + } +--=20 +2.30.1 + diff --git a/src/patches/rsync-CVE-2022-29154.patch b/src/patches/rsync-CVE-2= 022-29154.patch deleted file mode 100644 index d3b4499a4..000000000 --- a/src/patches/rsync-CVE-2022-29154.patch +++ /dev/null @@ -1,322 +0,0 @@ -commit b7231c7d02cfb65d291af74ff66e7d8c507ee871 -Author: Wayne Davison -Date: Sun Jul 31 16:55:34 2022 -0700 - - Some extra file-list safety checks. - -diff --git a/exclude.c b/exclude.c -index 39073a0c..b670c8ba 100644 ---- a/exclude.c -+++ b/exclude.c -@@ -27,16 +27,22 @@ extern int am_server; - extern int am_sender; - extern int eol_nulls; - extern int io_error; -+extern int xfer_dirs; -+extern int recurse; - extern int local_server; - extern int prune_empty_dirs; - extern int ignore_perishable; -+extern int old_style_args; -+extern int relative_paths; - extern int delete_mode; - extern int delete_excluded; - extern int cvs_exclude; - extern int sanitize_paths; - extern int protocol_version; -+extern int list_only; - extern int module_id; -=20 -+extern char *filesfrom_host; - extern char curr_dir[MAXPATHLEN]; - extern unsigned int curr_dir_len; - extern unsigned int module_dirlen; -@@ -44,8 +50,10 @@ extern unsigned int module_dirlen; - filter_rule_list filter_list =3D { .debug_type =3D "" }; - filter_rule_list cvs_filter_list =3D { .debug_type =3D " [global CVS]" }; - filter_rule_list daemon_filter_list =3D { .debug_type =3D " [daemon]" }; -+filter_rule_list implied_filter_list =3D { .debug_type =3D " [implied]" }; -=20 - int saw_xattr_filter =3D 0; -+int trust_sender_filter =3D 0; -=20 - /* Need room enough for ":MODS " prefix plus some room to grow. */ - #define MAX_RULE_PREFIX (16) -@@ -292,6 +300,125 @@ static void add_rule(filter_rule_list *listp, const ch= ar *pat, unsigned int pat_ - } - } -=20 -+/* Each arg the client sends to the remote sender turns into an implied inc= lude -+ * that the receiver uses to validate the file list from the sender. */ -+void add_implied_include(const char *arg) -+{ -+ filter_rule *rule; -+ int arg_len, saw_wild =3D 0, backslash_cnt =3D 0; -+ int slash_cnt =3D 1; /* We know we're adding a leading slash. */ -+ const char *cp; -+ char *p; -+ if (old_style_args || list_only || filesfrom_host !=3D NULL) -+ return; -+ if (relative_paths) { -+ cp =3D strstr(arg, "/./"); -+ if (cp) -+ arg =3D cp+3; -+ } else { -+ if ((cp =3D strrchr(arg, '/')) !=3D NULL) -+ arg =3D cp + 1; -+ } -+ arg_len =3D strlen(arg); -+ if (arg_len) { -+ if (strpbrk(arg, "*[?")) { -+ /* We need to add room to escape backslashes if wildcard chars are prese= nt. */ -+ cp =3D arg; -+ while ((cp =3D strchr(cp, '\\')) !=3D NULL) { -+ arg_len++; -+ cp++; -+ } -+ saw_wild =3D 1; -+ } -+ arg_len++; /* Leave room for the prefixed slash */ -+ rule =3D new0(filter_rule); -+ if (!implied_filter_list.head) -+ implied_filter_list.head =3D implied_filter_list.tail =3D rule; -+ else { -+ rule->next =3D implied_filter_list.head; -+ implied_filter_list.head =3D rule; -+ } -+ rule->rflags =3D FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ p =3D rule->pattern =3D new_array(char, arg_len + 1); -+ *p++ =3D '/'; -+ cp =3D arg; -+ while (*cp) { -+ switch (*cp) { -+ case '\\': -+ backslash_cnt++; -+ if (saw_wild) -+ *p++ =3D '\\'; -+ *p++ =3D *cp++; -+ break; -+ case '/': -+ if (p[-1] =3D=3D '/') /* This is safe because of the initial slash. */ -+ break; -+ if (relative_paths) { -+ filter_rule const *ent; -+ int found =3D 0; -+ *p =3D '\0'; -+ for (ent =3D implied_filter_list.head; ent; ent =3D ent->next) { -+ if (ent !=3D rule && strcmp(ent->pattern, rule->pattern) =3D=3D 0) -+ found =3D 1; -+ } -+ if (!found) { -+ filter_rule *R_rule =3D new0(filter_rule); -+ R_rule->rflags =3D FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ R_rule->pattern =3D strdup(rule->pattern); -+ R_rule->u.slash_cnt =3D slash_cnt; -+ R_rule->next =3D implied_filter_list.head; -+ implied_filter_list.head =3D R_rule; -+ } -+ } -+ slash_cnt++; -+ *p++ =3D *cp++; -+ break; -+ default: -+ *p++ =3D *cp++; -+ break; -+ } -+ } -+ *p =3D '\0'; -+ rule->u.slash_cnt =3D slash_cnt; -+ arg =3D (const char *)rule->pattern; -+ } -+ -+ if (recurse || xfer_dirs) { -+ /* Now create a rule with an added "/" & "**" or "*" at the end */ -+ rule =3D new0(filter_rule); -+ if (recurse) -+ rule->rflags =3D FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; -+ else -+ rule->rflags =3D FILTRULE_INCLUDE | FILTRULE_WILD; -+ /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ -+ if (!saw_wild && backslash_cnt) { -+ /* We are appending a wildcard, so now the backslashes need to be escape= d. */ -+ p =3D rule->pattern =3D new_array(char, arg_len + backslash_cnt + 3 + 1); -+ cp =3D arg; -+ while (*cp) { -+ if (*cp =3D=3D '\\') -+ *p++ =3D '\\'; -+ *p++ =3D *cp++; -+ } -+ } else { -+ p =3D rule->pattern =3D new_array(char, arg_len + 3 + 1); -+ if (arg_len) { -+ memcpy(p, arg, arg_len); -+ p +=3D arg_len; -+ } -+ } -+ if (p[-1] !=3D '/') -+ *p++ =3D '/'; -+ *p++ =3D '*'; -+ if (recurse) -+ *p++ =3D '*'; -+ *p =3D '\0'; -+ rule->u.slash_cnt =3D slash_cnt + 1; -+ rule->next =3D implied_filter_list.head; -+ implied_filter_list.head =3D rule; -+ } -+} -+ - /* This frees any non-inherited items, leaving just inherited items on the = list. */ - static void pop_filter_list(filter_rule_list *listp) - { -@@ -718,7 +845,7 @@ static void report_filter_result(enum logcode code, char= const *name, - : name_flags & NAME_IS_DIR ? "directory" - : "file"; - rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n", -- w, actions[*w!=3D's'][!(ent->rflags & FILTRULE_INCLUDE)], -+ w, actions[*w=3D=3D'g'][!(ent->rflags & FILTRULE_INCLUDE)], - t, name, ent->pattern, - ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type); - } -@@ -890,6 +1017,7 @@ static filter_rule *parse_rule_tok(const char **rulestr= _ptr, - } - switch (ch) { - case ':': -+ trust_sender_filter =3D 1; - rule->rflags |=3D FILTRULE_PERDIR_MERGE - | FILTRULE_FINISH_SETUP; - /* FALL THROUGH */ -diff --git a/flist.c b/flist.c -index 1ba306bc..0e6bf782 100644 ---- a/flist.c -+++ b/flist.c -@@ -73,6 +73,7 @@ extern int need_unsorted_flist; - extern int sender_symlink_iconv; - extern int output_needs_newline; - extern int sender_keeps_checksum; -+extern int trust_sender_filter; - extern int unsort_ndx; - extern uid_t our_uid; - extern struct stats stats; -@@ -83,8 +84,7 @@ extern char curr_dir[MAXPATHLEN]; -=20 - extern struct chmod_mode_struct *chmod_modes; -=20 --extern filter_rule_list filter_list; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_lis= t; -=20 - #ifdef ICONV_OPTION - extern int filesfrom_convert; -@@ -986,6 +986,19 @@ static struct file_struct *recv_file_entry(int f, struc= t file_list *flist, int x - exit_cleanup(RERR_UNSUPPORTED); - } -=20 -+ if (*thisname !=3D '.' || thisname[1] !=3D '\0') { -+ int filt_flags =3D S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (!trust_sender_filter /* a per-dir filter rule means we must trust the= sender's filtering */ -+ && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_= flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisna= me); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO,= thisname, filt_flags) <=3D 0) { -+ rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thi= sname); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ } -+ - if (inc_recurse && S_ISDIR(mode)) { - if (one_file_system) { - /* Room to save the dir's device for -x */ -diff --git a/io.c b/io.c -index cf94cee7..a6e3ed30 100644 ---- a/io.c -+++ b/io.c -@@ -419,6 +419,7 @@ static void forward_filesfrom_data(void) - while (s !=3D eob) { - if (*s++ =3D=3D '\0') { - ff_xb.len =3D s - sob - 1; -+ add_implied_include(sob); - if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) - exit_cleanup(RERR_PROTOCOL); /* impossible? */ - write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */ -@@ -450,9 +451,12 @@ static void forward_filesfrom_data(void) - char *f =3D ff_xb.buf + ff_xb.pos; - char *t =3D ff_xb.buf; - char *eob =3D f + len; -+ char *cur =3D t; - /* Eliminate any multi-'\0' runs. */ - while (f !=3D eob) { - if (!(*t++ =3D *f++)) { -+ add_implied_include(cur); -+ cur =3D t; - while (f !=3D eob && *f =3D=3D '\0') - f++; - } -diff --git a/main.c b/main.c -index 58920a2d..5a7fbdd7 100644 ---- a/main.c -+++ b/main.c -@@ -89,6 +89,7 @@ extern int backup_dir_len; - extern int basis_dir_cnt; - extern int default_af_hint; - extern int stdout_format_has_i; -+extern int trust_sender_filter; - extern struct stats stats; - extern char *stdout_format; - extern char *logfile_format; -@@ -104,7 +105,7 @@ extern char curr_dir[MAXPATHLEN]; - extern char backup_dir_buf[MAXPATHLEN]; - extern char *basis_dir[MAX_BASIS_DIRS+1]; - extern struct file_list *first_flist; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list daemon_filter_list, implied_filter_list; -=20 - uid_t our_uid; - gid_t our_gid; -@@ -635,6 +636,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user= , char **remote_argv, in - #ifdef ICONV_CONST - setup_iconv(); - #endif -+ trust_sender_filter =3D 1; - } else if (local_server) { - /* If the user didn't request --[no-]whole-file, force - * it on, but only if we're not batch processing. */ -@@ -1500,6 +1502,8 @@ static int start_client(int argc, char *argv[]) - char *dummy_host; - int dummy_port =3D rsync_port; - int i; -+ if (filesfrom_fd < 0) -+ add_implied_include(remote_argv[0]); - /* For remote source, any extra source args must have either - * the same hostname or an empty hostname. */ - for (i =3D 1; i < remote_argc; i++) { -@@ -1523,6 +1527,7 @@ static int start_client(int argc, char *argv[]) - if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */ - arg =3D "."; - remote_argv[i] =3D arg; -+ add_implied_include(arg); - } - } -=20 -diff --git a/receiver.c b/receiver.c -index b3a69da0..93cf8efd 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -593,10 +593,13 @@ int recv_files(int f_in, int f_out, char *local_name) - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); -=20 -- if (daemon_filter_list.head && (*fname !=3D '.' || fname[1] !=3D '\0') -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -+ if (daemon_filter_list.head && (*fname !=3D '.' || fname[1] !=3D '\0')) { -+ int filt_flags =3D S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excl= uded file: %s\n", -+ fname); -+ exit_cleanup(RERR_PROTOCOL); -+ } - } -=20 - #ifdef SUPPORT_XATTRS hooks/post-receive -- IPFire 2.x development tree --===============1758394642801659304==--