From mboxrd@z Thu Jan 1 00:00:00 1970
From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
eebce7d9a38e4e62754e1a7fdbd8b8e8c526d12d
Date: Sun, 28 Apr 2024 21:05:07 +0000
Message-ID: <4VSJrM2Jl1z2xSL@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0266820583213873253=="
List-Id: <ipfire-scm.lists.ipfire.org>
--===============0266820583213873253==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via eebce7d9a38e4e62754e1a7fdbd8b8e8c526d12d (commit)
via 1ce62197033d039715a92fba558a06a1e3f6c63b (commit)
via 4f87fc49009d0ce76611d0dc5e0f1e2381bebbcc (commit)
via 1724e5ac0ac4a139e9f7d574129f53a027197676 (commit)
via 21aee1688a84316d8d31123d6ddd05563360b33f (commit)
via 4bf50efa84559278b06c158105247d51c3c0212f (commit)
via 749bf8590204f949facaf21386a17e211dbd5d6d (commit)
via c3cabfa09cac245f0a950d31d0f4283741017bd5 (commit)
via e94f3294c3fe8ffdec04bafab5ed477dfff2be49 (commit)
via 020ef02a55be098f236c884e9dbf7732d0d808af (commit)
via e1ea58c9281f8e516506e12257103163eb14e537 (commit)
via 0914995edc9584f1aa739606536a06fd52398ddd (commit)
via 101b977d847c82d9a01d9905023fbe4662fd9fab (commit)
via 2d088b20c2e424e14524772f9e3620ebbc328ad1 (commit)
via d1731f4f694df8850bbac9eff75cc20e21250d4a (commit)
via b4a822d9b40f0d77a469a02fd8eb21f0535829cf (commit)
via 581e1c7a67cd35930c01deca791a06a89c4df3d8 (commit)
via 7152f170a2c03719f0217901fb062159810a2ce9 (commit)
via 692589d73abee73e2f3b249bfc6e8013514fe699 (commit)
via 6bd19004ee220f0c25875a83dad993898d9576dc (commit)
via f51e75beb675a9594e044a012b016cae18ddd7da (commit)
via 370517154330e13c388f358aff34b7588d890ee8 (commit)
via 62f1e54adcf1aa53bceac7e718cbe8cce47bb798 (commit)
from 28e8d436fc14cc2a0bcc16251756951178b8f6f0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit eebce7d9a38e4e62754e1a7fdbd8b8e8c526d12d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 21:04:28 2024 +0000
kmod: update rootfile
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1ce62197033d039715a92fba558a06a1e3f6c63b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 21:04:02 2024 +0000
lynis: update rootfile
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4f87fc49009d0ce76611d0dc5e0f1e2381bebbcc
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 13:14:32 2024 +0000
core186: ship apache initskript
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1724e5ac0ac4a139e9f7d574129f53a027197676
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 26 15:28:38 2024 +0000
initscripts: Correctly wait for Apache2 to terminate
=20
This is achieved by telling killproc which PIDs to wait for.
=20
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 21aee1688a84316d8d31123d6ddd05563360b33f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 13:12:04 2024 +0000
core186: ship unbound-dhcp-leses-bridge
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4bf50efa84559278b06c158105247d51c3c0212f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 26 15:09:19 2024 +0000
unbound-dhcp-leases-bridge: Make comparison work if old file does not exi=
st
=20
This patch catches any errors if the file did not previously exist and
therefore skips the comparison.
=20
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 749bf8590204f949facaf21386a17e211dbd5d6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 26 15:09:18 2024 +0000
unbound-dhcp-leases-bridge: Only reload if leases have actually changed
=20
This patches changes that leases will always be written in
alphanumerical order so that we can later compare the newly generated
file with the previous version. If it has not changed, we skip reload
Unbound.
=20
Suggested-by: Nick Howitt <nick(a)howitts.co.uk>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c3cabfa09cac245f0a950d31d0f4283741017bd5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 26 15:09:17 2024 +0000
unbound-dhcp-leases-bridge: Implement atomic file replacement
=20
This change no longer renames the file, but removes the old link and
creates a new link for the temporary file. That helps us to jump out of
the code at any point without worrying about cleaning up the temporary
file.
=20
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e94f3294c3fe8ffdec04bafab5ed477dfff2be49
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 13:07:50 2024 +0000
core186: ship tzdata
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 020ef02a55be098f236c884e9dbf7732d0d808af
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 25 22:43:02 2024 +0200
tzdata: Update to version 2024a
=20
- Update from version 2023d to 2024a
- Update of rootfile not required
- Changelog
2024a
Briefly:
Kazakhstan unifies on UTC+5 beginning 2024-03-01.
Palestine springs forward a week later after Ramadan.
zic no longer pretends to support indefinite-past DST.
localtime no longer mishandles Ciudad Ju=C3=A1rez in 2422.
Changes to future timestamps
Kazakhstan unifies on UTC+5. This affects Asia/Almaty and
Asia/Qostanay which together represent the eastern portion of the
country that will transition from UTC+6 on 2024-03-01 at 00:00 to
join the western portion. (Thanks to Zhanbolat Raimbekov.)
Palestine springs forward a week later than previously predicted
in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward
predictions to the second Saturday after Ramadan, not the first;
this also affects other predictions starting in 2039.
Changes to past timestamps
Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
not 00:00. (Thanks to =C4=90o=C3=A0n Tr=E1=BA=A7n C=C3=B4ng Danh.)
From 1947 through 1949, Toronto's transitions occurred at 02:00
not 00:00. (Thanks to Chris Walton.)
In 1911 Miquelon adopted standard time on June 15, not May 15.
Changes to code
The FROM and TO columns of Rule lines can no longer be "minimum"
or an abbreviation of "minimum", because TZif files do not support
DST rules that extend into the indefinite past - although these
rules were supported when TZif files had only 32-bit data, this
stopped working when 64-bit TZif files were introduced in 1995.
This should not be a problem for realistic data, since DST was
first used in the 20th century. As a transition aid, FROM columns
like "minimum" are now diagnosed and then treated as if they were
the year 1900; this should suffice for TZif files on old systems
with only 32-bit time_t, and it is more compatible with bugs in
2023c-and-earlier localtime.c. (Problem reported by Yoshito
Umaoka.)
localtime and related functions no longer mishandle some
timestamps that occur about 400 years after a switch to a time
zone with a DST schedule. In 2023d data this problem was visible
for some timestamps in November 2422, November 2822, etc. in
America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.)
strftime %s now uses tm_gmtoff if available. (Problem and draft
patch reported by Dag-Erling Sm=C3=B8rgrav.)
Changes to build procedure
The leap-seconds.list file is now copied from the IERS instead of
from its downstream counterpart at NIST, as the IERS version is
now in the public domain too and tends to be more up-to-date.
(Thanks to Martin Burnicki for liaisoning with the IERS.)
Changes to documentation
The strftime man page documents which struct tm members affect
which conversion specs, and that tzset is called. (Problems
reported by Robert Elz and Steve Summit.)
=20
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e1ea58c9281f8e516506e12257103163eb14e537
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 13:05:17 2024 +0000
core186: ship sqlite
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0914995edc9584f1aa739606536a06fd52398ddd
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 25 22:43:01 2024 +0200
sqlite: Update to version 3450300
=20
- Update from version 3450200 to 3450300
- Update of rootfile not required
- Changelog
3450300
Fix a long-standing bug (going back to version 3.24.0) that might (rarel=
y) cause
the "old.*" values of an UPDATE trigger to be incorrect if that trigger=
fires in
response to an UPSERT. Forum post 284955a3cd454a15.
Fix a bug in sum() that could cause it to return NULL when it should ret=
urn
Infinity. Forum post 23b8688ef4.
Other trifling corrections and compiler warning fixes that have come up =
since the
previous patch release. See the timeline for details.
=20
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 101b977d847c82d9a01d9905023fbe4662fd9fab
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 13:01:49 2024 +0000
core186: ship suricata and libhtp
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2d088b20c2e424e14524772f9e3620ebbc328ad1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Apr 24 08:49:01 2024 +0000
suricata: Update to 7.0.5
=20
This update contains fixes for the following issues:
=20
* CVE-2024-32664 CRITICAL
* CVE-2024-32867 MODERATE
=20
https://forum.suricata.io/t/suricata-7-0-5-and-6-0-19-released/4617
=20
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d1731f4f694df8850bbac9eff75cc20e21250d4a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Apr 24 08:49:00 2024 +0000
libhtp: Update to 0.5.48
=20
https://github.com/OISF/libhtp/releases/tag/0.5.48
=20
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b4a822d9b40f0d77a469a02fd8eb21f0535829cf
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 12:58:05 2024 +0000
core186: ship kmod
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 581e1c7a67cd35930c01deca791a06a89c4df3d8
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Mon Apr 22 16:48:00 2024 +0000
kmod: Update to 32
=20
Changelog according to the tarball's NEWS file:
=20
- Improvements
=20
- Use any hash algo known by kernel/openssl instead of keep needi=
ng
to update the mapping
=20
- Teach kmod to load modprobe.d/depmod.d configuration from ${pre=
fix}/lib
and allow it to be overriden during build with --with-distconfd=
ir=3DDIR
=20
- Make kernel modules directory configurable. This allows distro =
to
make kmod use only files from /usr regardless of having a compat
symlink in place.
=20
- Install kmod.pc containing the features selected at build time.
=20
- Install all tools and symlinks by default. Previously kmod reli=
ed on
distro packaging to set up the symlinks in place like modprobe,
depmod, lsmod, etc. Now those symlinks are created by kmod itse=
lf
and they are always placed in $bindir.
=20
- Bug Fixes
=20
- Fix warnings due to -Walloc-size
=20
- Others
=20
- Drop python bindings. Those were not update in ages and not com=
patible
with latest python releases.
=20
- Cleanup test infra, dropping what was not used anymore
=20
- Drop experimental tools `kmod insert` / `kmod remove`. Building=
those
was protected by a configure option never set by distros. They =
also
didn't gain enough traction to replace the older interfaces via
modprobe/insmod/rmmod.
=20
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7152f170a2c03719f0217901fb062159810a2ce9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 12:55:54 2024 +0000
core186: ship strongswan
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 692589d73abee73e2f3b249bfc6e8013514fe699
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Mon Apr 22 16:03:00 2024 +0000
strongSwan: Update to 5.9.14
=20
Please see https://github.com/strongswan/strongswan/releases/tag/5.9.14
for the changelog of this version.
=20
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6bd19004ee220f0c25875a83dad993898d9576dc
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Mon Apr 22 16:01:00 2024 +0000
Lynis: Update to 3.1.1
=20
Please see https://cisofy.com/changelog/lynis/#311 for the changelogs
since version 3.0.9.
=20
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f51e75beb675a9594e044a012b016cae18ddd7da
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Mon Apr 22 15:58:00 2024 +0000
Tor: Update to 0.4.8.11
=20
Full changelog according to https://gitlab.torproject.org/tpo/core/tor/-/=
raw/tor-0.4.8.11/ChangeLog:
=20
Changes in version 0.4.8.11 - 2024-04-10
This is a minor release mostly to upgrade the fallbackdir list. Worth n=
oting
also that directory authority running this version will now automatical=
ly
reject relays running the end of life 0.4.7.x version.
=20
o Minor feature (authority):
- Reject 0.4.7.x series at the authority level. Closes ticket 40896.
=20
o Minor feature (dirauth, tor26):
- New IP address and keys.
=20
o Minor feature (directory authority):
- Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
the start of the hexdigit, in order to easier database queries
combining Tor documents in which the relays fingerprint does not
include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
versions of Tor).
=20
o Minor features (fallbackdir):
- Regenerate fallback directories generated on April 10, 2024.
=20
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2024/04/10.
=20
o Minor bugfixes (directory authorities):
- Add a warning when publishing a vote or signatures to another
directory authority fails. Fixes bug 40910; bugfix
on 0.2.0.3-alpha.
=20
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 370517154330e13c388f358aff34b7588d890ee8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 28 12:46:30 2024 +0000
core186: ship squid
=20
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 62f1e54adcf1aa53bceac7e718cbe8cce47bb798
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Apr 10 18:16:52 2024 +0200
squid: Update to 6.9
=20
For details see:
https://github.com/squid-cache/squid/commits/v6
=20
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/kmod | 9 +++++-
config/rootfiles/core/186/filelists/files | 2 ++
.../{oldcore/125 =3D> core/186}/filelists/kmod | 0
.../{oldcore/131 =3D> core/186}/filelists/libhtp | 0
.../{oldcore/125 =3D> core/186}/filelists/sqlite | 0
.../{oldcore/100 =3D> core/186}/filelists/squid | 0
.../{oldcore/106 =3D> core/186}/filelists/strongswan | 0
.../{oldcore/131 =3D> core/186}/filelists/suricata | 0
.../{oldcore/100 =3D> core/186}/filelists/tzdata | 0
config/rootfiles/packages/lynis | 2 ++
config/unbound/unbound-dhcp-leases-bridge | 35 +++++++++++++++++---=
--
lfs/kmod | 4 +--
lfs/libhtp | 4 +--
lfs/lynis | 8 ++---
lfs/sqlite | 4 +--
lfs/squid | 4 +--
lfs/strongswan | 6 ++--
lfs/suricata | 4 +--
lfs/tor | 8 ++---
lfs/tzdata | 8 ++---
src/initscripts/system/apache | 5 ++--
21 files changed, 67 insertions(+), 36 deletions(-)
copy config/rootfiles/{oldcore/125 =3D> core/186}/filelists/kmod (100%)
copy config/rootfiles/{oldcore/131 =3D> core/186}/filelists/libhtp (100%)
copy config/rootfiles/{oldcore/125 =3D> core/186}/filelists/sqlite (100%)
copy config/rootfiles/{oldcore/100 =3D> core/186}/filelists/squid (100%)
copy config/rootfiles/{oldcore/106 =3D> core/186}/filelists/strongswan (100%)
copy config/rootfiles/{oldcore/131 =3D> core/186}/filelists/suricata (100%)
copy config/rootfiles/{oldcore/100 =3D> core/186}/filelists/tzdata (100%)
Difference in files:
diff --git a/config/rootfiles/common/kmod b/config/rootfiles/common/kmod
index 1a0432169e..4ba8225b73 100644
--- a/config/rootfiles/common/kmod
+++ b/config/rootfiles/common/kmod
@@ -1,4 +1,10 @@
+bin/depmod
+bin/insmod
bin/kmod
+bin/lsmod
+bin/modinfo
+bin/modprobe
+bin/rmmod
sbin/depmod
sbin/insmod
sbin/lsmod
@@ -9,6 +15,7 @@ sbin/rmmod
#usr/lib/libkmod.la
#usr/lib/libkmod.so
usr/lib/libkmod.so.2
-usr/lib/libkmod.so.2.4.1
+usr/lib/libkmod.so.2.4.2
+#usr/lib/pkgconfig/kmod.pc
#usr/lib/pkgconfig/libkmod.pc
#usr/share/bash-completion/completions/kmod
diff --git a/config/rootfiles/core/186/filelists/files b/config/rootfiles/cor=
e/186/filelists/files
index c1bb727bd4..c3c0fc8bc5 100644
--- a/config/rootfiles/core/186/filelists/files
+++ b/config/rootfiles/core/186/filelists/files
@@ -3,6 +3,7 @@ etc/rc.d/helper/azure-setup
etc/rc.d/helper/exoscale-setup
etc/rc.d/helper/gcp-setup
etc/rc.d/helper/oci-setup
+etc/rc.d/init.d/apache
etc/rc.d/init.d/networking/red
etc/rc.d/init.d/static-routes
etc/ppp/ip-up
@@ -13,4 +14,5 @@ etc/rc.d/rc3.d/S99grub-btrfsd
etc/rc.d/rc6.d/K01grub-btrfsd
srv/web/ipfire/cgi-bin/vulnerabilities.cgi
usr/local/bin/ipsec-interfaces
+usr/sbin/unbound-dhcp-leases-bridge
var/ipfire/ipblocklist/sources
diff --git a/config/rootfiles/core/186/filelists/kmod b/config/rootfiles/core=
/186/filelists/kmod
new file mode 120000
index 0000000000..0020e197e2
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/kmod
@@ -0,0 +1 @@
+../../../common/kmod
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/libhtp b/config/rootfiles/co=
re/186/filelists/libhtp
new file mode 120000
index 0000000000..676e2c5e87
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/libhtp
@@ -0,0 +1 @@
+../../../common/libhtp
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/sqlite b/config/rootfiles/co=
re/186/filelists/sqlite
new file mode 120000
index 0000000000..4ea5697669
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/sqlite
@@ -0,0 +1 @@
+../../../common/sqlite
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/squid b/config/rootfiles/cor=
e/186/filelists/squid
new file mode 120000
index 0000000000..2dc8372a0e
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/strongswan b/config/rootfile=
s/core/186/filelists/strongswan
new file mode 120000
index 0000000000..90c727e265
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/suricata b/config/rootfiles/=
core/186/filelists/suricata
new file mode 120000
index 0000000000..f671f69933
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/suricata
@@ -0,0 +1 @@
+../../../common/suricata
\ No newline at end of file
diff --git a/config/rootfiles/core/186/filelists/tzdata b/config/rootfiles/co=
re/186/filelists/tzdata
new file mode 120000
index 0000000000..5a6e3252f3
--- /dev/null
+++ b/config/rootfiles/core/186/filelists/tzdata
@@ -0,0 +1 @@
+../../../common/tzdata
\ No newline at end of file
diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
index 922efe5f1a..34b07ff32d 100644
--- a/config/rootfiles/packages/lynis
+++ b/config/rootfiles/packages/lynis
@@ -20,6 +20,7 @@ var/ipfire/lynis/db/languages/fr
var/ipfire/lynis/db/languages/gr
var/ipfire/lynis/db/languages/he
var/ipfire/lynis/db/languages/hu
+var/ipfire/lynis/db/languages/id
var/ipfire/lynis/db/languages/it
var/ipfire/lynis/db/languages/ja
var/ipfire/lynis/db/languages/ko
@@ -117,3 +118,4 @@ var/ipfire/lynis/lynis
#var/ipfire/lynis/plugins
#var/ipfire/lynis/plugins/README
var/ipfire/lynis/plugins/custom_plugin.template
+var/ipfire/lynis/software-eol.db
diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbou=
nd-dhcp-leases-bridge
index e9f022affa..7f89f620a1 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -22,6 +22,7 @@
import argparse
import datetime
import daemon
+import filecmp
import functools
import ipaddress
import logging
@@ -516,26 +517,44 @@ class UnboundConfigWriter(object):
=20
def update_dhcp_leases(self, leases):
# Write out all leases
- self.write_dhcp_leases(leases)
+ if self.write_dhcp_leases(leases):
+ log.debug("Reloading Unbound...")
=20
- log.debug("Reloading Unbound...")
-
- # Reload the configuration without dropping the cache
- self._control("reload_keep_cache")
+ # Reload the configuration without dropping the cache
+ self._control("reload_keep_cache")
=20
def write_dhcp_leases(self, leases):
log.debug("Writing DHCP leases...")
=20
- with tempfile.NamedTemporaryFile(mode=3D"w", delete=3DFalse) as f:
- for l in leases:
+ with tempfile.NamedTemporaryFile(mode=3D"w") as f:
+ for l in sorted(leases, key=3Dlambda x: x.ipaddr):
for rr in l.rrset:
f.write("local-data: \"%s\"\n" % " ".join(rr))
=20
+ # Flush the file
+ f.flush()
+
+ # Compare if the new leases file has changed from the previous version
+ try:
+ if filecmp.cmp(f.name, self.path, shallow=3DFalse):
+ log.debug("The generated leases file has not changed")
+
+ return False
+
+ # Remove the old file
+ os.unlink(self.path)
+
+ # If the previous file did not exist, just keep falling through
+ except FileNotFoundError:
+ pass
+
# Make file readable for everyone
os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
=20
# Move the file to its destination
- os.rename(f.name, self.path)
+ os.link(f.name, self.path)
+
+ return True
=20
def _control(self, *args):
command =3D ["unbound-control"]
diff --git a/lfs/kmod b/lfs/kmod
index 643573d337..2719083e5e 100644
--- a/lfs/kmod
+++ b/lfs/kmod
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 31
+VER =3D 32
=20
THISAPP =3D kmod-$(VER)
DL_FILE =3D $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 0dc8572da570315cf0aadd87fa7e83d0f88dea91c8566749e6f300=
4f9a6df916dce337ca99ea5929d41f45b408c1e3effa50f9d24615d7fa28688150a5ce91cf
+$(DL_FILE)_BLAKE2 =3D 5b5dac4639406549b23bb1da44bedd86a42885304ef4c7c67344dc=
8fd70b9e0ca3f83d033c6b80f6e00371d7188e205f4b68fadc56a9ddbf9d6a9d28e9b1e9a4
=20
install : $(TARGET)
=20
diff --git a/lfs/libhtp b/lfs/libhtp
index cbd4cb0931..d3b56dcb26 100644
--- a/lfs/libhtp
+++ b/lfs/libhtp
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 0.5.47
+VER =3D 0.5.48
=20
THISAPP =3D libhtp-$(VER)
DL_FILE =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D a2a126052ea528b84dfffd7926a80e633f649968bf098e3ff0f49d=
441821723a4d3f78f0f15d530e9ce9e393c6173aceced8c0d863afecbe65c736e4ab874a03
+$(DL_FILE)_BLAKE2 =3D 56eeef3524ffeac593c251846196d09e0ccfacd9aadd03b35061fd=
1fe6a245d1374c338581b4f7bee67255797740f4e282344fc10bf3d0c0fdf824f159380053
=20
install : $(TARGET)
=20
diff --git a/lfs/lynis b/lfs/lynis
index eb906dbebc..38ebac9c66 100644
--- a/lfs/lynis
+++ b/lfs/lynis
@@ -1,7 +1,7 @@
############################################################################=
###
# =
#
# IPFire.org - A linux based firewall =
#
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> =
#
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> =
#
# =
#
# This program is free software: you can redistribute it and/or modify =
#
# it under the terms of the GNU General Public License as published by =
#
@@ -26,7 +26,7 @@ include Config
=20
SUMMARY =3D Security and System auditing tool
=20
-VER =3D 3.0.9
+VER =3D 3.1.1
=20
THISAPP =3D lynis-$(VER)
DL_FILE =3D $(THISAPP).tar.gz
@@ -35,7 +35,7 @@ DIR_APP =3D $(DIR_SRC)/$(THISAPP)
TARGET =3D $(DIR_INFO)/$(THISAPP)
=20
PROG =3D lynis
-PAK_VER =3D 13
+PAK_VER =3D 14
=20
DEPS =3D
=20
@@ -49,7 +49,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D dc7912c7d1782c3ffdf369cc7f0f004267bd2a2c408982909e654d=
b14ecfa83ebdbd2f731c3d3ee8864e7de21945b1faa2f9d2845dedf3e742a4c79c62373eda
+$(DL_FILE)_BLAKE2 =3D 056e689f00ac0fa74bd1a6dc3915cbd70f28cdb5461e0749b68ce2=
cf84e425c295425f7bb6d5aeb0208693a0e38290cb90925e392928257c79bc5887f6e58498
=20
install : $(TARGET)
=20
diff --git a/lfs/sqlite b/lfs/sqlite
index 922b303b78..421e32dd20 100644
--- a/lfs/sqlite
+++ b/lfs/sqlite
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 3450200
+VER =3D 3450300
=20
THISAPP =3D sqlite-autoconf-$(VER)
DL_FILE =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 7bc225167a6792a35c2e7a324fe9bff1a1540a01b0fd04197d023f=
113a368ba6034235045281c7653abdd2ea67aa10a5ed19b024d1d25bdb7232533e25dfb991
+$(DL_FILE)_BLAKE2 =3D 24e47dcfb8fb1dbd0055d48cfc540884439e9443b1b79700e86732=
6feb60b340a9b5d5bdb83eeca210b47251e61b706ec67eb1b84e59b11bae6c76271b1030bf
=20
install : $(TARGET)
=20
diff --git a/lfs/squid b/lfs/squid
index 882a8842ed..6f487c3a60 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 6.8
+VER =3D 6.9
=20
THISAPP =3D squid-$(VER)
DL_FILE =3D $(THISAPP).tar.xz
@@ -46,7 +46,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 771de358d395a6b4bb5d94b02325755d1ba891c24f2cc1bdc80d91=
a73467a475c2cb7f0e1c24aed2f714c0de38858a24ac3864a5b772b6828beeb014da827d9d
+$(DL_FILE)_BLAKE2 =3D cac10d3a16fe31a9becfcd0fc278413d53c52285cdca9ece897ca4=
e3a0e50806e186960091f9050243180996382c6b5209360d9fff249d26b20d1e529285a038
=20
install : $(TARGET)
=20
diff --git a/lfs/strongswan b/lfs/strongswan
index d002290f70..9b2a5bc9fb 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -1,7 +1,7 @@
############################################################################=
###
# =
#
# IPFire.org - A linux based firewall =
#
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> =
#
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> =
#
# =
#
# This program is free software: you can redistribute it and/or modify =
#
# it under the terms of the GNU General Public License as published by =
#
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 5.9.13
+VER =3D 5.9.14
=20
THISAPP =3D strongswan-$(VER)
DL_FILE =3D $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 1d60864a557cf14e84c62d4c04ae64eb24331e2576c157b276cf13=
691ac2a7f5d1b92925e4c3e6ab51dc1f6f64aeb7c60ffb16309673a9f78a73f652cb24da8c
+$(DL_FILE)_BLAKE2 =3D 8b64903cfa087d42ae0895e7c11a2fcbd9c6a4a4241548d947753e=
081a4a4e3c5946e5cf4bbd326840e596e51c61554146f007e6882f11c874454b9480f6f7a6
=20
install : $(TARGET)
=20
diff --git a/lfs/suricata b/lfs/suricata
index 17cc455852..a987fc520b 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 7.0.4
+VER =3D 7.0.5
=20
THISAPP =3D suricata-$(VER)
DL_FILE =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 6c85ee7134548261a5a766ee3e7c0ce095ef478e9323342f17bb48=
eb0abc74035a66212c7f7e6ba45bd2efd552d82ad6d218d4b09279877f60526f8f79de9764
+$(DL_FILE)_BLAKE2 =3D 9a44e4561edcc8909853b88779aa520a79b684ca9114479a95b2b3=
4f8e34b6a0f5887d4b332dddb9da225335d7642089345e7f245a1ebce68f42f38126eb4b58
=20
install : $(TARGET)
=20
diff --git a/lfs/tor b/lfs/tor
index aed30805f7..488415902d 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -1,7 +1,7 @@
############################################################################=
###
# =
#
# IPFire.org - A linux based firewall =
#
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> =
#
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> =
#
# =
#
# This program is free software: you can redistribute it and/or modify =
#
# it under the terms of the GNU General Public License as published by =
#
@@ -26,7 +26,7 @@ include Config
=20
SUMMARY =3D Anonymizing overlay network for TCP (The onion router)
=20
-VER =3D 0.4.8.10
+VER =3D 0.4.8.11
=20
THISAPP =3D tor-$(VER)
DL_FILE =3D $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE)
DIR_APP =3D $(DIR_SRC)/$(THISAPP)
TARGET =3D $(DIR_INFO)/$(THISAPP)
PROG =3D tor
-PAK_VER =3D 84
+PAK_VER =3D 85
=20
DEPS =3D libseccomp
=20
@@ -48,7 +48,7 @@ objects =3D $(DL_FILE)
=20
$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D ef470664d85e019f6cac2366e934d5dc31b8ae92f121a2b4c8c95f=
8267abce5ce4413d30a24affa40a069d587212364ae5a7c3cd114488e50a535f01c54c6e77
+$(DL_FILE)_BLAKE2 =3D b7f5bb855a6f8fe7dfd0e0efe7b48798e9d4642e401641c83554ed=
0f98fe238a5f303e9466e9e24a7ade63488a745b3c957ed6cc53a2f5e21f5f9c3f78f7fa78
=20
install : $(TARGET)
=20
diff --git a/lfs/tzdata b/lfs/tzdata
index 921c5e66c4..05c9a257fc 100644
--- a/lfs/tzdata
+++ b/lfs/tzdata
@@ -1,7 +1,7 @@
############################################################################=
###
# =
#
# IPFire.org - A linux based firewall =
#
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> =
#
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> =
#
# =
#
# This program is free software: you can redistribute it and/or modify =
#
# it under the terms of the GNU General Public License as published by =
#
@@ -24,7 +24,7 @@
=20
include Config
=20
-VER =3D 2023d
+VER =3D 2024a
TZDATA_VER =3D $(VER)
TZCODE_VER =3D $(VER)
=20
@@ -45,8 +45,8 @@ objects =3D tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).=
tar.gz
tzdata$(TZDATA_VER).tar.gz =3D $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
tzcode$(TZCODE_VER).tar.gz =3D $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
=20
-tzdata$(TZDATA_VER).tar.gz_BLAKE2 =3D b79be37a8a258745d162a575c795ee6476b4fa=
5f6d2f7b562d9431a238eca276a1747a983778291184fc6e40a0c1f5e6284d41290fd6d1d3bd3=
118bda83f426e
-tzcode$(TZCODE_VER).tar.gz_BLAKE2 =3D 3e759de2e1dfe033bb98b5af5239631ef5dc33=
e25b6aeb95ab3e6041d5db3dd1b1cb8b210f072bc0d671117f2ad162cdcdcb3ecae97aa2d3be3=
bc2e809845666
+tzdata$(TZDATA_VER).tar.gz_BLAKE2 =3D 5ec49bbce704411a1d8b3f018b0d8f6c7de24c=
5600e0cb6c61a7ee29b4a49b1e502d23b40bce6584ea0aa9b66327321608cbabb994071ec4ca2=
b3a496aa2d621
+tzcode$(TZCODE_VER).tar.gz_BLAKE2 =3D f3b8d1e7735ad858d071df564a8e11ac4d252b=
97a5729fa6c282112ff3903f7d35897735920b4466a926ef647dc283356879134046805411c69=
4efd3fd89b282
=20
install : $(TARGET)
=20
diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index 18eb86e2f6..e7a62097e1 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -22,6 +22,8 @@
. /etc/sysconfig/rc
. $rc_functions
=20
+PIDFILE=3D"/var/run/httpd.pid"
+
generate_certificates() {
if [ ! -f "/etc/httpd/server.key" ]; then
boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
@@ -86,8 +88,7 @@ case "$1" in
=20
stop)
boot_mesg "Stopping Apache daemon..."
- /usr/sbin/apachectl -k stop
- evaluate_retval
+ killproc /usr/sbin/httpd
;;
=20
restart)
hooks/post-receive
--
IPFire 2.x development tree
--===============0266820583213873253==--