* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 5c83f229397327dd6b82e85695bcaffeeb26c26a
@ 2024-09-03 12:54 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2024-09-03 12:54 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 47456 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 5c83f229397327dd6b82e85695bcaffeeb26c26a (commit)
via 4c24b80d92a7416e3260266781fe70bc55f91d3f (commit)
via fffd31c14969e8f203c7659e9db068fff288e49a (commit)
via f676c4c95bc6a4f03d931b3906a0fbbb971734ab (commit)
via ff974eeb17339968f6e065496fe82190f960d615 (commit)
via 2261d072e562d3aed601fe627f47b67f9e890fa2 (commit)
via ac06f70716429318e739d6e1ff2b477cc61e6b39 (commit)
via 53eeed5a81970d93889b144f08efee1406bee0b0 (commit)
from 4aba01cbc823aefa1cbc1c2729e8d910422f6b74 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5c83f229397327dd6b82e85695bcaffeeb26c26a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:25 2024 +0200
taglib: Update to version 2.0.2
- Update from version 2.0.1 to 2.0.2
- Update of rootfile
- Changelog
2.0.2
* Fix parsing of ID3v2.2 frames.
* Tolerate MP4 files with unknown atom types as generated by Android tools.
* Support setting properties with arbitrary names in MP4 tags.
* Windows: Fix "-p" option in tagwriter example.
* Support building with older utfcpp versions.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4c24b80d92a7416e3260266781fe70bc55f91d3f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:24 2024 +0200
shairport-sync: Update to version 4.3.4
- Update from version 4.3.2 to 4.3.4
- Update of rootfile
- Changelog is only defined for 4.3, 4.2 etc so the below changelog is for all of 4.3
Cannot determine which things were alreday fixed in 4.3.2 and earlier and which are
from 4.3.3 onwards.
4.3
**Security Updates**
* A crashing bug in NQPTP has been fixed.
* The communications protocol used between NQPTP and Shairport Sync has been
revised and made more resilient to attempted misuse.
* In Linux systems, NQPTP no longer runs as `root` -- instead it runs as the
restriced user `nqptp`, with access to ports 319 and 320 set by the installer
via the `setcap` utility.
**Enhancements**
* A new volume control profile called `dasl-tapered` has been added in which
halving the volume control setting halves the output level.
For example, moving the volume slider from full to half reduces the output
level by 10dB, which roughly corresponds with a perceived halving of the audio
volume level.
Moving the volume slider from half to a quarter reduces the output level by a
a further 10dB.
The tapering rate is slightly modified at the lower end of the range if the
device's attenuation range is restricted (less than about 55dB).
To activate the `dasl-tapered` profile, set the `volume_control_profile` to
`"dasl_tapered"` in the configuration file and restart Shairport Sync.
Many thanks to David Leibovic, aka [dasl-](https://github.com/dasl-), for this.
* On graceful shutdown, an `active_end` signal should now be generated if the
system was in the active state. Addresses issue
[#1647](https://github.com/mikebrady/shairport-sync/issues/1647). Thanks to
[Tucker Kern](https://github.com/mill1000) for raising the issue.
**Bug Fixes**
* Fixed a bug that causes the Docker image to crash occasionally when OwnTone
interrupted an existing iOS session. Thanks to
[aaronk6](https://github.com/aaronk6) for the report.
* Fixed a cross-compliation error caused by not looking for the correct version
of the `ar` tool. The fix was to substitute the correct version during the
`autoreconf` phase. Thanks to
[sternenseemann](https://github.com/sternenseemann) for raising the
[issue](https://github.com/mikebrady/shairport-sync/issues/1705) and the
[PR](https://github.com/mikebrady/shairport-sync/pull/1706) containing the fix.
* Updated the mDNS strings for the Classic AirPlay feature of AP2, so that it
does not appear to provide MFi authentication. Addresses
[this discussion](https://github.com/mikebrady/shairport-sync/discussions/1691).
* Always uses a revision number of 1 when looking for status updates on the DACP
remote control port. This follows a suggestion in
[Issue #1658](https://github.com/mikebrady/shairport-sync/issues/1658). Thanks
to [ejurgensen](https://github.com/ejurgensen), as ever, for the report and
the suggested fix.
* Fixed a `statistics` bug (the minimum buffer size was incorrectly logged) and
also tidy up the statistics logging interval logic for resetting min and max
counters.
* Added an important missing format string argument to a call in the Jack Audio
backend. Many thanks to [michieldwitte] for their
[PR](https://github.com/mikebrady/shairport-sync/pull/1693).
**Maintenance**
* Stopped using a deprecated FFmpeg data structure reference.
* Stopped using deprecated OpenSSL calls. Thanks to [yubiuser] for their
[PR](https://github.com/mikebrady/shairport-sync/pull/1684) -- which did some
of the updating -- and for their guidance.
* Run workflow-based tests on PRs automatically. Thanks to [yubiuser]
for their [PR](https://github.com/mikebrady/shairport-sync/pull/1687).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fffd31c14969e8f203c7659e9db068fff288e49a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:23 2024 +0200
observium-agent: Update to version 24.4
- Update from version 23.1 to 24.4
- Update of rootfile not required
- Changelog is not provided in the source tarbal. Ther is a text changelog at
https://www.observium.org/svn.log but it is not clear if this is for the community
version used here or for the subscription based version. There is also no reference
to any version numbers so you can't easily tell which changes are in this version and
which not.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f676c4c95bc6a4f03d931b3906a0fbbb971734ab
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:22 2024 +0200
mcelog: Update to version 200
- Update from version 196 to 200
- Update of rootfile not required
- Changelog is not provided. The git log,
https://git.kernel.org/cgit/utils/cpu/mce/mcelog.git/log/, should be viewed for changes.
The changes are mostly bug fixes.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ff974eeb17339968f6e065496fe82190f960d615
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:20 2024 +0200
iotop: Update to version 1.26
- Update from version 1.22 to 1.26
- Update of rootfile not required
- Changelog
1.26
Add clock in upper right corner
1.25
Fix bug when iotop busy loops after pressing ESC key
Change the condition of displaying processes in only mode
1.24
Fix a bug with graphs in ASCII mode
Show the status of the configuration in the help window
Support ancient compilers by @bbonev in #52
1.23
Changes by @bbonev in #43
Fix some issues reported by lintian by @debian-janitor in #42
Revert syscall count stuff by @bbonev in #44
Fix empty archlinux package by @bokunodev in #46
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2261d072e562d3aed601fe627f47b67f9e890fa2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:21 2024 +0200
libvirt: Update to version 10.7.0
- Update from version 10.0.0 to 10.7.0
- Update of rootfile
- 1 CVE fix in 10.7.0 and 1 in 10.1.0
- Changelog
10.7.0
* **Security**
* CVE-2024-8235: Crash of ``virtinterfaced`` via ``virConnectListInterfaces()``
A refactor of the code fetching the list of interfaces for multiple APIs
introduced corner case on platforms where allocating 0 bytes of memory
results in a NULL pointer.
This corner case would lead to a NULL-pointer dereference and subsequent
crash of ``virtinterfaced`` if ``virConnectListInterfaces()`` is called
requesting 0 networks to be filled.
The bug was introduced in libvirt-10.4.0
* **New features**
* qemu: Introduce the ability to disable the built-in PS/2 controller
It is now possible to control the state of the ``ps2`` feature in the
domain XML for descendants of the generic PC machine type (``i440fx``,
``q35``, ``xenfv`` and ``isapc``).
* **Improvements**
* ch: support restore with network devices
Cloud-Hypervisor starting from V40.0 supports restoring file descriptor
backed network devices. So, create new net fds and pass them via
SCM_RIGHTS to CH during restore operation.
* ch: support basic networking modes
Cloud-Hypervisor driver now supports Ethernet, Network (NAT) and Bridge
networking modes.
10.6.0
* **Removed features**
* qemu: Require QEMU-5.2.0 or newer
The minimal required version of QEMU was bumped to 5.2.0.
* **New features**
* qemu: Add support for the 'pauth' Arm CPU feature
* Introduce pstore device
The aim of pstore device is to provide a bit of NVRAM storage for guest
kernel to record oops/panic logs just before it crashes. Typical usage
includes usage in combination with a watchdog so that the logs can be
inspected after the watchdog rebooted the machine.
* **Improvements**
* qemu: Set 'passt' net backend if 'default' is unsupported
If QEMU is compiled without SLIRP support, and if domain XML allows it,
starting from this release libvirt will use passt as the default backend
instead. Also, supported backends are now reported in the domain
capabilities XML.
* qemu: add a monitor to /proc/$pid when killing times out
In cases when a QEMU process takes longer to be killed, libvirt might have
skipped cleaning up after it. But now a /proc/$pid watch is installed so
this does not happen ever again.
* **Bug fixes**
* virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf
When binary version of edk2 is distributed, the files reside under
/usr/share/edk2-ovmf. Allow virt-aa-helper to generate paths under that
directory.
* virt-host-validate: Allow longer list of CPU flags
During its run, virt-host-validate parses /proc/cpuinfo to learn about CPU
flags. But due to a bug it parsed only the first 1024 bytes worth of CPU
flags leading to unexpected results. The file is now parsed properly.
* capabilities: Be more forgiving when decoding OEM strings
On some systems, OEM strings are scattered in multiple sections. This
confused libvirt when generating capabilities XML. Not anymore.
10.5.0
* **New features**
* Introduce SEV-SNP support
SEV-SNP is introduced as another type of ``<launchSecurity/>``. Its support
is reported in both domain capabilities and ``virt-host-validate``.
* **Improvements**
* tools: virt-pki-validate has been rewritten in C
The ``virt-pki-validate`` shell script has been rewritten as a C program,
providing an output format that matches ``virt-host-validate``, removing
the dependency on ``certtool`` and providing more comprehensive checks
of the certificate properties.
* qemu: implement iommu coldplug/unplug
The ``<iommu/>`` device can be now cold plugged and/or cold unplugged.
* Pass shutoff reason to release hook
Sometimes in release hook it is useful to know if the VM shutdown was
graceful or not. This is especially useful to do cleanup based on the VM
shutdown failure reason in release hook. Starting with this release the
last argument 'extra' is used to pass VM shutoff reason in the call to
release hook.
* nodedev: improve DASD detection
In newer DASD driver versions the ID_TYPE tag is supported. This tag is
missing after a system reboot but when the ccw device is set offline and
online the tag is included. To fix this version independently we need to
check if a device detected as type disk is actually a DASD to maintain the
node object consistency and not end up with multiple node objects for
DASDs.
* **Bug fixes**
* remote_daemon_dispatch: Unref sasl session when closing client connection
A memory leak was identified when a client started SASL but then suddenly
closed connection. This is now fixed.
* qemu: Fix migration with disabled vmx-* CPU features
Migrating a domain with some vmx-* CPU features marked as disabled could
have failed as the destination would incorrectly expect those features to
be enabled after starting QEMU.
* qemu: Fix ``libvirtd``/``virtqemud`` crash when VM shuts down during migration
The libvirt daemon could crash when a VM was shut down while being migrated
to another host.
10.4.0
* **New features**
* qemu: Support for ras feature for virt machine type
It is now possible to set on/off ``ras`` feature in the domain XML for virt
(Arm) machine type as ``<ras state='on'/>``.
* SSH proxy for VM
Libvirt now installs a binary helper that allows connecting to QEMU domains
via SSH using the following scheme: ``ssh user(a)qemu/virtualMachine``.
* qemu: Support for ``virtio`` sound model
Sound devices can now be configured to use the virtio model with
``<sound model='virtio'/>``. This model is available from QEMU 8.2.0
onwards.
* network: use nftables to setup virtual network firewall rules
The network driver can now use nftables rules for the virtual
network firewalls, rather than iptables. With the standard build
options, nftables is preferred over iptables (with fallback to
iptables if nftables isn't installed), but this can be modified at
build time, or at runtime via the firewall_backend setting in
network.conf. (NB: the nwfilter driver still uses
ebtables/iptables).
* **Improvements**
* qemu: add zstd to supported compression formats
Extend the list of supported formats of QEMU save image by adding zstd
compression.
* qemu: Implement support for hotplugging evdev input devices
As of this release, hotplug and hotunplug of evdev ``<input/>`` devices is
supported.
* **Bug fixes**
* virsh/virt-admin: Fix ``--help`` option for all commands
A bug introduced in `v10.3.0 (2024-05-02)`_ caused that the attempt to print
help for any command by using the ``--help`` option in ``virsh`` and
``virt-admin`` would print::
$ virsh list --help
error: command 'list' doesn't support option --help
instead of the help output. A workaround for the affected version is to use
the help command::
$ virsh help list
* qemu: Fix ``virsh save`` and migration when storage in question is root_squashed NFS
Attempting to save a VM to a root_squash NFS mount or migrating with disks
hosted on such mount could, in some scenarios, result in error stating::
'Unknown error 255'
The bug was introduced in `v10.1.0 (2024-03-01)`_.
* qemu: Don't set affinity for isolcpus unless explicitly requested
When starting a domain, by default libvirt sets affinity of QEMU process to
all online CPUs. This also included isolated CPUs (``isolcpus=``) which is
wrong. As of this release, isolated CPUs are left untouched, unless
explicitly configured in domain XML.
* qemu_hotplug: Properly assign USB address to hotplugged usb-net device
Previously, the network device hotplug logic would try to ensure only CCW
or PCI addresses. With recent support for the usb-net model, USB addresses
for usb-net network devices are assigned automatically.
* qemu: Fix hotplug of ``virtiofs`` filesystem device with ``<boot order=`` set
The bug was introduced in `v10.3.0 (2024-05-02)`_ when attempting to reject
unsupported configurations. During hotplug the addresses are
assigned after validation and thus errorneously reject valid configs.
10.3.0
* **New features**
* qemu: Proper support for USB network device
USB address is now automatically assigned to USB network devices thus they
can be used without manual configuration.
* conf: Introduce memReserve attribute to <controller/>
Some PCI devices have large non-prefetchable memory. This can be a problem
in case when such device needs to be hotplugged as the firmware can't
foresee such situation. The user thus can override the value calculated at
start to accomodate for such devices.
* **Improvements**
* Improve validation of USB devices
Certain USB device types ('sound', 'fs', 'chr', 'ccid' and 'net') were not
properly handled in the check whether the VM config supports USB and thus
would result in poor error messages.
* virsh: Fix behaviour of ``--name`` and ``--parent`` used together when listing checkpoint and snapshots
The ``checkpoint-list`` and ``snapshot-list`` commands would ignore the
``--name`` option to print only the name when used with ``--parent``.
* Extend libvirt-guests to shutdown only persistent VMs
Users can now choose to shutdown only persistent VMs when the host is being
shut down.
* **Bug fixes**
* qemu: Fix migration with custom XML
Libvirt 10.2.0 would sometimes complain about incompatible CPU definition
when trying to migrate or save a domain and passing a custom XML even
though such XML was properly generated as migratable. Hitting this bug
depends on the guest CPU definition and the host on which a particular
domain was running.
* qemu: Fix TLS hostname verification failure in certain non-shared storage migration scenarios
In certain scenarios (parallel migration, newly also post-copy migration)
libvirt would wrongly pass an empty hostname to QEMU to be used for TLS
certificate hostname validation, which would result into failure of the
non-shared storage migration step::
error: internal error: unable to execute QEMU command 'blockdev-add': Certificate does not match the hostname
* Create OVS ports as transient
Libvirt now creates OVS ports as transient which prevents them from
reappearing or going stale on sudden reboots.
* Clear OVS QoS settings when domain shuts down
Libvirt now clears QoS settings on domain shutdown, so they no longer pile
up in OVS database.
10.2.0
* **New features**
* ch: Basic save and restore support for ch driver
The ch driver now supports basic save and restore operations. This is
functional on domains without any network, host device config defined.
The ``path`` parameter for save and restore should be a directory.
* qemu: Support for driver type ``mtp`` in ``<filesystem/>`` devices
The ``mtp`` driver type exposes the ``usb-mtp`` device in QEMU. The
guest can access files on this driver through the Media Transfer
Protocol (MTP).
* qemu: Added support for the loongarch64 architecture
It is now possible for libvirt to run loongarch64 guests, including on
other architectures via TCG. For the best results, it is recommended to
use the upcoming QEMU 9.0.0 release together with the development version
of edk2.
* qemu: Introduce virDomainGraphicsReload API
Reloading the graphics display is now supported for QEMU guests using
VNC. This is useful to make QEMU reload the TLS certificates without
restarting the guest. Available via the ``virDomainGraphicsReload`` API
and the ``domdisplay-reload`` virsh command.
* **Bug fixes**
* qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled
A domain with vmx feature enabled (which may be even done automatically
with ``mode='host-model'``) started by libvirt 9.9.0 or older cannot be
migrated to libvirt 9.10.0, 10.0.0, and 10.1.0 as the target host would
complain about a lot of extra ``vmx-*`` features. Migration of similar
domains started by the affected releases to libvirt 9.9.0 and older
does not work either. Since libvirt 10.2.0 migration works again with
libvirt 9.9.0 and older in both directions. Migration from the affected
releases to 10.2.0 works as well, but the other direction remains broken
unless the fix is backported.
* node_device: Don't report spurious errors from PCI VPD parsing
In last release the PCI Vital Product Data parser was enhanced to report
errors but that effort failed as some kernels have the file but don't allow
reading it causing logs to be spammed with::
libvirtd[21055]: operation failed: failed to read the PCI VPD data
Since the data is used only in the node device XML and errors are ignored if
the parsing failed, this release removes all the error reporting.
* qemu: set correct SELinux label for unprivileged virtiofsd
It is now possible to use virtiofsd-based ``<filesystem>`` shares even
if the guest is confined using SELinux.
* qemu: fix a crash on unprivileged virtiofsd hotplug
Hotplugging virtiofsd-based filesystems works now.
* virt-admin: Fix segfault when libvirtd dies
``virt-admin`` no longer crashes when ``libvirtd`` unexpectedly closes
the connection.
10.1.0
* **Security**
* ``CVE-2024-1441``: Fix off-by-one error leading to a crash
In **libvirt-1.0.0** there were couple of interface listing APIs
introduced which had an off-by-one error. That error could lead to a
very rare crash if an array was passed to those functions which did
not fit all the interfaces.
In **libvirt-5.10** a check for non-NULL arrays has been adjusted to
allow for NULL arrays with size 0 instead of rejecting all NULL
arrays. However that made the above issue significantly worse since
that off-by-one error now did not write beyond an array, but
dereferenced said NULL pointer making the crash certain in a
specific scenario in which a NULL array of size 0 was passed to the
aforementioned functions.
* **New features**
* nodedev: Support updating mdevs
The node device driver has been extended to allow updating mediated node
devices. Options are available to target the update against the persistent,
active or both configurations of a mediated device.
**Note:** The support is only available with at least mdevctl v1.3.0 installed.
* qemu: Add support for /dev/userfaultfd
On hosts with new enough kernel which supports /dev/userfaultfd libvirt will
now automatically grant QEMU access to this device. It's no longer needed to
set vm.unprivileged_userfaultfd sysctl.
* qemu: Support clusters in CPU topology
It is now possible to configure the guest CPU topology to use clusters.
Additionally, if CPU clusters are present in the host topology, they will
be reported as part of the capabilities XML.
* network: Make virtual domains resolvable from the host
When starting a virtual network with a new ``register='yes'`` attribute
in the ``<domain>`` element, libvirt will configure ``systemd-resolved``
to resolve names of the connected guests using the name server started
for this network.
* qemu: Introduce dynamicMemslots attribute for virtio-mem
QEMU now allows setting ``.dynamic-memslots`` attribute for virtio-mem-pci
devices. When turned on, it allows memory exposed to guest to be split into
multiple memory slots and thus smaller memory footprint (see the original
commit for detailed explanation).
* **Improvements**
* nodedev: Add ability to update persistent mediated devices by defining them
Existing persistent mediated devices can now also be updated by
``virNodeDeviceDefineXML()`` as long as parent and UUID remain unchanged.
* ch: Enable ``ethernet`` interface mode support
``<interface type='ethernet'/>`` can now be used for CH domains.
* viraccessdriverpolkit: Add missing vtpm case
Secrets with ``<usage type='vtpm'>`` were left unable to be checked for in
the access driver, i.e. in ACL rules. Missing code was provided.
* virt-admin: Notify users to use explicit URI if connection fails
``virt-admin`` doesn't try to guess the URI of the daemon to manage so a
failure to connect may be confusing for users if modular daemons are used.
Add a hint to use the URI of the dameon to manage.
* **Bug fixes**
* qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter
If ``trustGuestRxFilters`` is enabled for a vNIC that doesn't support it,
libvirt may throw an error when such domain is being started, loaded from a
saved state, migrated, etc. These errors are now silenced, but make sure to
fix such configurations (after previous release it is even possible to
change ``trustGuestRxFilters`` value on live domains via
``virDomainUpdateDeviceFlags()`` or ``virsh device-update``).
* domain: Fix check for overlapping ``<memory/>`` devices
A bug was identified which caused libvirt to report two NVDIMMs as
overlapping even though they weren't. This now fixed.
* vmx: Accept empty fileName for cdrom-image
Turns out, ``fileName`` attribute (which contains path to CDROM image) can
be set to an empty string (``""``) to denote a state in which the CDROM has
no medium in it. Libvirt used to reject such configuration file, but not
anymore.
* qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet()
When starting a domain, libvirt tracks what resources it created for it and
which were pre-existing and uses this information to preserve pre-existing
resources when cleaning up after said domain is shut off. But for macvtaps
this information was lost after the macvtap device was changed (e.g. via
``virsh update-device``).
* Fix virStream hole handling
When a client sent multiple holes into a virStream it may have caused
daemon hangup as the daemon stopped processing RPC from the client
temporarily. This is now fixed.
* nodedev: Don't generate broken XML with certain hardware
A broken node device XML would be generated in a rare case when a hardware
device had certain characters in the VPD fields.
* qemu: Fix reservation of manually specified port for disk migration
A manually specified port would not be relased after disk migration making
it impossible to use it again.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ac06f70716429318e739d6e1ff2b477cc61e6b39
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 3 11:17:19 2024 +0200
clamav: Update to version 1.3.1
- Update from version 1.3.0 to 1.3.1
- Update of rootfile not required
- As we can not upgrade currently to version 1.4.0 due to the rust/ruby issue we need to
update to 1.3.1 as it has a CVE fix in it.
- There are three rust dependencies that have been updated but all have a rust-1.57
requirement so have no problem with our current rust-1.67.0 version
- Changelog
1.3.1
This is a critical patch release with the following fixes:
- [CVE-2024-20380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20380):
Fixed a possible crash in the HTML file parser that could cause a
denial-of-service (DoS) condition.
This issue affects version 1.3.0 only and does not affect prior versions.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1242)
- Updated select Rust dependencies to the latest versions.
This resolved Cargo audit complaints and included PNG parser bug fixes.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1227)
- Fixed a bug causing some text to be truncated when converting from UTF-16.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1230)
- Fixed assorted complaints identified by Coverity static analysis.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1235)
- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam
config option to be pruned and then re-downloaded with every update.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238)
- Added the new 'valhalla' database name to the list of optional databases in
preparation for future work.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238)
- Added symbols to the `libclamav.map` file to enable additional build
configurations.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1244)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 53eeed5a81970d93889b144f08efee1406bee0b0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Sep 2 14:25:59 2024 +0200
tshark: Update to version 4.2.7
- Update from version 4.2.6 to 4.2.7
- Update of rootfile
- Version 4.4.0 is out but is a major change version. I have therefore decided to wait
for a few update versions before looking at changing to it. Most of the changes appear
to be more for the gui wireshark than for the cli tshark that IPFire nis using.
- The version 4.2.x branch will still have ongoing bug and security fixes anyway.
- CVE fix in this version update.
- Changelog
4.2.7
Bug Fixes
The following vulnerability has been fixed:
• wnpa-sec-2024-11[2] NTLMSSP dissector crash. Issue 19943[3].
CVE-2024-8250[4].
The following bugs have been fixed:
• Fuzz job issue: fuzz-2024-01-31-7745.pcap. Issue 19627[5].
• OSS-Fuzz 70534: wireshark:fuzzshark_ip_proto-udp: Stack-overflow
in dissect_cbor_main_type. Issue 19935[6].
• SOME/IP Protocol heuristic dissector fails to parse. Issue
19670[7].
• 6loWPAN: Page Number Field Incorrect Registration. Issue
19934[8].
• PacketBB incorrectly reports "Malformed Packet" Issue 19972[9].
Updated Protocol Support
6LoWPAN, BGP, CAN-ETH, CBOR, IEEE 802.11, LBMSRS, NTLMSSP, PacketBB,
PN-MRP, SOME/IP, USBLL, X.75, and Zabbix
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/packages/libvirt | 14 ++++++++++----
config/rootfiles/packages/shairport-sync | 2 +-
config/rootfiles/packages/taglib | 4 ++--
config/rootfiles/packages/tshark | 4 ++--
lfs/clamav | 6 +++---
lfs/iotop | 8 ++++----
lfs/libvirt | 6 +++---
lfs/mcelog | 8 ++++----
lfs/observium-agent | 8 ++++----
lfs/shairport-sync | 6 +++---
lfs/taglib | 6 +++---
lfs/tshark | 6 +++---
12 files changed, 42 insertions(+), 36 deletions(-)
Difference in files:
diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt
index f1031b079..32fdd5cce 100644
--- a/config/rootfiles/packages/libvirt
+++ b/config/rootfiles/packages/libvirt
@@ -52,6 +52,8 @@ etc/logrotate.d/libvirtd.qemu
etc/rc.d/init.d/libvirt-guests
etc/rc.d/init.d/libvirtd
etc/rc.d/init.d/virtlogd
+#etc/ssh/ssh_config.d
+etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
usr/bin/virsh
usr/bin/virt-admin
usr/bin/virt-host-validate
@@ -85,16 +87,16 @@ usr/bin/virt-xml-validate
#usr/lib/libvirt
#usr/lib/libvirt-admin.so
usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.10000.0
+usr/lib/libvirt-admin.so.0.10007.0
#usr/lib/libvirt-lxc.so
usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.10000.0
+usr/lib/libvirt-lxc.so.0.10007.0
#usr/lib/libvirt-qemu.so
usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.10000.0
+usr/lib/libvirt-qemu.so.0.10007.0
#usr/lib/libvirt.so
usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.10000.0
+usr/lib/libvirt.so.0.10007.0
#usr/lib/libvirt/connection-driver
usr/lib/libvirt/connection-driver/libvirt_driver_ch.so
usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
@@ -118,6 +120,9 @@ usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so
#usr/lib/sysctl.d
usr/lib/sysctl.d/60-libvirtd.conf
usr/lib/sysctl.d/60-qemu-postcopy-migration.conf
+#usr/lib/sysusers.d
+usr/lib/sysusers.d/libvirt-qemu.conf
+usr/libexec/libvirt-ssh-proxy
usr/libexec/libvirt_iohelper
usr/libexec/virt-login-shell-helper
usr/sbin/libvirtd
@@ -253,6 +258,7 @@ usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml
usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml
usr/share/libvirt/cpu_map/x86_EPYC.xml
+usr/share/libvirt/cpu_map/x86_GraniteRapids.xml
usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml
usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml
usr/share/libvirt/cpu_map/x86_Haswell-noTSX.xml
diff --git a/config/rootfiles/packages/shairport-sync b/config/rootfiles/packages/shairport-sync
index a0cd5c859..4fb1d3f48 100644
--- a/config/rootfiles/packages/shairport-sync
+++ b/config/rootfiles/packages/shairport-sync
@@ -2,5 +2,5 @@ etc/rc.d/init.d/shairport-sync
etc/shairport-sync.conf
#etc/shairport-sync.conf.sample
usr/bin/shairport-sync
-#usr/share/man/man7/shairport-sync.7
+#usr/share/man/man1/shairport-sync.1
var/ipfire/backup/addons/includes/shairport-sync
diff --git a/config/rootfiles/packages/taglib b/config/rootfiles/packages/taglib
index 1341d11ed..1dbab71e1 100644
--- a/config/rootfiles/packages/taglib
+++ b/config/rootfiles/packages/taglib
@@ -120,9 +120,9 @@ usr/bin/taglib-config
#usr/lib/cmake/taglib/taglib-targets.cmake
#usr/lib/libtag.so
usr/lib/libtag.so.2
-usr/lib/libtag.so.2.0.1
+usr/lib/libtag.so.2.0.2
#usr/lib/libtag_c.so
usr/lib/libtag_c.so.2
-usr/lib/libtag_c.so.2.0.1
+usr/lib/libtag_c.so.2.0.2
#usr/lib/pkgconfig/taglib.pc
#usr/lib/pkgconfig/taglib_c.pc
diff --git a/config/rootfiles/packages/tshark b/config/rootfiles/packages/tshark
index 9f40dbc2e..a177b7b31 100644
--- a/config/rootfiles/packages/tshark
+++ b/config/rootfiles/packages/tshark
@@ -12,10 +12,10 @@ usr/bin/dumpcap
usr/bin/tshark
#usr/lib/libwireshark.so
usr/lib/libwireshark.so.17
-usr/lib/libwireshark.so.17.0.6
+usr/lib/libwireshark.so.17.0.7
#usr/lib/libwiretap.so
usr/lib/libwiretap.so.14
-usr/lib/libwiretap.so.14.1.6
+usr/lib/libwiretap.so.14.1.7
#usr/lib/libwsutil.so
usr/lib/libwsutil.so.15
usr/lib/libwsutil.so.15.0.0
diff --git a/lfs/clamav b/lfs/clamav
index 5a1089187..32b4aa4f9 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.3.0
+VER = 1.3.1
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 71
+PAK_VER = 72
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282
+$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362
install : $(TARGET)
diff --git a/lfs/iotop b/lfs/iotop
index 1dc44eaef..d869386ea 100644
--- a/lfs/iotop
+++ b/lfs/iotop
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Top Like UI to Show Per-Process I/O Going on
-VER = 1.22
+VER = 1.26
THISAPP = iotop-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = iotop
-PAK_VER = 5
+PAK_VER = 6
DEPS =
SERVICES =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 59ceff92600f6f9ff080d02ea10a796a2b6f05ccbb663ac2eed9a7d5c7f6a44de329307bc45605b3415804ef3b2d0699afdaeb1c22604276ce15fc606304ef70
+$(DL_FILE)_BLAKE2 = 90ca8706809952c1523c01b1cb4fa2728934277d80145ab6d90e10cb624361fd4089c527c6093b4733b954f874598c33c7892369ef98e96cbc0bb173a0f8c986
install : $(TARGET)
diff --git a/lfs/libvirt b/lfs/libvirt
index ef122cfa7..4ac7dbf90 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -26,7 +26,7 @@ include Config
SUMMARY = Server side daemon and supporting files for libvirt
-VER = 10.0.0
+VER = 10.7.0
THISAPP = libvirt-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 aarch64
PROG = libvirt
-PAK_VER = 34
+PAK_VER = 35
DEPS = ebtables libpciaccess libyajl ncat qemu
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bfbea7805a949999481293a31e52a5511bcf86db2c96486cbc3b9cb776719ec973b1208cfcb4a8ae2c9220d1d68053980eaf68893f7919c3ef354efbd1abf642
+$(DL_FILE)_BLAKE2 = 331f8c01395c70536ac094a156810f93cd85aab9f25bdde40633698a27f5863cb5c88c520199a5182318f376cb1a3484f3c487da74a41925a521c4a305c51f13
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
diff --git a/lfs/mcelog b/lfs/mcelog
index 619cf025a..fa10eb374 100644
--- a/lfs/mcelog
+++ b/lfs/mcelog
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Log Machine Check Events
-VER = 196
+VER = 200
THISAPP = mcelog-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mcelog
-PAK_VER = 4
+PAK_VER = 5
SUP_ARCH = x86_64
DEPS =
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 50871cd7a3c4dd6f4c4d613c7db4528d972ca37ba17b0a5aa4876d8fc92d4478c2247ea65748310ad6d4b950d1abc9bd0ea40193e72b36d38334547382477849
+$(DL_FILE)_BLAKE2 = 66b6f25720d09760aab79d0b410287e73087551ab54eaf7dc31c0f7f5c56a40583e933f9e6dae9b91c5594f5bdf51701c37328e76f930c937b448aaac7acd262
install : $(TARGET)
diff --git a/lfs/observium-agent b/lfs/observium-agent
index 7df6996ba..bbf3bfcda 100644
--- a/lfs/observium-agent
+++ b/lfs/observium-agent
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Observium agent
-VER = 23.1
+VER = 24.4
THISAPP = observium-community-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/observium
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = observium-agent
-PAK_VER = 2
+PAK_VER = 3
DEPS = xinetd
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d89e8bd454bff4dfcf56bb95619747de53ee6b84d7f4f201058d654494252f3bc725013a5f08b6d635be30234474a4de9379275b593e031efb9a3f216641cd7c
+$(DL_FILE)_BLAKE2 = 1ef34e7bb6ce43ea7e0a122deb5031d555d942d4f79be0596fc0e2c63a2f92321aa22f34a21e6fa559a8a76e744770f9d74676955acdd76dc4d410e1107636a2
install : $(TARGET)
diff --git a/lfs/shairport-sync b/lfs/shairport-sync
index 4ade1ab99..f7136bc70 100644
--- a/lfs/shairport-sync
+++ b/lfs/shairport-sync
@@ -26,7 +26,7 @@ include Config
SUMMARY = An AirPlay audio player
-VER = 4.3.2
+VER = 4.3.4
THISAPP = shairport-sync-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = shairport-sync
-PAK_VER = 15
+PAK_VER = 16
DEPS = alac alsa avahi ffmpeg libdaemon libplist nqptp soxr
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = bed3228874e7ca1bf6e7d8cc21d6d750533d0bdd103bbd1f49412bab06da099adbecfa689d8f733084a1a5519391a01b5b47a527597e1dbf6ab151badda18284
+$(DL_FILE)_BLAKE2 = 298f836f924dde30ac7563f431d8c657efdc0bc4bb3a0a55fb500591a6eab4801f904a0a61bfb325e0ebe62b68b935926c4fb18a9a574c78d6f8249503bb828f
install : $(TARGET)
diff --git a/lfs/taglib b/lfs/taglib
index a211df139..527ae9e3f 100644
--- a/lfs/taglib
+++ b/lfs/taglib
@@ -26,7 +26,7 @@ include Config
SUMMARY = Audio Meta-Data Library
-VER = 2.0.1
+VER = 2.0.2
THISAPP = taglib-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = taglib
-PAK_VER = 4
+PAK_VER = 5
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a39997b3185609b47b4d20c12b9d131eee32a2846627799d83df98eaaf5b909514fd97667e779715b940f0866252d02a523fa9d87534ea3cdefbd27449cbe714
+$(DL_FILE)_BLAKE2 = 389af213bd467d68e2b0ca4485f51c35e660439baf2ecb7165069e5cb73589f5cf6c92d56e25780cea60e082b6fa51c5dde320dd25b8c5ef0e3b738ff0a6d4ea
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
diff --git a/lfs/tshark b/lfs/tshark
index 7156476d1..c4d29c8e1 100644
--- a/lfs/tshark
+++ b/lfs/tshark
@@ -26,7 +26,7 @@ include Config
SUMMARY = A Network Traffic Analyser
-VER = 4.2.6
+VER = 4.2.7
THISAPP = wireshark-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tshark
DEPS = c-ares
-PAK_VER = 17
+PAK_VER = 18
SERVICES =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 880acf82c7e535b89ce8b41293c90197825ffe1132720337e77b3dcee0eaf476cb3faa6f9b42d3864e9f6892e624d0b286afdaf6bbe7e6b60483296d087a4bc3
+$(DL_FILE)_BLAKE2 = ab82c4ff9afa0fecb3cddbabc7441c3f457c2ccfc39f8a1e65f5d4df752bbdf7cb3d892db5a3de86ec055b12c512f4d067f6d98626ecd2f58f31052e10415be8
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-09-03 12:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-03 12:54 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 5c83f229397327dd6b82e85695bcaffeeb26c26a Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox