* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127
@ 2024-09-05 9:31 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2024-09-05 9:31 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 16606 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit)
via 4eae0fae0bfd5002fab4c719bd369f0200d624cf (commit)
via 4c672e3b9692927d4d3319cb25283098b9075a46 (commit)
via ea1d59e31e45fe598280d62449ba157ac8926f70 (commit)
via dbaba25987706f0fe451705a908b5e6b98b95809 (commit)
from f91d2f48c032221a9cc4ce5d9ca0aea9334ab1c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 5 09:31:40 2024 +0000
core189: Ship dhcpcd
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4eae0fae0bfd5002fab4c719bd369f0200d624cf
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 5 10:44:49 2024 +0200
dhcpcd: Update to version 10.0.10
- Update from version 10.0.8 to 10.0.10
- Update of rootfile not required
- Patch for free selection of MTU has been removed as in version 10.0.9 the MTU code
was changed to not apply limits to it.
- Changelog
10.0.10
Reversion of commit "linux: make if_getnetworknamespace static"
10.0.9
Option 2: Fix stdin parsing by @holmanb in #289
IPv4LL: Restart ARP probling on address conflict by @LeoRuan in #340
DHCP: Handle option 108 correctly when receiving 0.0.0.0 OFFER by @taoyl-g
in #342
DHCP: No longer set interface mtu by @rsmarples in #346
Update privsep-linux.c to allow statx by @Jabrwock in #349
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4c672e3b9692927d4d3319cb25283098b9075a46
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 5 10:31:53 2024 +0200
clamav: Update to version 1.3.2
- Update from version 1.3.1 to 1.3.2
- Update of rootfile
- 2 CVE Fixes
- Changelog
1.3.2
- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
Changed the logging module to disable following symlinks on Linux and Unix
systems so as to prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system files.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to Detlef for identifying this issue.
- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
Fixed a possible out-of-bounds read bug in the PDF file parser that could
cause a denial-of-service (DoS) condition.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to OSS-Fuzz for identifying this issue.
- Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.
- Fix unit test caused by expiring signing certificate.
- Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305)
- Fixed a build issue on Windows with newer versions of Rust.
Also upgraded GitHub Actions imports to fix CI failures.
Fixes courtesy of liushuyu.
- Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
- Fixed an unaligned pointer dereference issue on select architectures.
Fix courtesy of Sebastian Andrzej Siewior.
- Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
- Fixes to Jenkins CI pipeline.
For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1330)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ea1d59e31e45fe598280d62449ba157ac8926f70
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 5 08:56:52 2024 +0000
core189: Ship expat
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dbaba25987706f0fe451705a908b5e6b98b95809
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Sep 4 23:49:24 2024 +0200
expat: Update to version 2.6.3
- Update from version 2.6.2 to 2.6.3
- Update of rootfile
- 3 CVE Fixes in this release.
- Changelog
2.6.3
Security fixes:
#887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
#888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
#889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
Other changes:
#851 #879 Autotools: Sync CMake templates with CMake 3.28
#853 Autotools: Always provide path to find(1) for portability
#861 Autotools: Ensure that the m4 directory always exists.
#870 Autotools: Simplify handling of SIZEOF_VOID_P
#869 Autotools: Support non-GNU sed
#856 Autotools|CMake: Fix main() to main(void)
#865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
#863 Autotools|CMake: Stop requiring dos2unix
#854 #855 CMake: Fix check for symbols size_t and off_t
#864 docs|tests: Convert README to Markdown and update
#741 Windows: Drop support for Visual Studio <=15.0/2017
#886 Drop needless XML_DTD guards around is_param access
#885 Fix typo in a code comment
#894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
Infrastructure:
#880 Readme: Promote the call for help
#868 CI: Fix various issues
#849 CI: Allow triggering GitHub Actions workflows manually
#851 #872 ..
#873 #879 CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/expat | 21 +++++------
.../{oldcore/125 => core/189}/filelists/dhcpcd | 0
.../{oldcore/106 => core/189}/filelists/expat | 0
config/rootfiles/packages/clamav | 4 +-
lfs/clamav | 6 +--
lfs/dhcpcd | 5 +--
lfs/expat | 4 +-
...2-Allow-free-selection-of-MTU-by-the-user.patch | 44 ----------------------
8 files changed, 19 insertions(+), 65 deletions(-)
copy config/rootfiles/{oldcore/125 => core/189}/filelists/dhcpcd (100%)
copy config/rootfiles/{oldcore/106 => core/189}/filelists/expat (100%)
delete mode 100644 src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
Difference in files:
diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 2ab49e910..51a4de2f7 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,22 +2,21 @@
#usr/include/expat.h
#usr/include/expat_config.h
#usr/include/expat_external.h
-#usr/lib/cmake
-#usr/lib/cmake/expat-2.6.2
-#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.2/expat-config.cmake
-#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.2/expat.cmake
+#usr/lib/cmake/expat-2.6.3
+#usr/lib/cmake/expat-2.6.3/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.3/expat-config.cmake
+#usr/lib/cmake/expat-2.6.3/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.3/expat.cmake
#usr/lib/libexpat.la
#usr/lib/libexpat.so
usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.9.2
+usr/lib/libexpat.so.1.9.3
#usr/lib/pkgconfig/expat.pc
#usr/share/doc/expat
-#usr/share/doc/expat-2.6.2
-#usr/share/doc/expat-2.6.2/ok.min.css
-#usr/share/doc/expat-2.6.2/reference.html
-#usr/share/doc/expat-2.6.2/style.css
+#usr/share/doc/expat-2.6.3
+#usr/share/doc/expat-2.6.3/ok.min.css
+#usr/share/doc/expat-2.6.3/reference.html
+#usr/share/doc/expat-2.6.3/style.css
#usr/share/doc/expat/AUTHORS
#usr/share/doc/expat/changelog
#usr/share/man/man1/xmlwf.1
diff --git a/config/rootfiles/core/189/filelists/dhcpcd b/config/rootfiles/core/189/filelists/dhcpcd
new file mode 120000
index 000000000..1e799dabb
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/dhcpcd
@@ -0,0 +1 @@
+../../../common/dhcpcd
\ No newline at end of file
diff --git a/config/rootfiles/core/189/filelists/expat b/config/rootfiles/core/189/filelists/expat
new file mode 120000
index 000000000..e1923cf63
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/expat
@@ -0,0 +1 @@
+../../../common/expat
\ No newline at end of file
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 2c7242d7e..f8deb9479 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -105,14 +105,13 @@ usr/sbin/clamd
#usr/share/doc/ClamAV/html/images
#usr/share/doc/ClamAV/html/images/change-fork-name.png
#usr/share/doc/ClamAV/html/images/cisco.png
+#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png
#usr/share/doc/ClamAV/html/images/clone-your-fork.png
#usr/share/doc/ClamAV/html/images/create-a-fork.png
#usr/share/doc/ClamAV/html/images/demon.png
#usr/share/doc/ClamAV/html/images/flamegraph.svg
#usr/share/doc/ClamAV/html/images/fork-is-behind.png
#usr/share/doc/ClamAV/html/images/logo.png
-#usr/share/doc/ClamAV/html/images/new-git-workflow.png
-#usr/share/doc/ClamAV/html/images/old-git-workflow.png
#usr/share/doc/ClamAV/html/index.html
#usr/share/doc/ClamAV/html/manual
#usr/share/doc/ClamAV/html/manual/Development
@@ -163,6 +162,7 @@ usr/sbin/clamd
#usr/share/doc/ClamAV/html/manual/Usage/Scanning.html
#usr/share/doc/ClamAV/html/manual/Usage/Services.html
#usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html
+#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg
#usr/share/doc/ClamAV/html/mark.min.js
#usr/share/doc/ClamAV/html/mode-rust.js
#usr/share/doc/ClamAV/html/print.html
diff --git a/lfs/clamav b/lfs/clamav
index 32b4aa4f9..f98d52532 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.3.1
+VER = 1.3.2
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 72
+PAK_VER = 73
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362
+$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8
install : $(TARGET)
diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 3bac681d8..10b7b0212 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -24,7 +24,7 @@
include Config
-VER = 10.0.8
+VER = 10.0.10
THISAPP = dhcpcd-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1bf27387c13f192c6216e2f1ecad06bfa82267d5d6e08ddaa123789699fe9154222c33b1aa1f603e65ae8dce510cb24d48e72701494e0793c766e81f024f8bc5
+$(DL_FILE)_BLAKE2 = 2ecf52009f3fd4442863e1927a8d9e777ee6f34ff4d50a6f1e67821fb23fd12221df1e3a0a04ea0874df8feac15785772b4aa75af407f74448e442db36410e30
install : $(TARGET)
@@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
cd $(DIR_APP) && ./configure \
--prefix="" \
--sysconfdir=/var/ipfire/dhcpc \
diff --git a/lfs/expat b/lfs/expat
index 3a37bf2d2..91e4f32af 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
include Config
-VER = 2.6.2
+VER = 2.6.3
THISAPP = expat-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
+$(DL_FILE)_BLAKE2 = b8e0a0e779f0f136eaca91115cbbcf5a5cca457cab1cca6f8d6141151d19f8ef2dccb41b0e9134459c1e7d99cb2e0b4ce3922d2bd9221002ec43fe9d53a0084a
install : $(TARGET)
diff --git a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
deleted file mode 100644
index 69a35daf5..000000000
--- a/src/patches/dhcpcd-10.0.2-Allow-free-selection-of-MTU-by-the-user.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 1acff721a3874a74efc9921a1e07bd48bd7efab0 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer(a)ipfire.org>
-Date: Tue, 22 Feb 2022 12:07:15 +0000
-Subject: [PATCH] Allow free selection of MTU by the user
-
-Various ISPs (or equipment?) seem to hand out an MTU of only 576 bytes.
-Hwoever, this does not seem to be intentional which is why we would like
-to manually overwrite this in the configuration.
-
-dhcpcd only allows setting a maximum MTU of 1472 bytes which does not
-seem to have any rationale (any more). Although Ethernet might limit any
-MTU to less, IPv6 and IPv4 support MTUs of up to 64KiB.
-
-This patch allows the user to configure the MTU freely with providing
-some sanity check.
-
-Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
----
- src/dhcp-common.h | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/dhcp-common.h b/src/dhcp-common.h
-index a82fcd4c..d6620822 100644
---- a/src/dhcp-common.h
-+++ b/src/dhcp-common.h
-@@ -46,10 +46,11 @@
- #define NS_MAXLABEL MAXLABEL
- #endif
-
--/* Max MTU - defines dhcp option length */
--#define IP_UDP_SIZE 28
--#define MTU_MAX 1500 - IP_UDP_SIZE
--#define MTU_MIN 576 + IP_UDP_SIZE
-+/* Max/Min MTU */
-+#define MTU_MAX 65536
-+#define MTU_MIN 576
-+
-+#define IP_UDP_SIZE 28
-
- #define OT_REQUEST (1 << 0)
- #define OT_UINT8 (1 << 1)
---
-2.30.2
-
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-09-05 9:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-05 9:31 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox