* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. af4a2049ab5607ac1c72dc915520c16d438ab335
@ 2024-09-09 15:44 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2024-09-09 15:44 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 15751 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via af4a2049ab5607ac1c72dc915520c16d438ab335 (commit)
via 91c0e2735d137630a867aef40c9e1bde2a95f69e (commit)
via 6c6813283a643025f0032ba1f7398a906d8b348a (commit)
via ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac (commit)
via 50ef8eb544e7604c78942916458dcabd91d268d0 (commit)
via 656e3b79ca6e25ae518025914e20876c4576f793 (commit)
from 59bd4bcd1777ccbc63c34e7af1eaded2cacc9127 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit af4a2049ab5607ac1c72dc915520c16d438ab335
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Sep 9 15:42:59 2024 +0000
core189: Ship OpenVPN
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 91c0e2735d137630a867aef40c9e1bde2a95f69e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Sep 7 19:29:27 2024 +0200
openvpn: Update to version 2.5.10
- Update from version 2.5.9 to 2.5.10
- Update of rootfile not required
- 3 CVE Fixes in this version but all are for Windows installations.
- Changelog
2.5.10
Security fixes
- CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com>
- CVE-2024-24974: Windows: disallow access to the interactive service
pipe from remote computers.
Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com>
- CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via
a malicious plugin. Plugins can now only be loaded from the OpenVPN
install directory, the Windows system directory, and possibly from
a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
Reported-by: Vladimir Tokarev <vtokarev(a)microsoft.com>
User visible changes
- License amendment: all NEW commits fall under a modified license that
explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) -
see COPYING for details. Existing code in the release/2.5 branch
will not been relicensed (only in release/2.6 and later branches).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6c6813283a643025f0032ba1f7398a906d8b348a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Sep 6 10:42:27 2024 +0000
core189: Ship sudo
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ac50fd4bf996446cbca81af2a9cea3a44fb1f5ac
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Sep 5 15:28:50 2024 +0200
sudo: Update to version 1.9.16
- Update from version 1.9.15p5 to 1.9.16
- Update of rootfile
- Changelog
1.9.16
* Added the "cmddenial_message" sudoers option to provide additional
information to the user when a command is denied by the sudoers
policy. The default message is still displayed.
* The time stamp used for file-based logs is now more consistent
with the time stamp produced by syslog. GitHub issues #327.
* Sudo will now warn the user if it can detect the user's terminal
but cannot determine the path to the terminal device. The sudoers
time stamp file will now use the terminal device number directly.
GitHub issue #329.
* The embedded copy of zlib has been updated to version 1.3.1.
* Improved error handling if generating the list of signals and signal
names fails at build time.
* Fixed a compilation issue on Linux systems without process_vm_readv().
* Fixed cross-compilation with WolfSSL.
* Added a "json_compact" value for the sudoers "log_format" option
which can be used when logging to a file. The existing "json"
value has been aliased to "json_pretty". In a future release,
"json" will be an alias for "json_compact". GitHub issue #357.
* A new "pam_silent" sudoers option has been added which may be
negated to avoid suppressing output from PAM authentication modules.
GitHub issue #216.
* Fixed several cvtsudoers JSON output problems.
GitHub issues #369, #370, #371, #373, #381.
* When sudo runs a command in a pseudo-terminal and the user's
terminal is revoked, the pseudo-terminal's foreground process
group will now receive SIGHUP before the terminal is revoked.
This emulates the behavior of the session leader exiting and is
consistent with what happens when, for example, an ssh session
is closed. GitHub issue #367.
* Fixed "make test" with Python 3.12. GitHub issue #374.
* In schema.ActiveDirectory, fixed the quoting in the example command.
GitHub issue #376.
* Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may
now be double-quoted.
* Sudo insults are now included by default, but disabled unless
the --with-insults configure option is specified or the "insults"
sudoers option is enabled.
* The default sudoers file now enables the "secure_path" option by
default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment
variables when running visudo. The new --with-secure-path-value
configure option can be used to set the value of "secure_path" in
the default sudoers file. GitHub issue #387.
* A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory
Server, IBM Security Directory Server, and IBM Security Verify
Directory) is now included.
* When cross-compiling sudo, the configure script now assumes that
the snprintf() function is C99-compliant if the C compiler
supports the C99 standard. Previously, configure would use
sudo's own snprintf() when cross-compiling. GitHub issue #386.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 50ef8eb544e7604c78942916458dcabd91d268d0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Sep 6 10:41:23 2024 +0000
grub: Fix build on riscv64
https://savannah.gnu.org/bugs/?65909
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 656e3b79ca6e25ae518025914e20876c4576f793
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 5 09:50:59 2024 +0000
make.sh: Silence an error when we have low space in a fresh environment
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/sudo | 1 +
.../{oldcore/100 => core/189}/filelists/openvpn | 0
.../{oldcore/112 => core/189}/filelists/sudo | 0
config/rootfiles/core/189/update.sh | 4 +++
lfs/grub | 1 +
lfs/openvpn | 6 ++--
lfs/sudo | 6 ++--
make.sh | 2 +-
...e-medany-instead-of-large-model-for-RISCV.patch | 36 ++++++++++++++++++++++
9 files changed, 49 insertions(+), 7 deletions(-)
copy config/rootfiles/{oldcore/100 => core/189}/filelists/openvpn (100%)
copy config/rootfiles/{oldcore/112 => core/189}/filelists/sudo (100%)
create mode 100644 src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
Difference in files:
diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo
index a09f06b38..651a284e3 100644
--- a/config/rootfiles/common/sudo
+++ b/config/rootfiles/common/sudo
@@ -75,6 +75,7 @@ usr/sbin/visudo
#usr/share/locale/hu/LC_MESSAGES/sudo.mo
#usr/share/locale/hu/LC_MESSAGES/sudoers.mo
#usr/share/locale/id/LC_MESSAGES/sudo.mo
+#usr/share/locale/id/LC_MESSAGES/sudoers.mo
#usr/share/locale/it/LC_MESSAGES/sudo.mo
#usr/share/locale/it/LC_MESSAGES/sudoers.mo
#usr/share/locale/ja/LC_MESSAGES/sudo.mo
diff --git a/config/rootfiles/core/189/filelists/openvpn b/config/rootfiles/core/189/filelists/openvpn
new file mode 120000
index 000000000..493f3f7a4
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/openvpn
@@ -0,0 +1 @@
+../../../common/openvpn
\ No newline at end of file
diff --git a/config/rootfiles/core/189/filelists/sudo b/config/rootfiles/core/189/filelists/sudo
new file mode 120000
index 000000000..0d3c45e04
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/sudo
@@ -0,0 +1 @@
+../../../common/sudo
\ No newline at end of file
diff --git a/config/rootfiles/core/189/update.sh b/config/rootfiles/core/189/update.sh
index 2c9fb0974..3972f3507 100644
--- a/config/rootfiles/core/189/update.sh
+++ b/config/rootfiles/core/189/update.sh
@@ -325,6 +325,8 @@ rm -vrf \
/lib/firmware/RTL8192E
# Stop services
+/usr/local/bin/openvpnctrl -k
+/usr/local/bin/openvpnctrl -kn2n
# Extract files
extract_files
@@ -347,6 +349,8 @@ ldconfig
telinit u
# Start services
+/usr/local/bin/openvpnctrl -s
+/usr/local/bin/openvpnctrl -sn2n
# This update needs a reboot...
touch /var/run/need_reboot
diff --git a/lfs/grub b/lfs/grub
index bcc6ac4ab..91dda242c 100644
--- a/lfs/grub
+++ b/lfs/grub
@@ -94,6 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) $(DIR_APP_EFI) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.06-remove_os_prober_disabled_warning.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub/grub-2.02_disable_vga_fallback.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
cd $(DIR_APP) && [ ! -e grub-core/extra_deps.lst ] && echo 'depends bli part_gpt' > grub-core/extra_deps.lst
cd $(DIR_APP) && autoreconf -vfi
diff --git a/lfs/openvpn b/lfs/openvpn
index b686cc930..807019f0a 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.5.9
+VER = 2.5.10
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e5110ebb9149121c11de45f085f66d30a89fb674ad96c5792d83b16dc29c95215a91e682adb3c800b91ed4d88d6d24b5bcae0799cdb855a284832f0668ffcb82
+$(DL_FILE)_BLAKE2 = 7f4ae82162e2e48e66df2da8008f45a2db53a22483730808b873948f1dc13a2e5582c79e4469f9d794f8b0f87f08d627e8d1bd070b088ea33444af31779f5479
install : $(TARGET)
diff --git a/lfs/sudo b/lfs/sudo
index 129e41e9f..cac540be0 100644
--- a/lfs/sudo
+++ b/lfs/sudo
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.9.15p5
+VER = 1.9.16
THISAPP = sudo-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 73ee598c2a2848d5be24f97492b13eba2f326c514799220e43a1aeafc6692224a7555fb7cc0a96a2720751d3e4d98e752804db589ac3c1476f24e71f5b9bc720
+$(DL_FILE)_BLAKE2 = 19daa789af3ca2c4832950f0dd6f26a97285fdc155f0d7c18ec1f1accafce9b86f2f5730d3bb0b8e7717c0c55f4079928e03acb3974cb2652c58d4bcb2f74a12
install : $(TARGET)
diff --git a/make.sh b/make.sh
index bba35de41..737ad1161 100755
--- a/make.sh
+++ b/make.sh
@@ -391,7 +391,7 @@ prepareenv() {
# Add any consumed space
while read -r consumed_space path; do
(( free_space += consumed_space / 1024 / 1024 ))
- done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}")"
+ done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}" 2>/dev/null)"
fi
# Check that we have the required space
diff --git a/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
new file mode 100644
index 000000000..4bfd46856
--- /dev/null
+++ b/src/patches/grub-2.12-Use-medany-instead-of-large-model-for-RISCV.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jason Montleon <jason(a)montleon.com>
+Date: Fri, 3 May 2024 13:18:37 -0400
+Subject: [PATCH] Use medany instead of large model for RISCV
+
+Signed-off-by: Jason Montleon <jason(a)montleon.com>
+---
+ configure.ac | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index d223fe3ef6e..6a6688e362a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1313,7 +1313,7 @@ AC_SUBST(TARGET_LDFLAGS_OLDMAGIC)
+
+ LDFLAGS="$TARGET_LDFLAGS"
+
+-if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64 ; then
++if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 ; then
+ # Use large model to support 4G memory
+ AC_CACHE_CHECK([whether option -mcmodel=large works], grub_cv_cc_mcmodel, [
+ CFLAGS="$TARGET_CFLAGS -mcmodel=large"
+@@ -1323,9 +1323,11 @@ if test "$target_cpu" = x86_64 || test "$target_cpu" = sparc64 || test "$target_
+ ])
+ if test "x$grub_cv_cc_mcmodel" = xyes; then
+ TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=large"
+- elif test "$target_cpu" = sparc64 || test "$target_cpu" = riscv64; then
++ elif test "$target_cpu" = sparc64; then
+ TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany"
+ fi
++elif test "$target_cpu" = riscv64 ; then
++ TARGET_CFLAGS="$TARGET_CFLAGS -mcmodel=medany"
+ fi
+
+ if test "$target_cpu"-"$platform" = x86_64-efi; then
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-09-09 15:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-09 15:44 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. af4a2049ab5607ac1c72dc915520c16d438ab335 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox