* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 6c8b5444946bd5cadb665ae7f37c7f62fcba2252
@ 2025-01-16 21:08 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-01-16 21:08 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 14551 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 6c8b5444946bd5cadb665ae7f37c7f62fcba2252 (commit)
via a08b674d1ba6651a1cbd4a8a29e2a719723caac0 (commit)
via a32de1bbaec84e18a3284015fda0b0467ca60831 (commit)
from 0ba187b4d391d02e3016cc44f313320e6481198b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6c8b5444946bd5cadb665ae7f37c7f62fcba2252
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:05 2025 +0100
freeradius: Update to version 3.2.6
- Update from version 3.2.5 to 3.2.6
- Update of rootfile
- Changelog
3.2.6
Configuration changes
* require_message_authenticator=auto and limit_proxy_state=auto
are not applied for wildcard clients. This likely will
leave your network in an insecure state. Upgrade all clients!
Feature improvements
* Allow for "auth+acct" dynamic home servers.
* Allow for setting "Home-Server-Pool", etc. for proxying
accounting packets, just like authentication packets.
* Fix spelling in starent SN[1]-Subscriber-Acct-Mode attribute
value. Patch from John Thacker.
* Update dictionary.iea. Patch from John Thacker.
* Add warning for secrets that are too short.
* More debugging for SSL ciphers. Patch from Nick Porter.
* Update 3GPP dictionary. Patch from Nick Porter.
* Fix ZTE dictionary.
* Make radsecret more portable and avoid extra dependencies.
* Add timestamp for Client-Lost so we don't think it's 1970. Patch
from Alexander Clouter. #5353
Bug fixes
* Dynamic clients now inherit require_message_authenticator
and limit_proxy_state from dynamic client {...} definition.
* Fix radsecret build rules to better support parallel builds.
* Checkpoint systems should be reconfigured for the BlastRADIUS
attack: https://support.checkpoint.com/results/sk/sk182516
The Checkpoint systems drop packets containing Message-Authenticator,
which violates the RFCs and is completely ridiculous.
* Fix duplicate CoA packet issue. #5397
* Several fixes in the event code
* Don't leak memory in rlm_sql_sqlite. #5392
* Don't stop processing RadSec data too early.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a08b674d1ba6651a1cbd4a8a29e2a719723caac0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 16 18:19:10 2025 +0100
libxxhash: Update to version 0.8.3 and make available to rsync
- Update from version 0.8.2 to 0.8.3
- Update of rootfile
- Move libxxhash to before rsync in make.sh
- Changelog
0.8.3
- fix : variant `XXH3_128bits_withSecretandSeed()` could produce an invalid
result in some specific set of conditions, #894 by @hltj
- cli : vector extension detected at runtime on x86/x64, enabled by default
- cli : new commands `--filelist` and `--files-from`, by @Ian-Clowes
- cli : XXH3 64-bits GNU format can now be generated and checked (command `-H3`)
- portability: LoongArch SX SIMD extension, by @lrzlin
- portability: can build on AIX, suggested by @likema
- portability: validated for SPARC cpus
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a32de1bbaec84e18a3284015fda0b0467ca60831
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 16 18:19:09 2025 +0100
rsync: Update to version 3.4.1
- Update from version 3.3.0 to 3.4.1 as the previous patch which went from 3.3.0 to 3.4.0
has only been merged into CU190 and not into next where this patch is being done.
Not sure if this will cause problems or not. I updated the PAK_VER of rsynce from
19 to 21 so that it went over the PAK_VER of the version merged into CU190.
- If how I have done it is not the best or not correct just let me know how I should do
it and I will re-do it.
- Update of rootfile not required.
- Added in enabling xxhash as we have that available in IPFire as another addon.
- Ran rsync -V and confirmed that xxhash is now available to rsync.
- Changelog
3.4.1
Release 3.4.1 is a fix for regressions introduced in 3.4.0
BUG FIXES:
- fixed handling of -H flag with conflict in internal flag values
- fixed a user after free in logging of failed rename
- fixed build on systems without openat()
- removed dependency on alloca() in bundled popt
DEVELOPER RELATED:
- fix to permissions handling in the developer release script
3.4.0 (This was already in the previous patch that went from 3.3.0 to 3.4.0
Release 3.4.0 is a security release that fixes a number of important
vulnerabilities. For more details on the vulnerabilities please see the CERT
report https://kb.cert.org/vuls/id/952657
PROTOCOL NUMBER:
- The protocol number was changed to 32 to make it easier for
administrators to check their servers have been updated
SECURITY FIXES:
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
- CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
- CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
- CVE-2024-12086 - Server leaks arbitrary client files.
- CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.
- CVE-2024-12088 - --safe-links Bypass.
- CVE-2024-12747 - symlink race condition.
BUG FIXES:
- Fixed the included popt to avoid a memory error on modern gcc versions.
- Fixed an incorrect extern variable's type that caused an ACL issue on macOS.
- Fixed IPv6 configure check
INTERNAL:
- Updated included popt to version 1.19.
DEVELOPER RELATED:
- Various improvements to the release scripts and git setup.
- Improved packaging/var-checker to identify variable type issues.
- added FreeBSD and Solaris CI builds
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/packages/freeradius | 1 +
config/rootfiles/packages/libxxhash | 4 +++-
lfs/freeradius | 8 ++++----
lfs/libxxhash | 8 ++++----
lfs/rsync | 12 ++++++------
make.sh | 2 +-
6 files changed, 19 insertions(+), 16 deletions(-)
Difference in files:
diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius
index 7e02a46dff..3a82e7d9c5 100644
--- a/config/rootfiles/packages/freeradius
+++ b/config/rootfiles/packages/freeradius
@@ -627,6 +627,7 @@ usr/sbin/radmin
#usr/share/doc/freeradius/antora/modules/ROOT/pages
#usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc
#usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/ROOT/pages/radiusd_x.adoc
#usr/share/doc/freeradius/antora/modules/concepts
#usr/share/doc/freeradius/antora/modules/concepts/nav.adoc
#usr/share/doc/freeradius/antora/modules/concepts/pages
diff --git a/config/rootfiles/packages/libxxhash b/config/rootfiles/packages/libxxhash
index d49d521545..a50cae5ffa 100644
--- a/config/rootfiles/packages/libxxhash
+++ b/config/rootfiles/packages/libxxhash
@@ -1,5 +1,6 @@
usr/bin/xxh128sum
usr/bin/xxh32sum
+usr/bin/xxh3sum
usr/bin/xxh64sum
usr/bin/xxhsum
#usr/include/xxh3.h
@@ -7,9 +8,10 @@ usr/bin/xxhsum
#usr/lib/libxxhash.a
#usr/lib/libxxhash.so
usr/lib/libxxhash.so.0
-usr/lib/libxxhash.so.0.8.2
+usr/lib/libxxhash.so.0.8.3
#usr/lib/pkgconfig/libxxhash.pc
#usr/share/man/man1/xxh128sum.1
#usr/share/man/man1/xxh32sum.1
+#usr/share/man/man1/xxh3sum.1
#usr/share/man/man1/xxh64sum.1
#usr/share/man/man1/xxhsum.1
diff --git a/lfs/freeradius b/lfs/freeradius
index 228515400e..e45e41aa41 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = RADIUS Server
-VER = 3.2.5
+VER = 3.2.6
THISAPP = freeradius-server-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = freeradius
-PAK_VER = 22
+PAK_VER = 23
DEPS = libtalloc samba
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 169dccd6f04b4503869912dec9423279cc18fc22fa3babf324747bdf0d80d3b4fa5460ac07f89f8d845bf664283a9772b483b8fcec990364fcaf71b673b6917c
+$(DL_FILE)_BLAKE2 = 0af7cdf7fb784f2d5019f3bcb06d1d44dca046c9a4513d780ab032367001b6a67e9ea17a3a5b4609b9d7b936647e60c96e35188ba9644c4360071ac8d021bd58
install : $(TARGET)
diff --git a/lfs/libxxhash b/lfs/libxxhash
index 40aeb2e98a..024a88f891 100644
--- a/lfs/libxxhash
+++ b/lfs/libxxhash
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.8.2
+VER = 0.8.3
SUMMARY = Extremely fast non-cryptographic hash algorithm, working at RAM speed limit
THISAPP = xxHash-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libxxhash
-PAK_VER = 1
+PAK_VER = 2
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 735408256240760778fa516e01bed428f04837eb4e059c512e924f13e4a96db6cacbbefb04dea65a37b0f25b52cf13c4927a6e7870dc8c0d45b1b955d4ba3da1
+$(DL_FILE)_BLAKE2 = 75923c7c5df3490062791fa02ccddfb7281b3646e2b3e4b4a0c0d611c339e07c8d9cb656777fd0fcec9cda484f7b33edf080116bb011f70d6b8299cda63afa4e
install : $(TARGET)
diff --git a/lfs/rsync b/lfs/rsync
index fcbcd0ab90..789b100bdb 100644
--- a/lfs/rsync
+++ b/lfs/rsync
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.3.0
+VER = 3.4.1
THISAPP = rsync-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = rsync
-PAK_VER = 19
+PAK_VER = 21
-DEPS =
+DEPS = libxxhash
SERVICES =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825
+$(DL_FILE)_BLAKE2 = 79c1cad697547059ee241e20c26d7f97bed3ad062deb856d31a617fead333a2d9f62c7c47c1efaf70033dbc358fe547d034c35e8181abb51a1fc893557882bc7
install : $(TARGET)
@@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--prefix=/usr \
--without-included-popt \
--without-included-zlib \
- --disable-xxhash
+ --enable-xxhash
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
diff --git a/make.sh b/make.sh
index 7b7a2b9cfb..86d018ae4f 100755
--- a/make.sh
+++ b/make.sh
@@ -1834,6 +1834,7 @@ build_system() {
lfsmake2 xvid
lfsmake2 libmpeg2
lfsmake2 gnump3d
+ lfsmake2 libxxhash
lfsmake2 rsync
lfsmake2 rpcbind
lfsmake2 keyutils
@@ -2047,7 +2048,6 @@ build_system() {
lfsmake2 libplist
lfsmake2 nqptp
lfsmake2 shairport-sync
- lfsmake2 libxxhash
lfsmake2 borgbackup
lfsmake2 knot
lfsmake2 spectre-meltdown-checker
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-01-16 21:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-16 21:08 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 6c8b5444946bd5cadb665ae7f37c7f62fcba2252 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox