* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. cc67c087c843438b5402c9443fb471d3faa60d98
@ 2025-09-17 11:31 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-09-17 11:31 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via cc67c087c843438b5402c9443fb471d3faa60d98 (commit)
via 86aeb7aa208dd2cd303c3b6f496ad9df00413786 (commit)
via 725ef361d21b56c2943b61dc3fdb522f9286f968 (commit)
via 020d01e9adb87fcbd19b71b90c278f9727f31178 (commit)
via 94ae888ff8756f32de33b446c4d597d21ff13156 (commit)
via 6f6fd5bec198071d3a89118a5315361a54058ab1 (commit)
via 7adb7c43b8b4ab7b79879f1fd181b897526fe653 (commit)
via 59b4901d426b0f8f3747712d3f52002149822e86 (commit)
via 451c78516344734b7307caab5e0a0ba8101e5978 (commit)
via af52039b00d8e472a3775118fd8d2940e5778a65 (commit)
via ece2ba69eeead4743e9b41b5011f8aa8a8658e90 (commit)
via c5f7ae87f65cb31fdfa3a88cb160acd9878a7829 (commit)
via 0bd55dcef4b1666c48a58a0eb462573f263347d0 (commit)
from 8e9dd5d165b1cbb6b9ebd6d1e4bd0a7a2af0a3dd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cc67c087c843438b5402c9443fb471d3faa60d98
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:40 2025 +0200
nfs: Update to version 2.8.4
- Update from version 2.8.3 to 2.8.4
- Update of rootfile not required
- Changelog is just a list of the commits. The details can be found in the changelog at
https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.4/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 86aeb7aa208dd2cd303c3b6f496ad9df00413786
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:34 2025 +0200
core198: Ship lzip
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 725ef361d21b56c2943b61dc3fdb522f9286f968
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:39 2025 +0200
lzip: Update to version 1.25
- Update from version 1.24.1 to 1.25
- Update of rootfile not required
- Changelog
1.25
lzip now exits with error status 2 if any empty member is found in a
multimember file.
lzip now exits with error status 2 if the first byte of the LZMA stream is
not 0.
Options '--empty-error' and '--marking-error' have been removed.
The chapter 'Syntax of command-line arguments' has been added to the manual.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 020d01e9adb87fcbd19b71b90c278f9727f31178
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:38 2025 +0200
libvirt: Update to version 11.7.0
- Update from version 11.4.0 to 11.7.0
- Update of rootfile
- Changelog
11.7.0
New features
* Allow setting the log level of Cloud Hypervisor
Users can now configure the verbosity of Cloud Hypervisor by setting
the "log_level" option in ch.conf
* bhyve: experimental NAT networking support
The bhyve driver now has experimental NAT networking support
using the Packet Filter (pf) firewall.
* bhyve: domain statistics reporting
The bhyve driver now supports querying domain block, interface,
and memory statistics. Not all statistics fields are supported though.
Improvements
* bhyve: improve 'efi' configuration autofill
When a domain is configured with ``<os firmware='efi'/>``, NVRAM
configuration is now autofilled.
11.6.0
New features
* Introduce VIR_CONNECT_BASELINE_CPU_IGNORE_HOST flag
This new flag for virConnectBaselineHypervisorCPU can be used for computing
a baseline CPU on any host. Without the VIR_CONNECT_BASELINE_CPU_IGNORE_HOST
flag the baseline API would return reasonable output only when run on one of
the hosts that the input CPU definitions were collected from.
* Allow control over QEMU TLS priority strings
The qemu.conf file now has multiple settings allowing control over the
QEMU TLS priority strings, for the different subsystems in QEMU that
can support TLS. This can be used to workaround a current bug in GNUTLS
that is liable to cause crashes of the source QEMU when performing long
running live migration operations with TLS enabled.
* Add support for disabling deprecated CPU model features by default for s390
domains. Starting an s390 domain with host-model will now default to
setting the ``deprecated_features`` attribute to ``off``, ensuring the
domain starts with a migration-compatible CPU model to newer systems. This
behavior can be modified by setting the ``default_cpu_deprecated_features``
option in the qemu.conf file.
* bhyve: Add TCP console support
TCP serial devices can now be configured with ``<serial type='tcp'>``::
<serial type='tcp'>
<source mode='bind' host='127.0.0.1' service='12345'/>
<target type='serial' port='0'/>
</serial>
Additionally, number of supported consoles increased to 4.
* qemu: Add support for RBD namespaces
Allow specifying the 'namespace' within a RBD image pool.
Improvements
* qemu: Change default SCSI controller model to ``virtio-scsi`` for ARM and
RISC-V The previous default of ``lsilogic`` is unsupported by modern
operating systems. ``virtio-scsi`` is a more suitable default for ARM and
RISC-V ``virt`` machine types.
* Clarify documentation of virConnectBaselineHypervisorCPU
The documentation makes it clear virConnectBaselineHypervisorCPU is
supposed to be called on one of the hosts represented in the input CPU
definitions. Otherwise the API will give unexpected results.
* Allow specifying zero discard granularity for block devices
This can be used to tell some guest operating systems (notably Windows) to
not trim the disk.
* bhyve: Add timeout handling for bhyveload
It is now possible to run ``bhyveload`` with the ``timeout`` tool, which
can send ``SIGTERM`` and ``SIGKILL`` signals when timeout is reached.
Timeout values are set using the ``bhyveload_timeout`` and
``bhyveload_timeout_kill`` configuration options in ``bhyve.conf``.
* nss: Improve debugging
Debugging messages from NSS modules can be now enabled by setting the
``LIBVIRT_NSS_DEBUG`` environment variable. So far, there is no special
meaning to its value.
* rpc: Removed requirement for TLS certificates to support 'key encipherment'
With TLS 1.3, key encipherment is not required even for RSA keys. Other key
types didn't even support it so they were wrongly refused even in cases when
they would work with libvirt. The TLS certificate validation now no longer
requires 'key encipherment' to be enabled.
Bug fixes
* bhyve: Fix resetting of the autostart flag of the domain on destroy.
* The nwfilter driver no longer recreates the base iptable/ip6tables chains
The nwfilter driver had a impl mistake causing it to recreate the
base chains for iptables/ip6tables every time a VM was started.
This allowed a small window where traffic might not be fully
filtered. It now handles iptables/ip6tables the same way as
ebtables, creating the base chains only if they did not already
exist.
* Fix systemd unit ordering for auto-shutdown of domains via the daemon
The ordering of systemd units created by libvirt for individual machines
needed to be adapted when the shutdown of VMs on host shutdown is done
via the virt daemon itself (rather than ``libvirt-guests.service``) to
ensure that the VMs are not terminated before the virt daemon can deal with
them.
11.5.0
Removed features
* qemu: Don't accept VIR_DUMP_LIVE flag in virDomainCoreDumpWithFormat()
Unfortunately, QEMU always pauses vCPUs when doing a core dump. Therefore,
there is no way for Libvirt to honor VIR_DUMP_LIVE flag semantics. Instead
of silently pretending the flag works, an appropriate error is now
reported.
New features
* vmx: Add support for reporting NVMe disks in the domain XML
* qemu: Add support for NVMe disks
NVMe disks can now be emulated by using an ``nvme`` bus, but require a
serial due to the hypervisor::
<target dev='nvme0n1' bus='nvme'/>
<serial>qwertyuiop</serial>
Multiple disks can be represented as different namespaces on the same
controller, but they cannot have a different serial number due to the fact
that it is the controller which ultimately has the serial number attached to
it, but for ease of use it is automatically copied from the disk serial.
* esx: Add support for specifying alternative CA bundle for remote peer
verification. Users can now use ``cacert`` parameter in the URI to specify
a file path with CA certificate(s) that will be used for remote peer
certificate validation.
* qemu: add support for AMD IOMMU device
The ``amd`` model for the ``<iommu>`` device is now supported.
New attributes ``passtrhough`` and ``xtsup`` are also supported for this
model.
Improvements
* Include supported console types in domain capabilities
Domain capabilities now include information about supported console types,
such as::
<console supported='yes'>
<enum name='type'>
<value>pty</value>
<value>tcp</value>
</enum>
</console>
* virsh: Add waiting for domain state via ``virsh await``
The new helper command ``virsh await`` simplifies waiting on domain state
which is normally announced via events. Currently two waiting conditions are
implemented: ``domain-inactive``, and ``guest-agent-available``.
Bug fixes
* qemu: Be more forgiving when acquiring QUERY job when formatting domain XML
Since ``libvirt-11.0.0`` the ``virDomainGetXMLDesc()`` API used to format
domain XML acquires QUERY job. But this caused a regression when the API
might timeout for incoming migration. This is now fixed.
* qemu: Fix shared filesystem detection on nonexistent paths
Since ``libvirt-11.1.0`` nonexistent paths within directories marked as
shared filesystem (via the ``shared_filesystems`` option in ``qemu.conf``
would not be properly detected as being on a shared filesystem.
* qemu: Properly emulate USB cdrom device
CD-ROM devices on USB bus are now properly emulated as such which was not
the case since libvirt switched to the modern qemu commandline syntax for
storage backends.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 94ae888ff8756f32de33b446c4d597d21ff13156
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:33 2025 +0200
core198: Ship less
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6f6fd5bec198071d3a89118a5315361a54058ab1
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:37 2025 +0200
less: Update to version 679
- Update from version 678 to 679
- Update of rootfile not required
- Changelog
679
Fix bad parsing of lesskey file an env var is a prefix of another env var
(github #626).
Fix unexpected exit using -K if a key press is received while reading the
input file (github #628).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7adb7c43b8b4ab7b79879f1fd181b897526fe653
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:32 2025 +0200
core198: Ship expat
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 59b4901d426b0f8f3747712d3f52002149822e86
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:36 2025 +0200
expat: Update to version 2.7.2
- Update from version 2.7.1 to 2.7.2
- Update of rootfile
- CVE fix
- Changelog
2.7.2
Security fixes:
CVE-2025-59375 -- Disallow use of disproportional amounts of
dynamic memory from within an Expat parser (e.g. previously
a ~250 KiB sized document was able to cause allocation of
~800 MiB from the heap, i.e. an "amplification" of factor
~3,300); once a threshold (that defaults to 64 MiB) is
reached, a maximum amplification factor (that defaults to
100.0) is enforced, and violating documents are rejected
with an out-of-memory error.
There are two new API functions to fine-tune this new
behavior:
- XML_SetAllocTrackerActivationThreshold
- XML_SetAllocTrackerMaximumAmplification .
If you ever need to increase these defaults for non-attack
XML payload, please file a bug report with libexpat.
There is also a new environment variable
EXPAT_MALLOC_DEBUG=(0|1|2) to control the verbosity
of allocations debugging at runtime, disabled by default.
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Distributors intending to backport (or cherry-pick) the
fix need to copy 99% of the related pull request, not just
the "lib: Implement tracking of dynamic memory allocations"
commit, to not end up with a state that literally does both
too much and too little at the same time. Appending ".diff"
to the pull request URL could be of help.
Other changes:
Autotools: Sync CMake templates with CMake 3.31 for macOS
CMake: Drop support for CMake <3.15
CMake: Fix off_t detection for -Werror
CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON
Windows: Drop support for Visual Studio <=16.0/2019
xmlwf: Mention supported environment variables in
--help output
xmlwf: Fix (internal) help generator
docs: Promote the contract to call function
XML_FreeContentModel when registering a custom
element declaration handler (via a call to function
XML_SetElementDeclHandler)
docs: Add missing <p>..</p> wrap
docs: Drop AppVeyor badge
tests: Fix portable_strndup
Drop casts around malloc/free/realloc that C99 does not need
Replace empty for-loops with while loops
Add const with internal XmlInitUnknownEncodingNS
Drop an OpenVMS support leftover
Address more clang-tidy warnings
Version info bumped from 11:2:10 (libexpat*.so.1.10.2)
to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/
for what these numbers do
Infrastructure:
CI: Cover compilation on FreeBSD
CI: Upgrade Clang from 19 to 21
CI: Make calling Cppcheck without --suppress=objectIndex
and --suppress=unknownMacro possible
CI|Windows: Get off of deprecated image "windows-2019"
CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 451c78516344734b7307caab5e0a0ba8101e5978
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:31 2025 +0200
core198: Ship ed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit af52039b00d8e472a3775118fd8d2940e5778a65
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 17 13:09:35 2025 +0200
ed: Update to version 1.22.2
- Update from version 1.20.2 to 1.22.2
- Update of rootfile not required
- Changelog
1.22.2
* Newline characters are no longer allowed in file names even when
'--unsafe-names' is specified.
* The file name is now printed escaped also when replaced into a shell command.
1.22.1
* Ed now departs from POSIX and ignores SIGPIPE to prevent commands like 'w !:'
or ',!:' from terminating ed. A broken pipe is now detected as any other
write error. (Reported by Sergei Trofimovich).
1.22
* An ex(1) style filter has been implemented; the shell escape command (!) now
accepts line addresses to filter the addressed lines through a shell command.
(Suggested by Shawn Wagner, Andrew L. Moore, and John Cowan).
1.21.1
* Fixed a compilation failure caused by the inclusion of the unused and
obsolete header <sys/file.h>. (Reported by Michael Mikonos).
* Ed now reads the initial window size for the z command from the environment
variable LINES. (Suggested by Artyom Bologov).
1.21
* 'r !command' and 'w !command' ignore again the exit status of 'command'. Bug
introduced in version 1.6. (Reported by Andrew L. Moore).
* Include 'stdbool.h' instead of defining 'bool' to fix compilation in C23.
(Reported by Alexander Jones).
* The messages "Newline inserted" and "Newline appended" are now suppressed in
scripted mode (-s). (Reported by Artyom Bologov).
* The chapter 'Syntax of command-line arguments' has been added to the manual.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ece2ba69eeead4743e9b41b5011f8aa8a8658e90
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Tue Sep 16 23:47:05 2025 +0200
suricata: Update to 8.0.1
Excerpt from changelog:
"8.0.1 -- 2025-09-15
Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname
contains zero(HIGH - CVE 2025-59150)
Security #7861: detect: Dynamic-stack-buffer-overflow in ShortenString(HIGH - CVE 2025-59149)
Security #7838: detect/entropy: segfault when not anchored to a sticky buffer(HIGH - CVE 2025-59148)
Security #7657: tcp: syn resend with different seq leads to detection bypasss(HIGH - CVE 2025-59147)
Bug #7891: unix-socket: memory leak when client disconnects during rule reload
Bug #7877: rust: build with RUSTC and CARGO variables fails
Bug #7865: detect/integers: u8 prefilter does not support all modes
Bug #7859: doc/userguide: build failure with read the docs theme
Bug #7843: http: dissection anomaly on `Content-Encoding: identity`
Bug #7836: util-byte: bad usage of StringParse function return codes
Bug #7828: util/hash: unexpected remove behavior
Bug #7827: app-layer: ippair.memcap counter shows memuse
Bug #7824: hyperscan: caching results in segfault with link time optimization (-flto=auto, etc)
Bug #7822: engine-analysis: SEGV on rule failure without rules-fast-pattern enabled
Bug #7821: engine-analysis: no report for failed rules without fast pattern
Bug #7820: app-layer/snmp: internal error if app-layer is disabled
Bug #7815: unix-socket: segfault in "pcap-file-list" command
Bug #7813: cppcheck: warnings in counters.c
Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata 8.0.0
Bug #7803: http: use transactions right get function
Bug #7802: detect/dsize: uninitialized value from SigParseRequiredContentSize
Bug #7741: http2: events can contain an empty response object
Bug #7740: doh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto
Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer
Bug #7611: eve: segv in stats.totals output
Bug #5689: eve: community id computed wrong for tcp and ipv4 when src_ip == dest_ip
Bug #4702: tcp: SYN/ACK dropped when client does not support timestamps
Bug #4178: alert-debug: DNS Query triggers alert but no output in alert-debug.log
Bug #3844: tcp: possible bypass with TCP ssn reuse
Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check
Feature #7869: detect/integers: support units like kib
Task #7857: schema/arp: fix invalid pkt event output
Task #7834: detect: remove unused non-pf stats counters
Documentation #7890: detect: tls.cert_subject incorrectly claims to support multi-buffer
Documentation #7867: detect/multi-buffers: complete list in userguide page on multi-buffer-matching
Documentation #7854: doc/lualib: fix flow timestamps() return value order
Documentation #7795: eve/schema: document stats.detect counters
Documentation #7794: eve/schema: document stats.flow counters
Documentation #7728: lua: fix all Lua documentation examples for new library format
Documentation #7648: rtd: set "latest" to last stable release starting with 8.0.0
Documentation #7639: dpdk: update Connect-X4 recommended fallback tx-descriptor count
Documentation #7631: userguide: document lua lib suricata.dnp3
Documentation #7190: detect/integers: document usage of units
Documentation #7081: userguide: add unix socket option to retrieve flow info
Documentation #6840: devguide/app-layer: section with conceptualized steps for adding parser
Documentation #6284: userguide: document what's the impact of `stream.inline`
Documentation #6270: userguide: document usage of Suricata as a firewall
Documentation #5690: userguide: document the differences between IPS and IDS mode
Documentation #5513: userguide: add a chapter for IPS mode
Documentation #5139: userguide: add a section for netflow event type
Documentation #5078: doc/userguide: improve rule reload documentation
Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c5f7ae87f65cb31fdfa3a88cb160acd9878a7829
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Sep 17 08:49:35 2025 +0000
libhtp: Drop package
This is no longer required in the distribution as Suricata has switched
to htp-rs now. I am not aware of any other users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0bd55dcef4b1666c48a58a0eb462573f263347d0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Sep 17 08:48:07 2025 +0000
libhtp: Update to 0.5.52
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/expat | 20 +++---
config/rootfiles/common/libhtp | 25 -------
.../{oldcore/106 => core/198}/filelists/ed | 0
.../{oldcore/106 => core/198}/filelists/expat | 0
.../{oldcore/103 => core/198}/filelists/less | 0
.../{oldcore/154 => core/198}/filelists/lzip | 0
config/rootfiles/core/198/update.sh | 2 +
config/rootfiles/packages/libvirt | 13 ++--
lfs/ed | 6 +-
lfs/expat | 4 +-
lfs/less | 4 +-
lfs/libhtp | 80 ----------------------
lfs/libvirt | 66 +++++++++---------
lfs/lzip | 6 +-
lfs/nfs | 6 +-
lfs/suricata | 5 +-
make.sh | 1 -
17 files changed, 68 insertions(+), 170 deletions(-)
delete mode 100644 config/rootfiles/common/libhtp
copy config/rootfiles/{oldcore/106 => core/198}/filelists/ed (100%)
copy config/rootfiles/{oldcore/106 => core/198}/filelists/expat (100%)
copy config/rootfiles/{oldcore/103 => core/198}/filelists/less (100%)
copy config/rootfiles/{oldcore/154 => core/198}/filelists/lzip (100%)
delete mode 100644 lfs/libhtp
Difference in files:
diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 7c34af7c8..1ef7450df 100644
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -2,21 +2,21 @@
#usr/include/expat.h
#usr/include/expat_config.h
#usr/include/expat_external.h
-#usr/lib/cmake/expat-2.7.1
-#usr/lib/cmake/expat-2.7.1/expat-config-version.cmake
-#usr/lib/cmake/expat-2.7.1/expat-config.cmake
-#usr/lib/cmake/expat-2.7.1/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.7.1/expat.cmake
+#usr/lib/cmake/expat-2.7.2
+#usr/lib/cmake/expat-2.7.2/expat-config-version.cmake
+#usr/lib/cmake/expat-2.7.2/expat-config.cmake
+#usr/lib/cmake/expat-2.7.2/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.7.2/expat.cmake
#usr/lib/libexpat.la
#usr/lib/libexpat.so
usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.10.2
+usr/lib/libexpat.so.1.11.0
#usr/lib/pkgconfig/expat.pc
#usr/share/doc/expat
-#usr/share/doc/expat-2.7.1
-#usr/share/doc/expat-2.7.1/ok.min.css
-#usr/share/doc/expat-2.7.1/reference.html
-#usr/share/doc/expat-2.7.1/style.css
+#usr/share/doc/expat-2.7.2
+#usr/share/doc/expat-2.7.2/ok.min.css
+#usr/share/doc/expat-2.7.2/reference.html
+#usr/share/doc/expat-2.7.2/style.css
#usr/share/doc/expat/AUTHORS
#usr/share/doc/expat/changelog
#usr/share/man/man1/xmlwf.1
diff --git a/config/rootfiles/common/libhtp b/config/rootfiles/common/libhtp
deleted file mode 100644
index a99aa940e..000000000
--- a/config/rootfiles/common/libhtp
+++ /dev/null
@@ -1,25 +0,0 @@
-#usr/include/htp
-#usr/include/htp/bstr.h
-#usr/include/htp/bstr_builder.h
-#usr/include/htp/htp.h
-#usr/include/htp/htp_base64.h
-#usr/include/htp/htp_config.h
-#usr/include/htp/htp_connection_parser.h
-#usr/include/htp/htp_core.h
-#usr/include/htp/htp_decompressors.h
-#usr/include/htp/htp_hooks.h
-#usr/include/htp/htp_list.h
-#usr/include/htp/htp_multipart.h
-#usr/include/htp/htp_table.h
-#usr/include/htp/htp_transaction.h
-#usr/include/htp/htp_urlencoded.h
-#usr/include/htp/htp_utf8_decoder.h
-#usr/include/htp/htp_version.h
-#usr/include/htp/lzma
-#usr/include/htp/lzma/7zTypes.h
-#usr/include/htp/lzma/LzmaDec.h
-#usr/lib/libhtp.la
-#usr/lib/libhtp.so
-usr/lib/libhtp.so.2
-usr/lib/libhtp.so.2.0.0
-#usr/lib/pkgconfig/htp.pc
diff --git a/config/rootfiles/core/198/filelists/ed b/config/rootfiles/core/198/filelists/ed
new file mode 120000
index 000000000..0ed331cfa
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/ed
@@ -0,0 +1 @@
+../../../common/ed
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/expat b/config/rootfiles/core/198/filelists/expat
new file mode 120000
index 000000000..e1923cf63
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/expat
@@ -0,0 +1 @@
+../../../common/expat
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/less b/config/rootfiles/core/198/filelists/less
new file mode 120000
index 000000000..65c0e0771
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/less
@@ -0,0 +1 @@
+../../../common/less
\ No newline at end of file
diff --git a/config/rootfiles/core/198/filelists/lzip b/config/rootfiles/core/198/filelists/lzip
new file mode 120000
index 000000000..dd4b832b1
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/lzip
@@ -0,0 +1 @@
+../../../common/lzip
\ No newline at end of file
diff --git a/config/rootfiles/core/198/update.sh b/config/rootfiles/core/198/update.sh
index afd2c65d0..e258f65d7 100644
--- a/config/rootfiles/core/198/update.sh
+++ b/config/rootfiles/core/198/update.sh
@@ -34,6 +34,8 @@ done
# Stop services
# Remove files
+rm -rfv \
+ /usr/lib/libhtp.so.2*
# Extract files
extract_files
diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt
index d265125b0..718debf7e 100644
--- a/config/rootfiles/packages/libvirt
+++ b/config/rootfiles/packages/libvirt
@@ -1,4 +1,5 @@
#etc/libvirt
+etc/libvirt/ch.conf
etc/libvirt/libvirt-admin.conf
etc/libvirt/libvirt.conf
etc/libvirt/libvirtd.conf
@@ -87,16 +88,16 @@ usr/bin/virt-xml-validate
#usr/lib/libvirt
#usr/lib/libvirt-admin.so
usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.11004.0
+usr/lib/libvirt-admin.so.0.11007.0
#usr/lib/libvirt-lxc.so
usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.11004.0
+usr/lib/libvirt-lxc.so.0.11007.0
#usr/lib/libvirt-qemu.so
usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.11004.0
+usr/lib/libvirt-qemu.so.0.11007.0
#usr/lib/libvirt.so
usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.11004.0
+usr/lib/libvirt.so.0.11007.0
#usr/lib/libvirt/connection-driver
usr/lib/libvirt/connection-driver/libvirt_driver_ch.so
usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
@@ -141,10 +142,12 @@ usr/sbin/virtstoraged
#usr/share/augeas/lenses
#usr/share/augeas/lenses/libvirt_lockd.aug
#usr/share/augeas/lenses/libvirtd.aug
+#usr/share/augeas/lenses/libvirtd_ch.aug
#usr/share/augeas/lenses/libvirtd_qemu.aug
#usr/share/augeas/lenses/tests
#usr/share/augeas/lenses/tests/test_libvirt_lockd.aug
#usr/share/augeas/lenses/tests/test_libvirtd.aug
+#usr/share/augeas/lenses/tests/test_libvirtd_ch.aug
#usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug
#usr/share/augeas/lenses/tests/test_virtchd.aug
#usr/share/augeas/lenses/tests/test_virtinterfaced.aug
@@ -426,6 +429,8 @@ usr/share/libvirt/schemas/storagecommon.rng
usr/share/libvirt/schemas/storagepool.rng
usr/share/libvirt/schemas/storagepoolcaps.rng
usr/share/libvirt/schemas/storagevol.rng
+#usr/share/libvirt/schemas/sysinfo.rng
+#usr/share/libvirt/schemas/sysinfocommon.rng
#usr/share/libvirt/test-screenshot.png
#usr/share/locale/as/LC_MESSAGES/libvirt.mo
#usr/share/locale/bg/LC_MESSAGES/libvirt.mo
diff --git a/lfs/ed b/lfs/ed
index 2e2bb8f72..45c66883b 100644
--- a/lfs/ed
+++ b/lfs/ed
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.20.2
+VER = 1.22.2
THISAPP = ed-$(VER)
DL_FILE = $(THISAPP).tar.lz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5a9d36dba98488e3cacb3e4c0b9d70003345ca94dbf9a3ebd3181b93567b9ef94df0e72614e99e2c6dde4929933d9333c6dba90fafcea6962e2c1abccb0525af
+$(DL_FILE)_BLAKE2 = ee43321ea319129d391ef5d221b1a14b04169016c8ff327acd3f39ec5f901e7b013ac24a6790e6f04c5a51e4d7d10c202ced7528a5e74d1ed08a6e286405188d
install : $(TARGET)
diff --git a/lfs/expat b/lfs/expat
index b88c4e197..77fd84bfc 100644
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
include Config
-VER = 2.7.1
+VER = 2.7.2
THISAPP = expat-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 243ef1c3578234135018d31b567c88a50cadddac86441e4d4a6d6330e113596edbad13b40c79f541d49487e7df98d798032d39ec28b7d67d22f46e4290d14519
+$(DL_FILE)_BLAKE2 = 35525274817dab4d6ae8698f5f83978e633a6e4afe7cf3b126c87d5aba4b64bcb9d26ec3e4a39b1ea82a7430e290950595bfa4150266ef3806026b423a870e33
install : $(TARGET)
diff --git a/lfs/less b/lfs/less
index 33b40ac68..0a60623f6 100644
--- a/lfs/less
+++ b/lfs/less
@@ -24,7 +24,7 @@
include Config
-VER = 678
+VER = 679
THISAPP = less-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5e6644a8c66f35f1b3ab72a0727c76922b7d3cf299d5d1cf1c94882e8b0d3ec0461cd351e6b2db554b331d993760db8eb17209f41f271f5704fee0caf8d6540e
+$(DL_FILE)_BLAKE2 = 024cd7f4014958e9be52a89aefd9404298850c56f0f8d2403e8648b06ce37bcca6742ebd8a3a4900acb78a3884c4f17270919feb3ca76c6978c34ec79043f154
install : $(TARGET)
diff --git a/lfs/libhtp b/lfs/libhtp
deleted file mode 100644
index 3c8d0594e..000000000
--- a/lfs/libhtp
+++ /dev/null
@@ -1,80 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 0.5.51
-
-THISAPP = libhtp-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_BLAKE2 = 0800b917a57745012308bb10d4ce8456d47233ae3420b1d64cb42e88a7156cd1ffcbcdab5df28c54fe3ab70a7f37ba41bd5ebcefe24915abf47b753a0bb05716
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-b2 : $(subst %,%_BLAKE2,$(objects))
-
-###############################################################################
-# Downloading, checking, b2sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_BLAKE2,$(objects)) :
- @$(B2SUM)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./autogen.sh
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --disable-static
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/libvirt b/lfs/libvirt
index dc8e0aa99..90e5a4696 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -26,7 +26,7 @@ include Config
SUMMARY = Server side daemon and supporting files for libvirt
-VER = 11.4.0
+VER = 11.7.0
THISAPP = libvirt-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 aarch64
PROG = libvirt
-PAK_VER = 41
+PAK_VER = 42
DEPS = ebtables libpciaccess ovmf swtpm qemu
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 54d2b9cb35394184d2ce22670623849ecfb54abd1c8e48135ec735ed6b30fa9fa22261cf847a66269a0f3918f164954fcc0a5d7eec1e0d759831925f3ac6b546
+$(DL_FILE)_BLAKE2 = 44b4c2a2c498d351762cf2bcbd26460dbe663e08e3f2a1b6e73fefbcb4bbc4e77f4b0d47ad771ec7b3854a9b2ebdbf08162590d20bd080f276a8042148ca5f07
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
@@ -81,39 +81,37 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
-
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch
-
cd $(DIR_APP) && meson \
- --prefix=/usr \
- --localstatedir=/var \
- --sysconfdir=/etc \
- -D docs=disabled \
- -D sasl=disabled \
- -D driver_vbox=disabled \
- -D driver_lxc=disabled \
- -D driver_esx=disabled \
- -D driver_vmware=disabled \
- -D driver_openvz=disabled \
- -D firewalld=disabled \
- -D driver_network=disabled \
- -D driver_interface=enabled \
- -D wireshark_dissector=disabled \
- -D nls=disabled \
- -D tests=disabled \
- -D qemu_user=nobody \
- -D qemu_group=kvm \
- -D storage_dir=enabled \
- -D storage_fs=enabled \
- -D storage_lvm=enabled \
- -D storage_iscsi=disabled \
- -D storage_scsi=disabled \
- -D storage_mpath=disabled \
- -D storage_disk=disabled \
- -D storage_rbd=disabled \
- -D storage_gluster=disabled \
- -D storage_zfs=disabled \
- builddir/
+ --prefix=/usr \
+ --localstatedir=/var \
+ --sysconfdir=/etc \
+ -D docs=disabled \
+ -D sasl=disabled \
+ -D driver_vbox=disabled \
+ -D driver_lxc=disabled \
+ -D driver_esx=disabled \
+ -D driver_vmware=disabled \
+ -D driver_openvz=disabled \
+ -D firewalld=disabled \
+ -D driver_network=disabled \
+ -D driver_interface=enabled \
+ -D wireshark_dissector=disabled \
+ -D nls=disabled \
+ -D tests=disabled \
+ -D qemu_user=nobody \
+ -D qemu_group=kvm \
+ -D storage_dir=enabled \
+ -D storage_fs=enabled \
+ -D storage_lvm=enabled \
+ -D storage_iscsi=disabled \
+ -D storage_scsi=disabled \
+ -D storage_mpath=disabled \
+ -D storage_disk=disabled \
+ -D storage_rbd=disabled \
+ -D storage_gluster=disabled \
+ -D storage_zfs=disabled \
+ builddir/
cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && ninja -C builddir/ install
diff --git a/lfs/lzip b/lfs/lzip
index 5d67be6f5..9ab7d6c8d 100644
--- a/lfs/lzip
+++ b/lfs/lzip
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.24.1
+VER = 1.25
THISAPP = lzip-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b387577087af5596ea49af16c44e1dfc11f78cbcc1031fc480a4e7ef1a01f4d8fb35c03d8cbeb7f6feb51e427708b1ed0f9a160e80ff938555ea3cf34f28be7c
+$(DL_FILE)_BLAKE2 = c9215246cf792c0448d8b71c80ea822e34ecb43b580d3707570dffe31af327f42758fa07ce78d94a3b12ea0a1bb80b7868822cfffdafd467abab397723c5d6e2
install : $(TARGET)
diff --git a/lfs/nfs b/lfs/nfs
index 5f3f8190e..f2bafe019 100644
--- a/lfs/nfs
+++ b/lfs/nfs
@@ -26,7 +26,7 @@ include Config
SUMMARY = Support Utilities for Kernel nfsd
-VER = 2.8.3
+VER = 2.8.4
THISAPP = nfs-utils-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nfs
-PAK_VER = 27
+PAK_VER = 28
DEPS = rpcbind
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 70fbba171697e13e0050cb146ff7e30ce53937d37882e4f53be62ee2792e8afee451a74e81d3b739a4d3c76ef444c5602a7a6a2a1e1148829a50f27e5da18533
+$(DL_FILE)_BLAKE2 = 4c4319facaadb4a8cb1319efde1c6a1086dcbecb7c093c6edd64c23ae3ead85e6e6209e69279f47a73ef92410f59278f56f472ae0a28493936e2f2d681b40dea
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata
index 05b708f1b..e84c604c6 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
include Config
-VER = 8.0.0
+VER = 8.0.1
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac87056dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3
+$(DL_FILE)_BLAKE2 = 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a95831c0146f6f3db7b93892649ee15317a9db1825452266611722b
install : $(TARGET)
@@ -77,7 +77,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--localstatedir=/var \
--enable-gccprotect \
--disable-gccmarch-native \
- --enable-non-bundled-htp \
--enable-nfqueue \
--disable-static \
--disable-python \
diff --git a/make.sh b/make.sh
index dd0ec075e..e841f5b4e 100755
--- a/make.sh
+++ b/make.sh
@@ -1796,7 +1796,6 @@ build_system() {
lfsmake2 setup
lfsmake2 jansson
lfsmake2 yaml
- lfsmake2 libhtp
lfsmake2 colm
lfsmake2 ragel
lfsmake2 vectorscan
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-17 11:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-17 11:31 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. cc67c087c843438b5402c9443fb471d3faa60d98 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox