* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ccc95f5e34c31df6dcd3e68484ef9b9c6af3c38d
@ 2025-12-15 16:18 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-12-15 16:18 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 16895 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via ccc95f5e34c31df6dcd3e68484ef9b9c6af3c38d (commit)
via 826846f8a72cad595639e87135699ce3ea33d2d4 (commit)
via c7595917721fc71ee9fe00e7be43224c48c60aa1 (commit)
via 986755616c882f516a52301ac29ad80f59149939 (commit)
via 4917a4db57ea5a6226a06aaaf7d2e3c20317c2a9 (commit)
via b048423ce0c2c3043a1ca04b34029bc8c8a9337c (commit)
via f4cb85d322687ef75da1c2dfc5d4262d711f0ea5 (commit)
via 70d0a4d9e3143214553abe199081c8ac2c508085 (commit)
via d5e9e2ba609353dfc868c60d6556df031571fa47 (commit)
via 92fa47e749e1eaf9955b5e48971e047e889c0fda (commit)
via 4022fbf53ea5e627b19d5affd50cfeb302ff33af (commit)
from 5489d3994a93f95e4e85bf5cdc711b6b0eef01ca (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ccc95f5e34c31df6dcd3e68484ef9b9c6af3c38d
Merge: 826846f8a d5e9e2ba6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Dec 15 16:18:39 2025 +0000
Merge branch 'master' into next
commit 826846f8a72cad595639e87135699ce3ea33d2d4
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sun Dec 14 15:02:16 2025 +0100
core200: Ship tzdata
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c7595917721fc71ee9fe00e7be43224c48c60aa1
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sun Dec 14 15:02:17 2025 +0100
tzdata: Update to version 2025c
- Update from version 2025b to 2025c
- No change in rootfile
- Changelog
2025c
Changes to past timestamps
Baja California agreed with California’s DST rules in 1953 and in
1961 through 1975, instead of observing standard time all year.
(Thanks to Alois Treindl.)
Changes to build procedure
Files in distributed tarballs now have correct commit times.
Formerly, the committer’s time zone was incorrectly ignored.
Distribution products (*.asc, *.gz, and *.lz) now have
reproducible timestamps. Formerly, only the contents of the
compressed tarballs had reproducible timestamps.
By default, distributed formatted man pages (*.txt) now use UTF-8
and are left-adjusted more consistently. A new Makefile macro
MANFLAGS can override these defaults. (Thanks to G. Branden
Robinson for inspiring these changes.)
Changes to code
An unset TZ is no longer invalid when /etc/localtime is missing,
and is abbreviated "UTC" not "-00". This reverts to 2024b behavior.
(Problem and patch reported by Dag-Erling Smørgrav.)
New function offtime_r, short for fixed-offset localtime_rz.
It is defined if STD_INSPIRED is defined.
(Patch from Dag-Erling Smørgrav.)
tzset etc. are now more cautious about questionable TZ settings.
Privileged programs now reject TZ settings that start with '/',
unless they are TZDEFAULT (default "/etc/localtime") or
start with TZDIR then '/' (default "/usr/share/zoneinfo/").
Unprivileged programs now require files to be regular files
and reject relative names containing ".." directory components;
formerly, only privileged programs did those two things.
These changes were inspired by similar behavior in FreeBSD.
On NetBSD, unprivileged programs now use O_REGULAR to check
whether a TZ setting starting with '/' names a regular file,
avoiding a minor security race still present elsewhere.
TZ strings taken from tzalloc arguments are now treated with
no less caution than TZ strings taken from the environment, as
the old undocumented behavior would have been hard to explain.
tzset etc. no longer use the ‘access’ system call to check access;
instead they now use the system calls issetugid, getauxval,
getresuid/getresgid, and geteuid/getegid/getuid/getgid (whichever
first works) to test whether a program is privileged.
Compile with -DHAVE_SYS_AUXV_H=[01] to enable or disable
<sys/auxv.h> which (if it defines AT_SECURE) enables getauxval,
and compile with -DHAVE_ISSETUGID=[01], -DHAVE_GETRESUID=[01], and
-DHAVE_GETEUID=[01] to enable or disable the other calls’ use.
The new CFLAGS option -DTZ_CHANGE_INTERVAL=N makes tzset etc.
check for TZif file changes if the in-memory data are N seconds
old or more, and are derived from the TZ environment variable.
This is intended for platforms that want tzset etc. to reflect
changes to whatever file TZ selects (including changes to
/etc/localtime if TZ is unset). If N is negative (the default)
these checks are omitted; this is the traditional behavior.
The new CFLAGS options -DHAVE_STRUCT_STAT_ST_CTIM=0 and
-DHAVE_STRUCT_TIMESPEC=0 port to non-POSIX.1-2008 platforms
that lack st_ctim and struct timespec, respectively.
tzset etc. now treat ' ' like '_' in time zone abbreviations,
just as they treat other invalid bytes. This continues the
transition begun in release 96k, which removed spaces in tzdata
because the spaces break time string parsers.
The new CFLAGS option -DTHREAD_PREFER_SINGLE causes tzcode
in single-threaded processes to avoid locks, as FreeBSD does.
This can save time in single-threaded apps. The threadedness
testing costs CPU time and energy in multi-threaded apps.
New options -DHAVE___ISTHREADED and -DHAVE_SYS_SINGLE_THREADED_H
can help configure how to test for single-threadedness.
The new CFLAGS option -DTHREAD_RWLOCK uses read-write locks, as
macOS does, instead of mutexes. This saves real time when TZ is
rarely changing and many threads call tzcode simultaneously.
It costs more CPU time and energy.
The new CFLAGS option -TTHREAD_TM_MULTI causes localtime to return
a pointer to thread-specific memory, as FreeBSD does, instead of
to the same memory in all threads. This supports unportable
programs that incorrectly use localtime instead of localtime_r.
This option affects gmtime and offtime similarly to localtime.
Because the corresponding storage is freed on thread exit, this
option is incompatible with POSIX.1-2024 and earlier. It also
costs CPU time and memory.
tzfree now preserves errno, consistently with POSIX.1-2024 ‘free’.
tzcode now uses mempcpy if available, guessing its availability.
Compile with -DHAVE_MEMPCPY=1 or 0 to override the guess.
tzcode now uses strnlen to improve asymptotic performance a bit.
Compile with -DHAVE_STRNLEN=0 if your platform lacks it.
tzcode now hand-declares unistd.h-provided symbols like getopt
if HAVE_UNISTD_H=0, not if HAVE_POSIX_DECLS=0.
tzset etc. now have an experimental OPENAT_TZDIR option;
see Makefile and localtime.c for details.
On platforms like GNU/Hurd that do not define PATH_MAX,
exceedingly long TZ strings no longer fail merely because they
exceed an arbitrary file name length limit imposed by tzcode.
zic has new options inspired by FreeBSD. ‘-D’ skips creation of
output ancestor directories, ‘-m MODE’ sets output files’ mode,
and ‘-u OWNER[:GROUP]’ sets output files’ owner and group.
zic now uses the fdopen function, which was standardized by
POSIX.1-1988 and is now safe to use in portable code.
This replaces its use of the older umask function, which
complicated maintenance.
Changes to commentary
The leapseconds file contains commentary about the IERS and NIST
last-modified and expiration timestamps for leap second data.
(Thanks to Judah Levine.)
Commentary now also uses characters from the set –‘’“”•≤ as this
can be useful and should work with current applications. This
also affects data in iso3166.tab and zone1970.tab, which now
contain strings like “Côte d’Ivoire” instead of “Côte d'Ivoire”.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 986755616c882f516a52301ac29ad80f59149939
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Dec 15 16:14:08 2025 +0000
core200: Ship dracut-ng (again)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4917a4db57ea5a6226a06aaaf7d2e3c20317c2a9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Dec 15 16:12:43 2025 +0000
core200: Ship backup exclude (again)
Just to be sure that everyone is getting this change.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b048423ce0c2c3043a1ca04b34029bc8c8a9337c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Dec 15 16:11:51 2025 +0000
core199: Ship backup exclude
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f4cb85d322687ef75da1c2dfc5d4262d711f0ea5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Dec 12 17:38:11 2025 +0100
exclude: Add the suricata sgh cache directory to the list
- Depending on the number of suricata rulesets that users have got enabled the suricata
cache in /var/cache/suricata/sgh/ gets currently backed up in the ipfire .ipf file
and some users are ending up with backup files that used to be 190MB and are now
greater than 700MB, some even over 800MB.
- This change excludes the cache from the backup as it seems that a restore with a cache
from an earlier time does not make sense.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 70d0a4d9e3143214553abe199081c8ac2c508085
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Dec 12 15:07:07 2025 +0100
dracut-ng: Update the rootfile to include initqueue
- In dracut-180 initqueue was removed from the base system and made its own set. This
was missed when the original release was done and the initqueue entries were
commented out.
- Tested out with the new 6.18.0 kernel evaluation and initqueue was successfully
installed and therefore also subsequently btrfs, lvm & mdraid that depended on
initqueue
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/exclude | 1 +
config/rootfiles/common/dracut-ng | 12 ++++++------
.../rootfiles/{oldcore/199 => core/200}/filelists/dracut-ng | 0
config/rootfiles/core/200/filelists/files | 1 +
config/rootfiles/{oldcore/100 => core/200}/filelists/tzdata | 0
config/rootfiles/core/200/update.sh | 2 +-
config/rootfiles/oldcore/199/filelists/files | 1 +
lfs/tzdata | 7 ++++---
8 files changed, 14 insertions(+), 10 deletions(-)
copy config/rootfiles/{oldcore/199 => core/200}/filelists/dracut-ng (100%)
copy config/rootfiles/{oldcore/100 => core/200}/filelists/tzdata (100%)
Difference in files:
diff --git a/config/backup/exclude b/config/backup/exclude
index a69eed767..0719b471f 100644
--- a/config/backup/exclude
+++ b/config/backup/exclude
@@ -1,6 +1,7 @@
etc/sysconfig/lm_sensors
etc/unbound/unbound.conf
*.tmp
+var/cache/suricata/sgh/*
var/ipfire/ethernet/settings
var/ipfire/firewall/bin/*
var/ipfire/ovpn/openssl/*
diff --git a/config/rootfiles/common/dracut-ng b/config/rootfiles/common/dracut-ng
index 3b492651c..b1760a614 100644
--- a/config/rootfiles/common/dracut-ng
+++ b/config/rootfiles/common/dracut-ng
@@ -481,12 +481,12 @@ usr/lib/dracut/modules.d/74udev-rules/module-setup.sh
#usr/lib/dracut/modules.d/77ecryptfs/README
#usr/lib/dracut/modules.d/77ecryptfs/ecryptfs-mount.sh
#usr/lib/dracut/modules.d/77ecryptfs/module-setup.sh
-#usr/lib/dracut/modules.d/77initqueue
-#usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.service
-#usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.service.8.adoc
-#usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.sh
-#usr/lib/dracut/modules.d/77initqueue/initqueue.sh
-#usr/lib/dracut/modules.d/77initqueue/module-setup.sh
+usr/lib/dracut/modules.d/77initqueue
+usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.service
+usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.service.8.adoc
+usr/lib/dracut/modules.d/77initqueue/dracut-initqueue.sh
+usr/lib/dracut/modules.d/77initqueue/initqueue.sh
+usr/lib/dracut/modules.d/77initqueue/module-setup.sh
#usr/lib/dracut/modules.d/77integrity
#usr/lib/dracut/modules.d/77integrity/README
#usr/lib/dracut/modules.d/77integrity/evm-enable.sh
diff --git a/config/rootfiles/core/200/filelists/dracut-ng b/config/rootfiles/core/200/filelists/dracut-ng
new file mode 120000
index 000000000..7be011e1f
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/dracut-ng
@@ -0,0 +1 @@
+../../../common/dracut-ng
\ No newline at end of file
diff --git a/config/rootfiles/core/200/filelists/files b/config/rootfiles/core/200/filelists/files
index e43c7c7dd..ece879636 100644
--- a/config/rootfiles/core/200/filelists/files
+++ b/config/rootfiles/core/200/filelists/files
@@ -2,3 +2,4 @@ etc/rc.d/init.d/networking/red
etc/rc.d/init.d/unbound
srv/web/ipfire/cgi-bin/dns.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
+var/ipfire/backup/exclude
diff --git a/config/rootfiles/core/200/filelists/tzdata b/config/rootfiles/core/200/filelists/tzdata
new file mode 120000
index 000000000..5a6e3252f
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/tzdata
@@ -0,0 +1 @@
+../../../common/tzdata
\ No newline at end of file
diff --git a/config/rootfiles/core/200/update.sh b/config/rootfiles/core/200/update.sh
index 2037bf15f..3005baa43 100644
--- a/config/rootfiles/core/200/update.sh
+++ b/config/rootfiles/core/200/update.sh
@@ -77,7 +77,7 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
/etc/init.d/unbound restart
/etc/init.d/openvpn-rw restart
-# Build initial ramdisks (for intel-microcode)
+# Build initial ramdisks (for intel-microcode & dracut-ng)
dracut --regenerate-all --force
KVER="xxxKVERxxx"
case "$(uname -m)" in
diff --git a/config/rootfiles/oldcore/199/filelists/files b/config/rootfiles/oldcore/199/filelists/files
index 1e574a6e4..a8135369b 100644
--- a/config/rootfiles/oldcore/199/filelists/files
+++ b/config/rootfiles/oldcore/199/filelists/files
@@ -27,6 +27,7 @@ usr/local/bin/lldpdctrl
usr/sbin/openvpn-authenticator
usr/sbin/redirect_wrapper
var/ipfire/backup/include
+var/ipfire/backup/exclude
var/ipfire/general-functions.pl
var/ipfire/header.pl
var/ipfire/lldp
diff --git a/lfs/tzdata b/lfs/tzdata
index ec3a9a048..ca813384f 100644
--- a/lfs/tzdata
+++ b/lfs/tzdata
@@ -24,7 +24,8 @@
include Config
-VER = 2025b
+VER = 2025c
+
TZDATA_VER = $(VER)
TZCODE_VER = $(VER)
@@ -45,8 +46,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz
tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_BLAKE2 = 07421e756cd33f003f1173c320a2e454f767a2ba299b76b54e34dc5cf1c126b00ab3186bc61d4989201a83cb8b3e4c005c0bc080fb39a1e48ff9555d50c84f1d
-tzcode$(TZCODE_VER).tar.gz_BLAKE2 = 1c9fa834ccdf0a73dd4ca5956e913506b01dc10cd0e278dc2ee0099b08fa726af56cc2d7276e41ab1d3d57faacab97a0b0eab7e1623ef2de46dd576aaded0001
+tzdata$(TZDATA_VER).tar.gz_BLAKE2 = f7d8fa0286f72e90058693dcdc39b8e9ddca198b157807b8d7d33969c07a2ee5a0391c6ebe8f3d86990de765216f563cf7ca75d8ea6f5c3b2950a16b973827de
+tzcode$(TZCODE_VER).tar.gz_BLAKE2 = b649847fcc59db2e43bc3f942e9ee4abb5968ac45114f6dcf362ec0ec23bd60117f976b539412cf062d8ba097a9d9a85f642ba46c5fbd96e2fb1a5e7b6f2ed53
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-12-15 16:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-15 16:18 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ccc95f5e34c31df6dcd3e68484ef9b9c6af3c38d Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox