* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 097038766be6a70b258a3cd67703d3b3b45f573f
@ 2026-01-14 11:17 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-01-14 11:17 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 097038766be6a70b258a3cd67703d3b3b45f573f (commit)
via 1fd193a12a874fb97423a0a3c06f9155c3235e2a (commit)
via 4c81662624b84744a2399afe93d1217969272f5d (commit)
via accd192b2839bbd185b230678569da281e4871cd (commit)
from 011ac6572fb2534ef6fe3eab397103e63f0abb66 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 097038766be6a70b258a3cd67703d3b3b45f573f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Jan 14 11:16:33 2026 +0000
core200: Ship Suricata
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1fd193a12a874fb97423a0a3c06f9155c3235e2a
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Wed Jan 14 11:30:10 2026 +0100
suricata: Update to 8.0.3
Excerpt from changelog:
"8.0.3 -- 2026-01-09
Security #8202: http: quadratic complexity in headers parsing over multiple
packets (8.0.x backport)(HIGH - CVE 2026-22263)
Security #8199: dnp3: unbounded transaction growth (8.0.x backport)(HIGH - CVE 2026-22259)
Security #8197: dcerpc: unbounded fragment buffering leads to memory
exhaustion (8.0.x backport)(CRITICAL - CVE 2026-22258)
Security #8191: detect/alert: heap-use-after-free on alert queue expansion
(8.0.x backport)(HIGH - CVE 2026-22264)
Security #8186: http: infinite recursion in decompression (8.0.x backport)(HIGH - CVE 2026-22260)
Security #8157: eve/alert: http xff handling can lead to denial of service
(8.0.x backport)(MODERATE - CVE 2026-22261)
Security #8111: datasets: stack overflow (8.0.x backport)(HIGH - CVE 2026-22262)
Bug #8211: rust: update lru crate to address RUSTSEC-2026-0002 (8.0.x backport)
Bug #8188: tcp: fast open packet not fully handled (8.0.x backport)
Bug #8180: eve/tls: version not logged for client hello only session (8.0.x backport)
Bug #8178: flow: mac addresses are not swapped (8.0.x backport)
Bug #8177: xbits: no error on invalid 'expire' values (8.0.x backport)
Bug #8176: lua: crash with luaxform and arguments (8.0.x backport)
Bug #8155: tls: ssl_version keyword negation (!) not working (8.0.x backport)
Bug #8152: stream/reassembly: BUG_ON triggered from AdjustToAcked in debug mode (8.0.x backport)
Bug #8151: nfs: NFS3/NFS2 procedure conflict (8.0.x backport)
Bug #8134: configure: hint for installing bindgen is outdated (8.0.x backport)
Bug #8120: file: wrong hash on small multipart files (8.0.x backport)
Bug #8103: unix-socket: hostbit commands ipv6 parsing issues (8.0.x backport)
Bug #8074: util/time: wrong parameter used in function (8.0.x backport)
Bug #7709: pop3: parse error blocks sessions
Optimization #8107: conf: timeout on too many scalar events (8.0.x backport)
Feature #8175: frames: add --list-frames option (8.0.x backport)
Feature #8144: af-packet: runtime option/flag to disable hardware timestamp support (8.0.x backport)
Feature #8100: nfs: NFSv4 should support 4.1's new enums (8.0.x backport)
Task #8148: psl: crate should be updated on every release (8.0.x backport)
Task #8091: schema: allow stream events for stats (8.0.x backport)
Documentation #8136: luaxform: options incorrectly described (8.0.x backport)
Documentation #8079: transform/luaxform: documentation states it supports init function (8.0.x backport)
Documentation #7938: docs: update backports policy for suri 7 (8.0.x backport)
Documentation #7931: userguide: update & improve exception policy section (8.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4c81662624b84744a2399afe93d1217969272f5d
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 13 13:12:14 2026 +0100
core200: Ship mdadm
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit accd192b2839bbd185b230678569da281e4871cd
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Jan 13 13:12:15 2026 +0100
mdadm: Update to version 4.5
- Update from version 4.4 to 4.5
- No change to rootfile
- From kernel 6.17.x onwards it produces an error message with version 4.4 and suggests
updating to version 4.5 as async del_gendisk mode will be removed in future. This
update also ensures we will not see that message in any released IPFire CU. I found it
in my testing of Arne's 6.18 kernel
- Changelog
4.5
Features:
Supports --logical-block-size in --create from Wu Guanghao
Create array with sync del gendisk mode from Xiao Ni
Update raid6check man page from Mingye Wang
Re-enable mdadm --monitor ... for /dev/mdX from Dr. Joachim Schneider
Use MAILFROM to set sendmail envelope sender address in mdmon from Martin
Wilck
Don't stop array after creating it during assemble from Xiao Ni
Use kernel raid headers from Mariusz Tkaczyk
Allow RAID0 to be created with v0.90 metadata from NeilBrown
Optimize DDF header search for widely used RAID controllers from lilinzhe
Persist properties of MD devices after switch_root from Antonio Alvarez Feijoo
Refactor continue_via_systemd() to make it more readable from Mateusz Kusiak
Remove --freeze-reshape logic in reshape from Mateusz Kusiak
Simplify remove logic in Incremental from Mariusz Tkaczyk
Fixes:
Fix crash with homehost=none in super1 from Martin Wilck
Moves memory management into Assemble to avoid null pointer dereference
from Xiao Ni
Wait a while before removing a member in Incremental from Xiao Ni
Some memleak issues from Wu Guanghao
Fix memleak in udev from Mariusz Tkaczyk
Support non-absolute name during monitor scan from QRPp
Mdcheck fix and improvment from Martin Wilck
Remove POSIX check for name from Mariusz Tkaczyk
Enable udev block for Incremental/Assemble to avoid race condition from
Nigel Croxon
Fix buiding errors from Xiao Ni
Use standard libc nftw from Xiao Ni
Allow any valid minor number in md device name from Martin Wilck
Fix RAID0 to RAID10 migration for imsm array from Blazej Kucman
Don't set badblock flag when adding a new disk from Wu Guanghao
Regression tests fix from Xiao Ni
Fix metadata corruption when managing new imsm array from Junxiao Bi
Add update_super in ddf to prevent crash when assembling ddf array from
lilinzhe
Disable legacy option ROM scan on UEFI machines for imsm array from Ross
Lagerwall
Add sbin path to env PATH to avoid command modprobe can't be found from
Coly Li
Add xmalloc.h to raid6check.c to fix building error from Xiao Ni
Do not start reshape before switchroot from Mateusz Kusiak
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/{oldcore/113 => core/200}/filelists/mdadm | 0
config/rootfiles/{oldcore/131 => core/200}/filelists/suricata | 0
config/rootfiles/core/200/update.sh | 1 +
lfs/mdadm | 7 ++++---
lfs/suricata | 4 ++--
5 files changed, 7 insertions(+), 5 deletions(-)
copy config/rootfiles/{oldcore/113 => core/200}/filelists/mdadm (100%)
copy config/rootfiles/{oldcore/131 => core/200}/filelists/suricata (100%)
Difference in files:
diff --git a/config/rootfiles/core/200/filelists/mdadm b/config/rootfiles/core/200/filelists/mdadm
new file mode 120000
index 000000000..465808b20
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/mdadm
@@ -0,0 +1 @@
+../../../common/mdadm
\ No newline at end of file
diff --git a/config/rootfiles/core/200/filelists/suricata b/config/rootfiles/core/200/filelists/suricata
new file mode 120000
index 000000000..f671f6993
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/suricata
@@ -0,0 +1 @@
+../../../common/suricata
\ No newline at end of file
diff --git a/config/rootfiles/core/200/update.sh b/config/rootfiles/core/200/update.sh
index 9d1069b4d..68a80e8c7 100644
--- a/config/rootfiles/core/200/update.sh
+++ b/config/rootfiles/core/200/update.sh
@@ -132,6 +132,7 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
/etc/init.d/unbound restart
/etc/init.d/openvpn-rw restart
/etc/init.d/ipsec restart
+/etc/init.d/suricata restart
# Build initial ramdisks
dracut --regenerate-all --force
diff --git a/lfs/mdadm b/lfs/mdadm
index 66932075e..930dac584 100644
--- a/lfs/mdadm
+++ b/lfs/mdadm
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,8 @@
include Config
-VER = 4.4
+VER = 4.5
+# https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/
THISAPP = mdadm-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d368681d94e31db2127a1114ad21b76647ee4b62f701705a93ca8482a58ec10d9cd58c5394bb346da0c58339f759fa6168441250a504931e43c0943b74ceef85
+$(DL_FILE)_BLAKE2 = 6cfa80514b4d51c2e8c5e3275ec3dce1a59c509fd83dbc41d395e47ed59c19df30b0382cf6dc5f3c6faf973296e341bc5e461303b3a0f6ce58da887ef0e8a418
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata
index dab9436e2..c483aef0a 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
include Config
-VER = 8.0.2
+VER = 8.0.3
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 708bc7f850a620cc69d41f78785d3cbd5116ea3baefeb3f068b6bd3e31a588511ecffab735ceb51d3392d5385d17dd3ee6498e0365ca38abf4ccf1b2cbc81f13
+$(DL_FILE)_BLAKE2 = ab87fde815338a7520badd2f4d8c8bfaccc778ecffbb13028fe9d561b1bf0e4ef2a43296b88fffb306df9e28fcd5997fa22c72ac887c40efbea799e0110fcb56
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-14 11:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-14 11:17 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 097038766be6a70b258a3cd67703d3b3b45f573f Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox