* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e51467136c8b04f739f6c4173e70d1a83f3af24b
@ 2026-04-30 18:58 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-30 18:58 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 19892 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via e51467136c8b04f739f6c4173e70d1a83f3af24b (commit)
via 4eaf33e0126233b40f00a5c997c14781ecd7b9cd (commit)
via 979b8b346fad38e8d6d15f1613c355771392379c (commit)
via c7f875cd8ca8c7cdf481696c04f36ce177e24910 (commit)
via c94c5d1dd101571e32fb205fa891b5946201e3a9 (commit)
from af558a8b57d403c548a14e74fb43fb68d5245c79 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e51467136c8b04f739f6c4173e70d1a83f3af24b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 30 20:36:48 2026 +0200
rsync: Update to version 3.4.2
- Update from version 3.4.1 to 3.4.2
- No change to rootfile
- Changelog
3.4.2
SECURITY RELATED:
Several security-relevant defects were reported and fixed since 3.4.1.
None were assigned a CVE — rsync's fork-per-connection design scopes
the impact of each of these to the attacker's own connection, which is
equivalent to the client closing the socket itself — but they are
fixed here as a matter of hygiene and to reduce the chances of a
future exploitable combination. Many thanks to the external
researchers who reported these issues.
- Fixed a signed integer overflow in the PROXY protocol v2 header
parser: a negative `len` field could bypass the size check and cause
a stack buffer overflow in `read_buf()`. Reported by John Walker of
ZeroPath.
- Fixed an invalid access to the files array. Reported by Calum
Hutton of Rapid7.
- Reject negative token values in the compressed-stream token
decoder; a negative value could cause callers to misinterpret a
missing data pointer as literal data. Reported by Will Sergeant.
- Fixed the element count passed to the xattr `qsort()` (see
https://www.openwall.com/lists/oss-security/2026/04/16/2).
- Fixed a buffer underflow in `clean_fname()`, and added a regression
test.
- Fixed an uninitialized `mul_one` in the AVX2 get_checksum1 path
(undefined behaviour), and added a SIMD-checksum self-test that
cross-checks SSE2, SSSE3 and AVX2 against the C reference on both
aligned and unaligned buffers.
- Fixed an uninitialized `buf1` on the first call to
`get_checksum2()` in the MD4 path (fixes #673).
- Zero all new memory from internal allocations: `my_alloc()` now uses
`calloc`, and `expand_item_list()` zeros the expanded portion after
`realloc`. This gives more predictable behaviour if stale or
uninitialised memory is ever accidentally read.
BUG FIXES:
- Call `tzset()` before chroot so that log timestamps continue to
reflect the configured local timezone after the daemon chroots
(glibc needs `/etc/localtime`, which is unreachable post-chroot).
- Use the correct time when writing to the log file.
- Do not clear `DISPLAY` unconditionally.
- Fixed a Y2038 bug in `syscall.c` by replacing the `Int32x32To64`
macro (which truncates its arguments to 32 bits) with a plain
64-bit multiplication.
- Fixed ACL ID mapping for non-root users (closes #618).
- Fixed handling of objects with many xattrs on FreeBSD.
- Fixed `--open-noatime` not taking effect when opening regular
files: `O_NOATIME` is now also passed to `do_open_nofollow()`, which
has been used for regular files since the CVE fix "fixed symlink
race condition in sender".
- Ignore "directory has vanished" errors.
- Fixed the removal of multiple leading slashes.
- Added the missing `--dirs` long option.
- Fixed a segfault if `poptGetContext()` returns NULL (e.g. under
OOM) by not passing NULL to `poptReadDefaultConfig()`. Reported by
Ronnie Sahlberg; found with `malloc-fail-tester`.
- Fixed a build error on ia64 NonStop (which treats missing
prototypes as an error, not a warning).
- Fixed a flaky hardlinks test (fixes #735).
ENHANCEMENTS:
- Added multi-threaded `zstd` compression, gated by a new
`--compress-threads=N` option, with validation and man-page
coverage.
- Documented the `temp dir` parameter in the rsyncd.conf man page
(fixes #820).
- Improved rendering of interior dashes in long-option names in
`md-convert` (perhaps fixes #686).
PORTABILITY / BUILD:
- Fixed glibc 2.43 const-preserving overloads of `strtok()`,
`strchr()` etc. by declaring the affected locals with the right
constness. Contributed by Holger Hoffstätte.
- Converted the bundled zlib 1.2.8 from K&R-style function
definitions to ANSI prototypes, so it builds with clang 16+.
- Avoid using `bool` as an identifier; it is a keyword in C23.
- `configure.ac`: check for xattr functions in libc first and only
fall back to `-lattr`, avoiding spurious overlinking when `-lattr`
happens to be installed. Contributed by Eli Schwartz.
- Made the build reproducible by honouring `SOURCE_DATE_EPOCH` for
the manpage date.
- Removed obsolete `popt/findme.c` and `popt/findme.h` that upstream
popt 1.14 folded into `popt.c` (fixes #710). Contributed by Alan
Coopersmith.
INTERNAL:
- Made many module-global variables `const` so they can live in
`.rodata` and enable additional compiler optimization.
DEVELOPER RELATED:
- Replaced `runtests.sh` with `runtests.py`, a Python test runner
that supports `--valgrind` (with per-process log files so valgrind
output no longer interferes with output comparisons) and
`-j/--parallel` execution for roughly a 7× speed-up on typical
hardware.
- Added a SIMD checksum self-test and a `clean-fname-underflow`
regression test.
- Various CI fixes for macOS and Cygwin (including adding
`simd-checksum` to the expected-skipped lists on platforms without
SIMD), and tests now run on `ubuntu-latest`.
- removed support for the unmaintained rsync-patches archive
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4eaf33e0126233b40f00a5c997c14781ecd7b9cd
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 30 20:36:47 2026 +0200
openvpn: Update to version 2.7.3
- Update from version 2.7.1 to 2.7.3
- No change to rootfile
- 2 CVE fixes in 2.7.2. These have also been applied to 2.6.20 on the 2.6 branch
- Changelog
2.7.3
bugfixes
in combination with --management-query-passwords, setups using --auth-user-pass
file or inline auth-user-pass would no longer use the configured passwords and
prompt on the management interface instead (OpenVPN GUI would then provide an
empty user/password prompt) (Github: OpenVPN/openpvn#1021).
2.7.2
Security fixes
fix race condition in TLS handshake that could lead to leaking of packet data from
a previous handshake under specific circumstances (CVE-2026-40215)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com))
fix server ASSERT() on receiving a suitably malformed packet with a valid
tls-crypt-v2 key (CVE-2026-35058)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com)
and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
Bugfixes
when using a config file with inlined username and no password, fix prompting for
the password from management interface.
Windows: fix DNSSEC flag handling - this got never applied due to a bad comparison
being always false.
Windows: fix deinstallation progress bar on adapter deletion.
New features
management interface: permit input of very long passwords in base64-encoded
multiline format. Signal support to management clients via
"management version 6".
Documentation
improve documentation and error messages related to old and new Linux DCO modules
remove some references to pre-2.3 OpenVPN
improve manpage for --learn-address config
User-visible Changes
improve error messages on --verify-x509-name failures
improve error logging when overlong username or passwords can not be written to TLS
buffer
Long-term code maintenance
fully support OpenSSL 4.0 now, without "deprecated API" warnings (multiple small
changes to adapt to 3.5 -> 4.0 API changes)
add unit tests for certificate detail printing
add unit tests for "empty password on inline credentials" handling
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 979b8b346fad38e8d6d15f1613c355771392379c
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 30 20:36:46 2026 +0200
lvm2: Update to version 2.03.40
- Update from version 2.03.39 to 2.03.40
- Update of rootfile
- Changelog
2.03.40
Reset warned flag in dmeventd raid plugin when device fully syncs.
Fix inverted range comparison in libdm reserved value check.
Fix percent_check threshold stuck above 100% in dmeventd thin/vdo plugins.
Fix cache_check_for_warns reading wrong cache mode for cachevol.
Fix memory leak in process_each_label duplicate handling.
Fix missing unlock_vg in vgcreate when pvcreate_each_device fails.
Lock the origin LV when locking a COW snapshot in lvmlockd.
Preserve bcache AIO context across lvm shell commands to avoid reinit cost.
Fix msg.data leaks in dmeventd restart and reinstate paths.
Fix VG lock leak on init_processing_handle failure in vgcreate.
Fix VG lock leak on lv_remove_single failure in vgmerge.
Fix VG lock leak on second lock_vol failure in vgimportclone.
Fix VG lock leak on early return in pvscan.
Fix inverted strstr check in remove_layer_from_lv layer rename.
Fix inverted strcmp for vgchange --persist lockstart check.
Fix argv overwriting last vdoformat option with device path.
Fix NULL deref of sync_action in dm_get_status_raid.
Fix recovery rate check in lvcreate when max rate is unset.
Fix dm_strncpy off-by-one in raid split image conversion name.
Fix missing failure return after reshape space allocation error in raid.
Pre-create udev cookie before critical section to avoid resume failures.
Validate area_count before subtracting parity_devs in RAID metadata import.
Validate area_count against MAX_STRIPES to prevent integer overflow.
Validate mda size and prevent uint64 to uint32 truncation in metadata reads.
Extract label_check_pv_layout to validate PV label buffer structure.
Remove redundant memset from command registration (global array is zero-init).
Kill orphaned polling lvpoll process in lvmpolld on pvmove --abort.
Fix pvmove mirror image bounds check off-by-one in poll completion.
Fix dev_manager to restore track_pvmove_deps flag on error path.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c7f875cd8ca8c7cdf481696c04f36ce177e24910
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 30 20:36:44 2026 +0200
core202: Ship ethtool
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c94c5d1dd101571e32fb205fa891b5946201e3a9
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Apr 30 20:36:45 2026 +0200
ethtool: Update to version 7.0
- Update from version 6.15 to 7.0
- No change to rootfile
- Changelog
7.0
* Feature: support MSE display (--show-mse)
* Feature: add 2 new link_ext_state names
* Fix: fix index calculation in ixgbe register dump (-d)
* Fix: cmis wavelength tolerance output (-m)
* Fix: duplicate sfpid Active Cu compliance output (-m)
6.19
* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
* Feature: display HW timestamp source (-T)
* Feature: support PLCA notifications (--get/set-plca-cfg)
* Feature: add PSE priority management support (--show/set-pse)
* Feature: support PSE notifications (--show/set-pse)
* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
* Feature: support FEC bit error histograms (--show-fec)
* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
* Fix: fix missing headers in text output
* Fix: fix print_string when the value is NULL (-Werror=format-security)
* Fix: fix JSON output of SFP diagnostics
* Fix: fix duplicated JSON keys in module info
* Misc: clarify that symmetric RSS may be on by default (-x/-X)
* Misc: add AppStream metainfo file to %files section
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/lvm2 | 2 ++
.../{oldcore/158 => core/202}/filelists/ethtool | 0
lfs/ethtool | 6 +++---
lfs/lvm2 | 4 ++--
lfs/openvpn | 4 ++--
lfs/rsync | 20 ++++++++------------
6 files changed, 17 insertions(+), 19 deletions(-)
copy config/rootfiles/{oldcore/158 => core/202}/filelists/ethtool (100%)
Difference in files:
diff --git a/config/rootfiles/common/lvm2 b/config/rootfiles/common/lvm2
index 61da721b1..45150d859 100644
--- a/config/rootfiles/common/lvm2
+++ b/config/rootfiles/common/lvm2
@@ -23,6 +23,7 @@ usr/lib/udev/rules.d/95-dm-notify.rules
usr/sbin/blkdeactivate
usr/sbin/dmsetup
usr/sbin/dmstats
+usr/sbin/dmvdostats
usr/sbin/fsadm
usr/sbin/lvchange
usr/sbin/lvconvert
@@ -87,6 +88,7 @@ usr/sbin/vgsplit
#usr/share/man/man8/blkdeactivate.8
#usr/share/man/man8/dmsetup.8
#usr/share/man/man8/dmstats.8
+#usr/share/man/man8/dmvdostats.8
#usr/share/man/man8/fsadm.8
#usr/share/man/man8/lvchange.8
#usr/share/man/man8/lvconvert.8
diff --git a/config/rootfiles/core/202/filelists/ethtool b/config/rootfiles/core/202/filelists/ethtool
new file mode 120000
index 000000000..494a53e9d
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/ethtool
@@ -0,0 +1 @@
+../../../common/ethtool
\ No newline at end of file
diff --git a/lfs/ethtool b/lfs/ethtool
index cd5d25150..006c8ad37 100644
--- a/lfs/ethtool
+++ b/lfs/ethtool
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 6.15
+VER = 7.0
THISAPP = ethtool-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2a4a71c7ea6ac047d23fa9c8265a2dce8432f4417f6006f71dc91e365b9a841b5bfd44683e3179806f38285f199ed0cb84d1ca7a3f02979b8f4045274736f9eb
+$(DL_FILE)_BLAKE2 = c2cfdb3256044dd4e331f8663a87e1b5231d45a693501bfd022c823bdbea950c93f0586e5d61e02d28f7ff87df769a68e1126123429f82899603baa69f153006
install : $(TARGET)
diff --git a/lfs/lvm2 b/lfs/lvm2
index bc2de3904..538cb161e 100644
--- a/lfs/lvm2
+++ b/lfs/lvm2
@@ -24,7 +24,7 @@
include Config
-VER = 2.03.39
+VER = 2.03.40
THISAPP = LVM2.$(VER)
DL_FILE = $(THISAPP).tgz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 24dc0f3a07dbd07a808343bb35078b6fe9e0372052c5d58c1d18b525ed23621434accce891d0a9390f9b5bd790c2d67dd22280746aada409e02c7cef9d9fae1f
+$(DL_FILE)_BLAKE2 = 8879915ba959de72becceddfccd4a9f7cae14e1614cddc1b4f89ad6f784ecbca03c0d734e834f87f9f53b432aa16ac9a55c9e1c93cdf199a53166ea4c1964330
install : $(TARGET)
diff --git a/lfs/openvpn b/lfs/openvpn
index 80eb94032..c1d0f69b6 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
include Config
-VER = 2.7.1
+VER = 2.7.3
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a5f598a4f2366c3134578af6bf08750c3d4269ab036f1b49b44799174bca01dc4d79c8ddfce2b5948f186a7729cd96e428b74dda4a685bf44323aaa188739405
+$(DL_FILE)_BLAKE2 = ef569507072af64cab3d2458f3f1ec86478975c4df9a33320b3e96df63d1e8ecbec9bc1b12344c58bdd2c9c734b065100a71f1d7954f324a325f39d220b914cc
install : $(TARGET)
diff --git a/lfs/rsync b/lfs/rsync
index 789b100bd..6053dca82 100644
--- a/lfs/rsync
+++ b/lfs/rsync
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.4.1
+VER = 3.4.2
THISAPP = rsync-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = rsync
-PAK_VER = 21
+PAK_VER = 22
DEPS = libxxhash
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 79c1cad697547059ee241e20c26d7f97bed3ad062deb856d31a617fead333a2d9f62c7c47c1efaf70033dbc358fe547d034c35e8181abb51a1fc893557882bc7
+$(DL_FILE)_BLAKE2 = bfc8aa3dc3b75de5e81519eab6d505ebd4d05ebc79c3336ebc925486fa6267cd13a37844d0817183cec68215788bc07e4a281f716bcd0bc7d93daa995df9122c
install : $(TARGET)
@@ -81,18 +81,14 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
# Replace shebang in rsync-ssl
cd $(DIR_APP) && sed -i -e "s@^#!.*@#!/bin/bash@" rsync-ssl
-
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --without-included-popt \
- --without-included-zlib \
- --enable-xxhash
-
+ --prefix=/usr \
+ --without-included-popt \
+ --without-included-zlib \
+ --enable-xxhash
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-30 18:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-30 18:58 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e51467136c8b04f739f6c4173e70d1a83f3af24b Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox