From ffe528be289f5605ead71b1ae0560468a5d87866 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 11:33:43 +0000 Subject: [PATCH 001/140] Start Core Update 184 Signed-off-by: Michael Tremer --- config/rootfiles/core/{183 => 184}/exclude | 0 .../core/{183 => 184}/filelists/core-files | 0 config/rootfiles/core/184/filelists/files | 0 config/rootfiles/core/184/update.sh | 70 +++++++++++++++++++ config/rootfiles/oldcore/183/exclude | 35 ++++++++++ .../183/filelists/aarch64/grub | 0 .../183/filelists/aarch64/linux | 0 .../{core => oldcore}/183/filelists/apache2 | 0 .../{core => oldcore}/183/filelists/bash | 0 .../{core => oldcore}/183/filelists/bind | 0 .../oldcore/183/filelists/core-files | 5 ++ .../{core => oldcore}/183/filelists/cpio | 0 .../{core => oldcore}/183/filelists/dracut | 0 .../{core => oldcore}/183/filelists/files | 0 .../183/filelists/fontconfig | 0 .../{core => oldcore}/183/filelists/gnutls | 0 .../{core => oldcore}/183/filelists/iptables | 0 .../{core => oldcore}/183/filelists/iputils | 0 .../{core => oldcore}/183/filelists/kbd | 0 .../{core => oldcore}/183/filelists/kmod | 0 .../{core => oldcore}/183/filelists/lcms2 | 0 .../{core => oldcore}/183/filelists/libgcrypt | 0 .../{core => oldcore}/183/filelists/libnl-3 | 0 .../{core => oldcore}/183/filelists/libssh | 0 .../{core => oldcore}/183/filelists/libxml2 | 0 .../{core => oldcore}/183/filelists/lmdb | 0 .../{core => oldcore}/183/filelists/lsof | 0 .../{core => oldcore}/183/filelists/openssh | 0 .../{core => oldcore}/183/filelists/openssl | 0 .../{core => oldcore}/183/filelists/p11-kit | 0 .../{core => oldcore}/183/filelists/qpdf | 0 .../183/filelists/riscv64/grub | 0 .../183/filelists/riscv64/linux | 0 .../183/filelists/strongswan | 0 .../{core => oldcore}/183/filelists/sudo | 0 .../{core => oldcore}/183/filelists/tzdata | 0 .../183/filelists/web-user-interface | 0 .../183/filelists/x86_64/grub | 0 .../183/filelists/x86_64/linux | 0 .../rootfiles/{core => oldcore}/183/update.sh | 0 make.sh | 2 +- 41 files changed, 111 insertions(+), 1 deletion(-) rename config/rootfiles/core/{183 => 184}/exclude (100%) rename config/rootfiles/core/{183 => 184}/filelists/core-files (100%) create mode 100644 config/rootfiles/core/184/filelists/files create mode 100644 config/rootfiles/core/184/update.sh create mode 100644 config/rootfiles/oldcore/183/exclude rename config/rootfiles/{core => oldcore}/183/filelists/aarch64/grub (100%) rename config/rootfiles/{core => oldcore}/183/filelists/aarch64/linux (100%) rename config/rootfiles/{core => oldcore}/183/filelists/apache2 (100%) rename config/rootfiles/{core => oldcore}/183/filelists/bash (100%) rename config/rootfiles/{core => oldcore}/183/filelists/bind (100%) create mode 100644 config/rootfiles/oldcore/183/filelists/core-files rename config/rootfiles/{core => oldcore}/183/filelists/cpio (100%) rename config/rootfiles/{core => oldcore}/183/filelists/dracut (100%) rename config/rootfiles/{core => oldcore}/183/filelists/files (100%) rename config/rootfiles/{core => oldcore}/183/filelists/fontconfig (100%) rename config/rootfiles/{core => oldcore}/183/filelists/gnutls (100%) rename config/rootfiles/{core => oldcore}/183/filelists/iptables (100%) rename config/rootfiles/{core => oldcore}/183/filelists/iputils (100%) rename config/rootfiles/{core => oldcore}/183/filelists/kbd (100%) rename config/rootfiles/{core => oldcore}/183/filelists/kmod (100%) rename config/rootfiles/{core => oldcore}/183/filelists/lcms2 (100%) rename config/rootfiles/{core => oldcore}/183/filelists/libgcrypt (100%) rename config/rootfiles/{core => oldcore}/183/filelists/libnl-3 (100%) rename config/rootfiles/{core => oldcore}/183/filelists/libssh (100%) rename config/rootfiles/{core => oldcore}/183/filelists/libxml2 (100%) rename config/rootfiles/{core => oldcore}/183/filelists/lmdb (100%) rename config/rootfiles/{core => oldcore}/183/filelists/lsof (100%) rename config/rootfiles/{core => oldcore}/183/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/183/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/183/filelists/p11-kit (100%) rename config/rootfiles/{core => oldcore}/183/filelists/qpdf (100%) rename config/rootfiles/{core => oldcore}/183/filelists/riscv64/grub (100%) rename config/rootfiles/{core => oldcore}/183/filelists/riscv64/linux (100%) rename config/rootfiles/{core => oldcore}/183/filelists/strongswan (100%) rename config/rootfiles/{core => oldcore}/183/filelists/sudo (100%) rename config/rootfiles/{core => oldcore}/183/filelists/tzdata (100%) rename config/rootfiles/{core => oldcore}/183/filelists/web-user-interface (100%) rename config/rootfiles/{core => oldcore}/183/filelists/x86_64/grub (100%) rename config/rootfiles/{core => oldcore}/183/filelists/x86_64/linux (100%) rename config/rootfiles/{core => oldcore}/183/update.sh (100%) diff --git a/config/rootfiles/core/183/exclude b/config/rootfiles/core/184/exclude similarity index 100% rename from config/rootfiles/core/183/exclude rename to config/rootfiles/core/184/exclude diff --git a/config/rootfiles/core/183/filelists/core-files b/config/rootfiles/core/184/filelists/core-files similarity index 100% rename from config/rootfiles/core/183/filelists/core-files rename to config/rootfiles/core/184/filelists/core-files diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/core/184/filelists/files new file mode 100644 index 000000000..e69de29bb diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh new file mode 100644 index 000000000..1059d1a1b --- /dev/null +++ b/config/rootfiles/core/184/update.sh @@ -0,0 +1,70 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2023 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=184 + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Extract files +extract_files + +# Remove files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Filesytem cleanup +/usr/local/bin/filesystem-cleanup + +# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + +# Start services + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/183/exclude b/config/rootfiles/oldcore/183/exclude new file mode 100644 index 000000000..8ee1c3c2f --- /dev/null +++ b/config/rootfiles/oldcore/183/exclude @@ -0,0 +1,35 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +boot/uEnv.txt +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/firewall/locationblock +var/ipfire/fwhosts/customlocationgrp +var/ipfire/ovpn +var/ipfire/urlfilter/blacklist +var/ipfire/urlfilter/settings +var/lib/alternatives +var/lib/location/database.db +var/lib/location/ipset +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/183/filelists/aarch64/grub b/config/rootfiles/oldcore/183/filelists/aarch64/grub similarity index 100% rename from config/rootfiles/core/183/filelists/aarch64/grub rename to config/rootfiles/oldcore/183/filelists/aarch64/grub diff --git a/config/rootfiles/core/183/filelists/aarch64/linux b/config/rootfiles/oldcore/183/filelists/aarch64/linux similarity index 100% rename from config/rootfiles/core/183/filelists/aarch64/linux rename to config/rootfiles/oldcore/183/filelists/aarch64/linux diff --git a/config/rootfiles/core/183/filelists/apache2 b/config/rootfiles/oldcore/183/filelists/apache2 similarity index 100% rename from config/rootfiles/core/183/filelists/apache2 rename to config/rootfiles/oldcore/183/filelists/apache2 diff --git a/config/rootfiles/core/183/filelists/bash b/config/rootfiles/oldcore/183/filelists/bash similarity index 100% rename from config/rootfiles/core/183/filelists/bash rename to config/rootfiles/oldcore/183/filelists/bash diff --git a/config/rootfiles/core/183/filelists/bind b/config/rootfiles/oldcore/183/filelists/bind similarity index 100% rename from config/rootfiles/core/183/filelists/bind rename to config/rootfiles/oldcore/183/filelists/bind diff --git a/config/rootfiles/oldcore/183/filelists/core-files b/config/rootfiles/oldcore/183/filelists/core-files new file mode 100644 index 000000000..0dec37e53 --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/core-files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/os-release +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/core/183/filelists/cpio b/config/rootfiles/oldcore/183/filelists/cpio similarity index 100% rename from config/rootfiles/core/183/filelists/cpio rename to config/rootfiles/oldcore/183/filelists/cpio diff --git a/config/rootfiles/core/183/filelists/dracut b/config/rootfiles/oldcore/183/filelists/dracut similarity index 100% rename from config/rootfiles/core/183/filelists/dracut rename to config/rootfiles/oldcore/183/filelists/dracut diff --git a/config/rootfiles/core/183/filelists/files b/config/rootfiles/oldcore/183/filelists/files similarity index 100% rename from config/rootfiles/core/183/filelists/files rename to config/rootfiles/oldcore/183/filelists/files diff --git a/config/rootfiles/core/183/filelists/fontconfig b/config/rootfiles/oldcore/183/filelists/fontconfig similarity index 100% rename from config/rootfiles/core/183/filelists/fontconfig rename to config/rootfiles/oldcore/183/filelists/fontconfig diff --git a/config/rootfiles/core/183/filelists/gnutls b/config/rootfiles/oldcore/183/filelists/gnutls similarity index 100% rename from config/rootfiles/core/183/filelists/gnutls rename to config/rootfiles/oldcore/183/filelists/gnutls diff --git a/config/rootfiles/core/183/filelists/iptables b/config/rootfiles/oldcore/183/filelists/iptables similarity index 100% rename from config/rootfiles/core/183/filelists/iptables rename to config/rootfiles/oldcore/183/filelists/iptables diff --git a/config/rootfiles/core/183/filelists/iputils b/config/rootfiles/oldcore/183/filelists/iputils similarity index 100% rename from config/rootfiles/core/183/filelists/iputils rename to config/rootfiles/oldcore/183/filelists/iputils diff --git a/config/rootfiles/core/183/filelists/kbd b/config/rootfiles/oldcore/183/filelists/kbd similarity index 100% rename from config/rootfiles/core/183/filelists/kbd rename to config/rootfiles/oldcore/183/filelists/kbd diff --git a/config/rootfiles/core/183/filelists/kmod b/config/rootfiles/oldcore/183/filelists/kmod similarity index 100% rename from config/rootfiles/core/183/filelists/kmod rename to config/rootfiles/oldcore/183/filelists/kmod diff --git a/config/rootfiles/core/183/filelists/lcms2 b/config/rootfiles/oldcore/183/filelists/lcms2 similarity index 100% rename from config/rootfiles/core/183/filelists/lcms2 rename to config/rootfiles/oldcore/183/filelists/lcms2 diff --git a/config/rootfiles/core/183/filelists/libgcrypt b/config/rootfiles/oldcore/183/filelists/libgcrypt similarity index 100% rename from config/rootfiles/core/183/filelists/libgcrypt rename to config/rootfiles/oldcore/183/filelists/libgcrypt diff --git a/config/rootfiles/core/183/filelists/libnl-3 b/config/rootfiles/oldcore/183/filelists/libnl-3 similarity index 100% rename from config/rootfiles/core/183/filelists/libnl-3 rename to config/rootfiles/oldcore/183/filelists/libnl-3 diff --git a/config/rootfiles/core/183/filelists/libssh b/config/rootfiles/oldcore/183/filelists/libssh similarity index 100% rename from config/rootfiles/core/183/filelists/libssh rename to config/rootfiles/oldcore/183/filelists/libssh diff --git a/config/rootfiles/core/183/filelists/libxml2 b/config/rootfiles/oldcore/183/filelists/libxml2 similarity index 100% rename from config/rootfiles/core/183/filelists/libxml2 rename to config/rootfiles/oldcore/183/filelists/libxml2 diff --git a/config/rootfiles/core/183/filelists/lmdb b/config/rootfiles/oldcore/183/filelists/lmdb similarity index 100% rename from config/rootfiles/core/183/filelists/lmdb rename to config/rootfiles/oldcore/183/filelists/lmdb diff --git a/config/rootfiles/core/183/filelists/lsof b/config/rootfiles/oldcore/183/filelists/lsof similarity index 100% rename from config/rootfiles/core/183/filelists/lsof rename to config/rootfiles/oldcore/183/filelists/lsof diff --git a/config/rootfiles/core/183/filelists/openssh b/config/rootfiles/oldcore/183/filelists/openssh similarity index 100% rename from config/rootfiles/core/183/filelists/openssh rename to config/rootfiles/oldcore/183/filelists/openssh diff --git a/config/rootfiles/core/183/filelists/openssl b/config/rootfiles/oldcore/183/filelists/openssl similarity index 100% rename from config/rootfiles/core/183/filelists/openssl rename to config/rootfiles/oldcore/183/filelists/openssl diff --git a/config/rootfiles/core/183/filelists/p11-kit b/config/rootfiles/oldcore/183/filelists/p11-kit similarity index 100% rename from config/rootfiles/core/183/filelists/p11-kit rename to config/rootfiles/oldcore/183/filelists/p11-kit diff --git a/config/rootfiles/core/183/filelists/qpdf b/config/rootfiles/oldcore/183/filelists/qpdf similarity index 100% rename from config/rootfiles/core/183/filelists/qpdf rename to config/rootfiles/oldcore/183/filelists/qpdf diff --git a/config/rootfiles/core/183/filelists/riscv64/grub b/config/rootfiles/oldcore/183/filelists/riscv64/grub similarity index 100% rename from config/rootfiles/core/183/filelists/riscv64/grub rename to config/rootfiles/oldcore/183/filelists/riscv64/grub diff --git a/config/rootfiles/core/183/filelists/riscv64/linux b/config/rootfiles/oldcore/183/filelists/riscv64/linux similarity index 100% rename from config/rootfiles/core/183/filelists/riscv64/linux rename to config/rootfiles/oldcore/183/filelists/riscv64/linux diff --git a/config/rootfiles/core/183/filelists/strongswan b/config/rootfiles/oldcore/183/filelists/strongswan similarity index 100% rename from config/rootfiles/core/183/filelists/strongswan rename to config/rootfiles/oldcore/183/filelists/strongswan diff --git a/config/rootfiles/core/183/filelists/sudo b/config/rootfiles/oldcore/183/filelists/sudo similarity index 100% rename from config/rootfiles/core/183/filelists/sudo rename to config/rootfiles/oldcore/183/filelists/sudo diff --git a/config/rootfiles/core/183/filelists/tzdata b/config/rootfiles/oldcore/183/filelists/tzdata similarity index 100% rename from config/rootfiles/core/183/filelists/tzdata rename to config/rootfiles/oldcore/183/filelists/tzdata diff --git a/config/rootfiles/core/183/filelists/web-user-interface b/config/rootfiles/oldcore/183/filelists/web-user-interface similarity index 100% rename from config/rootfiles/core/183/filelists/web-user-interface rename to config/rootfiles/oldcore/183/filelists/web-user-interface diff --git a/config/rootfiles/core/183/filelists/x86_64/grub b/config/rootfiles/oldcore/183/filelists/x86_64/grub similarity index 100% rename from config/rootfiles/core/183/filelists/x86_64/grub rename to config/rootfiles/oldcore/183/filelists/x86_64/grub diff --git a/config/rootfiles/core/183/filelists/x86_64/linux b/config/rootfiles/oldcore/183/filelists/x86_64/linux similarity index 100% rename from config/rootfiles/core/183/filelists/x86_64/linux rename to config/rootfiles/oldcore/183/filelists/x86_64/linux diff --git a/config/rootfiles/core/183/update.sh b/config/rootfiles/oldcore/183/update.sh similarity index 100% rename from config/rootfiles/core/183/update.sh rename to config/rootfiles/oldcore/183/update.sh diff --git a/make.sh b/make.sh index 06e09c9a3..7877a642c 100755 --- a/make.sh +++ b/make.sh @@ -23,7 +23,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.29" # Version number -CORE="183" # Core Level (Filename) +CORE="184" # Core Level (Filename) SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir MAX_RETRIES=1 # prefetch/check loop From b15de7ba5297c32cdef21185fe20a5fc3c9e2cc1 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:18 +0100 Subject: [PATCH 002/140] bird: Update to version 2.14 - Update from version 2.0.12 to 2.14 - Update of rootfile not required - Changelog 2.14 (2023-10-06) o MPLS subsystem o L3VPN: BGP/MPLS VPNs (RFC 4364) o BGP: Access to unknown route attributes o RAdv: Custom options o Babel: RTT metric extension o BMP: Refactored route monitoring o BMP: Multiple instances of BMP protocol o BMP: Both pre-policy and post-policy monitoring o Experimental route aggregation o Filter: Method framework o Filter: Functions have return type statements o Filter: New bytestring data type o Kernel: Option to learn kernel routes o Many bugfixes and improvements Notes: User-defined filter functions that return values now should have return type statements. We still accept functions without such statement, if they could be properly typed. For loops allowed to use both existing iterator variables or ones defined in the for statement. We no longer support the first case, all iterator variables must be defined in the for statement (e.g. 'for int i in bgp_path ...'). Due to oversight, VRF interfaces were not included in respective VRFs, this is fixed now. 2.13.1 (2023-06-23) o BGP: Fix role check when no capability option is present o Filter: Fixed segfault when a case option had an empty block This is a bugfix version. 2.13 (2023-04-21) o Babel: IPv4 via IPv6 extension (RFC 9229) o Babel: Improve authentication on lossy networks o BGP: New 'allow bgp_med' option o BSD: Support for IPv4 routes with IPv6 nexthop on FreeBSD o Experimental BMP protocol implementation o Important bugfixes Notes: We changed versioning scheme from .. to more common .. . From now on, you may expect that BIRD 2.13.x will be strictly only fixing bugs found in 2.13, whereas BIRD 2.14 will also contain new features. This BIRD version contains an alpha release of BMP protocol implementation. It is not ready for production usage and therefore it is not compiled by default and have to be enabled during installation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/bird | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/bird b/lfs/bird index 0c8c97055..e9dc6c5f8 100644 --- a/lfs/bird +++ b/lfs/bird @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = The BIRD Internet Routing Daemon -VER = 2.0.12 +VER = 2.14 THISAPP = bird-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = bird -PAK_VER = 12 +PAK_VER = 13 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = ca00574bb8e508255afb90e0d65f4e1763880699cff9877731d072efc48944b9f9ac77b35bb7ffd7b780e8e8b1c2eacdc38ee273353817c53723e7972fb5f0d6 +$(DL_FILE)_BLAKE2 = fe16b89c7f0ff35c5126366920960e0c55f57fe343380b2c32230122cf24f9abc3eb4d6ed9f37d2176f9e9340a83dffd1e68fed276b59b86cf1bdf5b8bd3c169 install : $(TARGET) From 330f38dabeca0a6ada0b5dc5c8b32f267f67cee3 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:19 +0100 Subject: [PATCH 003/140] dmidecode: Update to version 3.5 - Update from version 3.3 to 3.5 - Update of rootfile not required - Two patches no longer required as fixes are now in source tarball - Changelog 3.5 (Tue Mar 14 2023) - Decode HPE OEM records 216, 224, 230, 238 and 242. - Fortify entry point length checks. - Add a --no-quirks option. - Drop the CPUID exception list. - Do not let --dump-bin overwrite an existing file. - Ensure /dev/mem is a character device file. - Bug fixes: Fix segmentation fault in HPE OEM record 240 - Minor improvements: Typo fixes Write the whole dump file at once Fix a build warning when USE_MMAP isn't set 3.4 (Mon Jun 27 2022) - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memory module extended speed, new system slot types, new processor characteristics and new format of Processor ID. - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information). - Decode HPE OEM records 194, 199, 203, 236, 237, 238 and 240. - Bug fixes: Fix OEM vendor name matching Fix ASCII filtering of strings Fix crash with option -u - Minor improvements: Skip details of uninstalled memory modules Don't display the raw CPU ID in quiet mode Improve the formatting of the manual pages Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/dmidecode | 8 ++--- ...midecode-3.3-fix_crash_with_u_option.patch | 34 ------------------- ..._the_condition_error_in_ascii_filter.patch | 30 ---------------- 3 files changed, 3 insertions(+), 69 deletions(-) delete mode 100644 src/patches/dmidecode/dmidecode-3.3-fix_crash_with_u_option.patch delete mode 100644 src/patches/dmidecode/dmidecode-3.3-fix_the_condition_error_in_ascii_filter.patch diff --git a/lfs/dmidecode b/lfs/dmidecode index f18f6d25d..1408447d2 100644 --- a/lfs/dmidecode +++ b/lfs/dmidecode @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.3 +VER = 3.5 THISAPP = dmidecode-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 7a4557a203702da5d5d6722c72870342e18458b3777d095656e9d5c3a5f80cc712d16b775fa16e4ae9326965a789d393092d45651a449444e268438c1d16773e +$(DL_FILE)_BLAKE2 = 07cc4c069dc1cba36160de158c4d0390df9b77b4192f5847df0756f9e097a7fbc751cd7b5b073df7661267ab78ea0d9be2831d70ddda8d1981c628f3cfee8802 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -71,8 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/dmidecode-3.3-fix_the_condition_error_in_ascii_filter.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/dmidecode-3.3-fix_crash_with_u_option.patch cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/src/patches/dmidecode/dmidecode-3.3-fix_crash_with_u_option.patch b/src/patches/dmidecode/dmidecode-3.3-fix_crash_with_u_option.patch deleted file mode 100644 index 497768add..000000000 --- a/src/patches/dmidecode/dmidecode-3.3-fix_crash_with_u_option.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11e134e54d15e67a64c39a623f492a28df922517 Mon Sep 17 00:00:00 2001 -From: Jean Delvare -Date: Tue, 19 Jan 2021 16:26:01 +0100 -Subject: dmidecode: Fix crash with -u option - -A segmentation fault was reported with option -u. Turns out to be a -stupid thinko where the buffer offset was reset at the wrong loop -depth. - -Reported-by: Jerry Hoemann -Fixes: da06888d08b9 ("dmidecode: Use the print helpers in dump mode too") -Signed-off-by: Jean Delvare ---- - dmidecode.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dmidecode.c b/dmidecode.c -index 572cb1a..69ea0e8 100644 ---- a/dmidecode.c -+++ b/dmidecode.c -@@ -248,9 +248,9 @@ static void dmi_dump(const struct dmi_header *h) - { - int j, l = strlen(s) + 1; - -- off = 0; - for (row = 0; row < ((l - 1) >> 4) + 1; row++) - { -+ off = 0; - for (j = 0; j < 16 && j < l - (row << 4); j++) - off += sprintf(raw_data + off, - j ? " %02X" : "%02X", --- -cgit v1.2.1 - diff --git a/src/patches/dmidecode/dmidecode-3.3-fix_the_condition_error_in_ascii_filter.patch b/src/patches/dmidecode/dmidecode-3.3-fix_the_condition_error_in_ascii_filter.patch deleted file mode 100644 index e5f99b477..000000000 --- a/src/patches/dmidecode/dmidecode-3.3-fix_the_condition_error_in_ascii_filter.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1117390ccd9cea139638db6f460bb6de70e28f94 Mon Sep 17 00:00:00 2001 -From: Tianjia Zhang -Date: Tue, 5 Jan 2021 10:36:29 +0100 -Subject: dmidecode: Fix the condition error in ascii_filter - -The normal printable ASCII range is 32 to 127 (not included), -so fix the error in this if condition. - -Signed-off-by: Tianjia Zhang -Signed-off-by: Jean Delvare ---- - dmidecode.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dmidecode.c b/dmidecode.c -index 27d5494..864a193 100644 ---- a/dmidecode.c -+++ b/dmidecode.c -@@ -116,7 +116,7 @@ static void ascii_filter(char *bp, size_t len) - size_t i; - - for (i = 0; i < len; i++) -- if (bp[i] < 32 || bp[i] == 127) -+ if (bp[i] < 32 || bp[i] >= 127) - bp[i] = '.'; - } - --- -cgit v1.2.1 - From df46bb241bf99a5b9a7da3ca77e095321a7dcfd1 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 11:36:08 +0000 Subject: [PATCH 004/140] core184: Ship dmidecode (x86_64) Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/x86_64/dmidecode | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/x86_64/dmidecode diff --git a/config/rootfiles/core/184/filelists/x86_64/dmidecode b/config/rootfiles/core/184/filelists/x86_64/dmidecode new file mode 120000 index 000000000..88f5f0a61 --- /dev/null +++ b/config/rootfiles/core/184/filelists/x86_64/dmidecode @@ -0,0 +1 @@ +../../../../common/x86_64/dmidecode \ No newline at end of file From c23ca819d9989fd5b692c69bdcda7c9f3de42e5c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:20 +0100 Subject: [PATCH 005/140] fmt: Update to version 10.2.1 - Update from version 10.0.0 to 10.2.1 - Update of rootfile - Changelog is a bit too large to include here. Details can be found in ChangeLog.md file in source tarball. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/fmt | 2 +- lfs/fmt | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/fmt b/config/rootfiles/packages/fmt index a1dffc8d6..2078063cf 100644 --- a/config/rootfiles/packages/fmt +++ b/config/rootfiles/packages/fmt @@ -19,5 +19,5 @@ #usr/lib/cmake/fmt/fmt-targets.cmake #usr/lib/libfmt.so usr/lib/libfmt.so.10 -usr/lib/libfmt.so.10.0.0 +usr/lib/libfmt.so.10.2.1 #usr/lib/pkgconfig/fmt.pc diff --git a/lfs/fmt b/lfs/fmt index 07f90ee34..d66fd17b3 100644 --- a/lfs/fmt +++ b/lfs/fmt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Open-source formatting library for C++ -VER = 10.0.0 +VER = 10.2.1 THISAPP = fmt-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = fmt -PAK_VER = 3 +PAK_VER = 4 DEPS = @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4e778fd352ed084b9790b59b4875fc6ed04b7a58a40b3673854dd00763f492cc838970e8faef77b5f9db5e912a2fc77943aedb4ca4afb64a3736129cc4611809 +$(DL_FILE)_BLAKE2 = 7bef719aa99464b5cb608c81ca78e23f3aed81cadfa9ed65246c4983a98f0cadb27983d42929ab4e0b5e264673e38d7658a4f7d5171e624b2431b3c6327071d9 install : $(TARGET) From 7ae9d20aadcf3e1791194fb4d45a97368abadc16 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:21 +0100 Subject: [PATCH 006/140] haproxy: Update to version 2.9.2 - Update from version 2.8.5 to 2.9.2 - Update of rootfile not required - Changelog is too large to include here. Details can be found in the CHANGELOG file in the source tarball. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/haproxy | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lfs/haproxy b/lfs/haproxy index c98c8f630..bae1a7b16 100644 --- a/lfs/haproxy +++ b/lfs/haproxy @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,9 +26,9 @@ include Config SUMMARY = The Reliable, High Performance TCP/HTTP Load Balancer -VER = 2.8.5 +VER = 2.9.2 -# From: https://www.haproxy.org/download/2.8/src/haproxy-2.8.1.tar.gz +# From: https://www.haproxy.org/download/2.9/src/haproxy-2.9.2.tar.gz THISAPP = haproxy-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -36,7 +36,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = haproxy -PAK_VER = 28 +PAK_VER = 29 DEPS = @@ -54,7 +54,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2c5c66b83a5b514d6518b6b5d62cfa17881498bc4adca664a2cb307630adea815d80ee1a9a823e7ae4043328a3940ce34a62dd218b165cedf9111c1190bc541a +$(DL_FILE)_BLAKE2 = 257a594fdb18e50c99e4256aa364d2ea55b56e39bfda0435c921927939a09231be5ae2bd7f39e23286febb343fa0dca5fc33f9b279461c5083050898390b21db install : $(TARGET) From 43acdeb8a020c935010b35a76cef369cd07c7b4c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:22 +0100 Subject: [PATCH 007/140] ipset: Update to version 7.19 - Update from version 7.17 to 7.19 - Update of nrootfile not required - Changelog 7.19 - build: Fix the double-prefix in pkgconfig (Sam James) 7.18 - Add json output to list command (Thomas Oberhammer) - tests: hash:ip,port.t: Replace VRRP by GRE protocol (Phil Sutter) - tests: hash:ip,port.t: 'vrrp' is printed as 'carp' (Phil Sutter) - tests: cidr.sh: Add ipcalc fallback (Phil Sutter) - tests: xlate: Make test input valid (Phil Sutter) - tests: xlate: Test built binary by default (Phil Sutter) - xlate: Drop dead code (Phil Sutter) - xlate: Fix for fd leak in error path (Phil Sutter) - configure.ac: fix bashisms (Sam James) - lib/Makefile.am: fix pkgconfig dir (Sam James) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/ipset | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lfs/ipset b/lfs/ipset index f26f0d5de..bc34b44ea 100644 --- a/lfs/ipset +++ b/lfs/ipset @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 7.17 +VER = 7.19 THISAPP = ipset-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 43b74ab7caf5a963787184aa75b6c071388c8d28997681444b72118aba68b843e961b50418c3fa70b451b4cb090ec62940b770abac2156910442115edbf90d41 +$(DL_FILE)_BLAKE2 = 04290b94be471aedd732601e1dc147a066933606152beb76ba1a21283aa2e3f8b891fd9575db73f2af67b446fb77a0ca6b2432ae606440ac9e9bf80e41d1f640 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./autogen.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ --with-kmod=no \ From d6b51f9c041c2d8f21a9e07dd2ddb81e203ea021 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:53:12 +0000 Subject: [PATCH 008/140] core184: Ship ipset Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/ipset | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/ipset diff --git a/config/rootfiles/core/184/filelists/ipset b/config/rootfiles/core/184/filelists/ipset new file mode 120000 index 000000000..2b43691f2 --- /dev/null +++ b/config/rootfiles/core/184/filelists/ipset @@ -0,0 +1 @@ +../../../common/ipset \ No newline at end of file From 525bdbafb2aabac9940a21388cb7621d1ec8b99c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:23 +0100 Subject: [PATCH 009/140] libtalloc: Update to version 2.4.1 - Update from version 2.3.4 to 2.4.1 - Update of rootfile - Changelog 2.4.1 (2023-07-20) No change information available anywhere that I could find 2.4.0 (2023-01-18) No change information available anywhere that I could find Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/libtalloc | 2 +- lfs/libtalloc | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/libtalloc b/config/rootfiles/packages/libtalloc index dd7fa75c2..6e131085f 100644 --- a/config/rootfiles/packages/libtalloc +++ b/config/rootfiles/packages/libtalloc @@ -1,5 +1,5 @@ #usr/include/talloc.h #usr/lib/libtalloc.so usr/lib/libtalloc.so.2 -usr/lib/libtalloc.so.2.3.4 +usr/lib/libtalloc.so.2.4.1 #usr/lib/pkgconfig/talloc.pc diff --git a/lfs/libtalloc b/lfs/libtalloc index 0aa165b23..9bb3f05c0 100644 --- a/lfs/libtalloc +++ b/lfs/libtalloc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Samba talloc Library -VER = 2.3.4 +VER = 2.4.1 THISAPP = talloc-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libtalloc -PAK_VER = 2 +PAK_VER = 3 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1fac0a45a4ba16c7741e6d810e1a1e56352c04f266b99de62770177c1218a8c8253be2d5d1793aae67ce61e6a1159cbcd4888a49702822e6817b86eb7a1fea31 +$(DL_FILE)_BLAKE2 = a7913b25930c77da53c17c2e0d71386402b1059f93c751084037c5068a035bd543c2d7e24a2d8dc989bb4eea13fa1a3c7a362e4d6c14af0b2030fbfb2f513801 install : $(TARGET) From 3f22b830964b7822227194c7559d3398855c0a61 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:24 +0100 Subject: [PATCH 010/140] libvirt: Update to version 10.0.0 - Update from version 8.10.0 to 10.0.0 - Update of rootfile - Changelog is too large to include here. Details can be found in the NEWS.rst file in the source tarball CVE-2023-3750 was fixed in version 9.6.0 Fix race condition in storage driver leading to a crash In **libvirt-8.3** a bug was introduced which in rare cases could cause ``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to look up a storage volume by key, path or target path, while other clients attempted to access something from the same storage pool. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/libvirt | 12 ++++++++---- lfs/libvirt | 8 ++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index 8b3819aa5..f1031b079 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -85,16 +85,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.8010.0 +usr/lib/libvirt-admin.so.0.10000.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.8010.0 +usr/lib/libvirt-lxc.so.0.10000.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.8010.0 +usr/lib/libvirt-qemu.so.0.10000.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.8010.0 +usr/lib/libvirt.so.0.10000.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -186,6 +186,7 @@ usr/sbin/virtstoraged #usr/share/doc/libvirt/examples/sh #usr/share/doc/libvirt/examples/sh/virt-lxc-convert #usr/share/doc/libvirt/examples/systemtap +#usr/share/doc/libvirt/examples/systemtap/amd-sev-es-vmsa.stp #usr/share/doc/libvirt/examples/systemtap/events.stp #usr/share/doc/libvirt/examples/systemtap/lock-debug.stp #usr/share/doc/libvirt/examples/systemtap/qemu-monitor.stp @@ -247,6 +248,7 @@ usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml usr/share/libvirt/cpu_map/x86_Conroe.xml usr/share/libvirt/cpu_map/x86_Cooperlake.xml usr/share/libvirt/cpu_map/x86_Dhyana.xml +usr/share/libvirt/cpu_map/x86_EPYC-Genoa.xml usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml @@ -271,6 +273,7 @@ usr/share/libvirt/cpu_map/x86_Opteron_G5.xml usr/share/libvirt/cpu_map/x86_Penryn.xml usr/share/libvirt/cpu_map/x86_SandyBridge-IBRS.xml usr/share/libvirt/cpu_map/x86_SandyBridge.xml +usr/share/libvirt/cpu_map/x86_SapphireRapids.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Client.xml @@ -359,6 +362,7 @@ usr/share/libvirt/schemas/storagevol.rng #usr/share/locale/pl/LC_MESSAGES/libvirt.mo #usr/share/locale/pt/LC_MESSAGES/libvirt.mo #usr/share/locale/pt_BR/LC_MESSAGES/libvirt.mo +#usr/share/locale/ro/LC_MESSAGES/libvirt.mo #usr/share/locale/ru/LC_MESSAGES/libvirt.mo #usr/share/locale/si/LC_MESSAGES/libvirt.mo #usr/share/locale/sr/LC_MESSAGES/libvirt.mo diff --git a/lfs/libvirt b/lfs/libvirt index 6ac11a5a6..3035844f0 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Server side daemon and supporting files for libvirt -VER = 8.10.0 +VER = 10.0.0 THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) # SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 33 +PAK_VER = 34 DEPS = ebtables libpciaccess libyajl ncat qemu @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6c99428dd74ae1e535d0918bb48da0a851b03e9dfc38f96fca060a33b6be6c23c8b4a789695e8cf930536c156c8a893e18753a58c8a827f464b83a61b47c4846 +$(DL_FILE)_BLAKE2 = bfbea7805a949999481293a31e52a5511bcf86db2c96486cbc3b9cb776719ec973b1208cfcb4a8ae2c9220d1d68053980eaf68893f7919c3ef354efbd1abf642 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) From b66e42ddcfa6e1d5353b05586050c19425e7563a Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:25 +0100 Subject: [PATCH 011/140] lshw: Update to version B.02.20 - Update from version B.02.19.2 to B.02.20 - Update of rootfile - Changelog B.02.20 bug fixes code cleanup For more details see the git repo https://ezix.org/src/pkg/lshw/compare/B.02.19...B.02.20 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/lshw | 2 ++ lfs/lshw | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/lshw b/config/rootfiles/packages/lshw index 3987b2f25..49582ac41 100644 --- a/config/rootfiles/packages/lshw +++ b/config/rootfiles/packages/lshw @@ -1,4 +1,6 @@ usr/sbin/lshw +#usr/share/locale/ca/LC_MESSAGES/lshw.mo +#usr/share/locale/es/LC_MESSAGES/lshw.mo #usr/share/locale/fr/LC_MESSAGES/lshw.mo #usr/share/lshw #usr/share/lshw/manuf.txt diff --git a/lfs/lshw b/lfs/lshw index 9b2b78fd9..f8a3147f8 100644 --- a/lfs/lshw +++ b/lfs/lshw @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -27,7 +27,7 @@ include Config SUMMARY = HardWare LiSter -VER = B.02.19.2 +VER = B.02.20 THISAPP = lshw-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = lshw -PAK_VER = 1 +PAK_VER = 2 DEPS = @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8317def382bcb189c164bddf2dd766c614c6a0a49449ceee81f516125ef14ba24f5933b1f08f13b5ae52a96304baa1cc7ac5171231911ecaa466522a7c0c4c6f +$(DL_FILE)_BLAKE2 = 8abdd7cee6c42b8956229a0b62ac9f96359750f26cbfeb2ed74402eae3e7cd818133bf0b747351522c6387974ce2a98cf5ab29379e56c50abc980e497bcc19d7 install : $(TARGET) From a99747a53cc9acc64d6389378fbe30557a8826fa Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:26 +0100 Subject: [PATCH 012/140] memtest: Update to version 7.00 - Update from version 6.20 to 7.00 - Update of rootfile not required - Changelog 7.00 IMC polling for live DRAM settings Preliminary support for ECC polling Add support for MMIO UART Add debugging options Bug fixes & optimizations Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/memtest | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/memtest b/lfs/memtest index d5baca8ca..6617a92b2 100644 --- a/lfs/memtest +++ b/lfs/memtest @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.20 +VER = 7.00 THISAPP = memtest86plus-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6e3bea4b18049446f27da2cb1313300c578ef7fdb774b6a20df603271b66a6c0066be64a91b0a6d4ffcc63f1e139132942290a8111f6a991cccc0a5586cac966 +$(DL_FILE)_BLAKE2 = 608f4e31ddaee01d828cb1574086196c26f5e96c5049806ac3ab174ddf669db8cdcb8f336bec5a1ce74439d96fca505fea81311a06581bb43a8034156a4f8165 install : $(TARGET) From ad9d1c7594f1cb33101bfaedf5e4a8a291ba1f48 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:54:58 +0000 Subject: [PATCH 013/140] core184: Ship memtest Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/memtest | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/memtest diff --git a/config/rootfiles/core/184/filelists/memtest b/config/rootfiles/core/184/filelists/memtest new file mode 120000 index 000000000..4523c0813 --- /dev/null +++ b/config/rootfiles/core/184/filelists/memtest @@ -0,0 +1 @@ +../../../common/memtest \ No newline at end of file From 52d2ca0d4901d6850dd0fc41978ad70dafc73ece Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:27 +0100 Subject: [PATCH 014/140] pixman: Update to version 43.0 - Update from versionj 42.2 to 43.0 - Update of rootfile - Changelog The NEWS and ChangeLog files in the source tarball are empty. For details of changes see the commits log https://cgit.freedesktop.org/pixman/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/pixman | 3 +-- lfs/pixman | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/pixman b/config/rootfiles/common/pixman index e58e467cb..c48845cde 100644 --- a/config/rootfiles/common/pixman +++ b/config/rootfiles/common/pixman @@ -1,8 +1,7 @@ #usr/include/pixman-1 #usr/include/pixman-1/pixman-version.h #usr/include/pixman-1/pixman.h -#usr/lib/libpixman-1.la #usr/lib/libpixman-1.so usr/lib/libpixman-1.so.0 -usr/lib/libpixman-1.so.0.42.2 +usr/lib/libpixman-1.so.0.43.0 #usr/lib/pkgconfig/pixman-1.pc diff --git a/lfs/pixman b/lfs/pixman index 4161fef73..a1f362feb 100644 --- a/lfs/pixman +++ b/lfs/pixman @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.42.2 +VER = 0.43.0 THISAPP = pixman-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6286a9d064a5a24017fccbb0a6e9f6ef932077c2e33ec043826d4a7a6c707c9111d3de4b806cbcdb47fc2794f1f930d24d078de1ff2912061967db0890540957 +$(DL_FILE)_BLAKE2 = 1a807d4d5598a5fe6077d6bbc7786cba41a698a1f03801cc5367ade8707500ee215a0faf65afe85f9e040b0380f1074c2fdfd31c0805dc41a4e5e34e36416764 install : $(TARGET) From 3e32f30ba6176f39a15fcfbc90eddded095e9d84 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:55:33 +0000 Subject: [PATCH 015/140] core184: Ship pixman Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/pixman | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/pixman diff --git a/config/rootfiles/core/184/filelists/pixman b/config/rootfiles/core/184/filelists/pixman new file mode 120000 index 000000000..fdb6346ae --- /dev/null +++ b/config/rootfiles/core/184/filelists/pixman @@ -0,0 +1 @@ +../../../common/pixman \ No newline at end of file From d8209b5a9c56ff14b4318cf43820fad59cd17cad Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:28 +0100 Subject: [PATCH 016/140] poppler: Update to version 24.01.0 - Update from version 23.08.0 to 24.01.0 - Update of rootfile - Changelog 24.01.0: core: * Don't crash on certain documents on the NSS signature backend * Fix infinite loop in some annotation code if there's not space for even one character * Fix build on Android with generic font configuration * Small internal code cleanup 23.12.0: core: * Rewrite FoFiType1::parse to be more flexible. Issue #1422 * Small internal code refactoring 23.11.0: core: * CairoOutputDev: Use internal downscaling algorithm if image exceeds Cairo's maximum dimensions. * Internal code improvements * Fix crash on malformed files utils: * pdftocairo: Add option to document logical structure if output is pdf * pdftocairo: EPS output should not contain %%PageOrientation 23.10.0: core: * cairo: update type 3 fonts for cairo 1.18 api * Fix crash on malformed files build system: * Make a few more dependencies soft-mandatory * Add more supported gnupg releases * Check if linker supports version scripts 23.09.0: core: * Add Android-specific font matching functionality * Fix digital signatures for NeedAppearance=true * Forms: Don't look up same glyph multiple times * Provide the key location for certificates you can sign with * Add ToUnicode support for similarequal * Fix crash on malformed files qt5: * Provide the key location for certificates you can sign with * Allow to force a rasterized overprint preview during PS conversion qt6: * Provide the key location for certificates you can sign with * Allow to force a rasterized overprint preview during PS conversion pdfsig: * Provide the key location for certificates you can sign with Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/poppler | 4 ++-- lfs/poppler | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/poppler b/config/rootfiles/common/poppler index 1cbdb3f7a..68deecd65 100644 --- a/config/rootfiles/common/poppler +++ b/config/rootfiles/common/poppler @@ -173,8 +173,8 @@ usr/lib/libpoppler-cpp.so.0.11.0 usr/lib/libpoppler-glib.so.8 usr/lib/libpoppler-glib.so.8.26.0 #usr/lib/libpoppler.so -usr/lib/libpoppler.so.130 -usr/lib/libpoppler.so.130.0.0 +usr/lib/libpoppler.so.133 +usr/lib/libpoppler.so.133.0.0 #usr/lib/pkgconfig/poppler-cpp.pc #usr/lib/pkgconfig/poppler-glib.pc #usr/lib/pkgconfig/poppler.pc diff --git a/lfs/poppler b/lfs/poppler index e3c094b5b..03838d09a 100644 --- a/lfs/poppler +++ b/lfs/poppler @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 23.08.0 +VER = 24.01.0 THISAPP = poppler-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a35e44cc590e34991b27e53caf650dedf4d4aa4f9f82ed5d8a57b0ca6bb863c96fe0e9b9c9021b9722db48896d236c9e057bcbf45e9609eb237bf00481e91428 +$(DL_FILE)_BLAKE2 = 16c87a4338c73fcccfac3ac477807a7f96c8e95e68efff484d9d544da10815972f20d40f71091c6092913d82b205ca0d1bd25acbaba79277e1a1bf19ba397e6d install : $(TARGET) @@ -77,6 +77,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -DTESTDATADIR=$PWD/testfiles \ -DENABLE_UNSTABLE_API_ABI_HEADERS=ON \ -DENABLE_QT5=OFF \ + -DENABLE_NSS3=OFF \ + -DENABLE_GPGME=OFF \ + -DENABLE_QT6=OFF \ .. cd $(DIR_APP)/build && make $(MAKETUNING) From b0ef2af113b196cb98972017c31532bbc62ed0b2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:56:30 +0000 Subject: [PATCH 017/140] core184: Ship poppler Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/poppler | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/poppler diff --git a/config/rootfiles/core/184/filelists/poppler b/config/rootfiles/core/184/filelists/poppler new file mode 120000 index 000000000..39aa6c263 --- /dev/null +++ b/config/rootfiles/core/184/filelists/poppler @@ -0,0 +1 @@ +../../../common/poppler \ No newline at end of file From ab5113ae07f19f84f368d3dc7f791ec267f27d30 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:29 +0100 Subject: [PATCH 018/140] stunnel: Update to version 5.71 - Update from vesrion 5.69 to 5.71 - Update of rootfile not required - Changelog 5.71, 2023.09.19, urgency: MEDIUM Security bugfixes - OpenSSL DLLs updated to version 3.1.3. Bugfixes - Fixed the console output of tstunnel.exe. Features sponsored by SAE IT-systems - OCSP stapling is requested and verified in the client mode. - Using "verifyChain" automatically enables OCSP stapling in the client mode. - OCSP stapling is always available in the server mode. - An inconclusive OCSP verification breaks TLS negotiation. This can be disabled with "OCSPrequire = no". - Added the "TIMEOUTocsp" option to control the maximum time allowed for connecting an OCSP responder. Features - Added support for Red Hat OpenSSL 3.x patches. 5.70, 2023.07.12, urgency: HIGH Security bugfixes - OpenSSL DLLs updated to version 3.0.9. - OpenSSL FIPS Provider updated to version 3.0.8. Bugfixes - Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP). - Fixed reading certificate chains from PKCS#12 files. Features - Added configurable delay for the "retry" option. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/stunnel | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/stunnel b/lfs/stunnel index 24527bb25..61d1fe4a1 100644 --- a/lfs/stunnel +++ b/lfs/stunnel @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.69 +VER = 5.71 SUMMARY = Universal TLS Tunnel THISAPP = stunnel-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = stunnel -PAK_VER = 11 +PAK_VER = 12 DEPS = @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = fd213d1c7bc9efb42ee501bccd720c6535d123fe9d78354ff14a1701edcc30f1b563ff46fa34fd3f53bb976a7e700f0cd63589a8488738314604e593a95ad7bd +$(DL_FILE)_BLAKE2 = d323363c7bfdd6c0b7931b84a6069cf9a8337e967c31e14d15976d7932f0c0d6f40f7a1cbf5abbdff0e9edc52176cdcead4f848653088193b2debf4e77443b42 install : $(TARGET) From b9fec739fd9fa971bbe0e22d9a3e247a76f877f1 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:30 +0100 Subject: [PATCH 019/140] transmission: Update to version 4.0.5 - Update from version 4.0.4 to 4.0.5 - Update of rootfile - Changelog 4.0.5 Highlights Fixed 4.0.0 bug where the IP address field in UDP announces were not encoded in network byte order. [BEP-15]. (#6132) Fixed a bug that incorrectly escaped JSON strings in some locales. (#6005, #6133) Fixed 4.0.4 decreased download speeds for people who set a low upload bandwidth limit. (#6134) All Platforms Fixed bug that prevented editing trackers on magnet links. (#5957) Fixed HTTP tracker announces and scrapes sometimes failing after adding a torrent file by HTTPS URL. (#5969) In RPC responses, change the default sort order of torrents to match Transmission 3.00. (#5604) Fixed tr_sys_path_copy() behavior on some Synology Devices. (#5974) macOS Client Support Sonoma when building from sources. (#6016, #6051) Fixed early truncation of long group names in groups list. (#6104) Qt Client Fix: only append .added suffix to watchdir files. (#5705) GTK Client Fixed crash when opening torrent file from "Recently used" section in GTK 4. (#6131, #6142) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/transmission | 3 ++- lfs/transmission | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/transmission b/config/rootfiles/packages/transmission index 8efd4a95b..827205a11 100644 --- a/config/rootfiles/packages/transmission +++ b/config/rootfiles/packages/transmission @@ -13,6 +13,7 @@ usr/share/transmission #usr/share/transmission/public_html/images/favicon.png #usr/share/transmission/public_html/images/webclip-icon.png #usr/share/transmission/public_html/index.html +#usr/share/transmission/public_html/transmission-app.css #usr/share/transmission/public_html/transmission-app.js -#usr/share/transmission/public_html/transmission-app.js.LICENSE.txt +#usr/share/transmission/public_html/transmission-app.js.LEGAL.txt var/ipfire/backup/addons/includes/transmission diff --git a/lfs/transmission b/lfs/transmission index ab1e2f03b..3b77a85e0 100644 --- a/lfs/transmission +++ b/lfs/transmission @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A BitTorrent client with multiple UIs -VER = 4.0.4 +VER = 4.0.5 THISAPP = transmission-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = transmission -PAK_VER = 20 +PAK_VER = 21 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0cdf6075dffba941cbb47924879e8849938620068f3389fe6d5a03b100d11d66a0d33692738001092b8ac3ea181d9cfb554ba1bb2553dc7f06fd83b04f7e0ca9 +$(DL_FILE)_BLAKE2 = 60caa3bc615137b225d3ac3f25daa352c6960fcc848c91e5ea45488ae109d93b53e314e4683bd7c4ef3f9b2f364d796b6c5bb014ca647d3f44fb5c9df9f8c997 install : $(TARGET) From 2d79832a541725765c42d17cf884a93562300e0e Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 18 Jan 2024 12:40:31 +0100 Subject: [PATCH 020/140] wavemon: Update to version 0.9.5 - Update from version 0.9.4 to 0.9.5 - Update of rootfile not required - force-netlink-include-path patch updated due to chganges in file in source tarball - Changelog 0.9.5 Info Screen: improve format of percentages (use fixed format rather than auto-format). Configuration: fix ncurses support for white backgrounds (#119), configuration file now either in $XDG_CONFIG_HOME/wavemon/wavemonrc or in $HOME/.config/wavemon/wavemonrc (#106). Miscellaneous avoid including include linux/if.h (#109), check and set support for C99 standard (#108), updated README (#107), configuration file can now be located in XDG_CONFIG_HOME (#105), added portable implementation of asprintf(3), updated copied nl80211 header file, make -Wpedantic the default when building. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/wavemon | 10 +++++----- .../wavemon-0.9.4-force-netlink-include-path.patch | 11 ----------- .../wavemon-0.9.5-force-netlink-include-path.patch | 11 +++++++++++ 3 files changed, 16 insertions(+), 16 deletions(-) delete mode 100644 src/patches/wavemon-0.9.4-force-netlink-include-path.patch create mode 100644 src/patches/wavemon-0.9.5-force-netlink-include-path.patch diff --git a/lfs/wavemon b/lfs/wavemon index 265449c4f..1de2f9fab 100644 --- a/lfs/wavemon +++ b/lfs/wavemon @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -27,7 +27,7 @@ include Config SUMMARY = An ncurses monitoring application for wireless network devices -VER = 0.9.4 +VER = 0.9.5 THISAPP = wavemon-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = wavemon -PAK_VER = 2 +PAK_VER = 3 DEPS = @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e07feb16dba86b1a91dc9b7d7df51da1b4498d8ea1a6ca36f6ae1e30e0e0bb09971330a470cde3425e7ae785bbd2819460ac2f1ddc2bc8da3aae29de3356bdbb +$(DL_FILE)_BLAKE2 = 492ac0f16da1400b4e9e06af43b1ec8b96303bd33a62f355820975db61efc3b0603e1e3f97be05a69597b9546aeb95e3a2655cb0c45c90aa9f2bd765a06b8884 install : $(TARGET) @@ -82,7 +82,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/wavemon-0.9.4-force-netlink-include-path.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/wavemon-0.9.5-force-netlink-include-path.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure \ --prefix=/usr diff --git a/src/patches/wavemon-0.9.4-force-netlink-include-path.patch b/src/patches/wavemon-0.9.4-force-netlink-include-path.patch deleted file mode 100644 index 5004e567f..000000000 --- a/src/patches/wavemon-0.9.4-force-netlink-include-path.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- wavemon-0.9.4/Makefile.in.orig 2021-09-18 02:25:37.000000000 +0200 -+++ wavemon-0.9.4/Makefile.in 2023-05-19 23:45:50.170559365 +0200 -@@ -9,7 +9,7 @@ - install-suid-root: exec_perms = 4755 - - CC ?= @CC@ --CFLAGS ?= @CFLAGS@ @LIBNL3_CLI_CFLAGS@ -+CFLAGS = @CFLAGS@ @LIBNL3_CLI_CFLAGS@ - CPPFLAGS ?= @CPPFLAGS@ - LDFLAGS ?= @LDFLAGS@ - DEFS ?= @DEFS@ diff --git a/src/patches/wavemon-0.9.5-force-netlink-include-path.patch b/src/patches/wavemon-0.9.5-force-netlink-include-path.patch new file mode 100644 index 000000000..efafda4f7 --- /dev/null +++ b/src/patches/wavemon-0.9.5-force-netlink-include-path.patch @@ -0,0 +1,11 @@ +--- wavemon-0.9.5/Makefile.in.orig 2023-10-31 00:50:28.000000000 +0100 ++++ wavemon-0.9.5/Makefile.in 2024-01-16 12:15:40.601709570 +0100 +@@ -15,7 +15,7 @@ + else + CC ?= $(CC_DEFAULT) + endif +-CFLAGS ?= @CFLAGS@ @LIBNL3_CLI_CFLAGS@ ++CFLAGS = @CFLAGS@ @LIBNL3_CLI_CFLAGS@ + CPPFLAGS ?= @CPPFLAGS@ + LDFLAGS ?= @LDFLAGS@ + DEFS ?= @DEFS@ From a7a4f0ce73f47a934660a3daabea2fce99ef9917 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:39 +0100 Subject: [PATCH 021/140] attr: Update to version 2.5.2 - Update from version 2.5.1 to 2.5.2 - Update of rootfile - Changelog is no longer updated in the source tarball. Only source for changes is the git repository commits from https://git.savannah.nongnu.org/cgit/attr.git/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/attr | 5 ++--- lfs/attr | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/attr b/config/rootfiles/common/attr index 536cfb9fc..a968063b4 100644 --- a/config/rootfiles/common/attr +++ b/config/rootfiles/common/attr @@ -1,7 +1,6 @@ usr/bin/attr usr/bin/getfattr usr/bin/setfattr -#usr/etc #usr/etc/xattr.conf #usr/include/attr #usr/include/attr/attributes.h @@ -11,13 +10,12 @@ usr/bin/setfattr #usr/lib/libattr.la #usr/lib/libattr.so usr/lib/libattr.so.1 -usr/lib/libattr.so.1.1.2501 +usr/lib/libattr.so.1.1.2502 #usr/lib/pkgconfig/libattr.pc #usr/share/doc/attr #usr/share/doc/attr/CHANGES #usr/share/doc/attr/COPYING #usr/share/doc/attr/COPYING.LGPL -#usr/share/doc/attr/PORTING #usr/share/locale/cs/LC_MESSAGES/attr.mo #usr/share/locale/de/LC_MESSAGES/attr.mo #usr/share/locale/en@boldquot @@ -29,6 +27,7 @@ usr/lib/libattr.so.1.1.2501 #usr/share/locale/es/LC_MESSAGES/attr.mo #usr/share/locale/fr/LC_MESSAGES/attr.mo #usr/share/locale/gl/LC_MESSAGES/attr.mo +#usr/share/locale/ka/LC_MESSAGES/attr.mo #usr/share/locale/nl/LC_MESSAGES/attr.mo #usr/share/locale/pl/LC_MESSAGES/attr.mo #usr/share/locale/sv/LC_MESSAGES/attr.mo diff --git a/lfs/attr b/lfs/attr index 3b370ef37..8a85b109e 100644 --- a/lfs/attr +++ b/lfs/attr @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.5.1 +VER = 2.5.2 THISAPP = attr-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 876dcbd802ea79b7851640f208820ffdfb73dc46065af673037c6dd50ad2af158f9f74b34cf45728baf9d0cc5572b40c3f102aa2907245a877db0d3879e38f04 +$(DL_FILE)_BLAKE2 = cf26348c3a96622e4f62493ac7655e14b6580d36a5784ef4c3750178856eceabd33192fd58516be21c8aa1ad41d56c024ad440ef4bc922bed8f7a4984ea16c63 install : $(TARGET) From bdf5de6dd22ddb4ca02dfe82c1946160bdb1e2aa Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:57:53 +0000 Subject: [PATCH 022/140] core184: Ship attr Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/attr | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/attr diff --git a/config/rootfiles/core/184/filelists/attr b/config/rootfiles/core/184/filelists/attr new file mode 120000 index 000000000..c80801751 --- /dev/null +++ b/config/rootfiles/core/184/filelists/attr @@ -0,0 +1 @@ +../../../common/attr \ No newline at end of file From fa3b0964b612d90a8d7edbbf7a561ad48839579a Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:40 +0100 Subject: [PATCH 023/140] gnutls: Update to version 3.8.3 - Update from version 3.8.2 to 3.8.3 - Update of rootfile - Changelog 3.8.3 - libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] - libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] - libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/gnutls | 2 +- lfs/gnutls | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index cc6c90194..6cdaeb151 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.37.0 +usr/lib/libgnutls.so.30.37.1 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.30 diff --git a/lfs/gnutls b/lfs/gnutls index 19f79c6db..39e1d0bd1 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.8.2 +VER = 3.8.3 THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d70524f17919bc02fefc610ede948d209e50e3276fc1e2d40aaed5c208265455da220d948f4a3f21db57f9d253c103f3a1b9a6daa2229d02c7c224448acc2777 +$(DL_FILE)_BLAKE2 = 27a4bb4d8a5697e2187113351b2ad1e849bca7bcfb556c1b54fc2d02bef16e2789e7c437ac8db8fe6d2bcfc0e3e3467bbff2dd5d2fc0adb9bf8bda81cb89e452 install : $(TARGET) From f51f33d24bce234e1f043bb0e6ad665a0493757a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:58:38 +0000 Subject: [PATCH 024/140] core184: Ship GnuTLS Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/gnutls | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/gnutls diff --git a/config/rootfiles/core/184/filelists/gnutls b/config/rootfiles/core/184/filelists/gnutls new file mode 120000 index 000000000..8dbe60bc3 --- /dev/null +++ b/config/rootfiles/core/184/filelists/gnutls @@ -0,0 +1 @@ +../../../common/gnutls \ No newline at end of file From 35d55995c43222c40faaae91aaa7441f2c8e4183 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:41 +0100 Subject: [PATCH 025/140] iproute2: Update to version 6.7.0 - Update from version 6.6.0 to 6.7.0 - Update of rootfile not required - Changelog only available from git repo commits https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/iproute2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/iproute2 b/lfs/iproute2 index 0ed19414a..ce2ee1f81 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.6.0 +VER = 6.7.0 # https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/ THISAPP = iproute2-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 9d20f19c04c2bbde7a3ae53e61e4623b119570c8446f34b93ddadd64677caa432e00ee085498bc277e0842cc2124340c7100925106d0ef2c11dd8002aacac08f +$(DL_FILE)_BLAKE2 = df55dffc54ed196d43a86ce40e887dca6390b91289a492266568ff31aa8b2827fbd91c18676e14706df844fbfe3a5c50bf927ed4401e098e385d401ec3d5c116 install : $(TARGET) @@ -74,7 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make $(MAKETUNING) SBINDIR=/sbin cd $(DIR_APP) && make SBINDIR=/sbin install cd $(DIR_APP) && mv -v /sbin/arpd /usr/sbin - cd $(DIR_APP) && mv -v /usr/lib/iproute2 /etc/iproute2 + cd $(DIR_APP) && mv -v /usr/share/iproute2 /etc/iproute2 # Add table for static routing echo "200 static" >> /etc/iproute2/rt_tables From 0dc494f5e5ac5c6ddd8f8b40817301b03f4c3ad5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:59:26 +0000 Subject: [PATCH 026/140] core184: Ship iproute2 Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/iproute2 | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/iproute2 diff --git a/config/rootfiles/core/184/filelists/iproute2 b/config/rootfiles/core/184/filelists/iproute2 new file mode 120000 index 000000000..05f0f71fb --- /dev/null +++ b/config/rootfiles/core/184/filelists/iproute2 @@ -0,0 +1 @@ +../../../common/iproute2 \ No newline at end of file From 57da7bed373b4032a332bcb12f58f7bd39b79ff2 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:42 +0100 Subject: [PATCH 027/140] iputils: Update to version 20240117 - Update from version 20231222 to 20240117 - Update of rootfile not required - Changelog 20240117 * ping - fix: Restore -i0 (commit: 7a51494, PR: #519, regression from 2a63b94) * localization - Updated Turkish and Indonesian - 100% translated: Chinese (Simplified), Czech, French, Georgian, German, Korean, Portuguese (Brazil), Turkish, Ukrainian - > 90% translated: Finnish, Indonesian, Japanese Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/iputils | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/iputils b/lfs/iputils index 3343623cf..6055e51ed 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20231222 +VER = 20240117 THISAPP = iputils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a76d4e9741c4ce8d2a2b6337873400543c5bb51d61a794fdfed8c8f4228c41020f5203c8af7ca44a36877d246d4f67019d31f1a58e48c6fca7964d6ebc9d764b +$(DL_FILE)_BLAKE2 = 635943e12010aef8c1291b407bfbe284e0179391fca76197b77037ae1ffc219fa1d8e36abcea5fb7fff10d55ab40eed7c081e5d92b29f0916a4b4dd806945491 install : $(TARGET) From fbff621fac1dbc8304e0cba0c392ec23342329ad Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 13:59:50 +0000 Subject: [PATCH 028/140] core184: Ship iputils Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/iputils | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/iputils diff --git a/config/rootfiles/core/184/filelists/iputils b/config/rootfiles/core/184/filelists/iputils new file mode 120000 index 000000000..361c28f71 --- /dev/null +++ b/config/rootfiles/core/184/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file From f18d96971629979166347fc42c06ddaeec2da7df Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:43 +0100 Subject: [PATCH 029/140] libidn: Update to version 1.42 - Update from version 1.41 to 1.42 - Update of rootfile - Changelog 1.42 ** Bump required gettext version to 0.19.8 for musl-libc. ** Compiler warning improvements. As before, compiler warnings are enabled by default. You may disable them using ./configure --disable-gcc-warnings or turn them into fatal errors using ./configure --enable-gcc-warnings=error to add -Werror and sensible -Wno-error='s. Based on gnulib's manywarnings, see . ** Fix type confusion on LLP64/Windows platforms. While libidn has worked using cygwin libc, it has never worked on ucrt/msvcrt libc. Report and tiny patch by Francesco Pretto in . ** tests: Added script tests/standalone.sh suitable for integrators. The main purpose is to test a system-installed libidn, suitable for distributor checking (a'la Debian's autopkgtest/debci). It may also be used to test a newly built libidn outside the usual 'make check' infrastructure. To check that your system libidn is working, invoke the script with `srcdir` as an environment variable indicating where it can be find the source code for libidn's tests/ directory (it will use the directory name where the script is by default): tests/standalone.sh To check that a newly built static libidn behaves, invoke: env STANDALONE_CFLAGS="-Ilib lib/.libs/libidn.a" tests/standalone.sh To check that a newly built shared libidn behaves, invoke: env srcdir=tests STANDALONE_CFLAGS="-Ilib -Wl,-rpath lib/.libs lib/.libs/libidn.so" tests/standalone.sh If the libidn under testing is too old and has known bugs, that should cause tests to fail, which is intentional. ** Updated translations. ** Update gnulib files and build fixes. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/libidn | 4 +--- lfs/libidn | 6 +++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/libidn b/config/rootfiles/common/libidn index e2e2cd96a..3d0d3a97c 100644 --- a/config/rootfiles/common/libidn +++ b/config/rootfiles/common/libidn @@ -9,9 +9,7 @@ usr/bin/idn #usr/lib/libidn.la #usr/lib/libidn.so usr/lib/libidn.so.12 -usr/lib/libidn.so.12.6.4 +usr/lib/libidn.so.12.6.5 #usr/lib/pkgconfig/libidn.pc -#usr/share/emacs -#usr/share/emacs/site-lisp #usr/share/emacs/site-lisp/idna.el #usr/share/emacs/site-lisp/punycode.el diff --git a/lfs/libidn b/lfs/libidn index 4ce55a0a4..068fefe40 100644 --- a/lfs/libidn +++ b/lfs/libidn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.41 +VER = 1.42 THISAPP = libidn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6c632c2010f024792fd55d3c8e6f68e81152fa7421a4f65b6835d0dfd788707727381270c57bf46c6e252777e07ead501fdabdc55961c5c1604e81c53be5ab2b +$(DL_FILE)_BLAKE2 = 8f16d388884ad2ac9aafc46ec5eae144508ca86135184f625761c82c02ec9f99400bd4db65c9c9df54d315502cd5e2d37893d171abc6d76abe0a70f29acdb68e install : $(TARGET) From 5c4f1e680e4f04962c2270809806bc65ef09bb68 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 14:00:27 +0000 Subject: [PATCH 030/140] core184: Ship libidn Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/libidn | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/libidn diff --git a/config/rootfiles/core/184/filelists/libidn b/config/rootfiles/core/184/filelists/libidn new file mode 120000 index 000000000..7e3548957 --- /dev/null +++ b/config/rootfiles/core/184/filelists/libidn @@ -0,0 +1 @@ +../../../common/libidn \ No newline at end of file From ad06db0aca745d4169222b2def2c2b9db8e172ad Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:44 +0100 Subject: [PATCH 031/140] lvm2: Update to version 2.03.23 - Update from version 2.03.22 to 2.03.23 - Update of rootfile not required - Changelog 2.03.23 Set the first lv_attr flag for raid integrity images to i or I. Add -A option for pvs and pvscan to show PVs outside devices file. Improve searched_devnames temp file usage to prevent redundant scanning. Change default search_for_devnames from auto to all. Add lvmdevices --refresh to search for missing PVIDs on all devices. Add comparison between old and new entries in lvmdevices --check. Fix device_id matching order - match non-devname first. Fix "lvconvert -m 0" when there is other than first in-sync leg. Use system.devices as default for dmeventd when dmeventd.devices is undefined. Accept WWIDs containing QEMU HARDDISK for device_id. Improve handling of non-standard WWID prefixes used for device_id. Configure automatically enables cmdlib for dmeventd and notify-dbus for dbus. Fix hint calculation for pools with zero or error segment. Configure supports --disable-shared to build only static binaries. Configure supports --without-{blkid|systemd|udev} for easier static build. Refresh device ids if the system changes. Fix pvmove when specifying raid components as moved LVs. Enhance error detection for lvm_import_vdo. Support PV lists with thin lvconvert. Fix support for lvm_import_vdo with SCSI VDO volumes. Fix locking issue leading to hanging concurrent vgchange --refresh. Recognize lvm.conf report/headings=2 for full column names in report headings. Add --headings none|abbrev|full cmd line option to set report headings type. Fix conversion to thin pool using lvmlockd. Fix conversion from thick into thin volume using lvmlockd. Require writable LV for conversion to vdo pool. Fix return value from lvconvert integrity remove. Preserve UUID for pool metadata spare. Preserve UUID for swapped pool metadata. Rewrite validation of device name entries used as device_id. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/lvm2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/lvm2 b/lfs/lvm2 index 7dedadcac..4e8cf6614 100644 --- a/lfs/lvm2 +++ b/lfs/lvm2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.03.22 +VER = 2.03.23 THISAPP = LVM2.$(VER) DL_FILE = $(THISAPP).tgz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 79bbea84bd82f111c1bb5de336e6a9f1368b2c9e43f075dccaa90c7746a364259ad278adf650379eca75f2803ed74e74dd372be2cca8518462182657f96a0033 +$(DL_FILE)_BLAKE2 = 00d215d395d92fa23743fc77d91a6bd14df29bc4fb334e1e8c4deb8d34007bfdb4e188821ec1789b5f0bca39fe944923050e401ddae0d25e4932cffb109a0dda install : $(TARGET) From f4ca072ce48384581b8c40b2cf6b4a573ea1447f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 14:00:55 +0000 Subject: [PATCH 032/140] core184: Ship LVM2 Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/lvm2 | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/lvm2 diff --git a/config/rootfiles/core/184/filelists/lvm2 b/config/rootfiles/core/184/filelists/lvm2 new file mode 120000 index 000000000..d640870b7 --- /dev/null +++ b/config/rootfiles/core/184/filelists/lvm2 @@ -0,0 +1 @@ +../../../common/lvm2 \ No newline at end of file From 64f9606302a4f1f0a701f10fc49be236b95636cd Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:45 +0100 Subject: [PATCH 033/140] pam: Update to version 1.6.0 - Update from version 1.5.3 to 1.6.0 - Update of rootfile - A build bug was found with 1.6.0 if --enable-read-both-confs was set in the configure. A commit fixing this has been released and converted into a patch for IPFire. This will end up in the next pam release version and the IPFire patch can then be removed. - Changelog 1.6.0 * Added support of configuration files with arbitrarily long lines. * build: fixed build outside of the source tree. * libpam: added use of getrandom(2) as a source of randomness if available. * libpam: fixed calculation of fail delay with very long delays. * libpam: fixed potential infinite recursion with includes. * libpam: implemented string to number conversions validation when parsing controls in configuration. * pam_access: added quiet_log option. * pam_access: fixed truncation of very long group names. * pam_canonicalize_user: new module to canonicalize user name. * pam_echo: fixed file handling to prevent overflows and short reads. * pam_env: added support of '\' character in environment variable values. * pam_exec: allowed expose_authtok for password PAM_TYPE. * pam_exec: fixed stack overflow with binary output of programs. * pam_faildelay: implemented parameter ranges validation. * pam_listfile: changed to treat \r and \n exactly the same in configuration. * pam_mkhomedir: hardened directory creation against timing attacks. Please note that using *at functions leads to more open file handles during creation. * pam_namespace: fixed potential local DoS (CVE-2024-22365). * pam_nologin: fixed file handling to prevent short reads. * pam_pwhistory: helper binary is now built only if SELinux support is enabled. * pam_pwhistory: implemented reliable usernames handling when remembering passwords. * pam_shells: changed to allow shell entries with absolute paths only. * pam_succeed_if: fixed treating empty strings as numerical value 0. * pam_unix: added support of disabled password aging. * pam_unix: synchronized password aging with shadow. * pam_unix: implemented string to number conversions validation. * pam_unix: fixed truncation of very long user names. * pam_unix: corrected rounds retrieval for configured encryption method. * pam_unix: implemented reliable usernames handling when remembering passwords. * pam_unix: changed to always run the helper to obtain shadow password entries. * pam_unix: unix_update helper binary is now built only if SELinux support is enabled. * pam_unix: added audit support to unix_update helper. * pam_userdb: added gdbm support. * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/pam | 3 +++ lfs/pam | 7 ++++--- ...pam:_fix_build_with_--enable-read-both-confs.patch | 11 +++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch diff --git a/config/rootfiles/common/pam b/config/rootfiles/common/pam index e25fc9c26..de5c5b466 100644 --- a/config/rootfiles/common/pam +++ b/config/rootfiles/common/pam @@ -17,6 +17,8 @@ etc/security #lib/security/mkhomedir_helper #lib/security/pam_access.la lib/security/pam_access.so +#lib/security/pam_canonicalize_user.la +#lib/security/pam_canonicalize_user.so #lib/security/pam_debug.la #lib/security/pam_debug.so #lib/security/pam_deny.la @@ -193,6 +195,7 @@ usr/lib/libpamc.so.0.82.1 #usr/share/man/man8/mkhomedir_helper.8 #usr/share/man/man8/pam.8 #usr/share/man/man8/pam_access.8 +#usr/share/man/man8/pam_canonicalize_user.8 #usr/share/man/man8/pam_debug.8 #usr/share/man/man8/pam_deny.8 #usr/share/man/man8/pam_echo.8 diff --git a/lfs/pam b/lfs/pam index 020de981c..5e315a027 100644 --- a/lfs/pam +++ b/lfs/pam @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.5.3 +VER = 1.6.0 THISAPP = Linux-PAM-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 362c939f3afc343e6f4e78e7f6ba6f7a9c6ee0a9948bb5a4fc34cecfd29e9fa974082534d4ceedd04d8d3e34c7b3ef43d2a07ba5f41d26da04ec8330fc3790fb +$(DL_FILE)_BLAKE2 = 8ad3ed2d58b48cf43d065f15669788c113eee2aa3fc86cf38565a0e4835b142564ff1af5bcd3377db08af77141d25b4e93752a387ff7eabc00b4a826aa9ea39d install : $(TARGET) @@ -70,6 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure --libdir=/usr/lib \ --sbindir=/lib/security \ diff --git a/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch b/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch new file mode 100644 index 000000000..1736c5f35 --- /dev/null +++ b/src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch @@ -0,0 +1,11 @@ +--- Linux-PAM-1.6.0/libpam/pam_handlers.c.orig 2024-01-17 11:29:36.000000000 +0100 ++++ Linux-PAM-1.6.0/libpam/pam_handlers.c 2024-01-22 16:02:45.546376172 +0100 +@@ -500,7 +500,7 @@ + + if (pamh->confdir == NULL + && (f = fopen(PAM_CONFIG,"r")) != NULL) { +- retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1); ++ retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 0, 1); + fclose(f); + } else + #endif /* PAM_READ_BOTH_CONFS */ From eee8a5b285d7211602917cf9385776464bca90cf Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 14:01:36 +0000 Subject: [PATCH 034/140] core184: Ship PAM Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/pam | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/pam diff --git a/config/rootfiles/core/184/filelists/pam b/config/rootfiles/core/184/filelists/pam new file mode 120000 index 000000000..660a1d80e --- /dev/null +++ b/config/rootfiles/core/184/filelists/pam @@ -0,0 +1 @@ +../../../common/pam \ No newline at end of file From 0839a78a90f5d3d5bdf37340d535c5ebabf3196f Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:46 +0100 Subject: [PATCH 035/140] shadow: Updated to version 4.14.3 - Updated from version 4.14.2 to 4.14.3 - Update of rootfile not required - Patch renamed to new version number - Changelog 4.14.3 libshadow: Avoid null pointer dereference. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/shadow | 8 ++++---- ...> shadow-4.14.3-suppress_installation_of_groups.patch} | 0 2 files changed, 4 insertions(+), 4 deletions(-) rename src/patches/{shadow-4.14.2-suppress_installation_of_groups.patch => shadow-4.14.3-suppress_installation_of_groups.patch} (100%) diff --git a/lfs/shadow b/lfs/shadow index 1c0afc088..a3495474a 100644 --- a/lfs/shadow +++ b/lfs/shadow @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.14.2 +VER = 4.14.3 THISAPP = shadow-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 419f0a516753616ef691f71ec9002eef6fd7568c013ac71900d7481eff1bd9165c69d9587b7ca25800543a2eac58cfb7ce4224063e8af7b278f589640485c28f +$(DL_FILE)_BLAKE2 = 6707cae41a0f8478cadd94ea5eaba95cdc6b1b23896b8dd903c62c931839a82b0538f04f8c12433f148da5b23c12a033963380be81f6fc97fa0e3f9399e51b21 install : $(TARGET) @@ -70,7 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.14.2-suppress_installation_of_groups.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.14.3-suppress_installation_of_groups.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure \ --libdir=/lib \ diff --git a/src/patches/shadow-4.14.2-suppress_installation_of_groups.patch b/src/patches/shadow-4.14.3-suppress_installation_of_groups.patch similarity index 100% rename from src/patches/shadow-4.14.2-suppress_installation_of_groups.patch rename to src/patches/shadow-4.14.3-suppress_installation_of_groups.patch From a65bcf84b49ce9cfea0524a1248dc82f74913993 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 14:02:02 +0000 Subject: [PATCH 036/140] core184: Ship shadow Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/shadow | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/shadow diff --git a/config/rootfiles/core/184/filelists/shadow b/config/rootfiles/core/184/filelists/shadow new file mode 120000 index 000000000..c0824b7b9 --- /dev/null +++ b/config/rootfiles/core/184/filelists/shadow @@ -0,0 +1 @@ +../../../common/shadow \ No newline at end of file From b7e830c99bd53a24f512b881c51177e3a601a7da Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 23 Jan 2024 12:26:47 +0100 Subject: [PATCH 037/140] sqlite: Update to version 3450000 - Update from version 3440100 to 3450000 - Update of rootfile not required - Does IPFire have apopliocation defined SQL functions that invoke sqlite3_result_subtype() as per the first part of the below Changelog. - Changelog 3.45.0 Added the SQLITE_RESULT_SUBTYPE property for application-defined SQL functions. All application defined SQL functions that invokes sqlite3_result_subtype() must be registered with this new property. Failure to do so might cause the call to sqlite3_result_subtype() to behave as a no-op. Compile with -DSQLITE_STRICT_SUBTYPE=1 to cause an SQL error to be raised if a function that is not SQLITE_RESULT_SUBTYPE tries invokes sqlite3_result_subtype(). The use of -DSQLITE_STRICT_SUBTYPE=1 is a recommended compile-time option for every application that makes use of subtypes. Enhancements to the JSON SQL functions: All JSON functions are rewritten to use a new internal parse tree format called JSONB. The new parse-tree format is serializable and hence can be stored in the database to avoid unnecessary re-parsing whenever the JSON value is used. New versions of JSON-generating functions generate binary JSONB instead of JSON text. The json_valid() function adds an optional second argument that specifies what it means for the first argument to be "well-formed". Add the FTS5 tokendata option to the FTS5 virtual table. The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. Disable it at compile-time using -DSQLITE_DIRECT_OVERFLOW_READ=0. Query planner improvements: Do not allow the transitive constraint optimization to trick the query planner into using a range constraint when a better equality constraint is available. (Forum post 2568d1f6e6.) The query planner now does a better job of disregarding indexes that ANALYZE identifies as low-quality. (Forum post 6f0958b03b.) Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. Enhancements to the CLI: Improvements to the display of UTF-8 content on Windows Automatically detect playback of ".dump" scripts and make appropriate changes to settings such as ".dbconfig defensive off" and ".dbconfig dqs_dll on". Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/sqlite | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/sqlite b/lfs/sqlite index a03731a10..3ca4e45ff 100644 --- a/lfs/sqlite +++ b/lfs/sqlite @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3440100 +VER = 3450000 THISAPP = sqlite-autoconf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8b0aa4b2fd36099e68502705d0187cf30b8755f61577942e9b8709d3ca3e56dfd64cf256d0b70a75e987f2894076cb32c170dd52cd278579a646b06b90140e9d +$(DL_FILE)_BLAKE2 = 04ba8522be5fa8c0a0a101824f90030f83ad131b53dff622e0449d31b3ee3e50888ed0d8a663c5be3f7338d5d5b6efef1b828374fa599a675ab892bbbb3abec9 install : $(TARGET) From bd2e449a71c6249a88584beee3493b1418db8025 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Jan 2024 14:02:24 +0000 Subject: [PATCH 038/140] core184: Ship sqlite Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/sqlite | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/sqlite diff --git a/config/rootfiles/core/184/filelists/sqlite b/config/rootfiles/core/184/filelists/sqlite new file mode 120000 index 000000000..4ea569766 --- /dev/null +++ b/config/rootfiles/core/184/filelists/sqlite @@ -0,0 +1 @@ +../../../common/sqlite \ No newline at end of file From 13835af399da27c4fa08dba42c94b52d86c759e6 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 24 Jan 2024 22:09:40 +0100 Subject: [PATCH 039/140] frr: Update to version 9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update from version 8.5.2 to 9.1 - Update of rootfile - Build dependencies of frr now include protobuf-c. protobuf-c requires protobuf. protobuf requires abseil-cpp. - Build dependency of libyang will have a minimum version requirement of 2.1.128 coming out of an issue. Minimum version for frr-9.1 is 2.1.80 but excluding 2.1.111 due to API issues. Based on the near future requirement being 2.1.128 will move to current latest version of 2.1.148 - This patch set includes the above build dependencies - Changelog 9.1 FRR 9.1 brings a long list of enhancements and fixes with 941 commits from 73 developers. OSPFv2 HMAC-SHA Cryptographic Authentication Specify that HMAC cryptographic authentication must be used on a specific interface using a key chain. BGP MAC-VRF Site-Of-Origin support In some EVPN deployments, it is useful to associate a logical VTEP’s Layer 2 domain (MAC-VRF) with a Site-of-Origin “site” identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originating from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs, i.e. Active/Active MLAG, as it can be used to avoid ownership conflicts between the two control planes (EVPN vs MLAG). BGP Dynamic capability support Added support for Graceful-Restart, Long-lived Graceful-Restart, Software-version, and Role BGP capabilities to be adjusted dynamically using BGP dynamic capability. Dynamic BGP capability allows the dynamic update of capabilities over an established BGP session. This capability would facilitate non-disruptive capability changes by BGP speakers. IS-IS SRv6 uSID support (RFC 9352) The Segment Routing (SR) architecture allows a flexible definition of the end-to-end path by encoding it as a sequence of topological elements called "segments". It can be implemented over the MPLS or the IPv6 data plane. This feature enables extensions in IS-IS to support Segment Routing over the IPv6 data plane (SRv6) as per RFC 9352. Next-hop resolution via the default route Changed the default for a traditional profile to be enabled. The datacenter profile is left as disabled. Add support for VLAN, ECN, DSCP mangling/filtering PBR maps are a way to specify a set of rules that are applied to packets received on individual interfaces. If a received packet matches a rule, the rule’s next-hop-group or next-hop is used to forward it; any other actions specified in the rule are also applied to the packet. With this change, we added more commands for PBR maps, like matching src-ip, dst-ip, src-port, dst-port, vlan, dscp, ecn, and more. libyang 2.1.80 related breaking changes prefix-list matching in route-maps is fundamentally broken with libyang 2.1.111. If you have this version, please downgrade to the most stable version 2.1.80. More details CESNET/libyang#2090 Other significant changes Zebra support for route replace semantics in FPM link New command for BGP neighbor x addpath-tx-best-selected link New command for BGP mpls bgp l3vpn-multi-domain-switching link A couple more new BGP route-map commands: set as-path exclude all link set as-path exclude as-path-access-list link set extended-comm-list delete link set as-path replace [] link set as-path replace as-path-access-list WORD [] link match community-list X any UPDATE Deprecations Deprecate pre-standard outbound route filtering capability Deprecate pre-standard route refresh capability Drop deprecated capability A complete log of changes can be found by browsing the commit history of the FRR 9.1 tag 9.0.2 Fixed CVE-2023-47235 More details: https://frrouting.org/security/cve-2023-47235 Bug Fixes bgpd Fix aggregate-address summary-only suppressed export to EVPN Allow using attribute number 255 for path attr discard/withdraw cmds Check mandatory attributes more carefully for the UPDATE message Do not suppress conditional advertisement updates if triggered Fix Extended community memory leak Fix the no set as-path prepend command Fix heap-use-after-free for bgp_best_selection() Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable() Fix clear bgp ipv6 unicast ... command Flush attributes only if we don't have to announce a conditional route (avoid use-after-free) Free memory for SRv6 functions and locator chunks Handle MP_UNREACH_NLRI malformed packets with session reset Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute Initialise timebuf arrays to zeros for dampening reuse timer Initialise buffer in bgp_notify_admin_message() before using it LTTng add EVPN route trace events Make sure dampening is enabled for the specified AFI/SAFI Use proper AFI when dumping information for dampening stuff Treat the AS4-PATH attribute as withdrawn if malformed Treat PMSI tunnel attribute as withdrawn if malformed Treat EOR as withdrawn to avoid unwanted handling of malformed attrs eigrpd Use the correct memory pool on interface deletion mgmtd Change mgmtd_vty_port to 2623 Fix crash on show mgmtd datastore-contents ospf6d Fix setting of the forwarding address in as-external LSAs Set loopback interface cost to 0 ospfd Fixing infinite loop when listing OSPF interfaces pathd Add no msd command Add no pcep command pbrd Fix show pbr map detail json command Free memory in pbr_map_delete() pim6d Fix valgrind issues pimd Fix missing pimreg interface tools Fix the frr-reload interface description command Fix the frr-reload route-map description command Make --quiet actually suppress output vtysh Fix entering configuration node in file-lock mode Fix configure terminal argument descriptions Fix working in file-lock mode Fix show route map json output zebra Add encap type when building packet for FPM Display ptmStatus order in interface JSON Fix connected route deletion when multiple entry exists Fix FPM multipath encap addition Fix link update for veth interfaces Fix zebra crash when replacing nhe during shutdown Prevent null pointer dereference 9.0.1 Bug Fixes bgpd Add peers back to peer hash when peer_xfer_conn fails Check the length of the rcv software version Do not explicitly print maxttl value for ebgp-multihop vty output Do not process nlris if the attribute length is zero Don't read the first byte of orf header if we are ahead of stream Evpn code was not properly unlocking rd_dest Fix show bgp all rpki notfound Make sure we have enough data to read two bytes when validating aigp Use treat-as-withdraw for tunnel encapsulation attribute zebra Fix evpn nexthop config order lib Allow unsetting walltime-warning and cpu-warning ospfd Prevent use after free( and crash of ospf ) when no router ospf pimd Prevent crash when receiving register message when the rp() is unknown When receiving a packet be more careful with length in pim_pim_packet vtysh Print uniq lines when parsing no service ... 8.5.4 Fixed CVE-2023-47235 More details: https://frrouting.org/security/cve-2023-47235 Bug Fixes bgpd Check mandatory attributes more carefully for the UPDATE message Do not suppress conditional advertisement updates if triggered Fix crash in SNMP BGP4V2-MIB bgpv2PeerErrorsTable() Handle MP_UNREACH_NLRI malformed packets with session reset Ignore handling NLRIs if we received the MP_UNREACH_NLRI attribute Initialise timebuf arrays to zeros for dampening reuse timer Initialise buffer in bgp_notify_admin_message() before using it Make sure dampening is enabled for the specified AFI/SAFI Use proper AFI when dumping information for dampening stuff Treat EOR as withdrawn to avoid unwanted handling of malformed attrs eigrpd Use the correct memory pool on interface deletion vtysh Fix show route map JSON output ospfd Fix infinite loop when listing OSPF interfaces pbrd Fix show pbr map detail json output zebra Add encap type when building packet for FPM Display ptmStatus order in interface JSON Fix connected route deletion when multiple entry exists Fix FPM multipath encap addition Fix link update for veth interfaces Fix zebra crash when replacing nhe during shutdown Prevent null pointer dereference 8.5.3 Bug Fixes bgpd Add peers back to peer hash when peer_xfer_conn fails Do not explicitly print maxttl value for ebgp-multihop vty output Do not process nlris if the attribute length is zero Do not try to redistribute routes if we are shutting down Don't read the first byte of orf header if we are ahead of stream Evpn code was not properly unlocking rd_dest Fix show bgp all rpki notfound Fix session reset issue caused by malformed core attributes Free bgp vpn policy Free previously dup'ed aspath attribute for aggregate routes Free temporary memory after using argv_concat() Intern attributes before putting into rib-out Make sure we have enough data to read two bytes when validating aigp Prevent use after free Rfapi memleak fixes, clean ce tables at exit Unlock dest if we return earlier for aggregate install Use treat-as-withdraw for tunnel encapsulation attribute zebra Fix evpn nexthop config order Abstract dplane_ctx_route_init to init route without copying Fix crash when dplane_fpm_nl fails to process received routes Further handle route replace semantics Fix command ipv6 nht xxx lib Allow unsetting walltime-warning and cpu-warning Skip route-map optimization if !af_inet(6) Use max_bitlen instead of magic number ospf6d Fix crash because neighbor structure was freed Stop crash in ospf6_write ospfd Check for nulls in vty code Prevent use after free( and crash of ospf ) when no router ospf pbrd Fix crash with match command pimd Prevent crash when receiving register message when the rp() is unknown When receiving a packet be more careful with length in pim_pim_packet ripd, ripngd Revert "Cleanup memory allocations on shutdown" tools Add what frr thinks as the fib routes for support_bundle vtysh Print uniq lines when parsing no service ... Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/frr | 28 ++++++++++++++++++++++++++-- lfs/frr | 8 ++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/packages/frr b/config/rootfiles/packages/frr index 092460ff6..92b31ffe9 100644 --- a/config/rootfiles/packages/frr +++ b/config/rootfiles/packages/frr @@ -1,7 +1,10 @@ etc/rc.d/init.d/frr usr/bin/vtysh #usr/include/frr +#usr/include/frr/admin_group.h +#usr/include/frr/affinitymap.h #usr/include/frr/agg_table.h +#usr/include/frr/asn.h #usr/include/frr/assert.h #usr/include/frr/atomlist.h #usr/include/frr/base64.h @@ -17,6 +20,7 @@ usr/bin/vtysh #usr/include/frr/compiler.h #usr/include/frr/cspf.h #usr/include/frr/csv.h +#usr/include/frr/darr.h #usr/include/frr/db.h #usr/include/frr/debug.h #usr/include/frr/defaults.h @@ -27,14 +31,15 @@ usr/bin/vtysh #usr/include/frr/eigrpd/eigrpd.h #usr/include/frr/ferr.h #usr/include/frr/filter.h +#usr/include/frr/flex_algo.h #usr/include/frr/freebsd-queue.h #usr/include/frr/frr_pthread.h #usr/include/frr/frratomic.h #usr/include/frr/frrcu.h +#usr/include/frr/frrevent.h #usr/include/frr/frrlua.h #usr/include/frr/frrscript.h #usr/include/frr/frrstr.h -#usr/include/frr/getopt.h #usr/include/frr/graph.h #usr/include/frr/hash.h #usr/include/frr/hook.h @@ -44,6 +49,7 @@ usr/bin/vtysh #usr/include/frr/if_rmap.h #usr/include/frr/imsg.h #usr/include/frr/ipaddr.h +#usr/include/frr/iso.h #usr/include/frr/jhash.h #usr/include/frr/json.h #usr/include/frr/keychain.h @@ -59,6 +65,13 @@ usr/bin/vtysh #usr/include/frr/log_vty.h #usr/include/frr/md5.h #usr/include/frr/memory.h +#usr/include/frr/mgmt.pb-c.h +#usr/include/frr/mgmt_be_client.h +#usr/include/frr/mgmt_fe_client.h +#usr/include/frr/mgmt_msg.h +#usr/include/frr/mgmt_pb.h +#usr/include/frr/mgmtd +#usr/include/frr/mgmtd/mgmt_defines.h #usr/include/frr/mlag.h #usr/include/frr/module.h #usr/include/frr/monotime.h @@ -101,6 +114,7 @@ usr/bin/vtysh #usr/include/frr/routemap.h #usr/include/frr/routing_nb.h #usr/include/frr/sbuf.h +#usr/include/frr/segment_routing.h #usr/include/frr/seqlock.h #usr/include/frr/sha256.h #usr/include/frr/sigevent.h @@ -117,7 +131,6 @@ usr/bin/vtysh #usr/include/frr/table.h #usr/include/frr/tc.h #usr/include/frr/termtable.h -#usr/include/frr/thread.h #usr/include/frr/trace.h #usr/include/frr/typerb.h #usr/include/frr/typesafe.h @@ -154,10 +167,18 @@ usr/bin/vtysh #usr/lib/libfrr.so usr/lib/libfrr.so.0 usr/lib/libfrr.so.0.0.0 +#usr/lib/libfrr_pb.la +#usr/lib/libfrr_pb.so +usr/lib/libfrr_pb.so.0 +usr/lib/libfrr_pb.so.0.0.0 #usr/lib/libfrrcares.la #usr/lib/libfrrcares.so usr/lib/libfrrcares.so.0 usr/lib/libfrrcares.so.0.0.0 +#usr/lib/libmgmt_be_nb.la +#usr/lib/libmgmt_be_nb.so +usr/lib/libmgmt_be_nb.so.0 +usr/lib/libmgmt_be_nb.so.0.0.0 usr/sbin/bgpd usr/sbin/fabricd usr/sbin/frr @@ -167,6 +188,7 @@ usr/sbin/frr_babeltrace.py usr/sbin/frrcommon.sh usr/sbin/frrinit.sh usr/sbin/generate_support_bundle.py +usr/sbin/mgmtd usr/sbin/ospfd usr/sbin/pathd usr/sbin/pim6d @@ -176,6 +198,7 @@ usr/sbin/vrrpd usr/sbin/watchfrr usr/sbin/watchfrr.sh usr/sbin/zebra +#usr/share/yang/frr-affinity-map.yang #usr/share/yang/frr-bgp-bmp.yang #usr/share/yang/frr-bgp-common-multiprotocol.yang #usr/share/yang/frr-bgp-common-structure.yang @@ -189,6 +212,7 @@ usr/sbin/zebra #usr/share/yang/frr-bgp.yang #usr/share/yang/frr-deviations-bgp-datacenter.yang #usr/share/yang/frr-filter.yang +#usr/share/yang/frr-if-rmap.yang #usr/share/yang/frr-interface.yang #usr/share/yang/frr-module-translator.yang #usr/share/yang/frr-nexthop.yang diff --git a/lfs/frr b/lfs/frr index e61df8421..a1555af64 100644 --- a/lfs/frr +++ b/lfs/frr @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = FRRouting Routing daemon -VER = 8.5.2 +VER = 9.1 THISAPP = frr-frr-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 6 +PAK_VER = 7 DEPS = elfutils @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2e2aca4e42757f66c9ca4725826c6cc1d611930490eed2a175ca5b56910f2c09a9d842b2a9370a64a9fdac6a6314bd4573be609d14dbf956049d9fbf49310404 +$(DL_FILE)_BLAKE2 = ba64f9455c38441f8cadce4eed435fb86344244e98bd1b675335887fb098be29adc035d722d3c128e136a4c6b0aa1adcbdc0e22815702e52170da940a5caf20a install : $(TARGET) From 09b48ccee80402db682fed7117128c49052be525 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 24 Jan 2024 22:09:41 +0100 Subject: [PATCH 040/140] libyang: Update to version 2.1.148 - Update from version 2.1.4 to 2.1.148 - Update of rootfile - Minimum version of 2.1.128 will be required in a future frr release and currently needs to be a minimum of 2.1.80 but not 2.1.111 - Changelog 2.1.148 Main changes of this release are: lots of bugfixes and improvements in various parts of the library 2.1.128 Main changes of this release are: revert of identityref canonical value change the identity always printed with the module name as the prefix data tree and hash table optimizations opaque node handling fixes and improvements lots of other bug fixes 2.1.111 Main changes of this release are: opaque node parsing improved native RESTCONF operation parsing support union value error reporting improved new yanglint and yangre tests optional support for leafref with XPath functions lots of other fixes and improvements 2.1.80 Main changes of this release are: RESTCONF message parsing JSON parser refactor timezone DST handling public hash table API stored union value bugfix many other clarifications, improvements, and bugfixes 2.1.55 Main changes of this release are: type compilation fixes multi-error validation support JSON parser fixes portability improvements schema-mount support improvements minor optimizations other minor fixes 2.1.30 Main changes of this release are: many JSON printer/parser fixes and improvements unintentionally large library size reduced thread safety improvements big-endian compatibility fix uncrustify updated lots of other fixes and improvements Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/libyang | 3 ++- lfs/libyang | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libyang b/config/rootfiles/common/libyang index b0dd54cda..f06340422 100644 --- a/config/rootfiles/common/libyang +++ b/config/rootfiles/common/libyang @@ -4,6 +4,7 @@ #usr/include/libyang/config.h #usr/include/libyang/context.h #usr/include/libyang/dict.h +#usr/include/libyang/hash_table.h #usr/include/libyang/in.h #usr/include/libyang/libyang.h #usr/include/libyang/log.h @@ -24,7 +25,7 @@ #usr/include/libyang/version.h #usr/lib/libyang.so usr/lib/libyang.so.2 -usr/lib/libyang.so.2.25.4 +usr/lib/libyang.so.2.46.3 #usr/lib/pkgconfig/libyang.pc #usr/share/man/man1/yanglint.1 #usr/share/man/man1/yangre.1 diff --git a/lfs/libyang b/lfs/libyang index ae807fa8a..49163a44d 100644 --- a/lfs/libyang +++ b/lfs/libyang @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.1.4 +VER = 2.1.148 THISAPP = libyang-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0322d5c9003b4ae49a91da981c3c7063ebc783c1ddc964b9ec89a1f75f512fadda1664a8e2add63a81ed694bd10dda1fcdc70f7a31cc947b2835d210e8e454f5 +$(DL_FILE)_BLAKE2 = e955958319a4ad8c241720c3a425ab2a298916b8ba34e91ff2b43bafaae65fb0d41c904af894d3c5025ab253a40cb6f4732137b195169785628f6cedeb054acb install : $(TARGET) From 4492b4622c56132be863006ffbc9e50bb283a42c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 24 Jan 2024 22:09:42 +0100 Subject: [PATCH 041/140] protobuf-c: New build dependency for frr Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/protobuf-c | 13 +++++ lfs/protobuf-c | 78 ++++++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 92 insertions(+) create mode 100644 config/rootfiles/common/protobuf-c create mode 100644 lfs/protobuf-c mode change 100755 => 100644 make.sh diff --git a/config/rootfiles/common/protobuf-c b/config/rootfiles/common/protobuf-c new file mode 100644 index 000000000..56e6a2362 --- /dev/null +++ b/config/rootfiles/common/protobuf-c @@ -0,0 +1,13 @@ +#usr/bin/protoc-c +#usr/bin/protoc-gen-c +#usr/include/google/protobuf-c +#usr/include/google/protobuf-c/protobuf-c.h +#usr/include/protobuf-c +#usr/include/protobuf-c/protobuf-c.h +#usr/include/protobuf-c/protobuf-c.proto +#usr/lib/libprotobuf-c.a +#usr/lib/libprotobuf-c.la +#usr/lib/libprotobuf-c.so +#usr/lib/libprotobuf-c.so.1 +#usr/lib/libprotobuf-c.so.1.0.0 +#usr/lib/pkgconfig/libprotobuf-c.pc diff --git a/lfs/protobuf-c b/lfs/protobuf-c new file mode 100644 index 000000000..2c3128f35 --- /dev/null +++ b/lfs/protobuf-c @@ -0,0 +1,78 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.5.0 + +THISAPP = protobuf-c-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 7b428655901f4fd74b67b75419552e7c02065a5291aed4dcc1d55b98c986caa9ccf846eb5e98e0954420c3e5bea559b0078843e00daa7b5c63465eec21e28204 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh old mode 100755 new mode 100644 index 7877a642c..183d4a535 --- a/make.sh +++ b/make.sh @@ -1648,6 +1648,7 @@ buildipfire() { lfsmake2 dnsdist lfsmake2 bird lfsmake2 libyang + lfsmake2 protobuf-c lfsmake2 frr lfsmake2 dmidecode lfsmake2 mcelog From 27ff7667519829c24c88c3b6ed5dd8f53010db5d Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 24 Jan 2024 22:09:43 +0100 Subject: [PATCH 042/140] protobuf: New build dependency for protobuf-c - protobuf required for protobuf-c which is new build dependency for frr Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/protobuf | 288 +++++++++++++++++++++++++++++++ lfs/protobuf | 81 +++++++++ make.sh | 1 + 3 files changed, 370 insertions(+) create mode 100644 config/rootfiles/common/protobuf create mode 100644 lfs/protobuf diff --git a/config/rootfiles/common/protobuf b/config/rootfiles/common/protobuf new file mode 100644 index 000000000..d3aa47718 --- /dev/null +++ b/config/rootfiles/common/protobuf @@ -0,0 +1,288 @@ +#usr/bin/protoc +#usr/bin/protoc-25.2.0 +#usr/include/google +#usr/include/google/protobuf +#usr/include/google/protobuf/any.h +#usr/include/google/protobuf/any.pb.h +#usr/include/google/protobuf/any.proto +#usr/include/google/protobuf/api.pb.h +#usr/include/google/protobuf/api.proto +#usr/include/google/protobuf/arena.h +#usr/include/google/protobuf/arena_align.h +#usr/include/google/protobuf/arena_allocation_policy.h +#usr/include/google/protobuf/arena_cleanup.h +#usr/include/google/protobuf/arenastring.h +#usr/include/google/protobuf/arenaz_sampler.h +#usr/include/google/protobuf/compiler +#usr/include/google/protobuf/compiler/allowlists +#usr/include/google/protobuf/compiler/allowlists/allowlist.h +#usr/include/google/protobuf/compiler/allowlists/allowlists.h +#usr/include/google/protobuf/compiler/code_generator.h +#usr/include/google/protobuf/compiler/command_line_interface.h +#usr/include/google/protobuf/compiler/cpp +#usr/include/google/protobuf/compiler/cpp/enum.h +#usr/include/google/protobuf/compiler/cpp/extension.h +#usr/include/google/protobuf/compiler/cpp/field.h +#usr/include/google/protobuf/compiler/cpp/field_generators +#usr/include/google/protobuf/compiler/cpp/field_generators/generators.h +#usr/include/google/protobuf/compiler/cpp/file.h +#usr/include/google/protobuf/compiler/cpp/generator.h +#usr/include/google/protobuf/compiler/cpp/helpers.h +#usr/include/google/protobuf/compiler/cpp/message.h +#usr/include/google/protobuf/compiler/cpp/message_layout_helper.h +#usr/include/google/protobuf/compiler/cpp/names.h +#usr/include/google/protobuf/compiler/cpp/options.h +#usr/include/google/protobuf/compiler/cpp/padding_optimizer.h +#usr/include/google/protobuf/compiler/cpp/parse_function_generator.h +#usr/include/google/protobuf/compiler/cpp/service.h +#usr/include/google/protobuf/compiler/cpp/tracker.h +#usr/include/google/protobuf/compiler/csharp +#usr/include/google/protobuf/compiler/csharp/csharp_doc_comment.h +#usr/include/google/protobuf/compiler/csharp/csharp_enum.h +#usr/include/google/protobuf/compiler/csharp/csharp_enum_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_field_base.h +#usr/include/google/protobuf/compiler/csharp/csharp_generator.h +#usr/include/google/protobuf/compiler/csharp/csharp_helpers.h +#usr/include/google/protobuf/compiler/csharp/csharp_map_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_message.h +#usr/include/google/protobuf/compiler/csharp/csharp_message_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_options.h +#usr/include/google/protobuf/compiler/csharp/csharp_primitive_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_reflection_class.h +#usr/include/google/protobuf/compiler/csharp/csharp_repeated_enum_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_repeated_message_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_repeated_primitive_field.h +#usr/include/google/protobuf/compiler/csharp/csharp_source_generator_base.h +#usr/include/google/protobuf/compiler/csharp/csharp_wrapper_field.h +#usr/include/google/protobuf/compiler/csharp/names.h +#usr/include/google/protobuf/compiler/importer.h +#usr/include/google/protobuf/compiler/java +#usr/include/google/protobuf/compiler/java/context.h +#usr/include/google/protobuf/compiler/java/doc_comment.h +#usr/include/google/protobuf/compiler/java/enum.h +#usr/include/google/protobuf/compiler/java/enum_field.h +#usr/include/google/protobuf/compiler/java/enum_field_lite.h +#usr/include/google/protobuf/compiler/java/enum_lite.h +#usr/include/google/protobuf/compiler/java/extension.h +#usr/include/google/protobuf/compiler/java/extension_lite.h +#usr/include/google/protobuf/compiler/java/field.h +#usr/include/google/protobuf/compiler/java/file.h +#usr/include/google/protobuf/compiler/java/generator.h +#usr/include/google/protobuf/compiler/java/generator_factory.h +#usr/include/google/protobuf/compiler/java/helpers.h +#usr/include/google/protobuf/compiler/java/java_features.pb.h +#usr/include/google/protobuf/compiler/java/kotlin_generator.h +#usr/include/google/protobuf/compiler/java/map_field.h +#usr/include/google/protobuf/compiler/java/map_field_lite.h +#usr/include/google/protobuf/compiler/java/message.h +#usr/include/google/protobuf/compiler/java/message_builder.h +#usr/include/google/protobuf/compiler/java/message_builder_lite.h +#usr/include/google/protobuf/compiler/java/message_field.h +#usr/include/google/protobuf/compiler/java/message_field_lite.h +#usr/include/google/protobuf/compiler/java/message_lite.h +#usr/include/google/protobuf/compiler/java/message_serialization.h +#usr/include/google/protobuf/compiler/java/name_resolver.h +#usr/include/google/protobuf/compiler/java/names.h +#usr/include/google/protobuf/compiler/java/options.h +#usr/include/google/protobuf/compiler/java/primitive_field.h +#usr/include/google/protobuf/compiler/java/primitive_field_lite.h +#usr/include/google/protobuf/compiler/java/service.h +#usr/include/google/protobuf/compiler/java/shared_code_generator.h +#usr/include/google/protobuf/compiler/java/string_field.h +#usr/include/google/protobuf/compiler/java/string_field_lite.h +#usr/include/google/protobuf/compiler/objectivec +#usr/include/google/protobuf/compiler/objectivec/enum.h +#usr/include/google/protobuf/compiler/objectivec/enum_field.h +#usr/include/google/protobuf/compiler/objectivec/extension.h +#usr/include/google/protobuf/compiler/objectivec/field.h +#usr/include/google/protobuf/compiler/objectivec/file.h +#usr/include/google/protobuf/compiler/objectivec/generator.h +#usr/include/google/protobuf/compiler/objectivec/helpers.h +#usr/include/google/protobuf/compiler/objectivec/import_writer.h +#usr/include/google/protobuf/compiler/objectivec/line_consumer.h +#usr/include/google/protobuf/compiler/objectivec/map_field.h +#usr/include/google/protobuf/compiler/objectivec/message.h +#usr/include/google/protobuf/compiler/objectivec/message_field.h +#usr/include/google/protobuf/compiler/objectivec/names.h +#usr/include/google/protobuf/compiler/objectivec/nsobject_methods.h +#usr/include/google/protobuf/compiler/objectivec/oneof.h +#usr/include/google/protobuf/compiler/objectivec/options.h +#usr/include/google/protobuf/compiler/objectivec/primitive_field.h +#usr/include/google/protobuf/compiler/objectivec/text_format_decode_data.h +#usr/include/google/protobuf/compiler/parser.h +#usr/include/google/protobuf/compiler/php +#usr/include/google/protobuf/compiler/php/names.h +#usr/include/google/protobuf/compiler/php/php_generator.h +#usr/include/google/protobuf/compiler/plugin.h +#usr/include/google/protobuf/compiler/plugin.pb.h +#usr/include/google/protobuf/compiler/plugin.proto +#usr/include/google/protobuf/compiler/python +#usr/include/google/protobuf/compiler/python/generator.h +#usr/include/google/protobuf/compiler/python/helpers.h +#usr/include/google/protobuf/compiler/python/pyi_generator.h +#usr/include/google/protobuf/compiler/retention.h +#usr/include/google/protobuf/compiler/ruby +#usr/include/google/protobuf/compiler/ruby/ruby_generator.h +#usr/include/google/protobuf/compiler/rust +#usr/include/google/protobuf/compiler/rust/accessors +#usr/include/google/protobuf/compiler/rust/accessors/accessor_generator.h +#usr/include/google/protobuf/compiler/rust/accessors/accessors.h +#usr/include/google/protobuf/compiler/rust/context.h +#usr/include/google/protobuf/compiler/rust/generator.h +#usr/include/google/protobuf/compiler/rust/message.h +#usr/include/google/protobuf/compiler/rust/naming.h +#usr/include/google/protobuf/compiler/rust/oneof.h +#usr/include/google/protobuf/compiler/rust/relative_path.h +#usr/include/google/protobuf/compiler/scc.h +#usr/include/google/protobuf/compiler/subprocess.h +#usr/include/google/protobuf/compiler/versions.h +#usr/include/google/protobuf/compiler/versions_suffix.h +#usr/include/google/protobuf/compiler/zip_writer.h +#usr/include/google/protobuf/cpp_edition_defaults.h +#usr/include/google/protobuf/cpp_features.pb.h +#usr/include/google/protobuf/cpp_features.proto +#usr/include/google/protobuf/descriptor.h +#usr/include/google/protobuf/descriptor.pb.h +#usr/include/google/protobuf/descriptor.proto +#usr/include/google/protobuf/descriptor_database.h +#usr/include/google/protobuf/descriptor_legacy.h +#usr/include/google/protobuf/descriptor_visitor.h +#usr/include/google/protobuf/duration.pb.h +#usr/include/google/protobuf/duration.proto +#usr/include/google/protobuf/dynamic_message.h +#usr/include/google/protobuf/empty.pb.h +#usr/include/google/protobuf/empty.proto +#usr/include/google/protobuf/endian.h +#usr/include/google/protobuf/explicitly_constructed.h +#usr/include/google/protobuf/extension_set.h +#usr/include/google/protobuf/extension_set_inl.h +#usr/include/google/protobuf/feature_resolver.h +#usr/include/google/protobuf/field_access_listener.h +#usr/include/google/protobuf/field_mask.pb.h +#usr/include/google/protobuf/field_mask.proto +#usr/include/google/protobuf/generated_enum_reflection.h +#usr/include/google/protobuf/generated_enum_util.h +#usr/include/google/protobuf/generated_message_bases.h +#usr/include/google/protobuf/generated_message_reflection.h +#usr/include/google/protobuf/generated_message_tctable_decl.h +#usr/include/google/protobuf/generated_message_tctable_gen.h +#usr/include/google/protobuf/generated_message_tctable_impl.h +#usr/include/google/protobuf/generated_message_util.h +#usr/include/google/protobuf/has_bits.h +#usr/include/google/protobuf/implicit_weak_message.h +#usr/include/google/protobuf/inlined_string_field.h +#usr/include/google/protobuf/internal_message_util.h +#usr/include/google/protobuf/internal_visibility.h +#usr/include/google/protobuf/io +#usr/include/google/protobuf/io/coded_stream.h +#usr/include/google/protobuf/io/gzip_stream.h +#usr/include/google/protobuf/io/io_win32.h +#usr/include/google/protobuf/io/printer.h +#usr/include/google/protobuf/io/strtod.h +#usr/include/google/protobuf/io/tokenizer.h +#usr/include/google/protobuf/io/zero_copy_sink.h +#usr/include/google/protobuf/io/zero_copy_stream.h +#usr/include/google/protobuf/io/zero_copy_stream_impl.h +#usr/include/google/protobuf/io/zero_copy_stream_impl_lite.h +#usr/include/google/protobuf/json +#usr/include/google/protobuf/json/internal +#usr/include/google/protobuf/json/internal/descriptor_traits.h +#usr/include/google/protobuf/json/internal/lexer.h +#usr/include/google/protobuf/json/internal/message_path.h +#usr/include/google/protobuf/json/internal/parser.h +#usr/include/google/protobuf/json/internal/parser_traits.h +#usr/include/google/protobuf/json/internal/unparser.h +#usr/include/google/protobuf/json/internal/unparser_traits.h +#usr/include/google/protobuf/json/internal/untyped_message.h +#usr/include/google/protobuf/json/internal/writer.h +#usr/include/google/protobuf/json/internal/zero_copy_buffered_stream.h +#usr/include/google/protobuf/json/json.h +#usr/include/google/protobuf/map.h +#usr/include/google/protobuf/map_entry.h +#usr/include/google/protobuf/map_field.h +#usr/include/google/protobuf/map_field_inl.h +#usr/include/google/protobuf/map_field_lite.h +#usr/include/google/protobuf/map_type_handler.h +#usr/include/google/protobuf/message.h +#usr/include/google/protobuf/message_lite.h +#usr/include/google/protobuf/metadata.h +#usr/include/google/protobuf/metadata_lite.h +#usr/include/google/protobuf/parse_context.h +#usr/include/google/protobuf/port.h +#usr/include/google/protobuf/port_def.inc +#usr/include/google/protobuf/port_undef.inc +#usr/include/google/protobuf/raw_ptr.h +#usr/include/google/protobuf/reflection.h +#usr/include/google/protobuf/reflection_internal.h +#usr/include/google/protobuf/reflection_mode.h +#usr/include/google/protobuf/reflection_ops.h +#usr/include/google/protobuf/repeated_field.h +#usr/include/google/protobuf/repeated_ptr_field.h +#usr/include/google/protobuf/serial_arena.h +#usr/include/google/protobuf/service.h +#usr/include/google/protobuf/source_context.pb.h +#usr/include/google/protobuf/source_context.proto +#usr/include/google/protobuf/string_block.h +#usr/include/google/protobuf/struct.pb.h +#usr/include/google/protobuf/struct.proto +#usr/include/google/protobuf/stubs +#usr/include/google/protobuf/stubs/callback.h +#usr/include/google/protobuf/stubs/common.h +#usr/include/google/protobuf/stubs/platform_macros.h +#usr/include/google/protobuf/stubs/port.h +#usr/include/google/protobuf/stubs/status_macros.h +#usr/include/google/protobuf/text_format.h +#usr/include/google/protobuf/thread_safe_arena.h +#usr/include/google/protobuf/timestamp.pb.h +#usr/include/google/protobuf/timestamp.proto +#usr/include/google/protobuf/type.pb.h +#usr/include/google/protobuf/type.proto +#usr/include/google/protobuf/unknown_field_set.h +#usr/include/google/protobuf/util +#usr/include/google/protobuf/util/delimited_message_util.h +#usr/include/google/protobuf/util/field_comparator.h +#usr/include/google/protobuf/util/field_mask_util.h +#usr/include/google/protobuf/util/json_util.h +#usr/include/google/protobuf/util/message_differencer.h +#usr/include/google/protobuf/util/time_util.h +#usr/include/google/protobuf/util/type_resolver.h +#usr/include/google/protobuf/util/type_resolver_util.h +#usr/include/google/protobuf/varint_shuffle.h +#usr/include/google/protobuf/wire_format.h +#usr/include/google/protobuf/wire_format_lite.h +#usr/include/google/protobuf/wrappers.pb.h +#usr/include/google/protobuf/wrappers.proto +#usr/include/java +#usr/include/java/core +#usr/include/java/core/src +#usr/include/java/core/src/main +#usr/include/java/core/src/main/java +#usr/include/java/core/src/main/java/com +#usr/include/java/core/src/main/java/com/google +#usr/include/java/core/src/main/java/com/google/protobuf +#usr/include/java/core/src/main/java/com/google/protobuf/java_features.proto +#usr/include/utf8_range.h +#usr/include/utf8_validity.h +#usr/lib/cmake/protobuf +#usr/lib/cmake/protobuf/protobuf-config-version.cmake +#usr/lib/cmake/protobuf/protobuf-config.cmake +#usr/lib/cmake/protobuf/protobuf-generate.cmake +#usr/lib/cmake/protobuf/protobuf-module.cmake +#usr/lib/cmake/protobuf/protobuf-options.cmake +#usr/lib/cmake/protobuf/protobuf-targets-noconfig.cmake +#usr/lib/cmake/protobuf/protobuf-targets.cmake +#usr/lib/cmake/utf8_range +#usr/lib/cmake/utf8_range/utf8_range-config.cmake +#usr/lib/cmake/utf8_range/utf8_range-targets-noconfig.cmake +#usr/lib/cmake/utf8_range/utf8_range-targets.cmake +#usr/lib/libprotobuf-lite.so +#usr/lib/libprotobuf-lite.so.25.2.0 +#usr/lib/libprotobuf.so +#usr/lib/libprotobuf.so.25.2.0 +#usr/lib/libprotoc.so +#usr/lib/libprotoc.so.25.2.0 +#usr/lib/libutf8_range.a +#usr/lib/libutf8_validity.a +#usr/lib/pkgconfig/protobuf-lite.pc +#usr/lib/pkgconfig/protobuf.pc +#usr/lib/pkgconfig/utf8_range.pc diff --git a/lfs/protobuf b/lfs/protobuf new file mode 100644 index 000000000..5258fc192 --- /dev/null +++ b/lfs/protobuf @@ -0,0 +1,81 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 25.2 + +THISAPP = protobuf-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 1ee7a48d3a481f523ff240c79e8cacb39b6a7e2c671279812cbffd5ce9be595034461fba41f03bed363133118c1b92bd14bcfd8c4e46ac6368e6407a23fb02ea + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && cmake . \ + -D CMAKE_INSTALL_PREFIX=/usr \ + -D protobuf_BUILD_TESTS=OFF \ + -D protobuf_BUILD_SHARED_LIBS=ON \ + -D protobuf_ABSL_PROVIDER=package + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 183d4a535..9405d497e 100644 --- a/make.sh +++ b/make.sh @@ -1648,6 +1648,7 @@ buildipfire() { lfsmake2 dnsdist lfsmake2 bird lfsmake2 libyang + lfsmake2 protobuf lfsmake2 protobuf-c lfsmake2 frr lfsmake2 dmidecode From 897fecc8df3a09195ed26a2bdf5d4607f492eafd Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 24 Jan 2024 22:09:44 +0100 Subject: [PATCH 043/140] abseil-cpp: New build dependency for protobuf - abseil-cpp required to build protobuf which is required for protobuf-c which is new build dependency for frr Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/abseil-cpp | 857 +++++++++++++++++++++++++++++ lfs/abseil-cpp | 79 +++ make.sh | 1 + 3 files changed, 937 insertions(+) create mode 100644 config/rootfiles/common/abseil-cpp create mode 100644 lfs/abseil-cpp mode change 100644 => 100755 make.sh diff --git a/config/rootfiles/common/abseil-cpp b/config/rootfiles/common/abseil-cpp new file mode 100644 index 000000000..6566e1bd0 --- /dev/null +++ b/config/rootfiles/common/abseil-cpp @@ -0,0 +1,857 @@ +#usr/include/absl +#usr/include/absl/CMakeFiles +#usr/include/absl/algorithm +#usr/include/absl/algorithm/CMakeFiles +#usr/include/absl/algorithm/algorithm.h +#usr/include/absl/algorithm/container.h +#usr/include/absl/base +#usr/include/absl/base/CMakeFiles +#usr/include/absl/base/CMakeFiles/base.dir +#usr/include/absl/base/CMakeFiles/base.dir/internal +#usr/include/absl/base/CMakeFiles/log_severity.dir +#usr/include/absl/base/CMakeFiles/malloc_internal.dir +#usr/include/absl/base/CMakeFiles/malloc_internal.dir/internal +#usr/include/absl/base/CMakeFiles/raw_logging_internal.dir +#usr/include/absl/base/CMakeFiles/raw_logging_internal.dir/internal +#usr/include/absl/base/CMakeFiles/scoped_set_env.dir +#usr/include/absl/base/CMakeFiles/scoped_set_env.dir/internal +#usr/include/absl/base/CMakeFiles/spinlock_wait.dir +#usr/include/absl/base/CMakeFiles/spinlock_wait.dir/internal +#usr/include/absl/base/CMakeFiles/strerror.dir +#usr/include/absl/base/CMakeFiles/strerror.dir/internal +#usr/include/absl/base/CMakeFiles/throw_delegate.dir +#usr/include/absl/base/CMakeFiles/throw_delegate.dir/internal +#usr/include/absl/base/attributes.h +#usr/include/absl/base/call_once.h +#usr/include/absl/base/casts.h +#usr/include/absl/base/config.h +#usr/include/absl/base/const_init.h +#usr/include/absl/base/dynamic_annotations.h +#usr/include/absl/base/internal +#usr/include/absl/base/internal/atomic_hook.h +#usr/include/absl/base/internal/atomic_hook_test_helper.h +#usr/include/absl/base/internal/cycleclock.h +#usr/include/absl/base/internal/cycleclock_config.h +#usr/include/absl/base/internal/direct_mmap.h +#usr/include/absl/base/internal/dynamic_annotations.h +#usr/include/absl/base/internal/endian.h +#usr/include/absl/base/internal/errno_saver.h +#usr/include/absl/base/internal/exception_safety_testing.h +#usr/include/absl/base/internal/exception_testing.h +#usr/include/absl/base/internal/fast_type_id.h +#usr/include/absl/base/internal/hide_ptr.h +#usr/include/absl/base/internal/identity.h +#usr/include/absl/base/internal/inline_variable.h +#usr/include/absl/base/internal/inline_variable_testing.h +#usr/include/absl/base/internal/invoke.h +#usr/include/absl/base/internal/low_level_alloc.h +#usr/include/absl/base/internal/low_level_scheduling.h +#usr/include/absl/base/internal/nullability_impl.h +#usr/include/absl/base/internal/per_thread_tls.h +#usr/include/absl/base/internal/prefetch.h +#usr/include/absl/base/internal/pretty_function.h +#usr/include/absl/base/internal/raw_logging.h +#usr/include/absl/base/internal/scheduling_mode.h +#usr/include/absl/base/internal/scoped_set_env.h +#usr/include/absl/base/internal/spinlock.h +#usr/include/absl/base/internal/spinlock_akaros.inc +#usr/include/absl/base/internal/spinlock_linux.inc +#usr/include/absl/base/internal/spinlock_posix.inc +#usr/include/absl/base/internal/spinlock_wait.h +#usr/include/absl/base/internal/spinlock_win32.inc +#usr/include/absl/base/internal/strerror.h +#usr/include/absl/base/internal/sysinfo.h +#usr/include/absl/base/internal/thread_annotations.h +#usr/include/absl/base/internal/thread_identity.h +#usr/include/absl/base/internal/throw_delegate.h +#usr/include/absl/base/internal/tsan_mutex_interface.h +#usr/include/absl/base/internal/unaligned_access.h +#usr/include/absl/base/internal/unscaledcycleclock.h +#usr/include/absl/base/internal/unscaledcycleclock_config.h +#usr/include/absl/base/log_severity.h +#usr/include/absl/base/macros.h +#usr/include/absl/base/nullability.h +#usr/include/absl/base/optimization.h +#usr/include/absl/base/options.h +#usr/include/absl/base/policy_checks.h +#usr/include/absl/base/port.h +#usr/include/absl/base/prefetch.h +#usr/include/absl/base/thread_annotations.h +#usr/include/absl/cleanup +#usr/include/absl/cleanup/CMakeFiles +#usr/include/absl/cleanup/cleanup.h +#usr/include/absl/cleanup/internal +#usr/include/absl/cleanup/internal/cleanup.h +#usr/include/absl/container +#usr/include/absl/container/CMakeFiles +#usr/include/absl/container/CMakeFiles/hashtablez_sampler.dir +#usr/include/absl/container/CMakeFiles/hashtablez_sampler.dir/internal +#usr/include/absl/container/CMakeFiles/raw_hash_set.dir +#usr/include/absl/container/CMakeFiles/raw_hash_set.dir/internal +#usr/include/absl/container/btree_map.h +#usr/include/absl/container/btree_set.h +#usr/include/absl/container/btree_test.h +#usr/include/absl/container/fixed_array.h +#usr/include/absl/container/flat_hash_map.h +#usr/include/absl/container/flat_hash_set.h +#usr/include/absl/container/inlined_vector.h +#usr/include/absl/container/internal +#usr/include/absl/container/internal/btree.h +#usr/include/absl/container/internal/btree_container.h +#usr/include/absl/container/internal/common.h +#usr/include/absl/container/internal/common_policy_traits.h +#usr/include/absl/container/internal/compressed_tuple.h +#usr/include/absl/container/internal/container_memory.h +#usr/include/absl/container/internal/counting_allocator.h +#usr/include/absl/container/internal/hash_function_defaults.h +#usr/include/absl/container/internal/hash_generator_testing.h +#usr/include/absl/container/internal/hash_policy_testing.h +#usr/include/absl/container/internal/hash_policy_traits.h +#usr/include/absl/container/internal/hashtable_debug.h +#usr/include/absl/container/internal/hashtable_debug_hooks.h +#usr/include/absl/container/internal/hashtablez_sampler.h +#usr/include/absl/container/internal/inlined_vector.h +#usr/include/absl/container/internal/layout.h +#usr/include/absl/container/internal/node_slot_policy.h +#usr/include/absl/container/internal/raw_hash_map.h +#usr/include/absl/container/internal/raw_hash_set.h +#usr/include/absl/container/internal/test_instance_tracker.h +#usr/include/absl/container/internal/tracked.h +#usr/include/absl/container/internal/unordered_map_constructor_test.h +#usr/include/absl/container/internal/unordered_map_lookup_test.h +#usr/include/absl/container/internal/unordered_map_members_test.h +#usr/include/absl/container/internal/unordered_map_modifiers_test.h +#usr/include/absl/container/internal/unordered_set_constructor_test.h +#usr/include/absl/container/internal/unordered_set_lookup_test.h +#usr/include/absl/container/internal/unordered_set_members_test.h +#usr/include/absl/container/internal/unordered_set_modifiers_test.h +#usr/include/absl/container/node_hash_map.h +#usr/include/absl/container/node_hash_set.h +#usr/include/absl/crc +#usr/include/absl/crc/CMakeFiles +#usr/include/absl/crc/CMakeFiles/crc32c.dir +#usr/include/absl/crc/CMakeFiles/crc32c.dir/internal +#usr/include/absl/crc/CMakeFiles/crc_cord_state.dir +#usr/include/absl/crc/CMakeFiles/crc_cord_state.dir/internal +#usr/include/absl/crc/CMakeFiles/crc_cpu_detect.dir +#usr/include/absl/crc/CMakeFiles/crc_cpu_detect.dir/internal +#usr/include/absl/crc/CMakeFiles/crc_internal.dir +#usr/include/absl/crc/CMakeFiles/crc_internal.dir/internal +#usr/include/absl/crc/crc32c.h +#usr/include/absl/crc/internal +#usr/include/absl/crc/internal/cpu_detect.h +#usr/include/absl/crc/internal/crc.h +#usr/include/absl/crc/internal/crc32_x86_arm_combined_simd.h +#usr/include/absl/crc/internal/crc32c.h +#usr/include/absl/crc/internal/crc32c_inline.h +#usr/include/absl/crc/internal/crc_cord_state.h +#usr/include/absl/crc/internal/crc_internal.h +#usr/include/absl/crc/internal/crc_memcpy.h +#usr/include/absl/crc/internal/non_temporal_arm_intrinsics.h +#usr/include/absl/crc/internal/non_temporal_memcpy.h +#usr/include/absl/debugging +#usr/include/absl/debugging/CMakeFiles +#usr/include/absl/debugging/CMakeFiles/debugging_internal.dir +#usr/include/absl/debugging/CMakeFiles/debugging_internal.dir/internal +#usr/include/absl/debugging/CMakeFiles/demangle_internal.dir +#usr/include/absl/debugging/CMakeFiles/demangle_internal.dir/internal +#usr/include/absl/debugging/CMakeFiles/examine_stack.dir +#usr/include/absl/debugging/CMakeFiles/examine_stack.dir/internal +#usr/include/absl/debugging/CMakeFiles/failure_signal_handler.dir +#usr/include/absl/debugging/CMakeFiles/leak_check.dir +#usr/include/absl/debugging/CMakeFiles/stacktrace.dir +#usr/include/absl/debugging/CMakeFiles/symbolize.dir +#usr/include/absl/debugging/failure_signal_handler.h +#usr/include/absl/debugging/internal +#usr/include/absl/debugging/internal/address_is_readable.h +#usr/include/absl/debugging/internal/demangle.h +#usr/include/absl/debugging/internal/elf_mem_image.h +#usr/include/absl/debugging/internal/examine_stack.h +#usr/include/absl/debugging/internal/stack_consumption.h +#usr/include/absl/debugging/internal/stacktrace_aarch64-inl.inc +#usr/include/absl/debugging/internal/stacktrace_arm-inl.inc +#usr/include/absl/debugging/internal/stacktrace_config.h +#usr/include/absl/debugging/internal/stacktrace_emscripten-inl.inc +#usr/include/absl/debugging/internal/stacktrace_generic-inl.inc +#usr/include/absl/debugging/internal/stacktrace_powerpc-inl.inc +#usr/include/absl/debugging/internal/stacktrace_riscv-inl.inc +#usr/include/absl/debugging/internal/stacktrace_unimplemented-inl.inc +#usr/include/absl/debugging/internal/stacktrace_win32-inl.inc +#usr/include/absl/debugging/internal/stacktrace_x86-inl.inc +#usr/include/absl/debugging/internal/symbolize.h +#usr/include/absl/debugging/internal/vdso_support.h +#usr/include/absl/debugging/leak_check.h +#usr/include/absl/debugging/stacktrace.h +#usr/include/absl/debugging/symbolize.h +#usr/include/absl/debugging/symbolize_darwin.inc +#usr/include/absl/debugging/symbolize_elf.inc +#usr/include/absl/debugging/symbolize_emscripten.inc +#usr/include/absl/debugging/symbolize_unimplemented.inc +#usr/include/absl/debugging/symbolize_win32.inc +#usr/include/absl/flags +#usr/include/absl/flags/CMakeFiles +#usr/include/absl/flags/CMakeFiles/flags.dir +#usr/include/absl/flags/CMakeFiles/flags_commandlineflag.dir +#usr/include/absl/flags/CMakeFiles/flags_commandlineflag_internal.dir +#usr/include/absl/flags/CMakeFiles/flags_commandlineflag_internal.dir/internal +#usr/include/absl/flags/CMakeFiles/flags_config.dir +#usr/include/absl/flags/CMakeFiles/flags_internal.dir +#usr/include/absl/flags/CMakeFiles/flags_internal.dir/internal +#usr/include/absl/flags/CMakeFiles/flags_marshalling.dir +#usr/include/absl/flags/CMakeFiles/flags_parse.dir +#usr/include/absl/flags/CMakeFiles/flags_private_handle_accessor.dir +#usr/include/absl/flags/CMakeFiles/flags_private_handle_accessor.dir/internal +#usr/include/absl/flags/CMakeFiles/flags_program_name.dir +#usr/include/absl/flags/CMakeFiles/flags_program_name.dir/internal +#usr/include/absl/flags/CMakeFiles/flags_reflection.dir +#usr/include/absl/flags/CMakeFiles/flags_usage.dir +#usr/include/absl/flags/CMakeFiles/flags_usage_internal.dir +#usr/include/absl/flags/CMakeFiles/flags_usage_internal.dir/internal +#usr/include/absl/flags/commandlineflag.h +#usr/include/absl/flags/config.h +#usr/include/absl/flags/declare.h +#usr/include/absl/flags/flag.h +#usr/include/absl/flags/internal +#usr/include/absl/flags/internal/commandlineflag.h +#usr/include/absl/flags/internal/flag.h +#usr/include/absl/flags/internal/flag_msvc.inc +#usr/include/absl/flags/internal/parse.h +#usr/include/absl/flags/internal/path_util.h +#usr/include/absl/flags/internal/private_handle_accessor.h +#usr/include/absl/flags/internal/program_name.h +#usr/include/absl/flags/internal/registry.h +#usr/include/absl/flags/internal/sequence_lock.h +#usr/include/absl/flags/internal/usage.h +#usr/include/absl/flags/marshalling.h +#usr/include/absl/flags/parse.h +#usr/include/absl/flags/reflection.h +#usr/include/absl/flags/usage.h +#usr/include/absl/flags/usage_config.h +#usr/include/absl/functional +#usr/include/absl/functional/CMakeFiles +#usr/include/absl/functional/any_invocable.h +#usr/include/absl/functional/bind_front.h +#usr/include/absl/functional/function_ref.h +#usr/include/absl/functional/internal +#usr/include/absl/functional/internal/any_invocable.h +#usr/include/absl/functional/internal/front_binder.h +#usr/include/absl/functional/internal/function_ref.h +#usr/include/absl/hash +#usr/include/absl/hash/CMakeFiles +#usr/include/absl/hash/CMakeFiles/city.dir +#usr/include/absl/hash/CMakeFiles/city.dir/internal +#usr/include/absl/hash/CMakeFiles/hash.dir +#usr/include/absl/hash/CMakeFiles/hash.dir/internal +#usr/include/absl/hash/CMakeFiles/low_level_hash.dir +#usr/include/absl/hash/CMakeFiles/low_level_hash.dir/internal +#usr/include/absl/hash/hash.h +#usr/include/absl/hash/hash_testing.h +#usr/include/absl/hash/internal +#usr/include/absl/hash/internal/city.h +#usr/include/absl/hash/internal/hash.h +#usr/include/absl/hash/internal/hash_test.h +#usr/include/absl/hash/internal/low_level_hash.h +#usr/include/absl/hash/internal/spy_hash_state.h +#usr/include/absl/log +#usr/include/absl/log/CMakeFiles +#usr/include/absl/log/CMakeFiles/die_if_null.dir +#usr/include/absl/log/CMakeFiles/log_entry.dir +#usr/include/absl/log/CMakeFiles/log_flags.dir +#usr/include/absl/log/CMakeFiles/log_globals.dir +#usr/include/absl/log/CMakeFiles/log_initialize.dir +#usr/include/absl/log/CMakeFiles/log_internal_check_op.dir +#usr/include/absl/log/CMakeFiles/log_internal_check_op.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_conditions.dir +#usr/include/absl/log/CMakeFiles/log_internal_conditions.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_format.dir +#usr/include/absl/log/CMakeFiles/log_internal_format.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_globals.dir +#usr/include/absl/log/CMakeFiles/log_internal_globals.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_log_sink_set.dir +#usr/include/absl/log/CMakeFiles/log_internal_log_sink_set.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_message.dir +#usr/include/absl/log/CMakeFiles/log_internal_message.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_nullguard.dir +#usr/include/absl/log/CMakeFiles/log_internal_nullguard.dir/internal +#usr/include/absl/log/CMakeFiles/log_internal_proto.dir +#usr/include/absl/log/CMakeFiles/log_internal_proto.dir/internal +#usr/include/absl/log/CMakeFiles/log_sink.dir +#usr/include/absl/log/absl_check.h +#usr/include/absl/log/absl_log.h +#usr/include/absl/log/check.h +#usr/include/absl/log/check_test_impl.inc +#usr/include/absl/log/die_if_null.h +#usr/include/absl/log/flags.h +#usr/include/absl/log/globals.h +#usr/include/absl/log/initialize.h +#usr/include/absl/log/internal +#usr/include/absl/log/internal/append_truncated.h +#usr/include/absl/log/internal/check_impl.h +#usr/include/absl/log/internal/check_op.h +#usr/include/absl/log/internal/conditions.h +#usr/include/absl/log/internal/config.h +#usr/include/absl/log/internal/flags.h +#usr/include/absl/log/internal/globals.h +#usr/include/absl/log/internal/log_format.h +#usr/include/absl/log/internal/log_impl.h +#usr/include/absl/log/internal/log_message.h +#usr/include/absl/log/internal/log_sink_set.h +#usr/include/absl/log/internal/nullguard.h +#usr/include/absl/log/internal/nullstream.h +#usr/include/absl/log/internal/proto.h +#usr/include/absl/log/internal/strip.h +#usr/include/absl/log/internal/structured.h +#usr/include/absl/log/internal/test_actions.h +#usr/include/absl/log/internal/test_helpers.h +#usr/include/absl/log/internal/test_matchers.h +#usr/include/absl/log/internal/voidify.h +#usr/include/absl/log/log.h +#usr/include/absl/log/log_basic_test_impl.inc +#usr/include/absl/log/log_entry.h +#usr/include/absl/log/log_sink.h +#usr/include/absl/log/log_sink_registry.h +#usr/include/absl/log/log_streamer.h +#usr/include/absl/log/scoped_mock_log.h +#usr/include/absl/log/structured.h +#usr/include/absl/memory +#usr/include/absl/memory/CMakeFiles +#usr/include/absl/memory/memory.h +#usr/include/absl/meta +#usr/include/absl/meta/CMakeFiles +#usr/include/absl/meta/type_traits.h +#usr/include/absl/numeric +#usr/include/absl/numeric/CMakeFiles +#usr/include/absl/numeric/CMakeFiles/int128.dir +#usr/include/absl/numeric/bits.h +#usr/include/absl/numeric/int128.h +#usr/include/absl/numeric/int128_have_intrinsic.inc +#usr/include/absl/numeric/int128_no_intrinsic.inc +#usr/include/absl/numeric/internal +#usr/include/absl/numeric/internal/bits.h +#usr/include/absl/numeric/internal/representation.h +#usr/include/absl/profiling +#usr/include/absl/profiling/CMakeFiles +#usr/include/absl/profiling/CMakeFiles/exponential_biased.dir +#usr/include/absl/profiling/CMakeFiles/exponential_biased.dir/internal +#usr/include/absl/profiling/CMakeFiles/periodic_sampler.dir +#usr/include/absl/profiling/CMakeFiles/periodic_sampler.dir/internal +#usr/include/absl/profiling/internal +#usr/include/absl/profiling/internal/exponential_biased.h +#usr/include/absl/profiling/internal/periodic_sampler.h +#usr/include/absl/profiling/internal/sample_recorder.h +#usr/include/absl/random +#usr/include/absl/random/CMakeFiles +#usr/include/absl/random/CMakeFiles/random_distributions.dir +#usr/include/absl/random/CMakeFiles/random_internal_distribution_test_util.dir +#usr/include/absl/random/CMakeFiles/random_internal_distribution_test_util.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_platform.dir +#usr/include/absl/random/CMakeFiles/random_internal_platform.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_pool_urbg.dir +#usr/include/absl/random/CMakeFiles/random_internal_pool_urbg.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_randen.dir +#usr/include/absl/random/CMakeFiles/random_internal_randen.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_randen_hwaes.dir +#usr/include/absl/random/CMakeFiles/random_internal_randen_hwaes.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_randen_hwaes_impl.dir +#usr/include/absl/random/CMakeFiles/random_internal_randen_hwaes_impl.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_randen_slow.dir +#usr/include/absl/random/CMakeFiles/random_internal_randen_slow.dir/internal +#usr/include/absl/random/CMakeFiles/random_internal_seed_material.dir +#usr/include/absl/random/CMakeFiles/random_internal_seed_material.dir/internal +#usr/include/absl/random/CMakeFiles/random_seed_gen_exception.dir +#usr/include/absl/random/CMakeFiles/random_seed_sequences.dir +#usr/include/absl/random/bernoulli_distribution.h +#usr/include/absl/random/beta_distribution.h +#usr/include/absl/random/bit_gen_ref.h +#usr/include/absl/random/discrete_distribution.h +#usr/include/absl/random/distributions.h +#usr/include/absl/random/exponential_distribution.h +#usr/include/absl/random/gaussian_distribution.h +#usr/include/absl/random/internal +#usr/include/absl/random/internal/chi_square.h +#usr/include/absl/random/internal/distribution_caller.h +#usr/include/absl/random/internal/distribution_test_util.h +#usr/include/absl/random/internal/explicit_seed_seq.h +#usr/include/absl/random/internal/fast_uniform_bits.h +#usr/include/absl/random/internal/fastmath.h +#usr/include/absl/random/internal/generate_real.h +#usr/include/absl/random/internal/iostream_state_saver.h +#usr/include/absl/random/internal/mock_helpers.h +#usr/include/absl/random/internal/mock_overload_set.h +#usr/include/absl/random/internal/nanobenchmark.h +#usr/include/absl/random/internal/nonsecure_base.h +#usr/include/absl/random/internal/pcg_engine.h +#usr/include/absl/random/internal/platform.h +#usr/include/absl/random/internal/pool_urbg.h +#usr/include/absl/random/internal/randen.h +#usr/include/absl/random/internal/randen_detect.h +#usr/include/absl/random/internal/randen_engine.h +#usr/include/absl/random/internal/randen_hwaes.h +#usr/include/absl/random/internal/randen_slow.h +#usr/include/absl/random/internal/randen_traits.h +#usr/include/absl/random/internal/salted_seed_seq.h +#usr/include/absl/random/internal/seed_material.h +#usr/include/absl/random/internal/sequence_urbg.h +#usr/include/absl/random/internal/traits.h +#usr/include/absl/random/internal/uniform_helper.h +#usr/include/absl/random/internal/wide_multiply.h +#usr/include/absl/random/log_uniform_int_distribution.h +#usr/include/absl/random/mock_distributions.h +#usr/include/absl/random/mocking_bit_gen.h +#usr/include/absl/random/poisson_distribution.h +#usr/include/absl/random/random.h +#usr/include/absl/random/seed_gen_exception.h +#usr/include/absl/random/seed_sequences.h +#usr/include/absl/random/uniform_int_distribution.h +#usr/include/absl/random/uniform_real_distribution.h +#usr/include/absl/random/zipf_distribution.h +#usr/include/absl/status +#usr/include/absl/status/CMakeFiles +#usr/include/absl/status/CMakeFiles/status.dir +#usr/include/absl/status/CMakeFiles/statusor.dir +#usr/include/absl/status/internal +#usr/include/absl/status/internal/status_internal.h +#usr/include/absl/status/internal/statusor_internal.h +#usr/include/absl/status/status.h +#usr/include/absl/status/status_payload_printer.h +#usr/include/absl/status/statusor.h +#usr/include/absl/strings +#usr/include/absl/strings/CMakeFiles +#usr/include/absl/strings/CMakeFiles/cord.dir +#usr/include/absl/strings/CMakeFiles/cord_internal.dir +#usr/include/absl/strings/CMakeFiles/cord_internal.dir/internal +#usr/include/absl/strings/CMakeFiles/cordz_functions.dir +#usr/include/absl/strings/CMakeFiles/cordz_functions.dir/internal +#usr/include/absl/strings/CMakeFiles/cordz_handle.dir +#usr/include/absl/strings/CMakeFiles/cordz_handle.dir/internal +#usr/include/absl/strings/CMakeFiles/cordz_info.dir +#usr/include/absl/strings/CMakeFiles/cordz_info.dir/internal +#usr/include/absl/strings/CMakeFiles/cordz_sample_token.dir +#usr/include/absl/strings/CMakeFiles/cordz_sample_token.dir/internal +#usr/include/absl/strings/CMakeFiles/str_format_internal.dir +#usr/include/absl/strings/CMakeFiles/str_format_internal.dir/internal +#usr/include/absl/strings/CMakeFiles/str_format_internal.dir/internal/str_format +#usr/include/absl/strings/CMakeFiles/string_view.dir +#usr/include/absl/strings/CMakeFiles/strings.dir +#usr/include/absl/strings/CMakeFiles/strings.dir/internal +#usr/include/absl/strings/CMakeFiles/strings_internal.dir +#usr/include/absl/strings/CMakeFiles/strings_internal.dir/internal +#usr/include/absl/strings/ascii.h +#usr/include/absl/strings/charconv.h +#usr/include/absl/strings/cord.h +#usr/include/absl/strings/cord_analysis.h +#usr/include/absl/strings/cord_buffer.h +#usr/include/absl/strings/cord_test_helpers.h +#usr/include/absl/strings/cordz_test_helpers.h +#usr/include/absl/strings/escaping.h +#usr/include/absl/strings/internal +#usr/include/absl/strings/internal/char_map.h +#usr/include/absl/strings/internal/charconv_bigint.h +#usr/include/absl/strings/internal/charconv_parse.h +#usr/include/absl/strings/internal/cord_data_edge.h +#usr/include/absl/strings/internal/cord_internal.h +#usr/include/absl/strings/internal/cord_rep_btree.h +#usr/include/absl/strings/internal/cord_rep_btree_navigator.h +#usr/include/absl/strings/internal/cord_rep_btree_reader.h +#usr/include/absl/strings/internal/cord_rep_consume.h +#usr/include/absl/strings/internal/cord_rep_crc.h +#usr/include/absl/strings/internal/cord_rep_flat.h +#usr/include/absl/strings/internal/cord_rep_ring.h +#usr/include/absl/strings/internal/cord_rep_ring_reader.h +#usr/include/absl/strings/internal/cord_rep_test_util.h +#usr/include/absl/strings/internal/cordz_functions.h +#usr/include/absl/strings/internal/cordz_handle.h +#usr/include/absl/strings/internal/cordz_info.h +#usr/include/absl/strings/internal/cordz_sample_token.h +#usr/include/absl/strings/internal/cordz_statistics.h +#usr/include/absl/strings/internal/cordz_update_scope.h +#usr/include/absl/strings/internal/cordz_update_tracker.h +#usr/include/absl/strings/internal/damerau_levenshtein_distance.h +#usr/include/absl/strings/internal/escaping.h +#usr/include/absl/strings/internal/escaping_test_common.h +#usr/include/absl/strings/internal/has_absl_stringify.h +#usr/include/absl/strings/internal/memutil.h +#usr/include/absl/strings/internal/numbers_test_common.h +#usr/include/absl/strings/internal/ostringstream.h +#usr/include/absl/strings/internal/pow10_helper.h +#usr/include/absl/strings/internal/resize_uninitialized.h +#usr/include/absl/strings/internal/stl_type_traits.h +#usr/include/absl/strings/internal/str_format +#usr/include/absl/strings/internal/str_format/arg.h +#usr/include/absl/strings/internal/str_format/bind.h +#usr/include/absl/strings/internal/str_format/checker.h +#usr/include/absl/strings/internal/str_format/constexpr_parser.h +#usr/include/absl/strings/internal/str_format/extension.h +#usr/include/absl/strings/internal/str_format/float_conversion.h +#usr/include/absl/strings/internal/str_format/output.h +#usr/include/absl/strings/internal/str_format/parser.h +#usr/include/absl/strings/internal/str_join_internal.h +#usr/include/absl/strings/internal/str_split_internal.h +#usr/include/absl/strings/internal/string_constant.h +#usr/include/absl/strings/internal/stringify_sink.h +#usr/include/absl/strings/internal/utf8.h +#usr/include/absl/strings/match.h +#usr/include/absl/strings/numbers.h +#usr/include/absl/strings/str_cat.h +#usr/include/absl/strings/str_format.h +#usr/include/absl/strings/str_join.h +#usr/include/absl/strings/str_replace.h +#usr/include/absl/strings/str_split.h +#usr/include/absl/strings/string_view.h +#usr/include/absl/strings/strip.h +#usr/include/absl/strings/substitute.h +#usr/include/absl/synchronization +#usr/include/absl/synchronization/CMakeFiles +#usr/include/absl/synchronization/CMakeFiles/graphcycles_internal.dir +#usr/include/absl/synchronization/CMakeFiles/graphcycles_internal.dir/internal +#usr/include/absl/synchronization/CMakeFiles/kernel_timeout_internal.dir +#usr/include/absl/synchronization/CMakeFiles/kernel_timeout_internal.dir/internal +#usr/include/absl/synchronization/CMakeFiles/synchronization.dir +#usr/include/absl/synchronization/CMakeFiles/synchronization.dir/internal +#usr/include/absl/synchronization/barrier.h +#usr/include/absl/synchronization/blocking_counter.h +#usr/include/absl/synchronization/internal +#usr/include/absl/synchronization/internal/create_thread_identity.h +#usr/include/absl/synchronization/internal/futex.h +#usr/include/absl/synchronization/internal/futex_waiter.h +#usr/include/absl/synchronization/internal/graphcycles.h +#usr/include/absl/synchronization/internal/kernel_timeout.h +#usr/include/absl/synchronization/internal/per_thread_sem.h +#usr/include/absl/synchronization/internal/pthread_waiter.h +#usr/include/absl/synchronization/internal/sem_waiter.h +#usr/include/absl/synchronization/internal/stdcpp_waiter.h +#usr/include/absl/synchronization/internal/thread_pool.h +#usr/include/absl/synchronization/internal/waiter.h +#usr/include/absl/synchronization/internal/waiter_base.h +#usr/include/absl/synchronization/internal/win32_waiter.h +#usr/include/absl/synchronization/mutex.h +#usr/include/absl/synchronization/notification.h +#usr/include/absl/time +#usr/include/absl/time/CMakeFiles +#usr/include/absl/time/CMakeFiles/civil_time.dir +#usr/include/absl/time/CMakeFiles/civil_time.dir/internal +#usr/include/absl/time/CMakeFiles/civil_time.dir/internal/cctz +#usr/include/absl/time/CMakeFiles/civil_time.dir/internal/cctz/src +#usr/include/absl/time/CMakeFiles/time.dir +#usr/include/absl/time/CMakeFiles/time_zone.dir +#usr/include/absl/time/CMakeFiles/time_zone.dir/internal +#usr/include/absl/time/CMakeFiles/time_zone.dir/internal/cctz +#usr/include/absl/time/CMakeFiles/time_zone.dir/internal/cctz/src +#usr/include/absl/time/civil_time.h +#usr/include/absl/time/clock.h +#usr/include/absl/time/internal +#usr/include/absl/time/internal/cctz +#usr/include/absl/time/internal/cctz/include +#usr/include/absl/time/internal/cctz/include/cctz +#usr/include/absl/time/internal/cctz/include/cctz/civil_time.h +#usr/include/absl/time/internal/cctz/include/cctz/civil_time_detail.h +#usr/include/absl/time/internal/cctz/include/cctz/time_zone.h +#usr/include/absl/time/internal/cctz/include/cctz/zone_info_source.h +#usr/include/absl/time/internal/cctz/src +#usr/include/absl/time/internal/cctz/src/time_zone_fixed.h +#usr/include/absl/time/internal/cctz/src/time_zone_if.h +#usr/include/absl/time/internal/cctz/src/time_zone_impl.h +#usr/include/absl/time/internal/cctz/src/time_zone_info.h +#usr/include/absl/time/internal/cctz/src/time_zone_libc.h +#usr/include/absl/time/internal/cctz/src/time_zone_posix.h +#usr/include/absl/time/internal/cctz/src/tzfile.h +#usr/include/absl/time/internal/get_current_time_chrono.inc +#usr/include/absl/time/internal/get_current_time_posix.inc +#usr/include/absl/time/internal/test_util.h +#usr/include/absl/time/time.h +#usr/include/absl/types +#usr/include/absl/types/CMakeFiles +#usr/include/absl/types/CMakeFiles/bad_any_cast_impl.dir +#usr/include/absl/types/CMakeFiles/bad_optional_access.dir +#usr/include/absl/types/CMakeFiles/bad_variant_access.dir +#usr/include/absl/types/any.h +#usr/include/absl/types/bad_any_cast.h +#usr/include/absl/types/bad_optional_access.h +#usr/include/absl/types/bad_variant_access.h +#usr/include/absl/types/compare.h +#usr/include/absl/types/internal +#usr/include/absl/types/internal/conformance_aliases.h +#usr/include/absl/types/internal/conformance_archetype.h +#usr/include/absl/types/internal/conformance_profile.h +#usr/include/absl/types/internal/conformance_testing.h +#usr/include/absl/types/internal/conformance_testing_helpers.h +#usr/include/absl/types/internal/optional.h +#usr/include/absl/types/internal/parentheses.h +#usr/include/absl/types/internal/span.h +#usr/include/absl/types/internal/transform_args.h +#usr/include/absl/types/internal/variant.h +#usr/include/absl/types/optional.h +#usr/include/absl/types/span.h +#usr/include/absl/types/variant.h +#usr/include/absl/utility +#usr/include/absl/utility/CMakeFiles +#usr/include/absl/utility/internal +#usr/include/absl/utility/internal/if_constexpr.h +#usr/include/absl/utility/utility.h +#usr/lib/cmake/absl +#usr/lib/cmake/absl/abslConfig.cmake +#usr/lib/cmake/absl/abslConfigVersion.cmake +#usr/lib/cmake/absl/abslTargets-noconfig.cmake +#usr/lib/cmake/absl/abslTargets.cmake +#usr/lib/libabsl_bad_any_cast_impl.a +#usr/lib/libabsl_bad_optional_access.a +#usr/lib/libabsl_bad_variant_access.a +#usr/lib/libabsl_base.a +#usr/lib/libabsl_city.a +#usr/lib/libabsl_civil_time.a +#usr/lib/libabsl_cord.a +#usr/lib/libabsl_cord_internal.a +#usr/lib/libabsl_cordz_functions.a +#usr/lib/libabsl_cordz_handle.a +#usr/lib/libabsl_cordz_info.a +#usr/lib/libabsl_cordz_sample_token.a +#usr/lib/libabsl_crc32c.a +#usr/lib/libabsl_crc_cord_state.a +#usr/lib/libabsl_crc_cpu_detect.a +#usr/lib/libabsl_crc_internal.a +#usr/lib/libabsl_debugging_internal.a +#usr/lib/libabsl_demangle_internal.a +#usr/lib/libabsl_die_if_null.a +#usr/lib/libabsl_examine_stack.a +#usr/lib/libabsl_exponential_biased.a +#usr/lib/libabsl_failure_signal_handler.a +#usr/lib/libabsl_flags.a +#usr/lib/libabsl_flags_commandlineflag.a +#usr/lib/libabsl_flags_commandlineflag_internal.a +#usr/lib/libabsl_flags_config.a +#usr/lib/libabsl_flags_internal.a +#usr/lib/libabsl_flags_marshalling.a +#usr/lib/libabsl_flags_parse.a +#usr/lib/libabsl_flags_private_handle_accessor.a +#usr/lib/libabsl_flags_program_name.a +#usr/lib/libabsl_flags_reflection.a +#usr/lib/libabsl_flags_usage.a +#usr/lib/libabsl_flags_usage_internal.a +#usr/lib/libabsl_graphcycles_internal.a +#usr/lib/libabsl_hash.a +#usr/lib/libabsl_hashtablez_sampler.a +#usr/lib/libabsl_int128.a +#usr/lib/libabsl_kernel_timeout_internal.a +#usr/lib/libabsl_leak_check.a +#usr/lib/libabsl_log_entry.a +#usr/lib/libabsl_log_flags.a +#usr/lib/libabsl_log_globals.a +#usr/lib/libabsl_log_initialize.a +#usr/lib/libabsl_log_internal_check_op.a +#usr/lib/libabsl_log_internal_conditions.a +#usr/lib/libabsl_log_internal_format.a +#usr/lib/libabsl_log_internal_globals.a +#usr/lib/libabsl_log_internal_log_sink_set.a +#usr/lib/libabsl_log_internal_message.a +#usr/lib/libabsl_log_internal_nullguard.a +#usr/lib/libabsl_log_internal_proto.a +#usr/lib/libabsl_log_severity.a +#usr/lib/libabsl_log_sink.a +#usr/lib/libabsl_low_level_hash.a +#usr/lib/libabsl_malloc_internal.a +#usr/lib/libabsl_periodic_sampler.a +#usr/lib/libabsl_random_distributions.a +#usr/lib/libabsl_random_internal_distribution_test_util.a +#usr/lib/libabsl_random_internal_platform.a +#usr/lib/libabsl_random_internal_pool_urbg.a +#usr/lib/libabsl_random_internal_randen.a +#usr/lib/libabsl_random_internal_randen_hwaes.a +#usr/lib/libabsl_random_internal_randen_hwaes_impl.a +#usr/lib/libabsl_random_internal_randen_slow.a +#usr/lib/libabsl_random_internal_seed_material.a +#usr/lib/libabsl_random_seed_gen_exception.a +#usr/lib/libabsl_random_seed_sequences.a +#usr/lib/libabsl_raw_hash_set.a +#usr/lib/libabsl_raw_logging_internal.a +#usr/lib/libabsl_scoped_set_env.a +#usr/lib/libabsl_spinlock_wait.a +#usr/lib/libabsl_stacktrace.a +#usr/lib/libabsl_status.a +#usr/lib/libabsl_statusor.a +#usr/lib/libabsl_str_format_internal.a +#usr/lib/libabsl_strerror.a +#usr/lib/libabsl_string_view.a +#usr/lib/libabsl_strings.a +#usr/lib/libabsl_strings_internal.a +#usr/lib/libabsl_symbolize.a +#usr/lib/libabsl_synchronization.a +#usr/lib/libabsl_throw_delegate.a +#usr/lib/libabsl_time.a +#usr/lib/libabsl_time_zone.a +#usr/lib/pkgconfig/absl_absl_check.pc +#usr/lib/pkgconfig/absl_absl_log.pc +#usr/lib/pkgconfig/absl_algorithm.pc +#usr/lib/pkgconfig/absl_algorithm_container.pc +#usr/lib/pkgconfig/absl_any.pc +#usr/lib/pkgconfig/absl_any_invocable.pc +#usr/lib/pkgconfig/absl_atomic_hook.pc +#usr/lib/pkgconfig/absl_bad_any_cast.pc +#usr/lib/pkgconfig/absl_bad_any_cast_impl.pc +#usr/lib/pkgconfig/absl_bad_optional_access.pc +#usr/lib/pkgconfig/absl_bad_variant_access.pc +#usr/lib/pkgconfig/absl_base.pc +#usr/lib/pkgconfig/absl_base_internal.pc +#usr/lib/pkgconfig/absl_bind_front.pc +#usr/lib/pkgconfig/absl_bits.pc +#usr/lib/pkgconfig/absl_btree.pc +#usr/lib/pkgconfig/absl_check.pc +#usr/lib/pkgconfig/absl_city.pc +#usr/lib/pkgconfig/absl_civil_time.pc +#usr/lib/pkgconfig/absl_cleanup.pc +#usr/lib/pkgconfig/absl_cleanup_internal.pc +#usr/lib/pkgconfig/absl_common_policy_traits.pc +#usr/lib/pkgconfig/absl_compare.pc +#usr/lib/pkgconfig/absl_compressed_tuple.pc +#usr/lib/pkgconfig/absl_config.pc +#usr/lib/pkgconfig/absl_container_common.pc +#usr/lib/pkgconfig/absl_container_memory.pc +#usr/lib/pkgconfig/absl_cord.pc +#usr/lib/pkgconfig/absl_cord_internal.pc +#usr/lib/pkgconfig/absl_cordz_functions.pc +#usr/lib/pkgconfig/absl_cordz_handle.pc +#usr/lib/pkgconfig/absl_cordz_info.pc +#usr/lib/pkgconfig/absl_cordz_sample_token.pc +#usr/lib/pkgconfig/absl_cordz_statistics.pc +#usr/lib/pkgconfig/absl_cordz_update_scope.pc +#usr/lib/pkgconfig/absl_cordz_update_tracker.pc +#usr/lib/pkgconfig/absl_core_headers.pc +#usr/lib/pkgconfig/absl_counting_allocator.pc +#usr/lib/pkgconfig/absl_crc32c.pc +#usr/lib/pkgconfig/absl_crc_cord_state.pc +#usr/lib/pkgconfig/absl_crc_cpu_detect.pc +#usr/lib/pkgconfig/absl_crc_internal.pc +#usr/lib/pkgconfig/absl_debugging.pc +#usr/lib/pkgconfig/absl_debugging_internal.pc +#usr/lib/pkgconfig/absl_demangle_internal.pc +#usr/lib/pkgconfig/absl_die_if_null.pc +#usr/lib/pkgconfig/absl_dynamic_annotations.pc +#usr/lib/pkgconfig/absl_endian.pc +#usr/lib/pkgconfig/absl_errno_saver.pc +#usr/lib/pkgconfig/absl_examine_stack.pc +#usr/lib/pkgconfig/absl_exponential_biased.pc +#usr/lib/pkgconfig/absl_failure_signal_handler.pc +#usr/lib/pkgconfig/absl_fast_type_id.pc +#usr/lib/pkgconfig/absl_fixed_array.pc +#usr/lib/pkgconfig/absl_flags.pc +#usr/lib/pkgconfig/absl_flags_commandlineflag.pc +#usr/lib/pkgconfig/absl_flags_commandlineflag_internal.pc +#usr/lib/pkgconfig/absl_flags_config.pc +#usr/lib/pkgconfig/absl_flags_internal.pc +#usr/lib/pkgconfig/absl_flags_marshalling.pc +#usr/lib/pkgconfig/absl_flags_parse.pc +#usr/lib/pkgconfig/absl_flags_path_util.pc +#usr/lib/pkgconfig/absl_flags_private_handle_accessor.pc +#usr/lib/pkgconfig/absl_flags_program_name.pc +#usr/lib/pkgconfig/absl_flags_reflection.pc +#usr/lib/pkgconfig/absl_flags_usage.pc +#usr/lib/pkgconfig/absl_flags_usage_internal.pc +#usr/lib/pkgconfig/absl_flat_hash_map.pc +#usr/lib/pkgconfig/absl_flat_hash_set.pc +#usr/lib/pkgconfig/absl_function_ref.pc +#usr/lib/pkgconfig/absl_graphcycles_internal.pc +#usr/lib/pkgconfig/absl_hash.pc +#usr/lib/pkgconfig/absl_hash_function_defaults.pc +#usr/lib/pkgconfig/absl_hash_policy_traits.pc +#usr/lib/pkgconfig/absl_hashtable_debug.pc +#usr/lib/pkgconfig/absl_hashtable_debug_hooks.pc +#usr/lib/pkgconfig/absl_hashtablez_sampler.pc +#usr/lib/pkgconfig/absl_if_constexpr.pc +#usr/lib/pkgconfig/absl_inlined_vector.pc +#usr/lib/pkgconfig/absl_inlined_vector_internal.pc +#usr/lib/pkgconfig/absl_int128.pc +#usr/lib/pkgconfig/absl_kernel_timeout_internal.pc +#usr/lib/pkgconfig/absl_layout.pc +#usr/lib/pkgconfig/absl_leak_check.pc +#usr/lib/pkgconfig/absl_log.pc +#usr/lib/pkgconfig/absl_log_entry.pc +#usr/lib/pkgconfig/absl_log_flags.pc +#usr/lib/pkgconfig/absl_log_globals.pc +#usr/lib/pkgconfig/absl_log_initialize.pc +#usr/lib/pkgconfig/absl_log_internal_append_truncated.pc +#usr/lib/pkgconfig/absl_log_internal_check_impl.pc +#usr/lib/pkgconfig/absl_log_internal_check_op.pc +#usr/lib/pkgconfig/absl_log_internal_conditions.pc +#usr/lib/pkgconfig/absl_log_internal_config.pc +#usr/lib/pkgconfig/absl_log_internal_flags.pc +#usr/lib/pkgconfig/absl_log_internal_format.pc +#usr/lib/pkgconfig/absl_log_internal_globals.pc +#usr/lib/pkgconfig/absl_log_internal_log_impl.pc +#usr/lib/pkgconfig/absl_log_internal_log_sink_set.pc +#usr/lib/pkgconfig/absl_log_internal_message.pc +#usr/lib/pkgconfig/absl_log_internal_nullguard.pc +#usr/lib/pkgconfig/absl_log_internal_nullstream.pc +#usr/lib/pkgconfig/absl_log_internal_proto.pc +#usr/lib/pkgconfig/absl_log_internal_strip.pc +#usr/lib/pkgconfig/absl_log_internal_structured.pc +#usr/lib/pkgconfig/absl_log_internal_voidify.pc +#usr/lib/pkgconfig/absl_log_severity.pc +#usr/lib/pkgconfig/absl_log_sink.pc +#usr/lib/pkgconfig/absl_log_sink_registry.pc +#usr/lib/pkgconfig/absl_log_streamer.pc +#usr/lib/pkgconfig/absl_log_structured.pc +#usr/lib/pkgconfig/absl_low_level_hash.pc +#usr/lib/pkgconfig/absl_malloc_internal.pc +#usr/lib/pkgconfig/absl_memory.pc +#usr/lib/pkgconfig/absl_meta.pc +#usr/lib/pkgconfig/absl_node_hash_map.pc +#usr/lib/pkgconfig/absl_node_hash_set.pc +#usr/lib/pkgconfig/absl_node_slot_policy.pc +#usr/lib/pkgconfig/absl_non_temporal_arm_intrinsics.pc +#usr/lib/pkgconfig/absl_non_temporal_memcpy.pc +#usr/lib/pkgconfig/absl_nullability.pc +#usr/lib/pkgconfig/absl_numeric.pc +#usr/lib/pkgconfig/absl_numeric_representation.pc +#usr/lib/pkgconfig/absl_optional.pc +#usr/lib/pkgconfig/absl_periodic_sampler.pc +#usr/lib/pkgconfig/absl_prefetch.pc +#usr/lib/pkgconfig/absl_pretty_function.pc +#usr/lib/pkgconfig/absl_random_bit_gen_ref.pc +#usr/lib/pkgconfig/absl_random_distributions.pc +#usr/lib/pkgconfig/absl_random_internal_distribution_caller.pc +#usr/lib/pkgconfig/absl_random_internal_distribution_test_util.pc +#usr/lib/pkgconfig/absl_random_internal_fast_uniform_bits.pc +#usr/lib/pkgconfig/absl_random_internal_fastmath.pc +#usr/lib/pkgconfig/absl_random_internal_generate_real.pc +#usr/lib/pkgconfig/absl_random_internal_iostream_state_saver.pc +#usr/lib/pkgconfig/absl_random_internal_mock_helpers.pc +#usr/lib/pkgconfig/absl_random_internal_nonsecure_base.pc +#usr/lib/pkgconfig/absl_random_internal_pcg_engine.pc +#usr/lib/pkgconfig/absl_random_internal_platform.pc +#usr/lib/pkgconfig/absl_random_internal_pool_urbg.pc +#usr/lib/pkgconfig/absl_random_internal_randen.pc +#usr/lib/pkgconfig/absl_random_internal_randen_engine.pc +#usr/lib/pkgconfig/absl_random_internal_randen_hwaes.pc +#usr/lib/pkgconfig/absl_random_internal_randen_hwaes_impl.pc +#usr/lib/pkgconfig/absl_random_internal_randen_slow.pc +#usr/lib/pkgconfig/absl_random_internal_salted_seed_seq.pc +#usr/lib/pkgconfig/absl_random_internal_seed_material.pc +#usr/lib/pkgconfig/absl_random_internal_traits.pc +#usr/lib/pkgconfig/absl_random_internal_uniform_helper.pc +#usr/lib/pkgconfig/absl_random_internal_wide_multiply.pc +#usr/lib/pkgconfig/absl_random_random.pc +#usr/lib/pkgconfig/absl_random_seed_gen_exception.pc +#usr/lib/pkgconfig/absl_random_seed_sequences.pc +#usr/lib/pkgconfig/absl_raw_hash_map.pc +#usr/lib/pkgconfig/absl_raw_hash_set.pc +#usr/lib/pkgconfig/absl_raw_logging_internal.pc +#usr/lib/pkgconfig/absl_sample_recorder.pc +#usr/lib/pkgconfig/absl_scoped_set_env.pc +#usr/lib/pkgconfig/absl_span.pc +#usr/lib/pkgconfig/absl_spinlock_wait.pc +#usr/lib/pkgconfig/absl_stacktrace.pc +#usr/lib/pkgconfig/absl_status.pc +#usr/lib/pkgconfig/absl_statusor.pc +#usr/lib/pkgconfig/absl_str_format.pc +#usr/lib/pkgconfig/absl_str_format_internal.pc +#usr/lib/pkgconfig/absl_strerror.pc +#usr/lib/pkgconfig/absl_string_view.pc +#usr/lib/pkgconfig/absl_strings.pc +#usr/lib/pkgconfig/absl_strings_internal.pc +#usr/lib/pkgconfig/absl_symbolize.pc +#usr/lib/pkgconfig/absl_synchronization.pc +#usr/lib/pkgconfig/absl_throw_delegate.pc +#usr/lib/pkgconfig/absl_time.pc +#usr/lib/pkgconfig/absl_time_zone.pc +#usr/lib/pkgconfig/absl_type_traits.pc +#usr/lib/pkgconfig/absl_utility.pc +#usr/lib/pkgconfig/absl_variant.pc diff --git a/lfs/abseil-cpp b/lfs/abseil-cpp new file mode 100644 index 000000000..c0588a889 --- /dev/null +++ b/lfs/abseil-cpp @@ -0,0 +1,79 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 20230802.1 + +THISAPP = abseil-cpp-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 98a9efb0fdc3801ff26d53202a1737cdf2d4115690f358abe16ba8b82625ee9df109e50ad50a30dc8e368b78630c3e7a31006801060b431c1b07b157366f1210 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && cmake . \ + -D CMAKE_INSTALL_PREFIX=/usr \ + -D BUILD_TESTING=OFF + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh old mode 100644 new mode 100755 index 9405d497e..3b67eb196 --- a/make.sh +++ b/make.sh @@ -1648,6 +1648,7 @@ buildipfire() { lfsmake2 dnsdist lfsmake2 bird lfsmake2 libyang + lfsmake2 abseil-cpp lfsmake2 protobuf lfsmake2 protobuf-c lfsmake2 frr From c4b233ddf7fb3b48e1f8593d23d740668ab89328 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 28 Jan 2024 15:42:53 +0100 Subject: [PATCH 044/140] mpfire: fix initskript uninstall the uninstall with rm /etc/rc*.d/*mpd remove not only the mpd initlinks. Signed-off-by: Michael Tremer --- lfs/mpfire | 2 +- src/paks/mpfire/uninstall.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/mpfire b/lfs/mpfire index f45b02902..590cf31ef 100644 --- a/lfs/mpfire +++ b/lfs/mpfire @@ -32,7 +32,7 @@ THISAPP = mpfire-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mpfire -PAK_VER = 15 +PAK_VER = 16 DEPS = mpd mpc diff --git a/src/paks/mpfire/uninstall.sh b/src/paks/mpfire/uninstall.sh index e729cb1ff..7dec707ee 100644 --- a/src/paks/mpfire/uninstall.sh +++ b/src/paks/mpfire/uninstall.sh @@ -25,4 +25,4 @@ /etc/init.d/mpd stop make_backup ${NAME} remove_files -rm -f /etc/rc.d/rc*.d/*mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf +rm -f /etc/rc.d/rc*.d/???mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf From 9786225a9b1a0725a8a5a284c916150d1646d6a9 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 28 Jan 2024 21:29:46 +0100 Subject: [PATCH 045/140] mympd: new addon to control mpd via WebGUI myMPD is written in C and has a nice WebGUI to play local music and also a WebRadio browser. This is to replace the removec client175. After install it can reached via https://IP_OF_THE_IPFIRE:8800 Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer --- config/backup/includes/mympd | 1 + config/rootfiles/packages/mympd | 18 ++++++ lfs/mympd | 107 ++++++++++++++++++++++++++++++++ make.sh | 1 + src/initscripts/packages/mympd | 53 ++++++++++++++++ src/paks/mympd/install.sh | 30 +++++++++ src/paks/mympd/uninstall.sh | 28 +++++++++ src/paks/mympd/update.sh | 27 ++++++++ 8 files changed, 265 insertions(+) create mode 100644 config/backup/includes/mympd create mode 100644 config/rootfiles/packages/mympd create mode 100644 lfs/mympd create mode 100644 src/initscripts/packages/mympd create mode 100644 src/paks/mympd/install.sh create mode 100644 src/paks/mympd/uninstall.sh create mode 100644 src/paks/mympd/update.sh diff --git a/config/backup/includes/mympd b/config/backup/includes/mympd new file mode 100644 index 000000000..44481decc --- /dev/null +++ b/config/backup/includes/mympd @@ -0,0 +1 @@ +/var/lib/mympd diff --git a/config/rootfiles/packages/mympd b/config/rootfiles/packages/mympd new file mode 100644 index 000000000..bc9912b85 --- /dev/null +++ b/config/rootfiles/packages/mympd @@ -0,0 +1,18 @@ +etc/rc.d/init.d/mympd +usr/bin/mympd +usr/bin/mympd-script +#usr/lib/systemd/system/mympd.service +#usr/share/doc/mympd +#usr/share/doc/mympd/CHANGELOG.md +#usr/share/doc/mympd/LICENSE.md +#usr/share/doc/mympd/README.md +#usr/share/doc/mympd/SECURITY.md +#usr/share/man/man1/mympd-script.1.gz +#usr/share/man/man1/mympd.1.gz +var/ipfire/backup/addons/includes/mympd +var/lib/mympd +#var/lib/mympd/config +#var/lib/mympd/config/http +#var/lib/mympd/config/ssl_port +#var/lib/mympd/state +#var/lib/mympd/state/music_directory diff --git a/lfs/mympd b/lfs/mympd new file mode 100644 index 000000000..ffedcdcce --- /dev/null +++ b/lfs/mympd @@ -0,0 +1,107 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +SUMMARY = Webfrontend for Music Player Daemon + +VER = 13.0.6 + +THISAPP = myMPD-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = mympd +PAK_VER = 1 + +# TODO move mpd initskript and config to mpd package to run without mpfire +DEPS = mpd libmpdclient mpfire + +SERVICES = mympd + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 2ecd8d42b9398e85fc6c149c9e55f760f2039434039d558ac1914b447858a59676ed9300bc89b2a25757b8d9828dec5934376d4587f6b84026d07adbfd2e4a33 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && mkdir -p build + cd $(DIR_APP)/build && cmake -Wno-dev \ + -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release .. + cd $(DIR_APP)/build && make $(MAKETUNING) + cd $(DIR_APP)/build && make install + + #generate config + mkdir -p /var/lib/mympd/config + echo false > /var/lib/mympd/config/http + echo 8800 > /var/lib/mympd/config/ssl_port + mkdir -p /var/lib/mympd/state + echo /var/mp3 > /var/lib/mympd/state/music_directory + chown nobody:nobody -R /var/lib/mympd + + #install backup include + install -v -m 644 $(DIR_SRC)/config/backup/includes/mympd \ + /var/ipfire/backup/addons/includes/mympd + + #install initscript + $(call INSTALL_INITSCRIPTS,$(SERVICES)) + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 3b67eb196..a7875d766 100755 --- a/make.sh +++ b/make.sh @@ -1702,6 +1702,7 @@ buildipfire() { lfsmake2 perl-MIME-Base32 lfsmake2 perl-URI-Encode lfsmake2 rsnapshot + lfsmake2 mympd # Kernelbuild ... current we have no platform that need # multi kernel builds so KCFG is empty diff --git a/src/initscripts/packages/mympd b/src/initscripts/packages/mympd new file mode 100644 index 000000000..a7cb9e523 --- /dev/null +++ b/src/initscripts/packages/mympd @@ -0,0 +1,53 @@ +#!/bin/sh +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /etc/sysconfig/rc +. $rc_functions + +case "$1" in + start) + + boot_mesg "Starting mympd..." + loadproc /usr/bin/mympd -u nobody -s >/dev/null 2>&1 & + evaluate_retval + ;; + + stop) + boot_mesg "Stopping mympd..." + killproc /usr/bin/mympd >/dev/null 2>&1 + evaluate_retval + ;; + + restart) + $0 stop + sleep 3 + $0 start + ;; + + status) + statusproc /usr/bin/mympd + ;; + + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/src/paks/mympd/install.sh b/src/paks/mympd/install.sh new file mode 100644 index 000000000..11cae1207 --- /dev/null +++ b/src/paks/mympd/install.sh @@ -0,0 +1,30 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +ln -svf /etc/init.d/mympd /etc/rc.d/rc3.d/S66mympd +ln -svf /etc/init.d/mympd /etc/rc.d/rc0.d/K34mympd +ln -svf /etc/init.d/mympd /etc/rc.d/rc6.d/K34mympd +restore_backup ${NAME} +/etc/init.d/mympd start diff --git a/src/paks/mympd/uninstall.sh b/src/paks/mympd/uninstall.sh new file mode 100644 index 000000000..8ca9ea74e --- /dev/null +++ b/src/paks/mympd/uninstall.sh @@ -0,0 +1,28 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/etc/init.d/mpd stop +make_backup ${NAME} +remove_files +rm -f /etc/rc.d/rc*.d/???mympd diff --git a/src/paks/mympd/update.sh b/src/paks/mympd/update.sh new file mode 100644 index 000000000..31d1d77cc --- /dev/null +++ b/src/paks/mympd/update.sh @@ -0,0 +1,27 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2024 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_backup_includes +./uninstall.sh +./install.sh From 3e1731f0e233289b1902ffdeae15d358dbf5841d Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 12:22:18 +0100 Subject: [PATCH 046/140] dhcpcd: Update to version 10.0.6 + fix issue experinced by some community users. - Update from version 10.0.4 to 10.0.6 - Update of rootfile not required. - In version 10.0.4 a bug was found https://github.com/NetworkConfiguration/dhcpcd/issues/260 which was fixed in version 10.0.5. From the community forum it looks like some people have experienced this issue with the update to 10.0.4 in CU182 https://community.ipfire.org/t/core-update-182-aarch64-red0-interface-stops/10827 - According to the dhcpcd issue report this problem can affect both x86_64 and aarch64 but it seems to affect aarch64 systems much more often and the reports in the community forum are related to aarch64. - This patch updates to version 10.0.6 because that is the current latest version and includes the fix commits for the above issue that were built into 10.0.5 - Changelog 10.0.6 privsep: Stop proxying stderr to console and fix some detachment issues non-privsep: Fix launcher hangup DHCP6: Allow the invalid interface name - to mean don't assign an address from a delegated prefix DHCP6: Load the configuration for the interface being activated from prefix delegation 10.0.5 DHCP: re-enter DISCOVER phase if server doesn't reply to our REQUEST privsep: Allow __NR_dup3 syscall as some libc's use that instead of the dup2 dhcpcd uses dev: Fix an issue where not opening the dev plugin folder if configured returned the wrong fd privsep: Harden the launcher process detecting daemonisation. compat: arc4random uses explicit_bzero if available Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/dhcpcd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/dhcpcd b/lfs/dhcpcd index da832046a..4a2368562 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 10.0.4 +VER = 10.0.6 THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 770ee398eccff20cd4a37f89b841f8d580d9a42b456d93673ab3bf6ddf1ed0e49feda47ea8c1206a8a8582bccde80f45c3efbf2e1d0e493b06f04e2c6df876af +$(DL_FILE)_BLAKE2 = 4afd08cf7377b2262d33bf3f7ac503e081572a7c1ffd53b285842a92d99d88fae44e7e6384134bbe1eb839001f822fa7fb43718c42f9e8e6d11a05ec66fa2fc6 install : $(TARGET) From 91e28f1813a9feb1c9324b39d667ea7ae49780b8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 29 Jan 2024 16:03:16 +0000 Subject: [PATCH 047/140] core184: Ship dhcpcd Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/dhcpcd | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/dhcpcd diff --git a/config/rootfiles/core/184/filelists/dhcpcd b/config/rootfiles/core/184/filelists/dhcpcd new file mode 120000 index 000000000..1e799dabb --- /dev/null +++ b/config/rootfiles/core/184/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file From d06c224ed64e95f1cbe5779ef807e39a6d531947 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:06 +0100 Subject: [PATCH 048/140] borgbackup: Update to version 1.2.7 - Update from version 1.2.3 to 1.2.7 - Update of rootfile - Patch set put together to also update the dependency packages where they have been updated. - Changelog 1.2.7 Fixes: - docs: CVE-2023-36811 upgrade steps: consider checkpoint archives, #7802 - check/compact: fix spurious reappearance of orphan chunks since borg 1.2, #6687 - this consists of 2 fixes: - for existing chunks: check --repair: recreate shadow index, #6687 - for newly created chunks: update shadow index when doing a double-put, #5661 - LockRoster.modify: no KeyError if element was already gone, #7937 - create --X-from-command: run subcommands with a clean environment, #7916 - list --sort-by: support "archive" as alias of "name", #7873 - fix rc and msg if arg parsing throws an exception, #7885 Other changes: - support and test on Python 3.12 - include unistd.h in _chunker.c (fix for Python 3.13) - allow msgpack 1.0.6 and 1.0.7 - TAM issues: show tracebacks, improve borg check logging, #7797 - replace "datetime.utcfromtimestamp" with custom helper to avoid deprecation warnings when using Python 3.12 - vagrant: - use generic/debian9 box, fixes #7579 - add VM with debian bookworm / test on OpenSSL 3.0.x. - docs: - not only attack/unsafe, can also be a fs issue, #7853 - point to CVE-2023-36811 upgrade steps from borg 1.1 to 1.2 upgrade steps, #7899 - upgrade steps needed for all kinds of repos (including "none" encryption mode), #7813 - upgrade steps: talk about consequences of borg check, #7816 - upgrade steps: remove period that could be interpreted as part of the command - automated-local.rst: use GPT UUID for consistent udev rule - create disk/partition sector backup by disk serial number, #7934 - update macOS hint about full disk access - clarify borg prune -a option description, #7871 - readthedocs: also build offline docs (HTMLzip), #7835 - frontends: add "check.rebuild_refcounts" message 1.2.6 Fixes: - The upgrade procedure docs as published with borg 1.2.5 did not work, if the repository had archives resulting from a borg rename or borg recreate operation. The updated docs now use BORG_WORKAROUNDS=ignore_invalid_archive_tam at some places to avoid that issue, #7791. See: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), details and necessary upgrade procedure described above. Other changes: - updated 1.2.5 changelog entry: 1.2.5 already has the fix for rename/recreate. - remove cython restrictions. recommended is to build with cython 0.29.latest, because borg 1.2.x uses this since years and it is very stable. You can also try to build with cython 3.0.x, there is a good chance that it works. As a 3rd option, we also bundle the `*.c` files cython outputs in the release pypi package, so you can also just use these and not need cython at all. 1.2.5 Fixes: - Security: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811), see details and necessary upgrade procedure described above. - rename/recreate: correctly update resulting archive's TAM, see #7791 - create: do not try to read parent dir of recursion root, #7746 - extract: fix false warning about pattern never matching, #4110 - diff: remove surrogates before output, #7535 - compact: clear empty directories at end of compact process, #6823 - create --files-cache=size: fix crash, #7658 - keyfiles: improve key sanity check, #7561 - only warn about "invalid" chunker params, #7590 - ProgressIndicatorPercent: fix space computation for wide chars, #3027 - improve argparse validator error messages New features: - mount: make up volname if not given (macOS), #7690. macFUSE supports a volname mount option to give what finder displays on the desktop / in the directory view. if the user did not specify it, we make something up, because otherwise it would be "macFUSE Volume 0 (Python)" and hide the mountpoint directory name. - BORG_WORKAROUNDS=authenticated_no_key to extract from authenticated repos without key, #7700 Other changes: - add `utcnow()` helper function to avoid deprecated `datetime.utcnow()` - stay on latest Cython 0.29 (0.29.36) for borg 1.2.x (do not use Cython 3.0 yet) - docs: - move upgrade notes to own section, see #7546 - mount -olocal: how to show mount in finder's sidebar, #5321 - list: fix --pattern examples, #7611 - improve patterns help - incl./excl. options, path-from-stdin exclusiveness - obfuscation docs: markup fix, note about MAX_DATA_SIZE - --one-file-system: add macOS apfs notes, #4876 - improve --one-file-system help string, #5618 - rewrite borg check docs - improve the docs for --keep-within, #7687 - fix borg init command in environment.rst.inc - 1.1.x upgrade notes: more precise borg upgrade instructions, #3396 -tests: - fix repo reopen - avoid long ids in pytest output - check buzhash chunksize distribution, see #7586 1.2.4 New features: - import-tar: add --ignore-zeros to process concatenated tars, #7432. - debug id-hash: computes file/chunk content id-hash, #7406 - diff: --content-only does not show mode/ctime/mtime changes, #7248 - diff: JSON strings in diff output are now sorted alphabetically Bug fixes: - xattrs: fix namespace processing on FreeBSD, #6997 - diff: fix path related bug seen when addressing deferred items. - debug get-obj/put-obj: always give chunkid as cli param, see #7290 (this is an incompatible change, see also borg debug id-hash) - extract: fix mtime when ResourceFork xattr is set (macOS specific), #7234 - recreate: without --chunker-params, do not re-chunk, #7337 - recreate: when --target is given, do not detect "nothing to do". use case: borg recreate -a src --target dst can be used to make a copy of an archive inside the same repository, #7254. - set .hardlink_master for ALL hardlinkable items, #7175 - locking: fix host, pid, tid order. tid (thread id) must be parsed as hex from lock file name. - update development.lock.txt, including a setuptools security fix, #7227 Other changes: - requirements: allow msgpack 1.0.5 also - upgrade Cython to 0.29.33 - hashindex minor fixes, refactor, tweaks, tests - use os.replace not os.rename - remove BORG_LIBB2_PREFIX (not used any more) - docs: - BORG_KEY_FILE: clarify docs, #7444 - update FAQ about locale/unicode issues, #6999 - improve mount options rendering, #7359 - make timestamps in manual pages reproducible - installation: update Fedora in distribution list, #7357 - tests: - fix test_size_on_disk_accurate for large st_blksize, #7250 - add same_ts_ns function and use it for relaxed timestamp comparisons - "auto" compressor tests: don't assume a specific size, do not assume zlib is better than lz4, #7363 - add test for extracted directory mtime - vagrant: - upgrade local freebsd 12.1 box -> generic/freebsd13 box (13.1) - use pythons > 3.8 which work on freebsd 13.1 - pyenv: also install python 3.11.1 for testing - pyenv: use python 3.10.1, 3.10.0 build is broken on freebsd Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/borgbackup | 36 ++++++++++++++-------------- lfs/borgbackup | 8 +++---- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/config/rootfiles/packages/borgbackup b/config/rootfiles/packages/borgbackup index feaca4156..897d1d1be 100644 --- a/config/rootfiles/packages/borgbackup +++ b/config/rootfiles/packages/borgbackup @@ -6,23 +6,23 @@ usr/lib/python3.10/site-packages/borg/__main__.py usr/lib/python3.10/site-packages/borg/_version.py #usr/lib/python3.10/site-packages/borg/algorithms usr/lib/python3.10/site-packages/borg/algorithms/__init__.py -usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/archive.py usr/lib/python3.10/site-packages/borg/archiver.py usr/lib/python3.10/site-packages/borg/cache.py -usr/lib/python3.10/site-packages/borg/chunker.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/compress.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/chunker.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/compress.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/constants.py #usr/lib/python3.10/site-packages/borg/crypto usr/lib/python3.10/site-packages/borg/crypto/__init__.py usr/lib/python3.10/site-packages/borg/crypto/file_integrity.py usr/lib/python3.10/site-packages/borg/crypto/key.py usr/lib/python3.10/site-packages/borg/crypto/keymanager.py -usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/crypto/nonces.py usr/lib/python3.10/site-packages/borg/fuse.py usr/lib/python3.10/site-packages/borg/fuse_impl.py -usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-x86_64-linux-gnu.so #usr/lib/python3.10/site-packages/borg/helpers usr/lib/python3.10/site-packages/borg/helpers/__init__.py usr/lib/python3.10/site-packages/borg/helpers/checks.py @@ -37,7 +37,7 @@ usr/lib/python3.10/site-packages/borg/helpers/process.py usr/lib/python3.10/site-packages/borg/helpers/progress.py usr/lib/python3.10/site-packages/borg/helpers/time.py usr/lib/python3.10/site-packages/borg/helpers/yes.py -usr/lib/python3.10/site-packages/borg/item.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/item.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/locking.py usr/lib/python3.10/site-packages/borg/logger.py usr/lib/python3.10/site-packages/borg/lrucache.py @@ -47,9 +47,9 @@ usr/lib/python3.10/site-packages/borg/patterns.py #usr/lib/python3.10/site-packages/borg/platform usr/lib/python3.10/site-packages/borg/platform/__init__.py usr/lib/python3.10/site-packages/borg/platform/base.py -usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/borg/platform/xattr.py usr/lib/python3.10/site-packages/borg/platformflags.py usr/lib/python3.10/site-packages/borg/remote.py @@ -72,6 +72,7 @@ usr/lib/python3.10/site-packages/borg/testsuite/crypto.py usr/lib/python3.10/site-packages/borg/testsuite/efficient_collection_queue.py usr/lib/python3.10/site-packages/borg/testsuite/file_integrity.py usr/lib/python3.10/site-packages/borg/testsuite/hashindex.py +usr/lib/python3.10/site-packages/borg/testsuite/hashindex_stress.py usr/lib/python3.10/site-packages/borg/testsuite/helpers.py usr/lib/python3.10/site-packages/borg/testsuite/item.py usr/lib/python3.10/site-packages/borg/testsuite/key.py @@ -91,12 +92,11 @@ usr/lib/python3.10/site-packages/borg/testsuite/xattr.py usr/lib/python3.10/site-packages/borg/upgrader.py usr/lib/python3.10/site-packages/borg/version.py usr/lib/python3.10/site-packages/borg/xattr.py -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/PKG-INFO -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/SOURCES.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/dependency_links.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/entry_points.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/not-zip-safe -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/requires.txt -usr/lib/python3.10/site-packages/borgbackup-1.2.3-py3.10.egg-info/top_level.txt - +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/PKG-INFO +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/SOURCES.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/dependency_links.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/entry_points.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/not-zip-safe +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/requires.txt +usr/lib/python3.10/site-packages/borgbackup-1.2.7-py3.10.egg-info/top_level.txt diff --git a/lfs/borgbackup b/lfs/borgbackup index 79d6446ee..7b77fd4bb 100644 --- a/lfs/borgbackup +++ b/lfs/borgbackup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.2.3 +VER = 1.2.7 SUMMARY = Deduplicating backup program with compression and authenticated encryption THISAPP = borgbackup-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = borgbackup -PAK_VER = 15 +PAK_VER = 16 DEPS = python3-msgpack python3-packaging python3-pyfuse3 # borgbackup only works with specific versions of python3-msgpack @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 970fad62428b44eb22df761020a4c25f4aa8d3e8f5cc2c81aa96b1afb051dc24b3d124b4fc84e81cf8eaa6a9b19a200f6f9bda1f7f4c2794a7e8d33e8d5020f1 +$(DL_FILE)_BLAKE2 = 8d69f3e7890ee117e1fe2cdf6b92c548bc40b337de09850948150034fc4724bf05c51c852a268df2294e3657676920a1c663a421331fd6dba5fffa558429f11e install : $(TARGET) From 2889d50f1c43834829d08950681747d1c54cab11 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:07 +0100 Subject: [PATCH 049/140] python3-attrs: Update to version 23.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update from version 22.1.0 to 23.2.0 - Update of rootfile - setup.py is no longer available so build to use pyproject.toml was used. - A new series of build dependencies are also now required for python3-attrs - Changelog 23.2.0 Changes The type annotation for attrs.resolve_types() is now correct. #1141 Type stubs now use typing.dataclass_transform to decorate dataclass-like decorators, instead of the non-standard __dataclass_transform__ special form, which is only supported by Pyright. #1158 Fixed serialization of namedtuple fields using attrs.asdict/astuple() with retain_collection_types=True. #1165 attrs.AttrsInstance is now a typing.Protocol in both type hints and code. This allows you to subclass it along with another Protocol. #1172 If attrs detects that __attrs_pre_init__ accepts more than just self, it will call it with the same arguments as __init__ was called. This allows you to, for example, pass arguments to super().__init__(). #1187 Slotted classes now transform functools.cached_property decorated methods to support equivalent semantics. #1200 Added class_body argument to attrs.make_class() to provide additional attributes for newly created classes. It is, for example, now possible to attach methods. #1203 23.1.0 Backwards-incompatible Changes Python 3.6 has been dropped and packaging switched to static package data using Hatch. #993 Deprecations The support for zope-interface via the attrs.validators.provides validator is now deprecated and will be removed in, or after, April 2024. The presence of a C-based package in our developement dependencies has caused headaches and we’re not under the impression it’s used a lot. Let us know if you’re using it and we might publish it as a separate package. #1120 Changes attrs.filters.exclude() and attrs.filters.include() now support the passing of attribute names as strings. #1068 attrs.has() and attrs.fields() now handle generic classes correctly. #1079 Fix frozen exception classes when raised within e.g. contextlib.contextmanager, which mutates their __traceback__ attributes. #1081 @frozen now works with type checkers that implement PEP-681 (ex. pyright). #1084 Restored ability to unpickle instances pickled before 22.2.0. #1085 attrs.asdict()’s and attrs.astuple()’s type stubs now accept the attrs.AttrsInstance protocol. #1090 Fix slots class cellvar updating closure in CPython 3.8+ even when __code__ introspection is unavailable. #1092 attrs.resolve_types() can now pass include_extras to typing.get_type_hints() on Python 3.9+, and does so by default. #1099 Added instructions for pull request workflow to CONTRIBUTING.md. #1105 Added type parameter to attrs.field() function for use with attrs.make_class(). Please note that type checkers ignore type metadata passed into make_class(), but it can be useful if you’re wrapping attrs. #1107 It is now possible for attrs.evolve() (and attr.evolve()) to change fields named inst if the instance is passed as a positional argument. Passing the instance using the inst keyword argument is now deprecated and will be removed in, or after, April 2024. #1117 attrs.validators.optional() now also accepts a tuple of validators (in addition to lists of validators). #1122 22.2.0 Backwards-incompatible Changes Python 3.5 is not supported anymore. #988 Deprecations Python 3.6 is now deprecated and support will be removed in the next release. #1017 Changes attrs.field() now supports an alias option for explicit __init__ argument names. Get __init__ signatures matching any taste, peculiar or plain! The PEP 681 compatible alias option can be use to override private attribute name mangling, or add other arbitrary field argument name overrides. #950 attrs.NOTHING is now an enum value, making it possible to use with e.g. typing.Literal. #983 Added missing re-import of attr.AttrsInstance to the attrs namespace. #987 Fix slight performance regression in classes with custom __setattr__ and speedup even more. #991 Class-creation performance improvements by switching performance-sensitive templating operations to f-strings. You can expect an improvement of about 5% – even for very simple classes. #995 attrs.has() is now a TypeGuard for AttrsInstance. That means that type checkers know a class is an instance of an attrs class if you check it using attrs.has() (or attr.has()) first. #997 Made attrs.AttrsInstance stub available at runtime and fixed type errors related to the usage of attrs.AttrsInstance in Pyright. #999 On Python 3.10 and later, call abc.update_abstractmethods() on dict classes after creation. This improves the detection of abstractness. #1001 attrs’s pickling methods now use dicts instead of tuples. That is safer and more robust across different versions of a class. #1009 Added attrs.validators.not_(wrapped_validator) to logically invert wrapped_validator by accepting only values where wrapped_validator rejects the value with a ValueError or TypeError (by default, exception types configurable). #1010 The type stubs for attrs.cmp_using() now have default values. #1027 To conform with PEP 681, attr.s() and attrs.define() now accept unsafe_hash in addition to hash. #1065 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-attrs | 17 ++++++++++------- lfs/python3-attrs | 21 +++++++++++++++------ 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/packages/python3-attrs b/config/rootfiles/packages/python3-attrs index b84c91ba4..f65c80b40 100644 --- a/config/rootfiles/packages/python3-attrs +++ b/config/rootfiles/packages/python3-attrs @@ -8,6 +8,7 @@ usr/lib/python3.10/site-packages/attr/_config.py usr/lib/python3.10/site-packages/attr/_funcs.py usr/lib/python3.10/site-packages/attr/_make.py usr/lib/python3.10/site-packages/attr/_next_gen.py +usr/lib/python3.10/site-packages/attr/_typing_compat.pyi usr/lib/python3.10/site-packages/attr/_version_info.py usr/lib/python3.10/site-packages/attr/_version_info.pyi usr/lib/python3.10/site-packages/attr/converters.py @@ -22,13 +23,15 @@ usr/lib/python3.10/site-packages/attr/setters.pyi usr/lib/python3.10/site-packages/attr/validators.py usr/lib/python3.10/site-packages/attr/validators.pyi #usr/lib/python3.10/site-packages/attrs -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/not-zip-safe -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/attrs-22.1.0-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/METADATA +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/RECORD +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/WHEEL +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/licenses +#usr/lib/python3.10/site-packages/attrs-23.2.0.dist-info/licenses/LICENSE usr/lib/python3.10/site-packages/attrs/__init__.py usr/lib/python3.10/site-packages/attrs/__init__.pyi usr/lib/python3.10/site-packages/attrs/converters.py diff --git a/lfs/python3-attrs b/lfs/python3-attrs index 9ac72e14a..03a809a27 100644 --- a/lfs/python3-attrs +++ b/lfs/python3-attrs @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 22.1.0 +VER = 23.2.0 SUMMARY = Classes Without Boilerplate THISAPP = attrs-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-attrs -PAK_VER = 2 +PAK_VER = 3 DEPS = @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5da48b3cbcd99cdcc531a0859be264a4d209778caa53bd95480a103549b816c8a805079e1555fce38eb33f8bd3d5b7bfa6f814ef2b60dc405bda6686c7746f0b +$(DL_FILE)_BLAKE2 = a06f4f17a81fc173c37661bcf518367a1cdc9a333d2783bd2cd1ac5f0a72bd20ec1afdd964e10255624bcfa027e3a152375cd21472c177428d29bd06b29984a1 install : $(TARGET) @@ -80,7 +80,16 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && python3 setup.py build - cd $(DIR_APP) && python3 setup.py install --root=/ + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ @rm -rf $(DIR_APP) @$(POSTBUILD) From 0f2449afac67686a8c94f8c2a1b74e0c8460cb15 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:08 +0100 Subject: [PATCH 050/140] python3-hatchling: New build dependency for python3-attrs - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used pyproject.toml build approach Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-hatchling | 99 +++++++++++++++++++++++ lfs/python3-hatchling | 85 +++++++++++++++++++ make.sh | 1 + 3 files changed, 185 insertions(+) create mode 100644 config/rootfiles/common/python3-hatchling create mode 100644 lfs/python3-hatchling diff --git a/config/rootfiles/common/python3-hatchling b/config/rootfiles/common/python3-hatchling new file mode 100644 index 000000000..28e8a3708 --- /dev/null +++ b/config/rootfiles/common/python3-hatchling @@ -0,0 +1,99 @@ +#usr/bin/hatchling +#usr/lib/python3.10/site-packages/hatchling +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/METADATA +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/RECORD +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/WHEEL +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/entry_points.txt +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/licenses +#usr/lib/python3.10/site-packages/hatchling-1.21.1.dist-info/licenses/LICENSE.txt +#usr/lib/python3.10/site-packages/hatchling/__about__.py +#usr/lib/python3.10/site-packages/hatchling/__init__.py +#usr/lib/python3.10/site-packages/hatchling/__main__.py +#usr/lib/python3.10/site-packages/hatchling/bridge +#usr/lib/python3.10/site-packages/hatchling/bridge/__init__.py +#usr/lib/python3.10/site-packages/hatchling/bridge/app.py +#usr/lib/python3.10/site-packages/hatchling/build.py +#usr/lib/python3.10/site-packages/hatchling/builders +#usr/lib/python3.10/site-packages/hatchling/builders/__init__.py +#usr/lib/python3.10/site-packages/hatchling/builders/app.py +#usr/lib/python3.10/site-packages/hatchling/builders/config.py +#usr/lib/python3.10/site-packages/hatchling/builders/constants.py +#usr/lib/python3.10/site-packages/hatchling/builders/custom.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/__init__.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/custom.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/plugin +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/plugin/hooks.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/plugin/interface.py +#usr/lib/python3.10/site-packages/hatchling/builders/hooks/version.py +#usr/lib/python3.10/site-packages/hatchling/builders/plugin +#usr/lib/python3.10/site-packages/hatchling/builders/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/builders/plugin/hooks.py +#usr/lib/python3.10/site-packages/hatchling/builders/plugin/interface.py +#usr/lib/python3.10/site-packages/hatchling/builders/sdist.py +#usr/lib/python3.10/site-packages/hatchling/builders/utils.py +#usr/lib/python3.10/site-packages/hatchling/builders/wheel.py +#usr/lib/python3.10/site-packages/hatchling/cli +#usr/lib/python3.10/site-packages/hatchling/cli/__init__.py +#usr/lib/python3.10/site-packages/hatchling/cli/build +#usr/lib/python3.10/site-packages/hatchling/cli/build/__init__.py +#usr/lib/python3.10/site-packages/hatchling/cli/dep +#usr/lib/python3.10/site-packages/hatchling/cli/dep/__init__.py +#usr/lib/python3.10/site-packages/hatchling/cli/metadata +#usr/lib/python3.10/site-packages/hatchling/cli/metadata/__init__.py +#usr/lib/python3.10/site-packages/hatchling/cli/version +#usr/lib/python3.10/site-packages/hatchling/cli/version/__init__.py +#usr/lib/python3.10/site-packages/hatchling/dep +#usr/lib/python3.10/site-packages/hatchling/dep/__init__.py +#usr/lib/python3.10/site-packages/hatchling/dep/core.py +#usr/lib/python3.10/site-packages/hatchling/licenses +#usr/lib/python3.10/site-packages/hatchling/licenses/__init__.py +#usr/lib/python3.10/site-packages/hatchling/licenses/parse.py +#usr/lib/python3.10/site-packages/hatchling/licenses/supported.py +#usr/lib/python3.10/site-packages/hatchling/metadata +#usr/lib/python3.10/site-packages/hatchling/metadata/__init__.py +#usr/lib/python3.10/site-packages/hatchling/metadata/core.py +#usr/lib/python3.10/site-packages/hatchling/metadata/custom.py +#usr/lib/python3.10/site-packages/hatchling/metadata/plugin +#usr/lib/python3.10/site-packages/hatchling/metadata/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/metadata/plugin/hooks.py +#usr/lib/python3.10/site-packages/hatchling/metadata/plugin/interface.py +#usr/lib/python3.10/site-packages/hatchling/metadata/spec.py +#usr/lib/python3.10/site-packages/hatchling/metadata/utils.py +#usr/lib/python3.10/site-packages/hatchling/ouroboros.py +#usr/lib/python3.10/site-packages/hatchling/plugin +#usr/lib/python3.10/site-packages/hatchling/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/plugin/exceptions.py +#usr/lib/python3.10/site-packages/hatchling/plugin/manager.py +#usr/lib/python3.10/site-packages/hatchling/plugin/specs.py +#usr/lib/python3.10/site-packages/hatchling/plugin/utils.py +#usr/lib/python3.10/site-packages/hatchling/py.typed +#usr/lib/python3.10/site-packages/hatchling/utils +#usr/lib/python3.10/site-packages/hatchling/utils/__init__.py +#usr/lib/python3.10/site-packages/hatchling/utils/constants.py +#usr/lib/python3.10/site-packages/hatchling/utils/context.py +#usr/lib/python3.10/site-packages/hatchling/utils/fs.py +#usr/lib/python3.10/site-packages/hatchling/version +#usr/lib/python3.10/site-packages/hatchling/version/__init__.py +#usr/lib/python3.10/site-packages/hatchling/version/core.py +#usr/lib/python3.10/site-packages/hatchling/version/scheme +#usr/lib/python3.10/site-packages/hatchling/version/scheme/__init__.py +#usr/lib/python3.10/site-packages/hatchling/version/scheme/plugin +#usr/lib/python3.10/site-packages/hatchling/version/scheme/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/version/scheme/plugin/hooks.py +#usr/lib/python3.10/site-packages/hatchling/version/scheme/plugin/interface.py +#usr/lib/python3.10/site-packages/hatchling/version/scheme/standard.py +#usr/lib/python3.10/site-packages/hatchling/version/source +#usr/lib/python3.10/site-packages/hatchling/version/source/__init__.py +#usr/lib/python3.10/site-packages/hatchling/version/source/code.py +#usr/lib/python3.10/site-packages/hatchling/version/source/env.py +#usr/lib/python3.10/site-packages/hatchling/version/source/plugin +#usr/lib/python3.10/site-packages/hatchling/version/source/plugin/__init__.py +#usr/lib/python3.10/site-packages/hatchling/version/source/plugin/hooks.py +#usr/lib/python3.10/site-packages/hatchling/version/source/plugin/interface.py +#usr/lib/python3.10/site-packages/hatchling/version/source/regex.py diff --git a/lfs/python3-hatchling b/lfs/python3-hatchling new file mode 100644 index 000000000..fb0fe7798 --- /dev/null +++ b/lfs/python3-hatchling @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.21.1 + +THISAPP = hatchling-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 58d0ff8bd3d0717df0c51af903cda18c731d05422e71ebb091ccae695542257330c4ff7b97c60331996060c9a819b1c050813de5ab3f16203c7b81f9e93dc15a + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index a7875d766..5a7e55cef 100755 --- a/make.sh +++ b/make.sh @@ -1595,6 +1595,7 @@ buildipfire() { lfsmake2 python3-terminaltables lfsmake2 python3-pkgconfig lfsmake2 python3-msgpack + lfsmake2 python3-hatchling lfsmake2 python3-attrs lfsmake2 python3-sniffio lfsmake2 python3-sortedcontainers From eadd3ad7b28d6a7cf3d2595cf2cbedc5e4b7bbe8 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:09 +0100 Subject: [PATCH 051/140] python3-hatch-vcs: New build dependency for python3-attrs - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used pyproject.toml build approach Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-hatch-vcs | 18 +++++ lfs/python3-hatch-vcs | 85 +++++++++++++++++++++++ make.sh | 1 + 3 files changed, 104 insertions(+) create mode 100644 config/rootfiles/common/python3-hatch-vcs create mode 100644 lfs/python3-hatch-vcs diff --git a/config/rootfiles/common/python3-hatch-vcs b/config/rootfiles/common/python3-hatch-vcs new file mode 100644 index 000000000..5a3434c84 --- /dev/null +++ b/config/rootfiles/common/python3-hatch-vcs @@ -0,0 +1,18 @@ +#usr/lib/python3.10/site-packages/hatch_vcs +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/METADATA +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/RECORD +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/WHEEL +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/entry_points.txt +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/licenses +#usr/lib/python3.10/site-packages/hatch_vcs-0.4.0.dist-info/licenses/LICENSE.txt +#usr/lib/python3.10/site-packages/hatch_vcs/__about__.py +#usr/lib/python3.10/site-packages/hatch_vcs/__init__.py +#usr/lib/python3.10/site-packages/hatch_vcs/build_hook.py +#usr/lib/python3.10/site-packages/hatch_vcs/hooks.py +#usr/lib/python3.10/site-packages/hatch_vcs/metadata_hook.py +#usr/lib/python3.10/site-packages/hatch_vcs/vcs_utils.py +#usr/lib/python3.10/site-packages/hatch_vcs/version_source.py diff --git a/lfs/python3-hatch-vcs b/lfs/python3-hatch-vcs new file mode 100644 index 000000000..8e9c3c5d1 --- /dev/null +++ b/lfs/python3-hatch-vcs @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.4.0 + +THISAPP = hatch_vcs-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = cc0e02cbedf968a630803791b455f22f2ce60966327a531aac87196d48f6cf192f74eab6e995a169659983b6049cb2e656ca3d7f3670445ef06eca65318c5c6a + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 5a7e55cef..3a1704d6e 100755 --- a/make.sh +++ b/make.sh @@ -1596,6 +1596,7 @@ buildipfire() { lfsmake2 python3-pkgconfig lfsmake2 python3-msgpack lfsmake2 python3-hatchling + lfsmake2 python3-hatch-vcs lfsmake2 python3-attrs lfsmake2 python3-sniffio lfsmake2 python3-sortedcontainers From 703d5dfef063cc8833fbc6209a2bea7004f30c53 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:10 +0100 Subject: [PATCH 052/140] python3-hatch-fancy-pypi-readme: New build dependency for python3-attrs - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used pyproject.toml build approach Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- .../common/python3-hatch-fancy-pypi-readme | 23 +++++ lfs/python3-hatch-fancy-pypi-readme | 85 +++++++++++++++++++ make.sh | 1 + 3 files changed, 109 insertions(+) create mode 100644 config/rootfiles/common/python3-hatch-fancy-pypi-readme create mode 100644 lfs/python3-hatch-fancy-pypi-readme diff --git a/config/rootfiles/common/python3-hatch-fancy-pypi-readme b/config/rootfiles/common/python3-hatch-fancy-pypi-readme new file mode 100644 index 000000000..44f4beee4 --- /dev/null +++ b/config/rootfiles/common/python3-hatch-fancy-pypi-readme @@ -0,0 +1,23 @@ +#usr/bin/hatch-fancy-pypi-readme +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/METADATA +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/RECORD +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/WHEEL +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/entry_points.txt +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/licenses +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/licenses/AUTHORS.md +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme-24.1.0.dist-info/licenses/LICENSE.txt +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/__init__.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/__main__.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/_builder.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/_cli.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/_config.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/_fragments.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/_substitutions.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/exceptions.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/hooks.py +#usr/lib/python3.10/site-packages/hatch_fancy_pypi_readme/py.typed diff --git a/lfs/python3-hatch-fancy-pypi-readme b/lfs/python3-hatch-fancy-pypi-readme new file mode 100644 index 000000000..ff0626be1 --- /dev/null +++ b/lfs/python3-hatch-fancy-pypi-readme @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 24.1.0 + +THISAPP = hatch_fancy_pypi_readme-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 9baa6dd61c02f7bbc610b815db8476c10ace7623ac7cdfebbf2317d1f4f5713e898624fde1c915f9f8b5f92fea22dbff41963a0685ccf6f112180a8cf9cca59b + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 3a1704d6e..e013413c8 100755 --- a/make.sh +++ b/make.sh @@ -1597,6 +1597,7 @@ buildipfire() { lfsmake2 python3-msgpack lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs + lfsmake2 python3-hatch-fancy-pypi-readme lfsmake2 python3-attrs lfsmake2 python3-sniffio lfsmake2 python3-sortedcontainers From ec01213dcf0c8283626aa9d5a7fbc30ac725ae8c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:11 +0100 Subject: [PATCH 053/140] python3-editables: New build dependency for python3-hatchling - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used pyproject.toml build approach Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-editables | 12 ++++ lfs/python3-editables | 85 +++++++++++++++++++++++ make.sh | 4 +- 3 files changed, 98 insertions(+), 3 deletions(-) create mode 100644 config/rootfiles/common/python3-editables create mode 100644 lfs/python3-editables diff --git a/config/rootfiles/common/python3-editables b/config/rootfiles/common/python3-editables new file mode 100644 index 000000000..6b5b36e52 --- /dev/null +++ b/config/rootfiles/common/python3-editables @@ -0,0 +1,12 @@ +#usr/lib/python3.10/site-packages/editables +#usr/lib/python3.10/site-packages/editables-0.5.dist-info +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/LICENSE.txt +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/METADATA +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/RECORD +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/WHEEL +#usr/lib/python3.10/site-packages/editables-0.5.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/editables/__init__.py +#usr/lib/python3.10/site-packages/editables/py.typed +#usr/lib/python3.10/site-packages/editables/redirector.py diff --git a/lfs/python3-editables b/lfs/python3-editables new file mode 100644 index 000000000..cb5b33d45 --- /dev/null +++ b/lfs/python3-editables @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.5 + +THISAPP = editables-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 0daa314ad6841e8562a96923cd15b367995963efa7cff72fc1ff82232d9a1e07ee2dc30a8cba21195199c976335bfb2ebca720deaeafbd484a865235c97551a1 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index e013413c8..36d12c07c 100755 --- a/make.sh +++ b/make.sh @@ -1595,6 +1595,7 @@ buildipfire() { lfsmake2 python3-terminaltables lfsmake2 python3-pkgconfig lfsmake2 python3-msgpack + lfsmake2 python3-editables lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs lfsmake2 python3-hatch-fancy-pypi-readme @@ -1651,9 +1652,6 @@ buildipfire() { lfsmake2 dnsdist lfsmake2 bird lfsmake2 libyang - lfsmake2 abseil-cpp - lfsmake2 protobuf - lfsmake2 protobuf-c lfsmake2 frr lfsmake2 dmidecode lfsmake2 mcelog From ccaa26aa6a169ac7430dd2ea025075231b74d012 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:12 +0100 Subject: [PATCH 054/140] python3-pathspec: New build dependency for python3-hatchling - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used pyproject.toml build approach Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-pathspec | 19 ++++++ lfs/python3-pathspec | 85 ++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 105 insertions(+) create mode 100644 config/rootfiles/common/python3-pathspec create mode 100644 lfs/python3-pathspec diff --git a/config/rootfiles/common/python3-pathspec b/config/rootfiles/common/python3-pathspec new file mode 100644 index 000000000..ff2684f93 --- /dev/null +++ b/config/rootfiles/common/python3-pathspec @@ -0,0 +1,19 @@ +#usr/lib/python3.10/site-packages/pathspec +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/LICENSE +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/METADATA +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/RECORD +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/WHEEL +#usr/lib/python3.10/site-packages/pathspec-0.12.1.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/pathspec/__init__.py +#usr/lib/python3.10/site-packages/pathspec/_meta.py +#usr/lib/python3.10/site-packages/pathspec/gitignore.py +#usr/lib/python3.10/site-packages/pathspec/pathspec.py +#usr/lib/python3.10/site-packages/pathspec/pattern.py +#usr/lib/python3.10/site-packages/pathspec/patterns +#usr/lib/python3.10/site-packages/pathspec/patterns/__init__.py +#usr/lib/python3.10/site-packages/pathspec/patterns/gitwildmatch.py +#usr/lib/python3.10/site-packages/pathspec/py.typed +#usr/lib/python3.10/site-packages/pathspec/util.py diff --git a/lfs/python3-pathspec b/lfs/python3-pathspec new file mode 100644 index 000000000..960737a9c --- /dev/null +++ b/lfs/python3-pathspec @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.12.1 + +THISAPP = pathspec-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = e5cf93dc0a24a51bdcbcec807514344ed4e39029a8f1abe8db7cf8fa4883ac2e74f8b1a3ad6cd44bcff538b5eecc5b091b145c6c8d170de574ce9217d58855cb + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 -m build \ + --no-isolation \ + --wheel + cd $(DIR_APP) && pip3 install \ + --no-build-isolation \ + --root="/" \ + --no-deps \ + --ignore-installed \ + dist/*.whl + # remove temp build files in /root/.cache from rootfile + cd $(DIR_APP) && rm -R /root/.cache/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 36d12c07c..4f749fbac 100755 --- a/make.sh +++ b/make.sh @@ -1596,6 +1596,7 @@ buildipfire() { lfsmake2 python3-pkgconfig lfsmake2 python3-msgpack lfsmake2 python3-editables + lfsmake2 python3-pathspec lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs lfsmake2 python3-hatch-fancy-pypi-readme From cffababa468325daeaeda926e38d47cce3f8561e Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:13 +0100 Subject: [PATCH 055/140] python3-pluggy: New build dependency for python3-hatchling - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used setup.py build approach as pyproject.toml approach kept failing to build Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-pluggy | 16 ++++++ lfs/python3-pluggy | 76 ++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 93 insertions(+) create mode 100644 config/rootfiles/common/python3-pluggy create mode 100644 lfs/python3-pluggy diff --git a/config/rootfiles/common/python3-pluggy b/config/rootfiles/common/python3-pluggy new file mode 100644 index 000000000..9df9610de --- /dev/null +++ b/config/rootfiles/common/python3-pluggy @@ -0,0 +1,16 @@ +#usr/lib/python3.10/site-packages/pluggy +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/pluggy-1.4.0-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/pluggy/__init__.py +#usr/lib/python3.10/site-packages/pluggy/_callers.py +#usr/lib/python3.10/site-packages/pluggy/_hooks.py +#usr/lib/python3.10/site-packages/pluggy/_manager.py +#usr/lib/python3.10/site-packages/pluggy/_result.py +#usr/lib/python3.10/site-packages/pluggy/_tracing.py +#usr/lib/python3.10/site-packages/pluggy/_version.py +#usr/lib/python3.10/site-packages/pluggy/_warnings.py +#usr/lib/python3.10/site-packages/pluggy/py.typed diff --git a/lfs/python3-pluggy b/lfs/python3-pluggy new file mode 100644 index 000000000..deb018ee4 --- /dev/null +++ b/lfs/python3-pluggy @@ -0,0 +1,76 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.4.0 + +THISAPP = pluggy-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 0a8bff68f1871f0e571105012b0e3961771c6ee34a64711520084d0a951308d192187d01b14136c389b5bc09f127ead1a1f96ebffa7b345d2d5023157c049c43 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 setup.py build + cd $(DIR_APP) && python3 setup.py install --root=/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 4f749fbac..47fb7a08e 100755 --- a/make.sh +++ b/make.sh @@ -1597,6 +1597,7 @@ buildipfire() { lfsmake2 python3-msgpack lfsmake2 python3-editables lfsmake2 python3-pathspec + lfsmake2 python3-pluggy lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs lfsmake2 python3-hatch-fancy-pypi-readme From 6d7c67de3fe641cb67f614981fe8e72867985e51 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:14 +0100 Subject: [PATCH 056/140] python3-trove-classifiers: New build dependency for python3-hatchling - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used setup.py build approach as the pyproject.toml approach failed to build successfully. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- .../common/python3-trove-classifiers | 9 +++ lfs/python3-trove-classifiers | 76 +++++++++++++++++++ make.sh | 1 + 3 files changed, 86 insertions(+) create mode 100644 config/rootfiles/common/python3-trove-classifiers create mode 100644 lfs/python3-trove-classifiers diff --git a/config/rootfiles/common/python3-trove-classifiers b/config/rootfiles/common/python3-trove-classifiers new file mode 100644 index 000000000..a1142b9f4 --- /dev/null +++ b/config/rootfiles/common/python3-trove-classifiers @@ -0,0 +1,9 @@ +#usr/lib/python3.10/site-packages/trove_classifiers +#usr/lib/python3.10/site-packages/trove_classifiers-2024.1.8-py3.10.egg-info +#usr/lib/python3.10/site-packages/trove_classifiers-2024.1.8-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/trove_classifiers-2024.1.8-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/trove_classifiers-2024.1.8-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/trove_classifiers-2024.1.8-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/trove_classifiers/__init__.py +#usr/lib/python3.10/site-packages/trove_classifiers/__main__.py +#usr/lib/python3.10/site-packages/trove_classifiers/py.typed diff --git a/lfs/python3-trove-classifiers b/lfs/python3-trove-classifiers new file mode 100644 index 000000000..9a88316d9 --- /dev/null +++ b/lfs/python3-trove-classifiers @@ -0,0 +1,76 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2024.1.8 + +THISAPP = trove-classifiers-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = f0a4ec5439415d53d81297001aac2b4ffc3da0e2c5492acb9a3ed23fba9e7c7ea1407cfa2f8291ab0b8ea7f1dd985cdd86a1b82e71b0223c88ae73bcc7ce63cd + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 setup.py build + cd $(DIR_APP) && python3 setup.py install --root=/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 47fb7a08e..8b0bc5499 100755 --- a/make.sh +++ b/make.sh @@ -1598,6 +1598,7 @@ buildipfire() { lfsmake2 python3-editables lfsmake2 python3-pathspec lfsmake2 python3-pluggy + lfsmake2 python3-trove-classifiers lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs lfsmake2 python3-hatch-fancy-pypi-readme From 6c7e8760f7c5129b9c25d441b8bbece0e58fe0f8 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:15 +0100 Subject: [PATCH 057/140] python3-calver: New build dependency for python3-trove-classifiers - lfs and rootfile created. - rootfile put into common as it is only used as a build dependency. - Used setup.py build approach as the pyproject.toml approach failed to build successfully Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/python3-calver | 9 +++ lfs/python3-calver | 76 ++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 86 insertions(+) create mode 100644 config/rootfiles/common/python3-calver create mode 100644 lfs/python3-calver diff --git a/config/rootfiles/common/python3-calver b/config/rootfiles/common/python3-calver new file mode 100644 index 000000000..02796ab2d --- /dev/null +++ b/config/rootfiles/common/python3-calver @@ -0,0 +1,9 @@ +#usr/lib/python3.10/site-packages/calver +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info/entry_points.txt +#usr/lib/python3.10/site-packages/calver-2022.6.26-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/calver/__init__.py +#usr/lib/python3.10/site-packages/calver/integration.py diff --git a/lfs/python3-calver b/lfs/python3-calver new file mode 100644 index 000000000..565b3b63b --- /dev/null +++ b/lfs/python3-calver @@ -0,0 +1,76 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2024 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2022.6.26 + +THISAPP = calver-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = bd75214d1107d5c58c07221b014fcca9c19df8b01ffc110a43a83ce7cd4e4c9746fc7c5a2f6be9eed5ffcfce0f8d38a70901deeba4d21727e53aed2383cbedef + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 setup.py build + cd $(DIR_APP) && python3 setup.py install --root=/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 8b0bc5499..546cdc0af 100755 --- a/make.sh +++ b/make.sh @@ -1598,6 +1598,7 @@ buildipfire() { lfsmake2 python3-editables lfsmake2 python3-pathspec lfsmake2 python3-pluggy + lfsmake2 python3-calver lfsmake2 python3-trove-classifiers lfsmake2 python3-hatchling lfsmake2 python3-hatch-vcs From c60238f606a5121dcfe16323bf0d9d5aab9c1312 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:16 +0100 Subject: [PATCH 058/140] python3-exceptiongroup: Update to version 1.2.0 - Updated from version 1.1.0 to 1.2.0 - Update of rootfile - Changelog 1.2.0 Added special monkeypatching if Apport has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn) Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except* handler 1.1.3 catch() now raises a TypeError if passed an async exception handler instead of just giving a RuntimeWarning about the coroutine never being awaited. (#66, PR by John Litborn) Fixed plain raise statement in an exception handler callback to work like a raise in an except* block Fixed new exception group not being chained to the original exception when raising an exception group from exceptions raised in handler callbacks Fixed type annotations of the derive(), subgroup() and split() methods to match the ones in typeshed 1.1.2 Changed handling of exceptions in exception group handler callbacks to not wrap a single exception in an exception group, as per CPython issue 103590 1.1.1 Worked around CPython issue #98778, urllib.error.HTTPError(..., fp=None) raises KeyError on unknown attribute access, on affected Python versions. (PR by Zac Hatfield-Dodds) Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- .../rootfiles/packages/python3-exceptiongroup | 17 +++++++++-------- lfs/python3-exceptiongroup | 8 ++++---- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/python3-exceptiongroup b/config/rootfiles/packages/python3-exceptiongroup index 0ed2ae1f5..08e10c3b9 100644 --- a/config/rootfiles/packages/python3-exceptiongroup +++ b/config/rootfiles/packages/python3-exceptiongroup @@ -1,15 +1,16 @@ usr/lib/python3.10/site-packages/exceptiongroup -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/INSTALLER -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/LICENSE -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/METADATA -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/RECORD -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/REQUESTED -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/WHEEL -#usr/lib/python3.10/site-packages/exceptiongroup-1.1.1.dist-info/direct_url.json +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/INSTALLER +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/LICENSE +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/METADATA +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/RECORD +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/REQUESTED +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/WHEEL +#usr/lib/python3.10/site-packages/exceptiongroup-1.2.0.dist-info/direct_url.json usr/lib/python3.10/site-packages/exceptiongroup/__init__.py usr/lib/python3.10/site-packages/exceptiongroup/_catch.py usr/lib/python3.10/site-packages/exceptiongroup/_exceptions.py usr/lib/python3.10/site-packages/exceptiongroup/_formatting.py +usr/lib/python3.10/site-packages/exceptiongroup/_suppress.py usr/lib/python3.10/site-packages/exceptiongroup/_version.py usr/lib/python3.10/site-packages/exceptiongroup/py.typed diff --git a/lfs/python3-exceptiongroup b/lfs/python3-exceptiongroup index f1de6bb6f..067b42f14 100644 --- a/lfs/python3-exceptiongroup +++ b/lfs/python3-exceptiongroup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.1.1 +VER = 1.2.0 SUMMARY = This is a backport of the BaseExceptionGroup and ExceptionGroup classes from Python 3.11. THISAPP = exceptiongroup-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-exceptiongroup -PAK_VER = 1 +PAK_VER = 2 DEPS = @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = c396d1e1ab15265e06d76d11e6cbbff5c4e52284f890d727aab65d0ab40fcd17e3db8827ba4bba6b34d13f66606ca34ac8bcc361dd4aecf9afe624d5001de327 +$(DL_FILE)_BLAKE2 = 4f3b5505c9c6e229eae52fda1e2dc957ada9e44eb8da8f2a8c62315ee93a1e2129005d0b4a1a7f3bbc2a1448e89929fdaf6ee59a40c8aefb44104c5e330d5ac9 install : $(TARGET) From 0e299f6fb6cf7cf8dfec6b4dd06cda45c28c3e1b Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:17 +0100 Subject: [PATCH 059/140] python3-msgpack: Update to version 1.0.7 - Update from version 1.0.4 to 1.0.7 - Update of rootfile - Changelog 1.0.7 Fix build error of extension module on Windows. (#567) setup.py doesn't skip build error of extension module. (#568) 1.0.6 Add Python 3.12 wheels (#517) Remove Python 2.7, 3.6, and 3.7 support 1.0.5 Use __BYTE_ORDER__ instead of __BYTE_ORDER for portability. (#513, #514) Add Python 3.11 wheels (#517) fallback: Fix packing multidimensional memoryview (#527) Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-msgpack | 23 +++++++++++++++++------ lfs/python3-msgpack | 8 ++++---- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/config/rootfiles/packages/python3-msgpack b/config/rootfiles/packages/python3-msgpack index abe34fd9c..2347b0834 100644 --- a/config/rootfiles/packages/python3-msgpack +++ b/config/rootfiles/packages/python3-msgpack @@ -1,11 +1,22 @@ usr/lib/python3.10/site-packages/msgpack -#usr/lib/python3.10/site-packages/msgpack-1.0.4-py3.10.egg-info -#usr/lib/python3.10/site-packages/msgpack-1.0.4-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/msgpack-1.0.4-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/msgpack-1.0.4-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/msgpack-1.0.4-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info +#usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/msgpack/__init__.py -usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpp +usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/msgpack/_cmsgpack.pyx +usr/lib/python3.10/site-packages/msgpack/_packer.pyx +usr/lib/python3.10/site-packages/msgpack/_unpacker.pyx +#usr/lib/python3.10/site-packages/msgpack/buff_converter.h usr/lib/python3.10/site-packages/msgpack/exceptions.py usr/lib/python3.10/site-packages/msgpack/ext.py usr/lib/python3.10/site-packages/msgpack/fallback.py +#usr/lib/python3.10/site-packages/msgpack/pack.h +#usr/lib/python3.10/site-packages/msgpack/pack_template.h +#usr/lib/python3.10/site-packages/msgpack/sysdep.h +#usr/lib/python3.10/site-packages/msgpack/unpack.h +#usr/lib/python3.10/site-packages/msgpack/unpack_define.h +#usr/lib/python3.10/site-packages/msgpack/unpack_template.h diff --git a/lfs/python3-msgpack b/lfs/python3-msgpack index 5bb333a53..f09edd3e8 100644 --- a/lfs/python3-msgpack +++ b/lfs/python3-msgpack @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.0.4 +VER = 1.0.7 SUMMARY = Python module for reading and writing MessagePack data THISAPP = msgpack-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-msgpack -PAK_VER = 3 +PAK_VER = 4 DEPS = # borgbackup only works with specific versions of python3-msgpack - check when updating @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = fcbaafbea57f87c949a43a6bd6f6507eb3a07ac5e4a9c44fabfbb7c07849f1edabb8dadcd99a547fed32bce0f900f965368c4ee744acd4e850cad5c27022f463 +$(DL_FILE)_BLAKE2 = 8ddf2acf6bf81498d981c3ec83cbdffde1b1611f8ac23d3377f3f1541e679eda288b40b949bd586ca24a7059da3a0f73fa797a661375135ec092f408521c8527 install : $(TARGET) From 77d9d67314582076afbb12e86f34253f5b37cb4f Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:18 +0100 Subject: [PATCH 060/140] python3-packaging: Update to version 23.2 - Update from version 23.0 to 23.2 - Update of rootfile - Changelog 23.2 Document calendar-based versioning scheme (#716) Enforce that the entire marker string is parsed (#687) Requirement parsing no longer automatically validates the URL (#120) Canonicalize names for requirements comparison (#644) Introduce metadata.Metadata (along with metadata.ExceptionGroup and metadata.InvalidMetadata; #570) Introduce the validate keyword parameter to utils.normalize_name() (#570) Introduce utils.is_normalized_name() (#570) Make utils.parse_sdist_filename() and utils.parse_wheel_filename() raise InvalidSdistFilename and InvalidWheelFilename, respectively, when the version component of the name is invalid 23.1 Parse raw metadata (#671) Import underlying parser functions as an underscored variable (#663) Improve error for local version label with unsupported operators (#675) Add dedicated error for specifiers with incorrect .* suffix Replace spaces in platform names with underscores (#620) Relax typing of _key on _BaseVersion (#669) Handle prefix match with zeros at end of prefix correctly (#674) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-packaging | 11 ++++++----- lfs/python3-packaging | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/packages/python3-packaging b/config/rootfiles/packages/python3-packaging index 0c1765041..6c1ee4773 100644 --- a/config/rootfiles/packages/python3-packaging +++ b/config/rootfiles/packages/python3-packaging @@ -1,9 +1,9 @@ usr/lib/python3.10/site-packages/packaging -#usr/lib/python3.10/site-packages/packaging-23.0-py3.10.egg-info -#usr/lib/python3.10/site-packages/packaging-23.0-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/packaging-23.0-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/packaging-23.0-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/packaging-23.0-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/packaging-23.2-py3.10.egg-info +#usr/lib/python3.10/site-packages/packaging-23.2-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/packaging-23.2-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/packaging-23.2-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/packaging-23.2-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/packaging/__init__.py usr/lib/python3.10/site-packages/packaging/_elffile.py usr/lib/python3.10/site-packages/packaging/_manylinux.py @@ -12,6 +12,7 @@ usr/lib/python3.10/site-packages/packaging/_parser.py usr/lib/python3.10/site-packages/packaging/_structures.py usr/lib/python3.10/site-packages/packaging/_tokenizer.py usr/lib/python3.10/site-packages/packaging/markers.py +usr/lib/python3.10/site-packages/packaging/metadata.py usr/lib/python3.10/site-packages/packaging/py.typed usr/lib/python3.10/site-packages/packaging/requirements.py usr/lib/python3.10/site-packages/packaging/specifiers.py diff --git a/lfs/python3-packaging b/lfs/python3-packaging index 4bf2d6be0..e98c9e283 100644 --- a/lfs/python3-packaging +++ b/lfs/python3-packaging @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 23.0 +VER = 23.2 THISAPP = packaging-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-packaging -PAK_VER = 3 +PAK_VER = 4 ############################################################################### # Top-level Rules @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 601806498c414aaf3a68206a008e4032b0925bb1a06b170a6da64786d15456b5a3082cfde7620cd39f3f0ec204f42337df4b6c663c76697b6dc9577d38cc45c3 +$(DL_FILE)_BLAKE2 = cf7986a07312fd82a2a0ee738088993b9570d95cd0b573afa7a1f911bf335de7084e3d40d961adea7f5a8369738688f9d0a4265ef26a393f2d30769bc13f752a install : $(TARGET) From 74c8dc3548a93c51111030434ff4a1212c0db2f3 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:19 +0100 Subject: [PATCH 061/140] python3-pyfuse3: Update to version 3.3.0 - Update from version 3.2.2 to 3.3.0 - Update of rootfile - Changelog 3.3.0 Note: This is the first pyfuse3 release compatible with Cython 3.0.0 release. Cython 0.29.x is also still supported. Cythonized with latest Cython 3.0.0. Drop Python 3.6 and 3.7 support and testing, #71. CI: also test python 3.12. test on cython 0.29 and cython 3.0. Tell Cython that callbacks may raise exceptions, #80. Fix lookup in examples/hello.py, similar to #16. Misc. CI, testing, build and sphinx related fixes. 3.2.3 cythonize with latest Cython 0.29.34 (brings Python 3.12 support) add a minimal pyproject.toml, require setuptools tests: fix integer overflow on 32-bit arches, fixes #47 test: Use shutil.which() instead of external which(1) program setup.py: catch more generic OSError when searching Cython, fixes #63 setup.py: require Cython >= 0.29 fix basedir computation in setup.py (fix pip install -e .) use sphinx < 6.0 due to compatibility issues with more recent versions Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-pyfuse3 | 16 ++++++++-------- lfs/python3-pyfuse3 | 8 ++++---- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/python3-pyfuse3 b/config/rootfiles/packages/python3-pyfuse3 index c96c15889..32f863c8e 100644 --- a/config/rootfiles/packages/python3-pyfuse3 +++ b/config/rootfiles/packages/python3-pyfuse3 @@ -1,10 +1,10 @@ usr/lib/python3.10/site-packages/_pyfuse3.py -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/top_level.txt -#usr/lib/python3.10/site-packages/pyfuse3-3.2.2-py3.10.egg-info/zip-safe -usr/lib/python3.10/site-packages/pyfuse3.cpython-310-xxxMACHINExxx-linux-gnu.so +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/zip-safe +usr/lib/python3.10/site-packages/pyfuse3.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/pyfuse3_asyncio.py diff --git a/lfs/python3-pyfuse3 b/lfs/python3-pyfuse3 index 60d78df90..1db132488 100644 --- a/lfs/python3-pyfuse3 +++ b/lfs/python3-pyfuse3 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.2.2 +VER = 3.3.0 SUMMARY = Python3 bindings for libfuse3 THISAPP = pyfuse3-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-pyfuse3 -PAK_VER = 2 +PAK_VER = 3 DEPS = python3-trio @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a6f11083a3ddec031fdfe5cb810be526cba26d7bc9599a64d28e9a45281aeb04fca8728ff3788e44f1736475c89e64c3c1fd7cb964ff81fc30ce441a5dda7fae +$(DL_FILE)_BLAKE2 = 29a871bbd4c82298231eac0c8d4b668a75a9ea748c3dd15f093a369770fbfe080620b6209c79ce934880757764c946c3216b558dcc63cd1d1a7ef03e124174c2 install : $(TARGET) From c3863ea14df3d088b7a6394231f1f8e93dff029a Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Mon, 29 Jan 2024 14:41:20 +0100 Subject: [PATCH 062/140] python3-trio: Update to version 0.23.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update from version 0.22.0 to 0.23.1 - Update of rootfile - Changelog 0.23.0 Headline features Add type hints. (#543) Features When exiting a nursery block, the parent task always waits for child tasks to exit. This wait cannot be cancelled. However, previously, if you tried to cancel it, it would inject a Cancelled exception, even though it wasn’t cancelled. Most users probably never noticed either way, but injecting a Cancelled here is not really useful, and in some rare cases caused confusion or problems, so Trio no longer does that. (#1457) If called from a thread spawned by trio.to_thread.run_sync, trio.from_thread.run and trio.from_thread.run_sync now reuse the task and cancellation status of the host task; this means that context variables and cancel scopes naturally propagate ‘through’ threads spawned by Trio. You can also use trio.from_thread.check_cancelled to efficiently check for cancellation without reentering the Trio thread. (#2392) trio.lowlevel.start_guest_run() now does a bit more setup of the guest run before it returns to its caller, so that the caller can immediately make calls to trio.current_time(), trio.lowlevel.spawn_system_task(), trio.lowlevel.current_trio_token(), etc. (#2696) Bugfixes When a starting function raises before calling trio.TaskStatus.started(), trio.Nursery.start() will no longer wrap the exception in an undocumented ExceptionGroup. Previously, trio.Nursery.start() would incorrectly raise an ExceptionGroup containing it when using trio.run(..., strict_exception_groups=True). (#2611) Deprecations and removals To better reflect the underlying thread handling semantics, the keyword argument for trio.to_thread.run_sync that was previously called cancellable is now named abandon_on_cancel. It still does the same thing – allow the thread to be abandoned if the call to trio.to_thread.run_sync is cancelled – but since we now have other ways to propagate a cancellation without abandoning the thread, “cancellable” has become somewhat of a misnomer. The old cancellable name is now deprecated. (#2841) Deprecated support for math.inf for the backlog argument in open_tcp_listeners, making its docstring correct in the fact that only TypeError is raised if invalid arguments are passed. (#2842) Removals without deprecations Drop support for Python3.7 and PyPy3.7/3.8. (#2668) Removed special MultiError traceback handling for IPython. As of version 8.15 ExceptionGroup is handled natively. (#2702) Miscellaneous internal changes Trio now indicates its presence to sniffio using the sniffio.thread_local interface that is preferred since sniffio v1.3.0. This should be less likely than the previous approach to cause sniffio.current_async_library() to return incorrect results due to unintended inheritance of contextvars. (#2700) On windows, if SIO_BASE_HANDLE failed and SIO_BSP_HANDLE_POLL didn’t return a different socket, runtime error will now raise from the OSError that indicated the issue so that in the event it does happen it might help with debugging. (#2807) 0.22.2 Bugfixes Fix PermissionError when importing trio due to trying to access pthread. (#2688) 0.22.1 Breaking changes Timeout functions now raise ValueError if passed math.nan. This includes trio.sleep, trio.sleep_until, trio.move_on_at, trio.move_on_after, trio.fail_at and trio.fail_after. (#2493) Features Added support for naming threads created with trio.to_thread.run_sync, requires pthreads so is only available on POSIX platforms with glibc installed. (#1148) trio.socket.socket now prints the address it tried to connect to upon failure. (#1810) Bugfixes Fixed a crash that can occur when running Trio within an embedded Python interpreter, by handling the TypeError that is raised when trying to (re-)install a C signal handler. (#2333) Fix sniffio.current_async_library() when Trio tasks are spawned from a non-Trio context (such as when using trio-asyncio). Previously, a regular Trio task would inherit the non-Trio library name, and spawning a system task would cause the non-Trio caller to start thinking it was Trio. (#2462) Issued a new release as in the git tag for 0.22.0, trio.__version__ is incorrectly set to 0.21.0+dev. (#2485) Improved documentation Documented that Nursery.start_soon does not guarantee task ordering. (#970) Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-trio | 138 +++++++++++++------------ lfs/python3-trio | 6 +- 2 files changed, 73 insertions(+), 71 deletions(-) diff --git a/config/rootfiles/packages/python3-trio b/config/rootfiles/packages/python3-trio index 6b19eeba3..4a807b767 100644 --- a/config/rootfiles/packages/python3-trio +++ b/config/rootfiles/packages/python3-trio @@ -1,10 +1,10 @@ #usr/lib/python3.10/site-packages/trio -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/trio-0.22.0-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/trio-0.23.1-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/trio/__init__.py usr/lib/python3.10/site-packages/trio/_abc.py usr/lib/python3.10/site-packages/trio/_channel.py @@ -29,37 +29,33 @@ usr/lib/python3.10/site-packages/trio/_core/_mock_clock.py usr/lib/python3.10/site-packages/trio/_core/_multierror.py usr/lib/python3.10/site-packages/trio/_core/_parking_lot.py usr/lib/python3.10/site-packages/trio/_core/_run.py +#usr/lib/python3.10/site-packages/trio/_core/_tests +usr/lib/python3.10/site-packages/trio/_core/_tests/__init__.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_asyncgen.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_guest_mode.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_instrumentation.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_io.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_ki.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_local.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_mock_clock.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror_scripts +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror_scripts/__init__.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror_scripts/_common.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror_scripts/apport_excepthook.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_multierror_scripts/simple_excepthook.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_parking_lot.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_run.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_thread_cache.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_tutil.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_unbounded_queue.py +usr/lib/python3.10/site-packages/trio/_core/_tests/test_windows.py +usr/lib/python3.10/site-packages/trio/_core/_tests/tutil.py usr/lib/python3.10/site-packages/trio/_core/_thread_cache.py usr/lib/python3.10/site-packages/trio/_core/_traps.py usr/lib/python3.10/site-packages/trio/_core/_unbounded_queue.py usr/lib/python3.10/site-packages/trio/_core/_wakeup_socketpair.py usr/lib/python3.10/site-packages/trio/_core/_windows_cffi.py -#usr/lib/python3.10/site-packages/trio/_core/tests -usr/lib/python3.10/site-packages/trio/_core/tests/__init__.py -usr/lib/python3.10/site-packages/trio/_core/tests/conftest.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_asyncgen.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_guest_mode.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_instrumentation.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_io.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_ki.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_local.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_mock_clock.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror.py -#usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/__init__.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/_common.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/apport_excepthook.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/ipython_custom_exc.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/simple_excepthook.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_multierror_scripts/simple_excepthook_IPython.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_parking_lot.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_run.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_thread_cache.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_tutil.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_unbounded_queue.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_util.py -usr/lib/python3.10/site-packages/trio/_core/tests/test_windows.py -usr/lib/python3.10/site-packages/trio/_core/tests/tutil.py usr/lib/python3.10/site-packages/trio/_deprecate.py usr/lib/python3.10/site-packages/trio/_dtls.py usr/lib/python3.10/site-packages/trio/_file_io.py @@ -81,11 +77,51 @@ usr/lib/python3.10/site-packages/trio/_subprocess_platform/kqueue.py usr/lib/python3.10/site-packages/trio/_subprocess_platform/waitid.py usr/lib/python3.10/site-packages/trio/_subprocess_platform/windows.py usr/lib/python3.10/site-packages/trio/_sync.py +#usr/lib/python3.10/site-packages/trio/_tests +usr/lib/python3.10/site-packages/trio/_tests/__init__.py +usr/lib/python3.10/site-packages/trio/_tests/check_type_completeness.py +usr/lib/python3.10/site-packages/trio/_tests/module_with_deprecations.py +usr/lib/python3.10/site-packages/trio/_tests/pytest_plugin.py +usr/lib/python3.10/site-packages/trio/_tests/test_abc.py +usr/lib/python3.10/site-packages/trio/_tests/test_channel.py +usr/lib/python3.10/site-packages/trio/_tests/test_contextvars.py +usr/lib/python3.10/site-packages/trio/_tests/test_deprecate.py +usr/lib/python3.10/site-packages/trio/_tests/test_dtls.py +usr/lib/python3.10/site-packages/trio/_tests/test_exports.py +usr/lib/python3.10/site-packages/trio/_tests/test_fakenet.py +usr/lib/python3.10/site-packages/trio/_tests/test_file_io.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_generic.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_open_tcp_listeners.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_open_tcp_stream.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_open_unix_stream.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_serve_listeners.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_socket.py +usr/lib/python3.10/site-packages/trio/_tests/test_highlevel_ssl_helpers.py +usr/lib/python3.10/site-packages/trio/_tests/test_path.py +usr/lib/python3.10/site-packages/trio/_tests/test_scheduler_determinism.py +usr/lib/python3.10/site-packages/trio/_tests/test_signals.py +usr/lib/python3.10/site-packages/trio/_tests/test_socket.py +usr/lib/python3.10/site-packages/trio/_tests/test_ssl.py +usr/lib/python3.10/site-packages/trio/_tests/test_subprocess.py +usr/lib/python3.10/site-packages/trio/_tests/test_sync.py +usr/lib/python3.10/site-packages/trio/_tests/test_testing.py +usr/lib/python3.10/site-packages/trio/_tests/test_threads.py +usr/lib/python3.10/site-packages/trio/_tests/test_timeouts.py +usr/lib/python3.10/site-packages/trio/_tests/test_tracing.py +usr/lib/python3.10/site-packages/trio/_tests/test_unix_pipes.py +usr/lib/python3.10/site-packages/trio/_tests/test_util.py +usr/lib/python3.10/site-packages/trio/_tests/test_wait_for_object.py +usr/lib/python3.10/site-packages/trio/_tests/test_windows_pipes.py +#usr/lib/python3.10/site-packages/trio/_tests/tools +usr/lib/python3.10/site-packages/trio/_tests/tools/__init__.py +usr/lib/python3.10/site-packages/trio/_tests/tools/test_gen_exports.py +usr/lib/python3.10/site-packages/trio/_tests/tools/test_mypy_annotate.py usr/lib/python3.10/site-packages/trio/_threads.py usr/lib/python3.10/site-packages/trio/_timeouts.py #usr/lib/python3.10/site-packages/trio/_tools usr/lib/python3.10/site-packages/trio/_tools/__init__.py usr/lib/python3.10/site-packages/trio/_tools/gen_exports.py +usr/lib/python3.10/site-packages/trio/_tools/mypy_annotate.py usr/lib/python3.10/site-packages/trio/_unix_pipes.py usr/lib/python3.10/site-packages/trio/_util.py usr/lib/python3.10/site-packages/trio/_version.py @@ -94,6 +130,7 @@ usr/lib/python3.10/site-packages/trio/_windows_pipes.py usr/lib/python3.10/site-packages/trio/abc.py usr/lib/python3.10/site-packages/trio/from_thread.py usr/lib/python3.10/site-packages/trio/lowlevel.py +usr/lib/python3.10/site-packages/trio/py.typed usr/lib/python3.10/site-packages/trio/socket.py #usr/lib/python3.10/site-packages/trio/testing usr/lib/python3.10/site-packages/trio/testing/__init__.py @@ -104,40 +141,5 @@ usr/lib/python3.10/site-packages/trio/testing/_memory_streams.py usr/lib/python3.10/site-packages/trio/testing/_network.py usr/lib/python3.10/site-packages/trio/testing/_sequencer.py usr/lib/python3.10/site-packages/trio/testing/_trio_test.py -#usr/lib/python3.10/site-packages/trio/tests -usr/lib/python3.10/site-packages/trio/tests/__init__.py -usr/lib/python3.10/site-packages/trio/tests/conftest.py -usr/lib/python3.10/site-packages/trio/tests/module_with_deprecations.py -usr/lib/python3.10/site-packages/trio/tests/test_abc.py -usr/lib/python3.10/site-packages/trio/tests/test_channel.py -usr/lib/python3.10/site-packages/trio/tests/test_contextvars.py -usr/lib/python3.10/site-packages/trio/tests/test_deprecate.py -usr/lib/python3.10/site-packages/trio/tests/test_dtls.py -usr/lib/python3.10/site-packages/trio/tests/test_exports.py -usr/lib/python3.10/site-packages/trio/tests/test_fakenet.py -usr/lib/python3.10/site-packages/trio/tests/test_file_io.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_generic.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_open_tcp_listeners.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_open_tcp_stream.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_open_unix_stream.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_serve_listeners.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_socket.py -usr/lib/python3.10/site-packages/trio/tests/test_highlevel_ssl_helpers.py -usr/lib/python3.10/site-packages/trio/tests/test_path.py -usr/lib/python3.10/site-packages/trio/tests/test_scheduler_determinism.py -usr/lib/python3.10/site-packages/trio/tests/test_signals.py -usr/lib/python3.10/site-packages/trio/tests/test_socket.py -usr/lib/python3.10/site-packages/trio/tests/test_ssl.py -usr/lib/python3.10/site-packages/trio/tests/test_subprocess.py -usr/lib/python3.10/site-packages/trio/tests/test_sync.py -usr/lib/python3.10/site-packages/trio/tests/test_testing.py -usr/lib/python3.10/site-packages/trio/tests/test_threads.py -usr/lib/python3.10/site-packages/trio/tests/test_timeouts.py -usr/lib/python3.10/site-packages/trio/tests/test_unix_pipes.py -usr/lib/python3.10/site-packages/trio/tests/test_util.py -usr/lib/python3.10/site-packages/trio/tests/test_wait_for_object.py -usr/lib/python3.10/site-packages/trio/tests/test_windows_pipes.py -#usr/lib/python3.10/site-packages/trio/tests/tools -usr/lib/python3.10/site-packages/trio/tests/tools/__init__.py -usr/lib/python3.10/site-packages/trio/tests/tools/test_gen_exports.py +usr/lib/python3.10/site-packages/trio/tests.py usr/lib/python3.10/site-packages/trio/to_thread.py diff --git a/lfs/python3-trio b/lfs/python3-trio index 49f1207ab..9a4f833af 100644 --- a/lfs/python3-trio +++ b/lfs/python3-trio @@ -24,7 +24,7 @@ include Config -VER = 0.22.0 +VER = 0.23.1 SUMMARY = async/await-native I/O library for Python THISAPP = trio-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-trio -PAK_VER = 3 +PAK_VER = 4 DEPS = python3-async_generator python3-attrs python3-sniffio python3-sortedcontainers python3-outcome python3-idna python3-exceptiongroup @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b76f49c45788d41cbeded573e54d88e525cb2ad80b05da4c61f6c5100bdc85271f26a0c3aee07ca858214092106d217a2176d60744892c768bbc8ecad9383190 +$(DL_FILE)_BLAKE2 = e7c1aa2ec7ef7fa8c5940e66d6322df1abf3def9b1026509dcd1783f968cdb42332c293905887f2892619efed5abbc353c7d552d0ba34153e3a4715fbe4e403c install : $(TARGET) From fc37ab7a5194479c551934db9e0fef115e65f0a3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 29 Jan 2024 16:08:11 +0000 Subject: [PATCH 063/140] libvirt: Fix rootfile for riscv64 Signed-off-by: Michael Tremer --- config/rootfiles/packages/riscv64/libvirt | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/riscv64/libvirt b/config/rootfiles/packages/riscv64/libvirt index 873a0a5d2..3e9fe3f2d 100644 --- a/config/rootfiles/packages/riscv64/libvirt +++ b/config/rootfiles/packages/riscv64/libvirt @@ -84,16 +84,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.8010.0 +usr/lib/libvirt-admin.so.0.10000.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.8010.0 +usr/lib/libvirt-lxc.so.0.10000.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.8010.0 +usr/lib/libvirt-qemu.so.0.10000.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.8010.0 +usr/lib/libvirt.so.0.10000.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_interface.so usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.so @@ -181,6 +181,7 @@ usr/sbin/virtstoraged #usr/share/doc/libvirt/examples/sh #usr/share/doc/libvirt/examples/sh/virt-lxc-convert #usr/share/doc/libvirt/examples/systemtap +#usr/share/doc/libvirt/examples/systemtap/amd-sev-es-vmsa.stp #usr/share/doc/libvirt/examples/systemtap/events.stp #usr/share/doc/libvirt/examples/systemtap/lock-debug.stp #usr/share/doc/libvirt/examples/systemtap/qemu-monitor.stp @@ -242,6 +243,7 @@ usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml usr/share/libvirt/cpu_map/x86_Conroe.xml usr/share/libvirt/cpu_map/x86_Cooperlake.xml usr/share/libvirt/cpu_map/x86_Dhyana.xml +usr/share/libvirt/cpu_map/x86_EPYC-Genoa.xml usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml @@ -266,6 +268,7 @@ usr/share/libvirt/cpu_map/x86_Opteron_G5.xml usr/share/libvirt/cpu_map/x86_Penryn.xml usr/share/libvirt/cpu_map/x86_SandyBridge-IBRS.xml usr/share/libvirt/cpu_map/x86_SandyBridge.xml +usr/share/libvirt/cpu_map/x86_SapphireRapids.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Client.xml @@ -354,6 +357,7 @@ usr/share/libvirt/schemas/storagevol.rng #usr/share/locale/pl/LC_MESSAGES/libvirt.mo #usr/share/locale/pt/LC_MESSAGES/libvirt.mo #usr/share/locale/pt_BR/LC_MESSAGES/libvirt.mo +#usr/share/locale/ro/LC_MESSAGES/libvirt.mo #usr/share/locale/ru/LC_MESSAGES/libvirt.mo #usr/share/locale/si/LC_MESSAGES/libvirt.mo #usr/share/locale/sr/LC_MESSAGES/libvirt.mo From e2dce81ca343d4b55f6357417c556d63cb279f4e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 14:56:11 +0000 Subject: [PATCH 064/140] make.sh: Build dependencies for frr These have accidentially been removed in ec01213dcf0c8283626aa9d5a7fbc30ac725ae8c. Signed-off-by: Michael Tremer --- make.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/make.sh b/make.sh index 546cdc0af..6178b46cb 100755 --- a/make.sh +++ b/make.sh @@ -1656,6 +1656,9 @@ buildipfire() { lfsmake2 dnsdist lfsmake2 bird lfsmake2 libyang + lfsmake2 abseil-cpp + lfsmake2 protobuf + lfsmake2 protobuf-c lfsmake2 frr lfsmake2 dmidecode lfsmake2 mcelog From 54387ef1436386ad2a116f2a5eeb956d0574f756 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 15:09:54 +0000 Subject: [PATCH 065/140] openssl: Update to 3.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL did not correctly check for this case. A fix has been applied to prevent a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue prior to this fix. OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. ([CVE-2024-0727]) *Matt Caswell* * When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the "-pubin" and "-check" options on untrusted data. To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason. ([CVE-2023-6237]) *Tomáš Mráz* * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey rather than SM2. *Richard Levitte* * The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs saves the contents of vector registers in different order than they are restored. Thus the contents of some of these vector registers is corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. ([CVE-2023-6129]) *Rohan McLure* * Fix excessive time spent in DH check / generation with large Q parameter value. Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. ([CVE-2023-5678]) *Richard Levitte* * Disable building QUIC server utility when OpenSSL is configured with `no-apps`. *Vitalii Koshura* Signed-off-by: Michael Tremer --- config/rootfiles/common/openssl | 69 +++++++++++++++++++++++++++++++++ lfs/openssl | 4 +- 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index 118b15e85..a3664a521 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -329,6 +329,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html #usr/share/doc/openssl/html/man3/CMS_sign.html #usr/share/doc/openssl/html/man3/CMS_sign_receipt.html +#usr/share/doc/openssl/html/man3/CMS_signed_get_attr.html #usr/share/doc/openssl/html/man3/CMS_uncompress.html #usr/share/doc/openssl/html/man3/CMS_verify.html #usr/share/doc/openssl/html/man3/CMS_verify_receipt.html @@ -431,6 +432,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/EVP_PKEY_encapsulate.html #usr/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html #usr/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html +#usr/share/doc/openssl/html/man3/EVP_PKEY_get_attr.html #usr/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html #usr/share/doc/openssl/html/man3/EVP_PKEY_get_field_type.html #usr/share/doc/openssl/html/man3/EVP_PKEY_get_group_name.html @@ -812,6 +814,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/X509V3_get_d2i.html #usr/share/doc/openssl/html/man3/X509V3_set_ctx.html #usr/share/doc/openssl/html/man3/X509_ALGOR_dup.html +#usr/share/doc/openssl/html/man3/X509_ATTRIBUTE.html #usr/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html #usr/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html #usr/share/doc/openssl/html/man3/X509_LOOKUP.html @@ -823,6 +826,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html #usr/share/doc/openssl/html/man3/X509_NAME_print_ex.html #usr/share/doc/openssl/html/man3/X509_PUBKEY_new.html +#usr/share/doc/openssl/html/man3/X509_REQ_get_attr.html #usr/share/doc/openssl/html/man3/X509_REQ_get_extensions.html #usr/share/doc/openssl/html/man3/X509_SIG_get0.html #usr/share/doc/openssl/html/man3/X509_STORE_CTX_get_by_subject.html @@ -1812,7 +1816,27 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/CMS_sign.3ossl #usr/share/man/man3/CMS_sign_ex.3ossl #usr/share/man/man3/CMS_sign_receipt.3ossl +#usr/share/man/man3/CMS_signed_add1_attr.3ossl +#usr/share/man/man3/CMS_signed_add1_attr_by_NID.3ossl +#usr/share/man/man3/CMS_signed_add1_attr_by_OBJ.3ossl +#usr/share/man/man3/CMS_signed_add1_attr_by_txt.3ossl +#usr/share/man/man3/CMS_signed_delete_attr.3ossl +#usr/share/man/man3/CMS_signed_get0_data_by_OBJ.3ossl +#usr/share/man/man3/CMS_signed_get_attr.3ossl +#usr/share/man/man3/CMS_signed_get_attr_by_NID.3ossl +#usr/share/man/man3/CMS_signed_get_attr_by_OBJ.3ossl +#usr/share/man/man3/CMS_signed_get_attr_count.3ossl #usr/share/man/man3/CMS_uncompress.3ossl +#usr/share/man/man3/CMS_unsigned_add1_attr.3ossl +#usr/share/man/man3/CMS_unsigned_add1_attr_by_NID.3ossl +#usr/share/man/man3/CMS_unsigned_add1_attr_by_OBJ.3ossl +#usr/share/man/man3/CMS_unsigned_add1_attr_by_txt.3ossl +#usr/share/man/man3/CMS_unsigned_delete_attr.3ossl +#usr/share/man/man3/CMS_unsigned_get0_data_by_OBJ.3ossl +#usr/share/man/man3/CMS_unsigned_get_attr.3ossl +#usr/share/man/man3/CMS_unsigned_get_attr_by_NID.3ossl +#usr/share/man/man3/CMS_unsigned_get_attr_by_OBJ.3ossl +#usr/share/man/man3/CMS_unsigned_get_attr_count.3ossl #usr/share/man/man3/CMS_verify.3ossl #usr/share/man/man3/CMS_verify_receipt.3ossl #usr/share/man/man3/COMP_CTX_free.3ossl @@ -2881,6 +2905,10 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_PKEY_CTX_settable_params.3ossl #usr/share/man/man3/EVP_PKEY_METHOD.3ossl #usr/share/man/man3/EVP_PKEY_Q_keygen.3ossl +#usr/share/man/man3/EVP_PKEY_add1_attr.3ossl +#usr/share/man/man3/EVP_PKEY_add1_attr_by_NID.3ossl +#usr/share/man/man3/EVP_PKEY_add1_attr_by_OBJ.3ossl +#usr/share/man/man3/EVP_PKEY_add1_attr_by_txt.3ossl #usr/share/man/man3/EVP_PKEY_asn1_add0.3ossl #usr/share/man/man3/EVP_PKEY_asn1_add_alias.3ossl #usr/share/man/man3/EVP_PKEY_asn1_copy.3ossl @@ -2926,6 +2954,7 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_PKEY_decrypt.3ossl #usr/share/man/man3/EVP_PKEY_decrypt_init.3ossl #usr/share/man/man3/EVP_PKEY_decrypt_init_ex.3ossl +#usr/share/man/man3/EVP_PKEY_delete_attr.3ossl #usr/share/man/man3/EVP_PKEY_derive.3ossl #usr/share/man/man3/EVP_PKEY_derive_init.3ossl #usr/share/man/man3/EVP_PKEY_derive_init_ex.3ossl @@ -2965,6 +2994,10 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/EVP_PKEY_get1_RSA.3ossl #usr/share/man/man3/EVP_PKEY_get1_encoded_public_key.3ossl #usr/share/man/man3/EVP_PKEY_get1_tls_encodedpoint.3ossl +#usr/share/man/man3/EVP_PKEY_get_attr.3ossl +#usr/share/man/man3/EVP_PKEY_get_attr_by_NID.3ossl +#usr/share/man/man3/EVP_PKEY_get_attr_by_OBJ.3ossl +#usr/share/man/man3/EVP_PKEY_get_attr_count.3ossl #usr/share/man/man3/EVP_PKEY_get_base_id.3ossl #usr/share/man/man3/EVP_PKEY_get_bits.3ossl #usr/share/man/man3/EVP_PKEY_get_bn_param.3ossl @@ -3558,13 +3591,16 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/OPENSSL_LH_error.3ossl #usr/share/man/man3/OPENSSL_LH_flush.3ossl #usr/share/man/man3/OPENSSL_LH_free.3ossl +#usr/share/man/man3/OPENSSL_LH_get_down_load.3ossl #usr/share/man/man3/OPENSSL_LH_insert.3ossl #usr/share/man/man3/OPENSSL_LH_new.3ossl #usr/share/man/man3/OPENSSL_LH_node_stats.3ossl #usr/share/man/man3/OPENSSL_LH_node_stats_bio.3ossl #usr/share/man/man3/OPENSSL_LH_node_usage_stats.3ossl #usr/share/man/man3/OPENSSL_LH_node_usage_stats_bio.3ossl +#usr/share/man/man3/OPENSSL_LH_num_items.3ossl #usr/share/man/man3/OPENSSL_LH_retrieve.3ossl +#usr/share/man/man3/OPENSSL_LH_set_down_load.3ossl #usr/share/man/man3/OPENSSL_LH_stats.3ossl #usr/share/man/man3/OPENSSL_LH_stats_bio.3ossl #usr/share/man/man3/OPENSSL_LINE.3ossl @@ -5669,9 +5705,20 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_ALGOR_new.3ossl #usr/share/man/man3/X509_ALGOR_set0.3ossl #usr/share/man/man3/X509_ALGOR_set_md.3ossl +#usr/share/man/man3/X509_ATTRIBUTE.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_count.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_create.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_create_by_NID.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_create_by_OBJ.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_create_by_txt.3ossl #usr/share/man/man3/X509_ATTRIBUTE_dup.3ossl #usr/share/man/man3/X509_ATTRIBUTE_free.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_get0_data.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_get0_object.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_get0_type.3ossl #usr/share/man/man3/X509_ATTRIBUTE_new.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_set1_data.3ossl +#usr/share/man/man3/X509_ATTRIBUTE_set1_object.3ossl #usr/share/man/man3/X509_CERT_AUX_free.3ossl #usr/share/man/man3/X509_CERT_AUX_new.3ossl #usr/share/man/man3/X509_CINF_free.3ossl @@ -5826,9 +5873,14 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_PUBKEY_set0_public_key.3ossl #usr/share/man/man3/X509_REQ_INFO_free.3ossl #usr/share/man/man3/X509_REQ_INFO_new.3ossl +#usr/share/man/man3/X509_REQ_add1_attr.3ossl +#usr/share/man/man3/X509_REQ_add1_attr_by_NID.3ossl +#usr/share/man/man3/X509_REQ_add1_attr_by_OBJ.3ossl +#usr/share/man/man3/X509_REQ_add1_attr_by_txt.3ossl #usr/share/man/man3/X509_REQ_add_extensions.3ossl #usr/share/man/man3/X509_REQ_add_extensions_nid.3ossl #usr/share/man/man3/X509_REQ_check_private_key.3ossl +#usr/share/man/man3/X509_REQ_delete_attr.3ossl #usr/share/man/man3/X509_REQ_digest.3ossl #usr/share/man/man3/X509_REQ_dup.3ossl #usr/share/man/man3/X509_REQ_free.3ossl @@ -5836,6 +5888,10 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_REQ_get0_pubkey.3ossl #usr/share/man/man3/X509_REQ_get0_signature.3ossl #usr/share/man/man3/X509_REQ_get_X509_PUBKEY.3ossl +#usr/share/man/man3/X509_REQ_get_attr.3ossl +#usr/share/man/man3/X509_REQ_get_attr_by_NID.3ossl +#usr/share/man/man3/X509_REQ_get_attr_by_OBJ.3ossl +#usr/share/man/man3/X509_REQ_get_attr_count.3ossl #usr/share/man/man3/X509_REQ_get_extensions.3ossl #usr/share/man/man3/X509_REQ_get_pubkey.3ossl #usr/share/man/man3/X509_REQ_get_signature_nid.3ossl @@ -6126,6 +6182,16 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/X509_verify.3ossl #usr/share/man/man3/X509_verify_cert.3ossl #usr/share/man/man3/X509_verify_cert_error_string.3ossl +#usr/share/man/man3/X509at_add1_attr.3ossl +#usr/share/man/man3/X509at_add1_attr_by_NID.3ossl +#usr/share/man/man3/X509at_add1_attr_by_OBJ.3ossl +#usr/share/man/man3/X509at_add1_attr_by_txt.3ossl +#usr/share/man/man3/X509at_delete_attr.3ossl +#usr/share/man/man3/X509at_get0_data_by_OBJ.3ossl +#usr/share/man/man3/X509at_get_attr.3ossl +#usr/share/man/man3/X509at_get_attr_by_NID.3ossl +#usr/share/man/man3/X509at_get_attr_by_OBJ.3ossl +#usr/share/man/man3/X509at_get_attr_count.3ossl #usr/share/man/man3/X509v3_add_ext.3ossl #usr/share/man/man3/X509v3_delete_ext.3ossl #usr/share/man/man3/X509v3_get_ext.3ossl @@ -6598,9 +6664,12 @@ usr/lib/ossl-modules/legacy.so #usr/share/man/man3/lh_TYPE_error.3ossl #usr/share/man/man3/lh_TYPE_flush.3ossl #usr/share/man/man3/lh_TYPE_free.3ossl +#usr/share/man/man3/lh_TYPE_get_down_load.3ossl #usr/share/man/man3/lh_TYPE_insert.3ossl #usr/share/man/man3/lh_TYPE_new.3ossl +#usr/share/man/man3/lh_TYPE_num_items.3ossl #usr/share/man/man3/lh_TYPE_retrieve.3ossl +#usr/share/man/man3/lh_TYPE_set_down_load.3ossl #usr/share/man/man3/o2i_SCT.3ossl #usr/share/man/man3/o2i_SCT_LIST.3ossl #usr/share/man/man3/pem_password_cb.3ossl diff --git a/lfs/openssl b/lfs/openssl index 2a9de717a..695035742 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 3.2.0 +VER = 3.2.1 THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -72,7 +72,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1 +$(DL_FILE)_BLAKE2 = 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347 install : $(TARGET) From 0bbbac793499507a22f810c55f8a84f4dbec1b6e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 17:41:07 +0000 Subject: [PATCH 066/140] core184: Ship OpenSSL Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/openssl | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/openssl diff --git a/config/rootfiles/core/184/filelists/openssl b/config/rootfiles/core/184/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/184/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file From 10851f7ffab24ebd708e0ef2dc773642d3ebb612 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 29 Jan 2024 17:25:05 +0100 Subject: [PATCH 067/140] mc: Update to 4.8.31 For details see: https://midnight-commander.org/wiki/NEWS-4.8.31 "Major changes since 4.8.30 Core Minimal version of GLib is 2.32.0. VFS fish: drop support of native FISH server and protocol. Rename VFS to shell (#4232) extfs; uc1541 extfs: update up to 3.6 version (#4511) s3+: port to Python3 (#4324) Support for LZO/LZOP compression format (#4509) ... Skins: add color for non-printable characters in editor (#4433) Fixes FTBFS on FreeBSD with ext2fs attribute support (#4493) Broken stickchars (-a) mode (#4498) Wrong timestamp after resuming of file copy operation (#4499) Editor: wrong deletion of marked column (#3761) Diff viewer: segfault when display of line numbers is enabled (#4500) Tar VFS: broken handling of hard links (#4494) Sftp VFS: failure establishing SSH session due hashed host names in ~/.ssh/known_hosts (#4506) Shell VFS: incorrect file names with cyrillic or diacritic symbols (#4507) mc.ext.ini: incorrect description of of how multiple sections and keys with same names are processed (#4497) mc.ext.ini: unescaped backslash \ is treated as invalid escape sequence in glib-2.77.3 and glib-2.79 (#4502) mc.ext.ini: file "Makefile.zip" is handled as Makefile not as zip-arhive (#4419)" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- config/rootfiles/packages/mc | 34 +++++++++++++++++----------------- lfs/mc | 8 ++++---- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/config/rootfiles/packages/mc b/config/rootfiles/packages/mc index 77951ceb5..572d42746 100644 --- a/config/rootfiles/packages/mc +++ b/config/rootfiles/packages/mc @@ -63,27 +63,27 @@ usr/libexec/mc/extfs.d/urar usr/libexec/mc/extfs.d/uwim usr/libexec/mc/extfs.d/uzip usr/libexec/mc/extfs.d/uzoo -#usr/libexec/mc/fish -#usr/libexec/mc/fish/README.fish -usr/libexec/mc/fish/append -usr/libexec/mc/fish/chmod -usr/libexec/mc/fish/chown -usr/libexec/mc/fish/fexists -usr/libexec/mc/fish/get -usr/libexec/mc/fish/hardlink -usr/libexec/mc/fish/info -usr/libexec/mc/fish/ln -usr/libexec/mc/fish/ls -usr/libexec/mc/fish/mkdir -usr/libexec/mc/fish/mv -usr/libexec/mc/fish/rmdir -usr/libexec/mc/fish/send -usr/libexec/mc/fish/unlink -usr/libexec/mc/fish/utime usr/libexec/mc/mc-wrapper.csh usr/libexec/mc/mc-wrapper.sh usr/libexec/mc/mc.csh usr/libexec/mc/mc.sh +#usr/libexec/mc/shell +#usr/libexec/mc/shell/README.shell +usr/libexec/mc/shell/append +usr/libexec/mc/shell/chmod +usr/libexec/mc/shell/chown +usr/libexec/mc/shell/fexists +usr/libexec/mc/shell/get +usr/libexec/mc/shell/hardlink +usr/libexec/mc/shell/info +usr/libexec/mc/shell/ln +usr/libexec/mc/shell/ls +usr/libexec/mc/shell/mkdir +usr/libexec/mc/shell/mv +usr/libexec/mc/shell/rmdir +usr/libexec/mc/shell/send +usr/libexec/mc/shell/unlink +usr/libexec/mc/shell/utime #usr/share/man/man1/mc.1 #usr/share/man/man1/mcedit.1 #usr/share/man/man1/mcview.1 diff --git a/lfs/mc b/lfs/mc index 2aab53fa9..3fb3f6d49 100644 --- a/lfs/mc +++ b/lfs/mc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Midnight Commander -VER = 4.8.30 +VER = 4.8.31 THISAPP = mc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mc -PAK_VER = 25 +PAK_VER = 26 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2bf759314abae39db7596426cba22f6eaac0efc58e7025f1a7ef1863496ea7a3c00d298d101123b9defb109e76e31fe988227fb5c1112e06051b3c7a5b3dc1b6 +$(DL_FILE)_BLAKE2 = aa8406d7d68a7466f662f83730dfc157f6e4f444b62284d9b71ea12def333996e298352f94526a3eb85491030f62373cf8d5621e449a7abf1fb5267a13a396fe install : $(TARGET) From 353e7b95be2453556cf50e2d9ffc2ea7005f112c Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 29 Jan 2024 17:25:55 +0100 Subject: [PATCH 068/140] vnstat: Update to 2.12 For details see: https://humdi.net/vnstat/CHANGES "2.12 / 21-Jan-2024 - Fixed - QueryMode documentation in configuration file didn't match implementation or man page description - Daemon didn't try to import legacy databases when --noadd was used and no current version database initially existed resulting in the process exiting even when something could have been done - Daemon didn't try to import legacy databases when --initdb was used and no current version database initially existed, this behaviour can still be enabled by using --noadd in combination with --initdb - Using --nodaemon and --initdb at the same time didn't result in an error being shown - New - Add 95th percentile output as --95th, also available via --alert, --json, --xml and image output, requires 5MinuteHours configuration to be set to at least 744 for storing all the necessary data - Add --json support for --alert - Database queries resulting in error exit with status 1 - Show spinning animation at the beginning of -l / --live output line, visibility configurable using LiveSpinner configuration option - Add -ic / --invert-colors option to image output for facilitating for example dark mode switching without needing to have multiple separate color configurations - Add dark mode option to image output example cgi (examples/vnstat.cgi) - Add option 4 to QueryMode for selecting summary output of single interface regardless of the number of interfaces in the database - Add optional mode parameter to -q / --query for overriding QueryMode for summary output and for enabling control of summary output style regardless of the number of interfaces in the database - Add --startempty option to daemon for starting and keeping the daemon running even if no interfaces were discovered and the database is empty - Add --noremove option to daemon for disabling the automatic removal of interfaces from database that aren't currently visible and haven't seen any traffic - Add third mode option to --iflist and --dbiflist for getting only the interface count as output" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- lfs/vnstat | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/vnstat b/lfs/vnstat index ca61562c0..c47833a14 100644 --- a/lfs/vnstat +++ b/lfs/vnstat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.11 +VER = 2.12 THISAPP = vnstat-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6eeed45d628641c9d88cf33ae1fc14871109b1e9fd0ac4a46fe8e2c194bb4600878b69408ed177bcde38ca859d0a3165d0095cab9b0bb6c036f7788fbfcb47e6 +$(DL_FILE)_BLAKE2 = af6982bc6da66ed2cebfe99e1b46a540528886d1c6e7a5174a3083a315804cb42c2395f3a0f5df552e8fd6b7823a01873fc5f9fb2178529c53481a67552dab35 install : $(TARGET) From 0742f6eda5838897abd4b5cc66bf2cf5c040951a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 17:50:20 +0000 Subject: [PATCH 069/140] core184: Ship vnstat Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/vnstat | 1 + config/rootfiles/core/184/update.sh | 2 ++ 2 files changed, 3 insertions(+) create mode 120000 config/rootfiles/core/184/filelists/vnstat diff --git a/config/rootfiles/core/184/filelists/vnstat b/config/rootfiles/core/184/filelists/vnstat new file mode 120000 index 000000000..2e2e6100b --- /dev/null +++ b/config/rootfiles/core/184/filelists/vnstat @@ -0,0 +1 @@ +../../../common/vnstat \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index 1059d1a1b..436984690 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +/etc/init.d/vnstat stop # Extract files extract_files @@ -51,6 +52,7 @@ ldconfig /usr/local/bin/sshctrl # Start services +/etc/init.d/vnstat start # This update needs a reboot... #touch /var/run/need_reboot From f5000d47b7c81cd1b06535516474432121b5d08e Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 30 Jan 2024 23:13:39 +0100 Subject: [PATCH 070/140] acl: Update to version 2.3.2 - Update from version 2.3.1 to 2.3.2 - Update of rootfile - Changelog is only available from reviewing the git commits https://git.savannah.nongnu.org/cgit/acl.git/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/acl | 4 ++-- lfs/acl | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/acl b/config/rootfiles/common/acl index a3476d9a5..505fd563c 100644 --- a/config/rootfiles/common/acl +++ b/config/rootfiles/common/acl @@ -7,13 +7,12 @@ usr/bin/setfacl #usr/lib/libacl.la usr/lib/libacl.so usr/lib/libacl.so.1 -usr/lib/libacl.so.1.1.2301 +usr/lib/libacl.so.1.1.2302 #usr/lib/pkgconfig/libacl.pc #usr/share/doc/acl #usr/share/doc/acl/CHANGES #usr/share/doc/acl/COPYING #usr/share/doc/acl/COPYING.LGPL -#usr/share/doc/acl/PORTING #usr/share/doc/acl/extensions.txt #usr/share/doc/acl/libacl.txt #usr/share/locale/de/LC_MESSAGES/acl.mo @@ -22,6 +21,7 @@ usr/lib/libacl.so.1.1.2301 #usr/share/locale/es/LC_MESSAGES/acl.mo #usr/share/locale/fr/LC_MESSAGES/acl.mo #usr/share/locale/gl/LC_MESSAGES/acl.mo +#usr/share/locale/ka/LC_MESSAGES/acl.mo #usr/share/locale/pl/LC_MESSAGES/acl.mo #usr/share/locale/sv/LC_MESSAGES/acl.mo #usr/share/man/man1/chacl.1 diff --git a/lfs/acl b/lfs/acl index 9c5c46952..b0008d4db 100644 --- a/lfs/acl +++ b/lfs/acl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.3.1 +VER = 2.3.2 THISAPP = acl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 15e81e8159ddb21ef0c262bef3101c0b6fa546738a2ab74c01ccc21fd1c3dc8ab6aaf84a06dee6da22291f3ca4feeffa60c7d11bfac1ab770a6ec28e1f1655e0 +$(DL_FILE)_BLAKE2 = 9f2abfddcd403df2c716c05f02a1b52453613d10948dc58a65b9ef41b44e37db6de99fb22dcfc4f6f0fb5d0319c939da61bd4e0fba2cdb5643e8087ecd34eeac install : $(TARGET) @@ -70,7 +70,10 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib --disable-static + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib \ + --disable-static cd $(DIR_APP) && make cd $(DIR_APP) && make install chmod -v 755 /usr/lib/libacl.so From b9fb3495a83845908ac78f467bc1103758bb28f4 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:27:30 +0000 Subject: [PATCH 071/140] core184: Ship acl Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/acl | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/acl diff --git a/config/rootfiles/core/184/filelists/acl b/config/rootfiles/core/184/filelists/acl new file mode 120000 index 000000000..d819f9c48 --- /dev/null +++ b/config/rootfiles/core/184/filelists/acl @@ -0,0 +1 @@ +../../../common/acl \ No newline at end of file From 85db98e91926dbd9a81c059183c06ad34381d046 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 30 Jan 2024 23:13:40 +0100 Subject: [PATCH 072/140] bash: Update to include patches 22 to 26 - Update from version 5.2 with patches 1 to 21 to 5.2 with patches 1 to 26 - Update of rootfile not required - Changelog Patch 26 The custom color prefix that readline uses to color possible completions must have a leading `.'. Patch 25 Make sure a subshell checks for and handles any terminating signals before exiting (which might have arrived after the command completed) so the parent and any EXIT trap will see the correct value for $?. Patch 24 Fix bug where associative array compound assignment would not expand tildes in values. Patch 23 Running `local -' multiple times in a shell function would overwrite the original saved set of options. Patch 22 It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/bash | 4 +- src/patches/bash/bash52-022 | 53 ++++++++++++++++++++++ src/patches/bash/bash52-023 | 64 +++++++++++++++++++++++++++ src/patches/bash/bash52-024 | 88 +++++++++++++++++++++++++++++++++++++ src/patches/bash/bash52-025 | 46 +++++++++++++++++++ src/patches/bash/bash52-026 | 48 ++++++++++++++++++++ 6 files changed, 301 insertions(+), 2 deletions(-) create mode 100644 src/patches/bash/bash52-022 create mode 100644 src/patches/bash/bash52-023 create mode 100644 src/patches/bash/bash52-024 create mode 100644 src/patches/bash/bash52-025 create mode 100644 src/patches/bash/bash52-026 diff --git a/lfs/bash b/lfs/bash index 80d4f244b..c66f6a8e1 100644 --- a/lfs/bash +++ b/lfs/bash @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -91,7 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash/bash-4.0-profile-1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash/bash-3.2-ssh_source_bash.patch - for i in $$(seq 1 21); do \ + for i in $$(seq 1 26); do \ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash52-$$(printf "%03d" "$${i}") || exit 1; \ done diff --git a/src/patches/bash/bash52-022 b/src/patches/bash/bash52-022 new file mode 100644 index 000000000..557d38706 --- /dev/null +++ b/src/patches/bash/bash52-022 @@ -0,0 +1,53 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-022 + +Bug-Reported-by: srobertson@peratonlabs.com +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-09/msg00049.html + +Bug-Description: + +It's possible for readline to try to zero out a line that's not null- +terminated, leading to a memory fault. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/lib/readline/display.c 2022-04-05 10:47:31.000000000 -0400 +--- lib/readline/display.c 2022-12-13 13:11:22.000000000 -0500 +*************** +*** 2684,2692 **** + + if (visible_line) +! { +! temp = visible_line; +! while (*temp) +! *temp++ = '\0'; +! } + rl_on_new_line (); + forced_display++; +--- 2735,2740 ---- + + if (visible_line) +! memset (visible_line, 0, line_size); +! + rl_on_new_line (); + forced_display++; + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 21 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 22 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-023 b/src/patches/bash/bash52-023 new file mode 100644 index 000000000..07ba4ae43 --- /dev/null +++ b/src/patches/bash/bash52-023 @@ -0,0 +1,64 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-023 + +Bug-Reported-by: Emanuele Torre +Bug-Reference-ID: <20230206140824.1710288-1-torreemanuele6@gmail.com> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00045.html + +Bug-Description: + +Running `local -' multiple times in a shell function would overwrite the +original saved set of options. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/builtins/declare.def 2023-01-04 20:40:28.000000000 -0500 +--- builtins/declare.def 2023-02-08 15:36:49.000000000 -0500 +*************** +*** 421,429 **** + if (local_var && variable_context && STREQ (name, "-")) + { + var = make_local_variable ("-", 0); +! FREE (value_cell (var)); /* just in case */ +! value = get_current_options (); +! var_setvalue (var, value); +! VSETATTR (var, att_invisible); + NEXT_VARIABLE (); + } +--- 421,437 ---- + if (local_var && variable_context && STREQ (name, "-")) + { ++ int o; ++ ++ o = localvar_inherit; ++ localvar_inherit = 0; + var = make_local_variable ("-", 0); +! localvar_inherit = o; +! +! if (value_cell (var) == NULL) /* no duplicate instances */ +! { +! value = get_current_options (); +! var_setvalue (var, value); +! VSETATTR (var, att_invisible); +! } + NEXT_VARIABLE (); + } + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 22 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 23 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-024 b/src/patches/bash/bash52-024 new file mode 100644 index 000000000..8cc49e878 --- /dev/null +++ b/src/patches/bash/bash52-024 @@ -0,0 +1,88 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-024 + +Bug-Reported-by: Marco +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2023-02/msg00044.html + +Bug-Description: + +Fix bug where associative array compound assignment would not expand tildes +in values. + +Patch (apply with `patch -p0'): + +*** ../bash-20230105/arrayfunc.c Thu Jan 5 14:23:28 2023 +--- arrayfunc.c Wed Feb 8 16:27:48 2023 +*************** +*** 651,655 **** + } + +! aval = expand_subscript_string (v, 0); + if (aval == 0) + { +--- 651,655 ---- + } + +! aval = expand_assignment_string_to_string (v, 0); + if (aval == 0) + { +*************** +*** 843,847 **** + if (assoc_p (var)) + { +! val = expand_subscript_string (val, 0); + if (val == 0) + { +--- 843,847 ---- + if (assoc_p (var)) + { +! val = expand_assignment_string_to_string (val, 0); + if (val == 0) + { +*************** +*** 1031,1035 **** + nword[i++] = w[ind++]; + +! t = expand_subscript_string (w+ind, 0); + s = (t && strchr (t, CTLESC)) ? quote_escapes (t) : t; + value = sh_single_quote (s ? s : ""); +--- 1031,1035 ---- + nword[i++] = w[ind++]; + +! t = expand_assignment_string_to_string (w+ind, 0); + s = (t && strchr (t, CTLESC)) ? quote_escapes (t) : t; + value = sh_single_quote (s ? s : ""); +*** ../bash-20230201/subst.c Mon Jan 30 16:19:46 2023 +--- subst.c Mon Feb 6 16:25:22 2023 +*************** +*** 10803,10807 **** +--- 10803,10811 ---- + ret = (char *)NULL; + ++ #if 0 + td.flags = W_NOPROCSUB|W_NOTILDE|W_NOSPLIT2; /* XXX - W_NOCOMSUB? */ ++ #else ++ td.flags = W_NOPROCSUB|W_NOSPLIT2; /* XXX - W_NOCOMSUB? */ ++ #endif + td.word = savestring (string); /* in case it's freed on error */ + + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 23 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 24 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-025 b/src/patches/bash/bash52-025 new file mode 100644 index 000000000..4e293f9d3 --- /dev/null +++ b/src/patches/bash/bash52-025 @@ -0,0 +1,46 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-025 + +Bug-Reported-by: Andrew Neff +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00100.html + +Bug-Description: + +Make sure a subshell checks for and handles any terminating signals before +exiting (which might have arrived after the command completed) so the parent +and any EXIT trap will see the correct value for $?. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2.9/execute_cmd.c 2022-11-02 10:36:54.000000000 -0400 +--- execute_cmd.c 2022-10-27 16:52:55.000000000 -0400 +*************** +*** 1726,1729 **** +--- 1726,1732 ---- + : EXECUTION_SUCCESS; + ++ /* Check for terminating signals before we return to our caller, which we ++ expect to exit immediately anyway. */ ++ CHECK_TERMSIG; + + /* If we were explicitly placed in a subshell with (), we need + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 24 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 25 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-026 b/src/patches/bash/bash52-026 new file mode 100644 index 000000000..bd0f5d0d2 --- /dev/null +++ b/src/patches/bash/bash52-026 @@ -0,0 +1,48 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-026 + +Bug-Reported-by: Stefan Klinger +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2023-08/msg00018.html + +Bug-Description: + +The custom color prefix that readline uses to color possible completions +must have a leading `.'. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/lib/readline/colors.c 2021-12-08 11:38:25.000000000 -0500 +--- lib/readline/colors.c 2023-08-28 16:40:04.000000000 -0400 +*************** +*** 74,78 **** + static void restore_default_color (void); + +! #define RL_COLOR_PREFIX_EXTENSION "readline-colored-completion-prefix" + + COLOR_EXT_TYPE *_rl_color_ext_list = 0; +--- 74,78 ---- + static void restore_default_color (void); + +! #define RL_COLOR_PREFIX_EXTENSION ".readline-colored-completion-prefix" + + COLOR_EXT_TYPE *_rl_color_ext_list = 0; + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 25 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 26 + + #endif /* _PATCHLEVEL_H_ */ From 4acdd39e3551daf4bc223778ca6230df6dca7e76 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:27:55 +0000 Subject: [PATCH 073/140] core184: Ship bash Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/bash | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/bash diff --git a/config/rootfiles/core/184/filelists/bash b/config/rootfiles/core/184/filelists/bash new file mode 120000 index 000000000..de970cb1d --- /dev/null +++ b/config/rootfiles/core/184/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file From 8066b4773b294fb6344377986a0d76fc4d413768 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 30 Jan 2024 23:13:42 +0100 Subject: [PATCH 074/140] libpng: Update to version 1.6.41 - Update from 1.6.39 to 1.6.41 - Update of rootfile - Changelog 1.6.41 Added SIMD-optimized code for the Loongarch LSX hardware. (Contributed by GuXiWei, JinBo and ZhangLixia) Fixed the run-time discovery of MIPS MSA hardware. (Contributed by Sui Jingfeng) Fixed an off-by-one error in the function `png_do_check_palette_indexes`, which failed to recognize errors that might have existed in the first column of a broken palette-encoded image. This was a benign regression accidentally introduced in libpng-1.6.33. No pixel was harmed. (Contributed by Adam Richter; reviewed by John Bowler) Fixed, improved and modernized the contrib/pngminus programs, i.e., png2pnm.c and pnm2png.c Removed old and peculiar portability hacks that were meant to silence warnings issued by gcc version 7.1 alone. (Contributed by John Bowler) Fixed and modernized the CMake file, and raised the minimum required CMake version from 3.1 to 3.6. (Contributed by Clinton Ingram, Timothy Lyanguzov, Tyler Kropp, et al.) Allowed the configure script to disable the building of auxiliary tools and tests, thus catching up with the CMake file. (Contributed by Carlo Bramini) Fixed a build issue on Mac. (Contributed by Zixu Wang) Moved the Autoconf macro files to scripts/autoconf. Moved the CMake files (except for the main CMakeLists.txt) to scripts/cmake and moved the list of their contributing authors to scripts/cmake/AUTHORS.md Updated the CI configurations and scripts. Relicensed the CI scripts to the MIT License. Improved the test coverage. (Contributed by John Bowler) 1.6.40 Fixed the eXIf chunk multiplicity checks. Fixed a memory leak in pCAL processing. Corrected the validity report about tRNS inside png_get_valid(). Fixed various build issues on *BSD, Mac and Windows. Updated the configurations and the scripts for continuous integration. Cleaned up the code, the build scripts, and the documentation. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/libpng | 2 +- lfs/libpng | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng index 2b1f250d2..687aa535c 100644 --- a/config/rootfiles/common/libpng +++ b/config/rootfiles/common/libpng @@ -16,7 +16,7 @@ usr/lib/libpng.so #usr/lib/libpng16.la usr/lib/libpng16.so usr/lib/libpng16.so.16 -usr/lib/libpng16.so.16.39.0 +usr/lib/libpng16.so.16.41.0 #usr/lib/pkgconfig/libpng.pc #usr/lib/pkgconfig/libpng16.pc #usr/share/man/man3/libpng.3 diff --git a/lfs/libpng b/lfs/libpng index f9e0ba7f4..3a0704e59 100644 --- a/lfs/libpng +++ b/lfs/libpng @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.6.39 +VER = 1.6.41 THISAPP = libpng-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = f0a2e643e921587334349f48758e61e69b4708ebc36575567767087878d262d134eeeb98fea7f0b6ff1493ea954910ca1608b10fea57196aad770eb807a9006e +$(DL_FILE)_BLAKE2 = 43d8d1c563d9df46b663f706dca9563e31e6e47a2809a77a5d059de8cfa348721054df724d08ac24ef4717ffc101989941127df2d026c9537532375d9b432b68 install : $(TARGET) From b26696ebdf66b740ba4d90020eb91390821e05c2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:28:48 +0000 Subject: [PATCH 075/140] core184: Ship libpng Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/libpng | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/libpng diff --git a/config/rootfiles/core/184/filelists/libpng b/config/rootfiles/core/184/filelists/libpng new file mode 120000 index 000000000..8ef96e2c1 --- /dev/null +++ b/config/rootfiles/core/184/filelists/libpng @@ -0,0 +1 @@ +../../../common/libpng \ No newline at end of file From aff5c2756723f0a29f806a1b94cc68c8aaa0d35b Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 30 Jan 2024 23:13:44 +0100 Subject: [PATCH 076/140] xz: Update to version 5.4.6 - Update from version 5.4.5 to 5.4.6 - Update of rootfile - Changelog 5.4.6 * Fixed a bug involving internal function pointers in liblzma not being initialized to NULL. The bug can only be triggered if lzma_filters_update() is called on a LZMA1 encoder, so it does not affect xz or any application known to us that uses liblzma. * xz: - Fixed a regression introduced in 5.4.2 that caused encoding in the raw format to unnecessarily fail if --suffix was not used. For instance, the following command no longer reports that --suffix must be used: echo foo | xz --format=raw --lzma2 | wc -c - Fixed an issue on MinGW-w64 builds that prevented reading from or writing to non-terminal character devices like NUL. * Added a new test. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/xz | 2 +- lfs/xz | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index f3818a083..c38db650a 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.4.5 +usr/lib/liblzma.so.5.4.6 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS diff --git a/lfs/xz b/lfs/xz index 4be66e1b1..e0b905a22 100644 --- a/lfs/xz +++ b/lfs/xz @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.4.5 +VER = 5.4.6 THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e +$(DL_FILE)_BLAKE2 = d609590f1e9f13404988050e1bfdc623b996794b603cf2e39d2fd592be1967c97d8beaba9196eae4a0d448a432b1d7499986b7f669e736b65ec67590a04af9f7 install : $(TARGET) From 45d5af80a276559c11099e307acce0028cce3820 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:29:31 +0000 Subject: [PATCH 077/140] core184: Ship xz Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/xz | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/xz diff --git a/config/rootfiles/core/184/filelists/xz b/config/rootfiles/core/184/filelists/xz new file mode 120000 index 000000000..734e926c7 --- /dev/null +++ b/config/rootfiles/core/184/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file From 91ddb27aa19a4c24a281b81943ecf206c101f747 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 30 Jan 2024 23:13:45 +0100 Subject: [PATCH 078/140] zlib: Update to version 1.3.1 - Update from version 1.3 to 1.3.1 - Update of rootfile - Changelog 1.3.1 - Reject overflows of zip header fields in minizip - Fix bug in inflateSync() for data held in bit buffer - Add LIT_MEM define to use more memory for a small deflate speedup - Fix decision on the emission of Zip64 end records in minizip - Add bounds checking to ERR_MSG() macro, used by zError() - Neutralize zip file traversal attacks in miniunz - Fix a bug in ZLIB_DEBUG compiles in check_match() - Various portability and appearance improvements Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/zlib | 2 +- lfs/zlib | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/zlib b/config/rootfiles/common/zlib index 596b14641..ae2bd9e85 100644 --- a/config/rootfiles/common/zlib +++ b/config/rootfiles/common/zlib @@ -1,6 +1,6 @@ lib/libz.so lib/libz.so.1 -lib/libz.so.1.3 +lib/libz.so.1.3.1 #usr/include/zconf.h #usr/include/zlib.h #usr/lib/libz.a diff --git a/lfs/zlib b/lfs/zlib index 914e1d855..d7c723914 100644 --- a/lfs/zlib +++ b/lfs/zlib @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.3 +VER = 1.3.1 THISAPP = zlib-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5fe0f32339267348a313f23a21e9588bdb180b7415be303c85f5f169444d019e5f176ef7322f6e64297c360acc2a6041c50e2f66d1860e5c392d8970990f176a +$(DL_FILE)_BLAKE2 = 42d109223801a493de6d52e7343403d7fc3234a6ca816425fe41ac9c18019b01b93841acd28a235e99f2256a6a17f93624e96b2ddb58d588c8190a6bedb82910 install : $(TARGET) From c1d60341d5f3f5813890035625458f8bf0c006a5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:30:01 +0000 Subject: [PATCH 079/140] core184: Ship zlib Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/zlib | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/zlib diff --git a/config/rootfiles/core/184/filelists/zlib b/config/rootfiles/core/184/filelists/zlib new file mode 120000 index 000000000..e34566322 --- /dev/null +++ b/config/rootfiles/core/184/filelists/zlib @@ -0,0 +1 @@ +../../../common/zlib \ No newline at end of file From 500b6311b439dd480ca2fb715a6f1a05b33fcad5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 18:01:52 +0000 Subject: [PATCH 080/140] collectd: Do not sync Calling a global sync operation manually is generally a bad idea as it can block for forever. If people have storage that does not retain anything that is being written to it, they need to fix their hardware. Signed-off-by: Michael Tremer --- src/initscripts/system/collectd | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/initscripts/system/collectd b/src/initscripts/system/collectd index bb8a2f54f..56b799d56 100644 --- a/src/initscripts/system/collectd +++ b/src/initscripts/system/collectd @@ -146,9 +146,6 @@ case "$1" in sed -i -e "s|^#LoadPlugin swap|LoadPlugin swap|g" /etc/collectd.conf fi - # sync after config update... - sync - if [ $(date +%Y) -gt 2011 ]; then boot_mesg "Starting Collection daemon..." /usr/sbin/collectd -C /etc/collectd.conf From eadffeb43f47e8c1561e62f5d4a6bae0fef3ada6 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 10:30:47 +0000 Subject: [PATCH 081/140] core184: Ship updated collectd init script Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/core/184/filelists/files index e69de29bb..4f1c7ed98 100644 --- a/config/rootfiles/core/184/filelists/files +++ b/config/rootfiles/core/184/filelists/files @@ -0,0 +1 @@ +etc/rc.d/init.d/collectd From a61a21ef7573726bb5d9d115f24e576a44c1d8be Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 11:09:41 +0000 Subject: [PATCH 082/140] glibc: Import latest patches from upstream These include (amongst others) fixes for: GLIBC-SA-2024-0001: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246) __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. GLIBC-SA-2024-0002: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779) __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. GLIBC-SA-2024-0003: =================== syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. Signed-off-by: Michael Tremer --- lfs/glibc | 17 + ...st-realpath-compatibility-with-sourc.patch | 2 +- ...cache-computation-on-AMD-legacy-cpus.patch | 2 +- ...Do-not-rebuild-getaddrinfo-bug-30709.patch | 2 +- ...t-scope-of-setting-shared_per_thread.patch | 2 +- ...uild-with-disable-multiarch-BZ-30721.patch | 2 +- ...686-Fix-build-with-disable-multiarch.patch | 2 +- ...rging-of-remainders-in-memalign-bug-.patch | 2 +- ...bin-scanning-from-memalign-bug-30723.patch | 2 +- ...sdeps-tst-bz21269-fix-test-parameter.patch | 2 +- ...269-handle-ENOSYS-skip-appropriately.patch | 2 +- ...sysdeps-tst-bz21269-fix-Wreturn-type.patch | 2 +- ...cking-contants-for-powerpc64-with-__.patch | 2 +- ...013-libio-Fix-oversized-__io_vtables.patch | 2 +- ...t-run-constructors-for-proxy-objects.patch | 2 +- ...destructors-in-reverse-constructor-o.patch | 2 +- ...d-l_text_end-field-from-struct-link_.patch | 2 +- ...called_next-to-old-place-of-l_text_e.patch | 2 +- .../0018-NEWS-Add-the-2.38.1-bug-list.patch | 2 +- ...ack-read-overflow-with-large-TCP-res.patch | 2 +- ...use-after-free-in-getcanonname-CVE-2.patch | 2 +- ...rbosity-with-unrecognized-encoding-n.patch | 2 +- ...r-build-with-fortify-enable-with-gcc.patch | 2 +- ...i-Add-missing-item-EPERM-for-getpgid.patch | 2 +- ...ddrinfo-introduced-by-the-fix-for-CV.patch | 2 +- ...-2023-4806-and-CVE-2023-5156-in-NEWS.patch | 2 +- ...te-GLIBC_TUNABLES-in-setxid-binaries.patch | 2 +- ...te-if-end-of-input-is-reached-CVE-20.patch | 2 +- ...e-unused-l_text_end-field-from-struc.patch | 135 ++++ ...s-call-destructors-in-reverse-constr.patch | 593 ++++++++++++++++++ ...l_init_called_next-to-old-place-of-l.patch | 42 ++ ...-Clear-O_CREAT-when-semaphore-file-i.patch | 105 ++++ ...-wrong-break-removal-from-8ee878592c.patch | 26 + ...-Delete-excessively-allocated-memory.patch | 109 ++++ ...d-reuse-generation-assignment-BZ-290.patch | 54 ++ ...d-TLS-modid-reuse-test-for-bug-29039.patch | 208 ++++++ ...-the-dtv-field-load-for-x32-BZ-31184.patch | 68 ++ ...-the-tcb-field-load-for-x32-BZ-31185.patch | 69 ++ ...ug-fixes-for-29039-30694-30709-30721.patch | 27 + ...WS-Mention-bug-fixes-for-30745-30843.patch | 30 + ...slate-ENOMEM-to-EAI_MEMORY-bug-31163.patch | 36 ++ ...ining-buffer-size-in-_IO_wdo_write-b.patch | 48 ++ ...buffer-overflow-in-__vsyslog_interna.patch | 181 ++++++ ...buffer-overflow-in-__vsyslog_interna.patch | 106 ++++ ...er-overflow-in-__vsyslog_internal-CV.patch | 41 ++ 45 files changed, 1922 insertions(+), 27 deletions(-) create mode 100644 src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch create mode 100644 src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch create mode 100644 src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch create mode 100644 src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch create mode 100644 src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch create mode 100644 src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch create mode 100644 src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch create mode 100644 src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch create mode 100644 src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch create mode 100644 src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch create mode 100644 src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch create mode 100644 src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch create mode 100644 src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch create mode 100644 src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch create mode 100644 src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch create mode 100644 src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch create mode 100644 src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch diff --git a/lfs/glibc b/lfs/glibc index cf124bcfc..5c62aaa44 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -142,6 +142,23 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch diff --git a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch b/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch index 1cef3537c..b78a5a884 100644 --- a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch +++ b/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch @@ -1,7 +1,7 @@ From d97cca1e5df812be0e4de1e38091f02bb1e7ec4e Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 1 Aug 2023 10:27:15 +0200 -Subject: [PATCH 01/27] stdlib: Improve tst-realpath compatibility with source +Subject: [PATCH 01/44] stdlib: Improve tst-realpath compatibility with source fortification On GCC before 11, IPA can make the fortified realpath aware that the diff --git a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch b/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch index e5cc7467b..3b5917d25 100644 --- a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch +++ b/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch @@ -1,7 +1,7 @@ From ced101ed9d3b7cfd12d97ef24940cb00b8658c81 Mon Sep 17 00:00:00 2001 From: Sajan Karumanchi Date: Tue, 1 Aug 2023 15:20:55 +0000 -Subject: [PATCH 02/27] x86: Fix for cache computation on AMD legacy cpus. +Subject: [PATCH 02/44] x86: Fix for cache computation on AMD legacy cpus. Some legacy AMD CPUs and hypervisors have the _cpuid_ '0x8000_001D' set to Zero, thus resulting in zeroed-out computed cache values. diff --git a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch b/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch index 6963cd713..22a2cbdef 100644 --- a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch +++ b/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch @@ -1,7 +1,7 @@ From 6b99458d197ab779ebb6ff632c168e2cbfa4f543 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 11 Aug 2023 10:10:16 +0200 -Subject: [PATCH 03/27] nscd: Do not rebuild getaddrinfo (bug 30709) +Subject: [PATCH 03/44] nscd: Do not rebuild getaddrinfo (bug 30709) The nscd daemon caches hosts data from NSS modules verbatim, without filtering protocol families or sorting them (otherwise separate caches diff --git a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch b/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch index a359273c4..e124662cb 100644 --- a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch +++ b/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch @@ -1,7 +1,7 @@ From 5ea70cc02626d9b85f1570153873d8648a47bf95 Mon Sep 17 00:00:00 2001 From: Noah Goldstein Date: Thu, 10 Aug 2023 19:28:24 -0500 -Subject: [PATCH 04/27] x86: Fix incorrect scope of setting `shared_per_thread` +Subject: [PATCH 04/44] x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745] The: diff --git a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch b/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch index e506318f7..3ee8410eb 100644 --- a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch +++ b/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch @@ -1,7 +1,7 @@ From 6135d50e44233d8c89ca788f78c669941ad09fb9 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Tue, 8 Aug 2023 09:27:54 -0300 -Subject: [PATCH 05/27] x86_64: Fix build with --disable-multiarch (BZ 30721) +Subject: [PATCH 05/44] x86_64: Fix build with --disable-multiarch (BZ 30721) With multiarch disabled, the default memmove implementation provides the fortify routines for memcpy, mempcpy, and memmove. However, it diff --git a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch b/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch index 13176acac..925a31935 100644 --- a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch +++ b/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch @@ -1,7 +1,7 @@ From 7ac405a74c6069b0627dc2d8449a82a621f8ff06 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Tue, 8 Aug 2023 09:27:55 -0300 -Subject: [PATCH 06/27] i686: Fix build with --disable-multiarch +Subject: [PATCH 06/44] i686: Fix build with --disable-multiarch Since i686 provides the fortified wrappers for memcpy, mempcpy, memmove, and memset on the same string implementation, the static diff --git a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch b/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch index 22f2e8347..fa4a3704a 100644 --- a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch +++ b/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch @@ -1,7 +1,7 @@ From 98c293c61f770b6b7a22f89a6ea81b711ecb1952 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 11 Aug 2023 11:18:17 +0200 -Subject: [PATCH 07/27] malloc: Enable merging of remainders in memalign (bug +Subject: [PATCH 07/44] malloc: Enable merging of remainders in memalign (bug 30723) Previously, calling _int_free from _int_memalign could put remainders diff --git a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch b/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch index 997082e58..f2b9acb49 100644 --- a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch +++ b/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch @@ -1,7 +1,7 @@ From 2af141bda3cd407abd4bedf615f9e45fe79518e2 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Thu, 10 Aug 2023 19:36:56 +0200 -Subject: [PATCH 08/27] malloc: Remove bin scanning from memalign (bug 30723) +Subject: [PATCH 08/44] malloc: Remove bin scanning from memalign (bug 30723) On the test workload (mpv --cache=yes with VP9 video decoding), the bin scanning has a very poor success rate (less than 2%). The tcache diff --git a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch b/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch index 1b04df271..20b92763f 100644 --- a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch +++ b/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch @@ -1,7 +1,7 @@ From c8ecda6251dd4a0dfe074e0a6011211cadeef742 Mon Sep 17 00:00:00 2001 From: Sam James Date: Fri, 4 Aug 2023 23:58:27 +0100 -Subject: [PATCH 09/27] sysdeps: tst-bz21269: fix test parameter +Subject: [PATCH 09/44] sysdeps: tst-bz21269: fix test parameter All callers pass 1 or 0x11 anyway (same meaning according to man page), but still. diff --git a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch b/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch index fbc0b4065..18fd8450f 100644 --- a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch +++ b/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch @@ -1,7 +1,7 @@ From ad9b8399537670a990572c4b0c4da5411e3b68cf Mon Sep 17 00:00:00 2001 From: Sam James Date: Sat, 5 Aug 2023 00:04:33 +0100 -Subject: [PATCH 10/27] sysdeps: tst-bz21269: handle ENOSYS & skip +Subject: [PATCH 10/44] sysdeps: tst-bz21269: handle ENOSYS & skip appropriately SYS_modify_ldt requires CONFIG_MODIFY_LDT_SYSCALL to be set in the kernel, which diff --git a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch b/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch index 51b79c19d..a9681b8f2 100644 --- a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch +++ b/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch @@ -1,7 +1,7 @@ From 1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1 Mon Sep 17 00:00:00 2001 From: Sam James Date: Thu, 17 Aug 2023 09:30:29 +0100 -Subject: [PATCH 11/27] sysdeps: tst-bz21269: fix -Wreturn-type +Subject: [PATCH 11/44] sysdeps: tst-bz21269: fix -Wreturn-type Thanks to Andreas Schwab for reporting. diff --git a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch b/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch index 5adfd3b24..4752c800a 100644 --- a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch +++ b/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch @@ -1,7 +1,7 @@ From 5bdef6f27c91f45505ed5444147be4ed0e9bc3c7 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Mon, 28 Aug 2023 23:30:37 +0200 -Subject: [PATCH 12/27] io: Fix record locking contants for powerpc64 with +Subject: [PATCH 12/44] io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 Commit 5f828ff824e3b7cd1 ("io: Fix F_GETLK, F_SETLK, and F_SETLKW for diff --git a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch b/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch index ef95483cd..5e5520e3d 100644 --- a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch +++ b/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch @@ -1,7 +1,7 @@ From 92201f16cbcfd9eafe314ef6654be2ea7ba25675 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Fri, 8 Sep 2023 15:55:19 -0400 -Subject: [PATCH 13/27] libio: Fix oversized __io_vtables +Subject: [PATCH 13/44] libio: Fix oversized __io_vtables IO_VTABLES_LEN is the size of the struct array in bytes, not the number of __IO_jump_t's in the array. Drops just under 384kb from .rodata on diff --git a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch b/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch index 70e18b6ed..4a15147da 100644 --- a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch +++ b/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch @@ -1,7 +1,7 @@ From 7ae211a01b085d0bde54bd13b887ce8f9d57c2b4 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 22 Aug 2023 13:56:25 +0200 -Subject: [PATCH 14/27] elf: Do not run constructors for proxy objects +Subject: [PATCH 14/44] elf: Do not run constructors for proxy objects Otherwise, the ld.so constructor runs for each audit namespace and each dlmopen namespace. diff --git a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch b/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch index dd7b4e996..bfc994bc8 100644 --- a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch +++ b/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch @@ -1,7 +1,7 @@ From a3189f66a5f2fe86568286fa025fa153be04c6c0 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 8 Sep 2023 12:32:14 +0200 -Subject: [PATCH 15/27] elf: Always call destructors in reverse constructor +Subject: [PATCH 15/44] elf: Always call destructors in reverse constructor order (bug 30785) The current implementation of dlclose (and process exit) re-sorts the diff --git a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch b/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch index c674f8b4a..6115c1f0e 100644 --- a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch +++ b/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch @@ -1,7 +1,7 @@ From 750f19526ae71aac801c77a3f7ef5374890c09b7 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 8 Sep 2023 13:02:06 +0200 -Subject: [PATCH 16/27] elf: Remove unused l_text_end field from struct +Subject: [PATCH 16/44] elf: Remove unused l_text_end field from struct link_map It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2 diff --git a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch b/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch index 680fde982..924bead3e 100644 --- a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch +++ b/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch @@ -1,7 +1,7 @@ From d3ba6c1333b10680ce5900a628108507d9d4b844 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 11 Sep 2023 09:17:52 +0200 -Subject: [PATCH 17/27] elf: Move l_init_called_next to old place of l_text_end +Subject: [PATCH 17/44] elf: Move l_init_called_next to old place of l_text_end in link map This preserves all member offsets and the GLIBC_PRIVATE ABI diff --git a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch b/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch index 1b5651f40..655b87503 100644 --- a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch +++ b/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch @@ -1,7 +1,7 @@ From 89da8bc588c2296252543b049bf6d9272321f90d Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 11 Sep 2023 10:06:15 +0200 -Subject: [PATCH 18/27] NEWS: Add the 2.38.1 bug list +Subject: [PATCH 18/44] NEWS: Add the 2.38.1 bug list --- NEWS | 6 +++--- diff --git a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch b/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch index a32ddb861..aa2117393 100644 --- a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch +++ b/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch @@ -1,7 +1,7 @@ From b25508dd774b617f99419bdc3cf2ace4560cd2d6 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 13 Sep 2023 14:10:56 +0200 -Subject: [PATCH 19/27] CVE-2023-4527: Stack read overflow with large TCP +Subject: [PATCH 19/44] CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode Without passing alt_dns_packet_buffer, __res_context_search can only diff --git a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch b/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch index 0ace4855e..708e61725 100644 --- a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch +++ b/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch @@ -1,7 +1,7 @@ From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Fri, 15 Sep 2023 13:51:12 -0400 -Subject: [PATCH 20/27] getaddrinfo: Fix use after free in getcanonname +Subject: [PATCH 20/44] getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) When an NSS plugin only implements the _gethostbyname2_r and diff --git a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch b/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch index 662604f39..fb86f0f19 100644 --- a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch +++ b/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch @@ -1,7 +1,7 @@ From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 1 Aug 2023 17:01:37 +0200 -Subject: [PATCH 21/27] iconv: restore verbosity with unrecognized encoding +Subject: [PATCH 21/44] iconv: restore verbosity with unrecognized encoding names (bug 30694) Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the diff --git a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch b/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch index d357c998d..38aec8638 100644 --- a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch +++ b/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch @@ -1,7 +1,7 @@ From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001 From: Mahesh Bodapati Date: Fri, 11 Aug 2023 10:38:25 -0500 -Subject: [PATCH 22/27] string: Fix tester build with fortify enable with gcc < +Subject: [PATCH 22/44] string: Fix tester build with fortify enable with gcc < 12 When building with fortify enabled, GCC < 12 issues a warning on the diff --git a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch b/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch index 444aaf6c1..a103b9588 100644 --- a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch +++ b/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch @@ -1,7 +1,7 @@ From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Thu, 24 Aug 2023 21:36:34 +0200 -Subject: [PATCH 23/27] manual/jobs.texi: Add missing @item EPERM for getpgid +Subject: [PATCH 23/44] manual/jobs.texi: Add missing @item EPERM for getpgid The missing @item makes it look like errno will be set to ESRCH if a cross-session getpgid is not permitted. diff --git a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch b/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch index dc41d35c1..90b01ebde 100644 --- a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch +++ b/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch @@ -1,7 +1,7 @@ From 5ee59ca371b99984232d7584fe2b1a758b4421d3 Mon Sep 17 00:00:00 2001 From: Romain Geissler Date: Mon, 25 Sep 2023 01:21:51 +0100 -Subject: [PATCH 24/27] Fix leak in getaddrinfo introduced by the fix for +Subject: [PATCH 24/44] Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. diff --git a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch b/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch index 82d061e58..f2145fd8b 100644 --- a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch +++ b/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch @@ -1,7 +1,7 @@ From f6445dc94da185b3d1ee283f0ca0a34c4e1986cc Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 26 Sep 2023 07:38:07 -0400 -Subject: [PATCH 25/27] Document CVE-2023-4806 and CVE-2023-5156 in NEWS +Subject: [PATCH 25/44] Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. diff --git a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch b/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch index d67de051d..18bd1e2f1 100644 --- a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch +++ b/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch @@ -1,7 +1,7 @@ From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 19 Sep 2023 13:25:40 -0400 -Subject: [PATCH 26/27] Propagate GLIBC_TUNABLES in setxid binaries +Subject: [PATCH 26/44] Propagate GLIBC_TUNABLES in setxid binaries GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some tunables are required to propagate past setxid boundary, like their diff --git a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch b/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch index 735153a77..8f20f6c18 100644 --- a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch +++ b/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch @@ -1,7 +1,7 @@ From 750a45a783906a19591fb8ff6b7841470f1f5701 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 19 Sep 2023 18:39:32 -0400 -Subject: [PATCH 27/27] tunables: Terminate if end of input is reached +Subject: [PATCH 27/44] tunables: Terminate if end of input is reached (CVE-2023-4911) The string parsing routine may end up writing beyond bounds of tunestr diff --git a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch b/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch new file mode 100644 index 000000000..0ebfb5f06 --- /dev/null +++ b/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch @@ -0,0 +1,135 @@ +From e0b6c9706c91a642c781918eea52588ee8dc9f09 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 18 Oct 2023 14:22:59 +0200 +Subject: [PATCH 28/44] Revert "elf: Remove unused l_text_end field from struct + link_map" + +This reverts commit 750f19526ae71aac801c77a3f7ef5374890c09b7. + +Reason for revert: Restore ABI after revert of commit a3189f66a5f. +--- + elf/dl-load.c | 2 +- + elf/dl-load.h | 7 +++++-- + elf/rtld.c | 6 ++++++ + elf/setup-vdso.h | 4 ++++ + include/link.h | 2 ++ + 5 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/elf/dl-load.c b/elf/dl-load.c +index 2923b1141d..9a87fda9c9 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, + + /* Now process the load commands and map segments into memory. + This is responsible for filling in: +- l_map_start, l_map_end, l_addr, l_contiguous, l_phdr ++ l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr + */ + errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, + maplength, has_holes, loader); +diff --git a/elf/dl-load.h b/elf/dl-load.h +index 1d5207694b..ecf6910c68 100644 +--- a/elf/dl-load.h ++++ b/elf/dl-load.h +@@ -83,11 +83,14 @@ struct loadcmd + + /* This is a subroutine of _dl_map_segments. It should be called for each + load command, some time after L->l_addr has been set correctly. It is +- responsible for setting the l_phdr fields */ ++ responsible for setting up the l_text_end and l_phdr fields. */ + static __always_inline void + _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, + const struct loadcmd *c) + { ++ if (c->prot & PROT_EXEC) ++ l->l_text_end = l->l_addr + c->mapend; ++ + if (l->l_phdr == 0 + && c->mapoff <= header->e_phoff + && ((size_t) (c->mapend - c->mapstart + c->mapoff) +@@ -100,7 +103,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, + + /* This is a subroutine of _dl_map_object_from_fd. It is responsible + for filling in several fields in *L: l_map_start, l_map_end, l_addr, +- l_contiguous, l_phdr. On successful return, all the ++ l_contiguous, l_text_end, l_phdr. On successful return, all the + segments are mapped (or copied, or whatever) from the file into their + final places in the address space, with the correct page permissions, + and any bss-like regions already zeroed. It returns a null pointer +diff --git a/elf/rtld.c b/elf/rtld.c +index 5107d16fe3..a91e2a4471 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -477,6 +477,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) + GL(dl_rtld_map).l_real = &GL(dl_rtld_map); + GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; + GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; ++ GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext; + /* Copy the TLS related data if necessary. */ + #ifndef DONT_USE_BOOTSTRAP_MAP + # if NO_TLS_OFFSET != 0 +@@ -1118,6 +1119,7 @@ rtld_setup_main_map (struct link_map *main_map) + bool has_interp = false; + + main_map->l_map_end = 0; ++ main_map->l_text_end = 0; + /* Perhaps the executable has no PT_LOAD header entries at all. */ + main_map->l_map_start = ~0; + /* And it was opened directly. */ +@@ -1209,6 +1211,8 @@ rtld_setup_main_map (struct link_map *main_map) + allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz; + if (main_map->l_map_end < allocend) + main_map->l_map_end = allocend; ++ if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end) ++ main_map->l_text_end = allocend; + + /* The next expected address is the page following this load + segment. */ +@@ -1268,6 +1272,8 @@ rtld_setup_main_map (struct link_map *main_map) + = (char *) main_map->l_tls_initimage + main_map->l_addr; + if (! main_map->l_map_end) + main_map->l_map_end = ~0; ++ if (! main_map->l_text_end) ++ main_map->l_text_end = ~0; + if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name) + { + /* We were invoked directly, so the program might not have a +diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h +index d92b12a7aa..0079842d1f 100644 +--- a/elf/setup-vdso.h ++++ b/elf/setup-vdso.h +@@ -51,6 +51,9 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), + l->l_addr = ph->p_vaddr; + if (ph->p_vaddr + ph->p_memsz >= l->l_map_end) + l->l_map_end = ph->p_vaddr + ph->p_memsz; ++ if ((ph->p_flags & PF_X) ++ && ph->p_vaddr + ph->p_memsz >= l->l_text_end) ++ l->l_text_end = ph->p_vaddr + ph->p_memsz; + } + else + /* There must be no TLS segment. */ +@@ -59,6 +62,7 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), + l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso); + l->l_addr = l->l_map_start - l->l_addr; + l->l_map_end += l->l_addr; ++ l->l_text_end += l->l_addr; + l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr); + elf_get_dynamic_info (l, false, false); + _dl_setup_hash (l); +diff --git a/include/link.h b/include/link.h +index 686813f281..a02d5f2eba 100644 +--- a/include/link.h ++++ b/include/link.h +@@ -253,6 +253,8 @@ struct link_map + /* Start and finish of memory map for this object. l_map_start + need not be the same as l_addr. */ + ElfW(Addr) l_map_start, l_map_end; ++ /* End of the executable part of the mapping. */ ++ ElfW(Addr) l_text_end; + + /* Linked list of objects in reverse ELF constructor execution + order. Head of list is stored in _dl_init_called_list. */ +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch b/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch new file mode 100644 index 000000000..50e57e82e --- /dev/null +++ b/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch @@ -0,0 +1,593 @@ +From 719866ab2ff0e6d514a04fb47e507d92e70ef7ee Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 18 Oct 2023 14:25:46 +0200 +Subject: [PATCH 29/44] Revert "elf: Always call destructors in reverse + constructor order (bug 30785)" + +This reverts commit a3189f66a5f2fe86568286fa025fa153be04c6c0. + +Reason for revert: Incompatibility with existing applications. +--- + NEWS | 1 - + elf/dl-close.c | 113 ++++++++++----------------- + elf/dl-fini.c | 152 ++++++++++++++++++++++++------------- + elf/dl-init.c | 16 ---- + elf/dso-sort-tests-1.def | 19 +++-- + elf/tst-audit23.c | 44 +++++------ + sysdeps/generic/ldsodefs.h | 4 - + 7 files changed, 173 insertions(+), 176 deletions(-) + +diff --git a/NEWS b/NEWS +index bfcd46efa9..f117874e34 100644 +--- a/NEWS ++++ b/NEWS +@@ -32,7 +32,6 @@ Security related changes: + The following bugs are resolved with this release: + + [30723] posix_memalign repeatedly scans long bin lists +- [30785] Always call destructors in reverse constructor order + [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) +diff --git a/elf/dl-close.c b/elf/dl-close.c +index ea62d0e601..b887a44888 100644 +--- a/elf/dl-close.c ++++ b/elf/dl-close.c +@@ -138,31 +138,30 @@ _dl_close_worker (struct link_map *map, bool force) + + bool any_tls = false; + const unsigned int nloaded = ns->_ns_nloaded; ++ struct link_map *maps[nloaded]; + +- /* Run over the list and assign indexes to the link maps. */ ++ /* Run over the list and assign indexes to the link maps and enter ++ them into the MAPS array. */ + int idx = 0; + for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next) + { + l->l_map_used = 0; + l->l_map_done = 0; + l->l_idx = idx; ++ maps[idx] = l; + ++idx; + } + assert (idx == nloaded); + +- /* Keep marking link maps until no new link maps are found. */ +- for (struct link_map *l = ns->_ns_loaded; l != NULL; ) ++ /* Keep track of the lowest index link map we have covered already. */ ++ int done_index = -1; ++ while (++done_index < nloaded) + { +- /* next is reset to earlier link maps for remarking. */ +- struct link_map *next = l->l_next; +- int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */ ++ struct link_map *l = maps[done_index]; + + if (l->l_map_done) +- { +- /* Already handled. */ +- l = next; +- continue; +- } ++ /* Already handled. */ ++ continue; + + /* Check whether this object is still used. */ + if (l->l_type == lt_loaded +@@ -172,10 +171,7 @@ _dl_close_worker (struct link_map *map, bool force) + acquire is sufficient and correct. */ + && atomic_load_acquire (&l->l_tls_dtor_count) == 0 + && !l->l_map_used) +- { +- l = next; +- continue; +- } ++ continue; + + /* We need this object and we handle it now. */ + l->l_map_used = 1; +@@ -202,11 +198,8 @@ _dl_close_worker (struct link_map *map, bool force) + already processed it, then we need to go back + and process again from that point forward to + ensure we keep all of its dependencies also. */ +- if ((*lp)->l_idx < next_idx) +- { +- next = *lp; +- next_idx = next->l_idx; +- } ++ if ((*lp)->l_idx - 1 < done_index) ++ done_index = (*lp)->l_idx - 1; + } + } + +@@ -226,65 +219,44 @@ _dl_close_worker (struct link_map *map, bool force) + if (!jmap->l_map_used) + { + jmap->l_map_used = 1; +- if (jmap->l_idx < next_idx) +- { +- next = jmap; +- next_idx = next->l_idx; +- } ++ if (jmap->l_idx - 1 < done_index) ++ done_index = jmap->l_idx - 1; + } + } + } +- +- l = next; + } + +- /* Call the destructors in reverse constructor order, and remove the +- closed link maps from the list. */ +- for (struct link_map **init_called_head = &_dl_init_called_list; +- *init_called_head != NULL; ) ++ /* Sort the entries. We can skip looking for the binary itself which is ++ at the front of the search list for the main namespace. */ ++ _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true); ++ ++ /* Call all termination functions at once. */ ++ bool unload_any = false; ++ bool scope_mem_left = false; ++ unsigned int unload_global = 0; ++ unsigned int first_loaded = ~0; ++ for (unsigned int i = 0; i < nloaded; ++i) + { +- struct link_map *imap = *init_called_head; ++ struct link_map *imap = maps[i]; + +- /* _dl_init_called_list is global, to produce a global odering. +- Ignore the other namespaces (and link maps that are still used). */ +- if (imap->l_ns != nsid || imap->l_map_used) +- init_called_head = &imap->l_init_called_next; +- else ++ /* All elements must be in the same namespace. */ ++ assert (imap->l_ns == nsid); ++ ++ if (!imap->l_map_used) + { + assert (imap->l_type == lt_loaded && !imap->l_nodelete_active); + +- /* _dl_init_called_list is updated at the same time as +- l_init_called. */ +- assert (imap->l_init_called); +- +- if (imap->l_info[DT_FINI_ARRAY] != NULL +- || imap->l_info[DT_FINI] != NULL) ++ /* Call its termination function. Do not do it for ++ half-cooked objects. Temporarily disable exception ++ handling, so that errors are fatal. */ ++ if (imap->l_init_called) + _dl_catch_exception (NULL, _dl_call_fini, imap); + + #ifdef SHARED + /* Auditing checkpoint: we remove an object. */ + _dl_audit_objclose (imap); + #endif +- /* Unlink this link map. */ +- *init_called_head = imap->l_init_called_next; +- } +- } +- +- +- bool unload_any = false; +- bool scope_mem_left = false; +- unsigned int unload_global = 0; +- +- /* For skipping un-unloadable link maps in the second loop. */ +- struct link_map *first_loaded = ns->_ns_loaded; + +- /* Iterate over the namespace to find objects to unload. Some +- unloadable objects may not be on _dl_init_called_list due to +- dlopen failure. */ +- for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next) +- { +- if (!imap->l_map_used) +- { + /* This object must not be used anymore. */ + imap->l_removed = 1; + +@@ -295,8 +267,8 @@ _dl_close_worker (struct link_map *map, bool force) + ++unload_global; + + /* Remember where the first dynamically loaded object is. */ +- if (first_loaded == NULL) +- first_loaded = imap; ++ if (i < first_loaded) ++ first_loaded = i; + } + /* Else imap->l_map_used. */ + else if (imap->l_type == lt_loaded) +@@ -432,8 +404,8 @@ _dl_close_worker (struct link_map *map, bool force) + imap->l_loader = NULL; + + /* Remember where the first dynamically loaded object is. */ +- if (first_loaded == NULL) +- first_loaded = imap; ++ if (i < first_loaded) ++ first_loaded = i; + } + } + +@@ -504,11 +476,10 @@ _dl_close_worker (struct link_map *map, bool force) + + /* Check each element of the search list to see if all references to + it are gone. */ +- for (struct link_map *imap = first_loaded; imap != NULL; ) ++ for (unsigned int i = first_loaded; i < nloaded; ++i) + { +- if (imap->l_map_used) +- imap = imap->l_next; +- else ++ struct link_map *imap = maps[i]; ++ if (!imap->l_map_used) + { + assert (imap->l_type == lt_loaded); + +@@ -719,9 +690,7 @@ _dl_close_worker (struct link_map *map, bool force) + if (imap == GL(dl_initfirst)) + GL(dl_initfirst) = NULL; + +- struct link_map *next = imap->l_next; + free (imap); +- imap = next; + } + } + +diff --git a/elf/dl-fini.c b/elf/dl-fini.c +index e201d36651..9acb64f47c 100644 +--- a/elf/dl-fini.c ++++ b/elf/dl-fini.c +@@ -24,68 +24,116 @@ + void + _dl_fini (void) + { +- /* Call destructors strictly in the reverse order of constructors. +- This causes fewer surprises than some arbitrary reordering based +- on new (relocation) dependencies. None of the objects are +- unmapped, so applications can deal with this if their DSOs remain +- in a consistent state after destructors have run. */ +- +- /* Protect against concurrent loads and unloads. */ +- __rtld_lock_lock_recursive (GL(dl_load_lock)); +- +- /* Ignore objects which are opened during shutdown. */ +- struct link_map *local_init_called_list = _dl_init_called_list; +- +- for (struct link_map *l = local_init_called_list; l != NULL; +- l = l->l_init_called_next) +- /* Bump l_direct_opencount of all objects so that they +- are not dlclose()ed from underneath us. */ +- ++l->l_direct_opencount; +- +- /* After this point, everything linked from local_init_called_list +- cannot be unloaded because of the reference counter update. */ +- __rtld_lock_unlock_recursive (GL(dl_load_lock)); +- +- /* Perform two passes: One for non-audit modules, one for audit +- modules. This way, audit modules receive unload notifications +- for non-audit objects, and the destructors for audit modules +- still run. */ ++ /* Lots of fun ahead. We have to call the destructors for all still ++ loaded objects, in all namespaces. The problem is that the ELF ++ specification now demands that dependencies between the modules ++ are taken into account. I.e., the destructor for a module is ++ called before the ones for any of its dependencies. ++ ++ To make things more complicated, we cannot simply use the reverse ++ order of the constructors. Since the user might have loaded objects ++ using `dlopen' there are possibly several other modules with its ++ dependencies to be taken into account. Therefore we have to start ++ determining the order of the modules once again from the beginning. */ ++ ++ /* We run the destructors of the main namespaces last. As for the ++ other namespaces, we pick run the destructors in them in reverse ++ order of the namespace ID. */ ++#ifdef SHARED ++ int do_audit = 0; ++ again: ++#endif ++ for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns) ++ { ++ /* Protect against concurrent loads and unloads. */ ++ __rtld_lock_lock_recursive (GL(dl_load_lock)); ++ ++ unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded; ++ /* No need to do anything for empty namespaces or those used for ++ auditing DSOs. */ ++ if (nloaded == 0 ++#ifdef SHARED ++ || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit ++#endif ++ ) ++ __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ else ++ { + #ifdef SHARED +- int last_pass = GLRO(dl_naudit) > 0; +- Lmid_t last_ns = -1; +- for (int do_audit = 0; do_audit <= last_pass; ++do_audit) ++ _dl_audit_activity_nsid (ns, LA_ACT_DELETE); + #endif +- for (struct link_map *l = local_init_called_list; l != NULL; +- l = l->l_init_called_next) +- { ++ ++ /* Now we can allocate an array to hold all the pointers and ++ copy the pointers in. */ ++ struct link_map *maps[nloaded]; ++ ++ unsigned int i; ++ struct link_map *l; ++ assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL); ++ for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next) ++ /* Do not handle ld.so in secondary namespaces. */ ++ if (l == l->l_real) ++ { ++ assert (i < nloaded); ++ ++ maps[i] = l; ++ l->l_idx = i; ++ ++i; ++ ++ /* Bump l_direct_opencount of all objects so that they ++ are not dlclose()ed from underneath us. */ ++ ++l->l_direct_opencount; ++ } ++ assert (ns != LM_ID_BASE || i == nloaded); ++ assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1); ++ unsigned int nmaps = i; ++ ++ /* Now we have to do the sorting. We can skip looking for the ++ binary itself which is at the front of the search list for ++ the main namespace. */ ++ _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true); ++ ++ /* We do not rely on the linked list of loaded object anymore ++ from this point on. We have our own list here (maps). The ++ various members of this list cannot vanish since the open ++ count is too high and will be decremented in this loop. So ++ we release the lock so that some code which might be called ++ from a destructor can directly or indirectly access the ++ lock. */ ++ __rtld_lock_unlock_recursive (GL(dl_load_lock)); ++ ++ /* 'maps' now contains the objects in the right order. Now ++ call the destructors. We have to process this array from ++ the front. */ ++ for (i = 0; i < nmaps; ++i) ++ { ++ struct link_map *l = maps[i]; ++ ++ if (l->l_init_called) ++ { ++ _dl_call_fini (l); + #ifdef SHARED +- if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit) +- continue; +- +- /* Avoid back-to-back calls of _dl_audit_activity_nsid for the +- same namespace. */ +- if (last_ns != l->l_ns) +- { +- if (last_ns >= 0) +- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); +- _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE); +- last_ns = l->l_ns; +- } ++ /* Auditing checkpoint: another object closed. */ ++ _dl_audit_objclose (l); + #endif ++ } + +- /* There is no need to re-enable exceptions because _dl_fini +- is not called from a context where exceptions are caught. */ +- _dl_call_fini (l); ++ /* Correct the previous increment. */ ++ --l->l_direct_opencount; ++ } + + #ifdef SHARED +- /* Auditing checkpoint: another object closed. */ +- _dl_audit_objclose (l); ++ _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT); + #endif +- } ++ } ++ } + + #ifdef SHARED +- if (last_ns >= 0) +- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); ++ if (! do_audit && GLRO(dl_naudit) > 0) ++ { ++ do_audit = 1; ++ goto again; ++ } + + if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS)) + _dl_debug_printf ("\nruntime linker statistics:\n" +diff --git a/elf/dl-init.c b/elf/dl-init.c +index ffd05b7806..ba4d2fdc85 100644 +--- a/elf/dl-init.c ++++ b/elf/dl-init.c +@@ -21,7 +21,6 @@ + #include + #include + +-struct link_map *_dl_init_called_list; + + static void + call_init (struct link_map *l, int argc, char **argv, char **env) +@@ -43,21 +42,6 @@ call_init (struct link_map *l, int argc, char **argv, char **env) + dependency. */ + l->l_init_called = 1; + +- /* Help an already-running dlclose: The just-loaded object must not +- be removed during the current pass. (No effect if no dlclose in +- progress.) */ +- l->l_map_used = 1; +- +- /* Record execution before starting any initializers. This way, if +- the initializers themselves call dlopen, their ELF destructors +- will eventually be run before this object is destructed, matching +- that their ELF constructors have run before this object was +- constructed. _dl_fini uses this list for audit callbacks, so +- register objects on the list even if they do not have a +- constructor. */ +- l->l_init_called_next = _dl_init_called_list; +- _dl_init_called_list = l; +- + /* Check for object which constructors we do not run here. */ + if (__builtin_expect (l->l_name[0], 'a') == '\0' + && l->l_type == lt_executable) +diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def +index 61dc54f8ae..4bf9052db1 100644 +--- a/elf/dso-sort-tests-1.def ++++ b/elf/dso-sort-tests-1.def +@@ -53,14 +53,21 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c + output: b>a>{}b->c->d order). ++# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based ++# dynamic_sort=2 algorithm does, although it is still arguable whether going ++# beyond spec to do this is the right thing to do. ++# The below expected outputs are what the two algorithms currently produce ++# respectively, for regression testing purposes. + tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c +-output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[a1;a->a2;a2->a;b->b1;c->a1;c=>a1 +-output: {+a[a2>a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());} +Date: Thu, 19 Oct 2023 09:17:38 +0200 +Subject: [PATCH 30/44] Revert "elf: Move l_init_called_next to old place of + l_text_end in link map" + +This reverts commit d3ba6c1333b10680ce5900a628108507d9d4b844. + +Reason: Preserve internal ABI. +--- + include/link.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/link.h b/include/link.h +index a02d5f2eba..69bda3ed17 100644 +--- a/include/link.h ++++ b/include/link.h +@@ -256,10 +256,6 @@ struct link_map + /* End of the executable part of the mapping. */ + ElfW(Addr) l_text_end; + +- /* Linked list of objects in reverse ELF constructor execution +- order. Head of list is stored in _dl_init_called_list. */ +- struct link_map *l_init_called_next; +- + /* Default array for 'l_scope'. */ + struct r_scope_elem *l_scope_mem[4]; + /* Size of array allocated for 'l_scope'. */ +@@ -282,6 +278,10 @@ struct link_map + /* List of object in order of the init and fini calls. */ + struct link_map **l_initfini; + ++ /* Linked list of objects in reverse ELF constructor execution ++ order. Head of list is stored in _dl_init_called_list. */ ++ struct link_map *l_init_called_next; ++ + /* List of the dependencies introduced through symbol binding. */ + struct link_map_reldeps + { +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch b/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch new file mode 100644 index 000000000..fd6fee261 --- /dev/null +++ b/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch @@ -0,0 +1,105 @@ +From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001 +From: Sergio Durigan Junior +Date: Wed, 1 Nov 2023 18:15:23 -0400 +Subject: [PATCH 31/44] sysdeps: sem_open: Clear O_CREAT when semaphore file is + expected to exist [BZ #30789] + +When invoking sem_open with O_CREAT as one of its flags, we'll end up +in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag +& O_EXCL) == 0)", which means that we don't expect the semaphore file +to exist. + +In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL +| O_CLOEXEC" and there's an attempt to open(2) the file, which will +likely fail because it won't exist. After that first (expected) +failure, some cleanup is done and we go back to the label "try_again", +which lives in the first part of the aforementioned "if". + +The problem is that, in that part of the code, we expect the semaphore +file to exist, and as such O_CREAT (this time the flag we pass to +open(2)) needs to be cleaned from open_flags, otherwise we'll see +another failure (this time unexpected) when trying to open the file, +which will lead the call to sem_open to fail as well. + +This can cause very strange bugs, especially with OpenMPI, which makes +extensive use of semaphores. + +Fix the bug by simplifying the logic when choosing open(2) flags and +making sure O_CREAT is not set when the semaphore file is expected to +exist. + +A regression test for this issue would require a complex and cpu time +consuming logic, since to trigger the wrong code path is not +straightforward due the racy condition. There is a somewhat reliable +reproducer in the bug, but it requires using OpenMPI. + +This resolves BZ #30789. + +See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912 + +Signed-off-by: Sergio Durigan Junior +Co-Authored-By: Simon Chopin +Co-Authored-By: Adhemerval Zanella Netto +Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)") +(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147) +--- + NEWS | 2 ++ + sysdeps/pthread/sem_open.c | 10 ++++------ + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/NEWS b/NEWS +index f117874e34..5ac488bf9b 100644 +--- a/NEWS ++++ b/NEWS +@@ -32,6 +32,8 @@ Security related changes: + The following bugs are resolved with this release: + + [30723] posix_memalign repeatedly scans long bin lists ++ [30789] sem_open will fail on multithreaded scenarios when semaphore ++ file doesn't exist (O_CREAT) + [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) +diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c +index e5db929d20..0e331a7445 100644 +--- a/sysdeps/pthread/sem_open.c ++++ b/sysdeps/pthread/sem_open.c +@@ -32,11 +32,12 @@ + # define __unlink unlink + #endif + ++#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC) ++ + sem_t * + __sem_open (const char *name, int oflag, ...) + { + int fd; +- int open_flags; + sem_t *result; + + /* Check that shared futexes are supported. */ +@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...) + /* If the semaphore object has to exist simply open it. */ + if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0) + { +- open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC; +- open_flags |= (oflag & ~(O_CREAT|O_ACCMODE)); + try_again: +- fd = __open (dirname.name, open_flags); ++ fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS); + + if (fd == -1) + { +@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...) + } + + /* Open the file. Make sure we do not overwrite anything. */ +- open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC; +- fd = __open (tmpfname, open_flags, mode); ++ fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode); + if (fd == -1) + { + if (errno == EEXIST) +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch b/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch new file mode 100644 index 000000000..42d3f9639 --- /dev/null +++ b/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch @@ -0,0 +1,26 @@ +From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001 +From: Adhemerval Zanella +Date: Thu, 7 Dec 2023 11:17:35 -0300 +Subject: [PATCH 32/44] elf: Fix wrong break removal from 8ee878592c + +Reported-by: Alexander Monakov +(cherry picked from commit 546a1ba664626603660b595662249d524e429013) +--- + elf/readelflib.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/elf/readelflib.c b/elf/readelflib.c +index f5b8c80e38..64f1d662a9 100644 +--- a/elf/readelflib.c ++++ b/elf/readelflib.c +@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag, + case PT_INTERP: + program_interpreter = (char *) (file_contents + segment->p_offset); + check_ptr (program_interpreter); ++ break; + + case PT_GNU_PROPERTY: + /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch b/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch new file mode 100644 index 000000000..df64df3fd --- /dev/null +++ b/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch @@ -0,0 +1,109 @@ +From 44f757a6364a546359809d48c76b3debd26e77d4 Mon Sep 17 00:00:00 2001 +From: caiyinyu +Date: Thu, 26 Oct 2023 17:27:21 +0800 +Subject: [PATCH 33/44] LoongArch: Delete excessively allocated memory. + +Backported from glibc 2.39 development. +--- + sysdeps/loongarch/dl-trampoline.h | 68 +++++++++++++++---------------- + 1 file changed, 34 insertions(+), 34 deletions(-) + +diff --git a/sysdeps/loongarch/dl-trampoline.h b/sysdeps/loongarch/dl-trampoline.h +index 02375286f8..99fcacab76 100644 +--- a/sysdeps/loongarch/dl-trampoline.h ++++ b/sysdeps/loongarch/dl-trampoline.h +@@ -19,9 +19,9 @@ + /* Assembler veneer called from the PLT header code for lazy loading. + The PLT header passes its own args in t0-t2. */ + #ifdef USE_LASX +-# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZXREG) & ALMASK)) ++# define FRAME_SIZE (-((-9 * SZREG - 8 * SZXREG) & ALMASK)) + #elif defined USE_LSX +-# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZVREG) & ALMASK)) ++# define FRAME_SIZE (-((-9 * SZREG - 8 * SZVREG) & ALMASK)) + #elif !defined __loongarch_soft_float + # define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG) & ALMASK)) + #else +@@ -44,23 +44,23 @@ ENTRY (_dl_runtime_resolve) + REG_S a7, sp, 8*SZREG + + #ifdef USE_LASX +- xvst xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG +- xvst xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG +- xvst xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG +- xvst xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG +- xvst xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG +- xvst xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG +- xvst xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG +- xvst xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG ++ xvst xr0, sp, 9*SZREG + 0*SZXREG ++ xvst xr1, sp, 9*SZREG + 1*SZXREG ++ xvst xr2, sp, 9*SZREG + 2*SZXREG ++ xvst xr3, sp, 9*SZREG + 3*SZXREG ++ xvst xr4, sp, 9*SZREG + 4*SZXREG ++ xvst xr5, sp, 9*SZREG + 5*SZXREG ++ xvst xr6, sp, 9*SZREG + 6*SZXREG ++ xvst xr7, sp, 9*SZREG + 7*SZXREG + #elif defined USE_LSX +- vst vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG +- vst vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG +- vst vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG +- vst vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG +- vst vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG +- vst vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG +- vst vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG +- vst vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG ++ vst vr0, sp, 9*SZREG + 0*SZVREG ++ vst vr1, sp, 9*SZREG + 1*SZVREG ++ vst vr2, sp, 9*SZREG + 2*SZVREG ++ vst vr3, sp, 9*SZREG + 3*SZVREG ++ vst vr4, sp, 9*SZREG + 4*SZVREG ++ vst vr5, sp, 9*SZREG + 5*SZVREG ++ vst vr6, sp, 9*SZREG + 6*SZVREG ++ vst vr7, sp, 9*SZREG + 7*SZVREG + #elif !defined __loongarch_soft_float + FREG_S fa0, sp, 9*SZREG + 0*SZFREG + FREG_S fa1, sp, 9*SZREG + 1*SZFREG +@@ -92,23 +92,23 @@ ENTRY (_dl_runtime_resolve) + REG_L a7, sp, 8*SZREG + + #ifdef USE_LASX +- xvld xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG +- xvld xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG +- xvld xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG +- xvld xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG +- xvld xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG +- xvld xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG +- xvld xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG +- xvld xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG ++ xvld xr0, sp, 9*SZREG + 0*SZXREG ++ xvld xr1, sp, 9*SZREG + 1*SZXREG ++ xvld xr2, sp, 9*SZREG + 2*SZXREG ++ xvld xr3, sp, 9*SZREG + 3*SZXREG ++ xvld xr4, sp, 9*SZREG + 4*SZXREG ++ xvld xr5, sp, 9*SZREG + 5*SZXREG ++ xvld xr6, sp, 9*SZREG + 6*SZXREG ++ xvld xr7, sp, 9*SZREG + 7*SZXREG + #elif defined USE_LSX +- vld vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG +- vld vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG +- vld vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG +- vld vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG +- vld vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG +- vld vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG +- vld vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG +- vld vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG ++ vld vr0, sp, 9*SZREG + 0*SZVREG ++ vld vr1, sp, 9*SZREG + 1*SZVREG ++ vld vr2, sp, 9*SZREG + 2*SZVREG ++ vld vr3, sp, 9*SZREG + 3*SZVREG ++ vld vr4, sp, 9*SZREG + 4*SZVREG ++ vld vr5, sp, 9*SZREG + 5*SZVREG ++ vld vr6, sp, 9*SZREG + 6*SZVREG ++ vld vr7, sp, 9*SZREG + 7*SZVREG + #elif !defined __loongarch_soft_float + FREG_L fa0, sp, 9*SZREG + 0*SZFREG + FREG_L fa1, sp, 9*SZREG + 1*SZFREG +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch b/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch new file mode 100644 index 000000000..957ccf2b7 --- /dev/null +++ b/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch @@ -0,0 +1,54 @@ +From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001 +From: Hector Martin +Date: Tue, 28 Nov 2023 15:23:07 +0900 +Subject: [PATCH 34/44] elf: Fix TLS modid reuse generation assignment (BZ + 29039) + +_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but +does *not* do anything to the generation counter. The first time this +happens, the generation is zero and map_generation() returns the current +generation to be used during relocation processing. However, if +a slotinfo entry is later reused, it will already have a generation +assigned. If this generation has fallen behind the current global max +generation, then this causes an obsolete generation to be assigned +during relocation processing, as map_generation() returns this +generation if nonzero. _dl_add_to_slotinfo() eventually resets the +generation, but by then it is too late. This causes DTV updates to be +skipped, leading to NULL or broken TLS slot pointers and segfaults. + +Fix this by resetting the generation to zero in _dl_assign_tls_modid(), +so it behaves the same as the first time a slot is assigned. +_dl_add_to_slotinfo() will still assign the correct static generation +later during module load, but relocation processing will no longer use +an obsolete generation. + +Note that slotinfo entry (aka modid) reuse typically happens after a +dlclose and only TLS access via dynamic tlsdesc is affected. Because +tlsdesc is optimized to use the optional part of static TLS, dynamic +tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls +tunable to a large enough value, or by LD_PRELOAD-ing the affected +modules. + +Fixes bug 29039. + +Reviewed-by: Szabolcs Nagy +(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59) +--- + elf/dl-tls.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/elf/dl-tls.c b/elf/dl-tls.c +index 99b83ca696..1f6f820819 100644 +--- a/elf/dl-tls.c ++++ b/elf/dl-tls.c +@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l) + { + /* Mark the entry as used, so any dependency see it. */ + atomic_store_relaxed (&runp->slotinfo[result - disp].map, l); ++ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0); + break; + } + +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch b/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch new file mode 100644 index 000000000..87b0235a5 --- /dev/null +++ b/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch @@ -0,0 +1,208 @@ +From 0de9082ed8d8f149ca87d569a73692046e236c18 Mon Sep 17 00:00:00 2001 +From: Szabolcs Nagy +Date: Wed, 29 Nov 2023 11:31:37 +0000 +Subject: [PATCH 35/44] elf: Add TLS modid reuse test for bug 29039 + +This is a minimal regression test for bug 29039 which only affects +targets with TLSDESC and a reproducer requires that + +1) Have modid gaps (closed modules) with old generation. +2) Update a DTV to a newer generation (needs a newer dlopen). +3) But do not update the closed gap entry in that DTV. +4) Reuse the modid gap for a new module (another dlopen). +5) Use dynamic TLSDESC in that new module with old generation (bug). +6) Access TLS via this TLSDESC and the now outdated DTV. + +However step (3) in practice rarely happens: during DTV update the +entries for closed modids are initialized to "unallocated" and then +dynamic TLSDESC calls __tls_get_addr independently of its generation. +The only exception to this is DTV setup at thread creation (gaps are +initialized to NULL instead of unallocated) or DTV resize where the +gap entries are outside the previous DTV array (again NULL instead +of unallocated, and this requires loading > DTV_SURPLUS modules). + +So the bug can only cause NULL (+ offset) dereference, not use after +free. And the easiest way to get (3) is via thread creation. + +Note that step (5) requires that the newly loaded module has larger +TLS than the remaining optional static TLS. And for (6) there cannot +be other TLS access or dlopen in the thread that updates the DTV. + +Tested on aarch64-linux-gnu. + +Reviewed-by: Adhemerval Zanella +(cherry picked from commit 980450f12685326729d63ff72e93a996113bf073) +--- + elf/Makefile | 15 +++++++ + elf/tst-tlsgap-mod0.c | 2 + + elf/tst-tlsgap-mod1.c | 2 + + elf/tst-tlsgap-mod2.c | 2 + + elf/tst-tlsgap.c | 92 +++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 113 insertions(+) + create mode 100644 elf/tst-tlsgap-mod0.c + create mode 100644 elf/tst-tlsgap-mod1.c + create mode 100644 elf/tst-tlsgap-mod2.c + create mode 100644 elf/tst-tlsgap.c + +diff --git a/elf/Makefile b/elf/Makefile +index c00e2ccfc5..1a05a6aaca 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -459,6 +459,7 @@ tests += \ + tst-tls21 \ + tst-tlsalign \ + tst-tlsalign-extern \ ++ tst-tlsgap \ + tst-unique1 \ + tst-unique2 \ + tst-unwind-ctor \ +@@ -883,6 +884,9 @@ modules-names += \ + tst-tls20mod-bad \ + tst-tls21mod \ + tst-tlsalign-lib \ ++ tst-tlsgap-mod0 \ ++ tst-tlsgap-mod1 \ ++ tst-tlsgap-mod2 \ + tst-tlsmod1 \ + tst-tlsmod10 \ + tst-tlsmod11 \ +@@ -3009,3 +3013,14 @@ LDFLAGS-tst-dlclose-lazy-mod1.so = -Wl,-z,lazy,--no-as-needed + $(objpfx)tst-dlclose-lazy-mod1.so: $(objpfx)tst-dlclose-lazy-mod2.so + $(objpfx)tst-dlclose-lazy.out: \ + $(objpfx)tst-dlclose-lazy-mod1.so $(objpfx)tst-dlclose-lazy-mod2.so ++ ++$(objpfx)tst-tlsgap: $(shared-thread-library) ++$(objpfx)tst-tlsgap.out: \ ++ $(objpfx)tst-tlsgap-mod0.so \ ++ $(objpfx)tst-tlsgap-mod1.so \ ++ $(objpfx)tst-tlsgap-mod2.so ++ifeq (yes,$(have-mtls-dialect-gnu2)) ++CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2 ++CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2 ++CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2 ++endif +diff --git a/elf/tst-tlsgap-mod0.c b/elf/tst-tlsgap-mod0.c +new file mode 100644 +index 0000000000..1478b0beac +--- /dev/null ++++ b/elf/tst-tlsgap-mod0.c +@@ -0,0 +1,2 @@ ++int __thread tls0; ++int *f0(void) { return &tls0; } +diff --git a/elf/tst-tlsgap-mod1.c b/elf/tst-tlsgap-mod1.c +new file mode 100644 +index 0000000000..b10fc3702c +--- /dev/null ++++ b/elf/tst-tlsgap-mod1.c +@@ -0,0 +1,2 @@ ++int __thread tls1[100]; /* Size > glibc.rtld.optional_static_tls / 2. */ ++int *f1(void) { return tls1; } +diff --git a/elf/tst-tlsgap-mod2.c b/elf/tst-tlsgap-mod2.c +new file mode 100644 +index 0000000000..166c27d7f3 +--- /dev/null ++++ b/elf/tst-tlsgap-mod2.c +@@ -0,0 +1,2 @@ ++int __thread tls2; ++int *f2(void) { return &tls2; } +diff --git a/elf/tst-tlsgap.c b/elf/tst-tlsgap.c +new file mode 100644 +index 0000000000..4932885076 +--- /dev/null ++++ b/elf/tst-tlsgap.c +@@ -0,0 +1,92 @@ ++/* TLS modid gap reuse regression test for bug 29039. ++ Copyright (C) 2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static void *mod[3]; ++#define MOD(i) "tst-tlsgap-mod" #i ".so" ++static const char *modname[3] = { MOD(0), MOD(1), MOD(2) }; ++#undef MOD ++ ++static void ++open_mod (int i) ++{ ++ mod[i] = xdlopen (modname[i], RTLD_LAZY); ++ printf ("open %s\n", modname[i]); ++} ++ ++static void ++close_mod (int i) ++{ ++ xdlclose (mod[i]); ++ mod[i] = NULL; ++ printf ("close %s\n", modname[i]); ++} ++ ++static void ++access_mod (int i, const char *sym) ++{ ++ int *(*f) (void) = xdlsym (mod[i], sym); ++ int *p = f (); ++ printf ("access %s: %s() = %p\n", modname[i], sym, p); ++ TEST_VERIFY_EXIT (p != NULL); ++ ++*p; ++} ++ ++static void * ++start (void *arg) ++{ ++ /* The DTV generation is at the last dlopen of mod0 and the ++ entry for mod1 is NULL. */ ++ ++ open_mod (1); /* Reuse modid of mod1. Uses dynamic TLS. */ ++ ++ /* DTV is unchanged: dlopen only updates the DTV to the latest ++ generation if static TLS is allocated for a loaded module. ++ ++ With bug 29039, the TLSDESC relocation in mod1 uses the old ++ dlclose generation of mod1 instead of the new dlopen one so ++ DTV is not updated on TLS access. */ ++ ++ access_mod (1, "f1"); ++ ++ return arg; ++} ++ ++static int ++do_test (void) ++{ ++ open_mod (0); ++ open_mod (1); ++ open_mod (2); ++ close_mod (0); ++ close_mod (1); /* Create modid gap at mod1. */ ++ open_mod (0); /* Reuse modid of mod0, bump generation count. */ ++ ++ /* Create a thread where DTV of mod1 is NULL. */ ++ pthread_t t = xpthread_create (NULL, start, NULL); ++ xpthread_join (t); ++ return 0; ++} ++ ++#include +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch b/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch new file mode 100644 index 000000000..af173fbc3 --- /dev/null +++ b/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch @@ -0,0 +1,68 @@ +From 35ea7549751d4f13a28c732e6ad68204f5e60a06 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 20 Dec 2023 16:31:43 -0800 +Subject: [PATCH 36/44] x86-64: Fix the dtv field load for x32 [BZ #31184] + +On x32, I got + +FAIL: elf/tst-tlsgap + +$ gdb elf/tst-tlsgap +... +open tst-tlsgap-mod1.so + +Thread 2 "tst-tlsgap" received signal SIGSEGV, Segmentation fault. +[Switching to LWP 2268754] +_dl_tlsdesc_dynamic () at ../sysdeps/x86_64/dl-tlsdesc.S:108 +108 movq (%rsi), %rax +(gdb) p/x $rsi +$4 = 0xf7dbf9005655fb18 +(gdb) + +This is caused by + +_dl_tlsdesc_dynamic: + _CET_ENDBR + /* Preserve call-clobbered registers that we modify. + We need two scratch regs anyway. */ + movq %rsi, -16(%rsp) + movq %fs:DTV_OFFSET, %rsi + +Since the dtv field in TCB is a pointer, %fs:DTV_OFFSET is a 32-bit +location, not 64-bit. Load the dtv field to RSI_LP instead of rsi. +This fixes BZ #31184. + +(cherry picked from commit 3502440397bbb840e2f7223734aa5cc2cc0e29b6) +--- + NEWS | 1 + + sysdeps/x86_64/dl-tlsdesc.S | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 5ac488bf9b..71057e4793 100644 +--- a/NEWS ++++ b/NEWS +@@ -37,6 +37,7 @@ The following bugs are resolved with this release: + [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) ++ [31184] FAIL: elf/tst-tlsgap + + + Version 2.38 +diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S +index 5593897e29..c4823547d7 100644 +--- a/sysdeps/x86_64/dl-tlsdesc.S ++++ b/sysdeps/x86_64/dl-tlsdesc.S +@@ -102,7 +102,7 @@ _dl_tlsdesc_dynamic: + /* Preserve call-clobbered registers that we modify. + We need two scratch regs anyway. */ + movq %rsi, -16(%rsp) +- movq %fs:DTV_OFFSET, %rsi ++ mov %fs:DTV_OFFSET, %RSI_LP + movq %rdi, -8(%rsp) + movq TLSDESC_ARG(%rax), %rdi + movq (%rsi), %rax +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch b/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch new file mode 100644 index 000000000..31959c275 --- /dev/null +++ b/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch @@ -0,0 +1,69 @@ +From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 20 Dec 2023 19:42:12 -0800 +Subject: [PATCH 37/44] x86-64: Fix the tcb field load for x32 [BZ #31185] + +_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer +via the tcb field in TCB: + +_dl_tlsdesc_undefweak: + _CET_ENDBR + movq 8(%rax), %rax + subq %fs:0, %rax + ret + +_dl_tlsdesc_dynamic: + ... + subq %fs:0, %rax + movq -8(%rsp), %rdi + ret + +Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location, +not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since +_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic +returns void *, RAX_LP is appropriate here for x32 and x86-64. This +fixes BZ #31185. + +(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3) +--- + NEWS | 1 + + sysdeps/x86_64/dl-tlsdesc.S | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index 71057e4793..6fbb8a9e1d 100644 +--- a/NEWS ++++ b/NEWS +@@ -38,6 +38,7 @@ The following bugs are resolved with this release: + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) + [31184] FAIL: elf/tst-tlsgap ++ [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic + + + Version 2.38 +diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S +index c4823547d7..4579424bf7 100644 +--- a/sysdeps/x86_64/dl-tlsdesc.S ++++ b/sysdeps/x86_64/dl-tlsdesc.S +@@ -61,7 +61,7 @@ _dl_tlsdesc_return: + _dl_tlsdesc_undefweak: + _CET_ENDBR + movq 8(%rax), %rax +- subq %fs:0, %rax ++ sub %fs:0, %RAX_LP + ret + cfi_endproc + .size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak +@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic: + addq TLSDESC_MODOFF(%rdi), %rax + .Lret: + movq -16(%rsp), %rsi +- subq %fs:0, %rax ++ sub %fs:0, %RAX_LP + movq -8(%rsp), %rdi + ret + .Lslow: +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch b/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch new file mode 100644 index 000000000..84be4a1bf --- /dev/null +++ b/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch @@ -0,0 +1,27 @@ +From d25e2c8d5cb0778ae87ad43b1f4c301abe5a932b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 23 Dec 2023 06:24:41 -0800 +Subject: [PATCH 38/44] NEWS: Mention bug fixes for 29039/30694/30709/30721 + +--- + NEWS | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/NEWS b/NEWS +index 6fbb8a9e1d..db4d6c8373 100644 +--- a/NEWS ++++ b/NEWS +@@ -31,6 +31,10 @@ Security related changes: + + The following bugs are resolved with this release: + ++ [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS ++ [30694] The iconv program no longer tells the user which given encoding name was wrong ++ [30709] nscd fails to build with cleanup handler if built with -fexceptions ++ [30721] x86_64: Fix build with --disable-multiarch + [30723] posix_memalign repeatedly scans long bin lists + [30789] sem_open will fail on multithreaded scenarios when semaphore + file doesn't exist (O_CREAT) +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch b/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch new file mode 100644 index 000000000..fc306dca2 --- /dev/null +++ b/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch @@ -0,0 +1,30 @@ +From 27339a3eb8f987eebae72b854af80256c1588ebd Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 23 Dec 2023 06:27:50 -0800 +Subject: [PATCH 39/44] NEWS: Mention bug fixes for 30745/30843 + +--- + NEWS | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/NEWS b/NEWS +index db4d6c8373..905230b838 100644 +--- a/NEWS ++++ b/NEWS +@@ -36,11 +36,13 @@ The following bugs are resolved with this release: + [30709] nscd fails to build with cleanup handler if built with -fexceptions + [30721] x86_64: Fix build with --disable-multiarch + [30723] posix_memalign repeatedly scans long bin lists ++ [30745] Slight bug in cache info codes for x86 + [30789] sem_open will fail on multithreaded scenarios when semaphore + file doesn't exist (O_CREAT) + [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) ++ [30843] potential use-after-free in getcanonname (CVE-2023-4806) + [31184] FAIL: elf/tst-tlsgap + [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic + +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch b/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch new file mode 100644 index 000000000..ce482f7a1 --- /dev/null +++ b/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch @@ -0,0 +1,36 @@ +From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Wed, 6 Dec 2023 14:48:22 +0100 +Subject: [PATCH 40/44] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163) + +When __resolv_context_get returns NULL due to out of memory, translate it +to a return value of EAI_MEMORY. + +(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f) +--- + sysdeps/posix/getaddrinfo.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 13082305d3..da573bea24 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req, + function variant. */ + res_ctx = __resolv_context_get (); + if (res_ctx == NULL) +- no_more = 1; ++ { ++ if (errno == ENOMEM) ++ { ++ result = -EAI_MEMORY; ++ goto out; ++ } ++ no_more = 1; ++ } + + while (!no_more) + { +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch b/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch new file mode 100644 index 000000000..b088dba70 --- /dev/null +++ b/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch @@ -0,0 +1,48 @@ +From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Tue, 2 Jan 2024 14:36:17 +0100 +Subject: [PATCH 41/44] libio: Check remaining buffer size in _IO_wdo_write + (bug 31183) + +The multibyte character needs to fit into the remaining buffer space, +not the already-written buffer space. Without the fix, we were never +moving the write pointer from the start of the buffer, always using +the single-character fallback buffer. + +Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing +a multibyte character to an unbuffered stream (bug 17522)"). + +(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60) +--- + NEWS | 1 + + libio/wfileops.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 905230b838..6768c2da6f 100644 +--- a/NEWS ++++ b/NEWS +@@ -43,6 +43,7 @@ The following bugs are resolved with this release: + -D_FILE_OFFSET_BITS=64 + [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) + [30843] potential use-after-free in getcanonname (CVE-2023-4806) ++ [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix + [31184] FAIL: elf/tst-tlsgap + [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic + +diff --git a/libio/wfileops.c b/libio/wfileops.c +index f16f6db1c3..9ab8f2e7f3 100644 +--- a/libio/wfileops.c ++++ b/libio/wfileops.c +@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do) + char mb_buf[MB_LEN_MAX]; + char *write_base, *write_ptr, *buf_end; + +- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf)) ++ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf)) + { + /* Make sure we have room for at least one multibyte + character. */ +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch new file mode 100644 index 000000000..a4229d9ec --- /dev/null +++ b/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch @@ -0,0 +1,181 @@ +From 23514c72b780f3da097ecf33a793b7ba9c2070d2 Mon Sep 17 00:00:00 2001 +From: Arjun Shankar +Date: Mon, 15 Jan 2024 17:44:43 +0100 +Subject: [PATCH 42/44] syslog: Fix heap buffer overflow in __vsyslog_internal + (CVE-2023-6246) + +__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER +containing a long program name failed to update the required buffer +size, leading to the allocation and overflow of a too-small buffer on +the heap. This commit fixes that. It also adds a new regression test +that uses glibc.malloc.check. + +Reviewed-by: Adhemerval Zanella +Reviewed-by: Carlos O'Donell +Tested-by: Carlos O'Donell +(cherry picked from commit 6bd0e4efcc78f3c0115e5ea9739a1642807450da) +--- + misc/Makefile | 8 ++- + misc/syslog.c | 50 +++++++++++++------ + misc/tst-syslog-long-progname.c | 39 +++++++++++++++ + .../postclean.req | 0 + 4 files changed, 82 insertions(+), 15 deletions(-) + create mode 100644 misc/tst-syslog-long-progname.c + create mode 100644 misc/tst-syslog-long-progname.root/postclean.req + +diff --git a/misc/Makefile b/misc/Makefile +index fe0d49c1de..90b31952c5 100644 +--- a/misc/Makefile ++++ b/misc/Makefile +@@ -289,7 +289,10 @@ tests-special += $(objpfx)tst-error1-mem.out \ + $(objpfx)tst-allocate_once-mem.out + endif + +-tests-container := tst-syslog ++tests-container := \ ++ tst-syslog \ ++ tst-syslog-long-progname \ ++ # tests-container + + CFLAGS-select.c += -fexceptions -fasynchronous-unwind-tables + CFLAGS-tsearch.c += $(uses-callbacks) +@@ -351,6 +354,9 @@ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \ + $(evaluate-test) + ++tst-syslog-long-progname-ENV = GLIBC_TUNABLES=glibc.malloc.check=3 \ ++ LD_PRELOAD=libc_malloc_debug.so.0 ++ + $(objpfx)tst-select: $(librt) + $(objpfx)tst-select-time64: $(librt) + $(objpfx)tst-pselect: $(librt) +diff --git a/misc/syslog.c b/misc/syslog.c +index 1b8cb722c5..814d224a1e 100644 +--- a/misc/syslog.c ++++ b/misc/syslog.c +@@ -124,8 +124,9 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + { + /* Try to use a static buffer as an optimization. */ + char bufs[1024]; +- char *buf = NULL; +- size_t bufsize = 0; ++ char *buf = bufs; ++ size_t bufsize; ++ + int msgoff; + int saved_errno = errno; + +@@ -177,29 +178,50 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + #define SYSLOG_HEADER_WITHOUT_TS(__pri, __msgoff) \ + "<%d>: %n", __pri, __msgoff + +- int l; ++ int l, vl; + if (has_ts) + l = __snprintf (bufs, sizeof bufs, + SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); + else + l = __snprintf (bufs, sizeof bufs, + SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); ++ ++ char *pos; ++ size_t len; ++ + if (0 <= l && l < sizeof bufs) + { +- va_list apc; +- va_copy (apc, ap); ++ /* At this point, there is still a chance that we can print the ++ remaining part of the log into bufs and use that. */ ++ pos = bufs + l; ++ len = sizeof (bufs) - l; ++ } ++ else ++ { ++ buf = NULL; ++ /* We already know that bufs is too small to use for this log message. ++ The next vsnprintf into bufs is used only to calculate the total ++ required buffer length. We will discard bufs contents and allocate ++ an appropriately sized buffer later instead. */ ++ pos = bufs; ++ len = sizeof (bufs); ++ } + +- /* Restore errno for %m format. */ +- __set_errno (saved_errno); ++ { ++ va_list apc; ++ va_copy (apc, ap); + +- int vl = __vsnprintf_internal (bufs + l, sizeof bufs - l, fmt, apc, +- mode_flags); +- if (0 <= vl && vl < sizeof bufs - l) +- buf = bufs; +- bufsize = l + vl; ++ /* Restore errno for %m format. */ ++ __set_errno (saved_errno); + +- va_end (apc); +- } ++ vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); ++ ++ if (!(0 <= vl && vl < len)) ++ buf = NULL; ++ ++ bufsize = l + vl; ++ va_end (apc); ++ } + + if (buf == NULL) + { +diff --git a/misc/tst-syslog-long-progname.c b/misc/tst-syslog-long-progname.c +new file mode 100644 +index 0000000000..88f37a8a00 +--- /dev/null ++++ b/misc/tst-syslog-long-progname.c +@@ -0,0 +1,39 @@ ++/* Test heap buffer overflow in syslog with long __progname (CVE-2023-6246) ++ Copyright (C) 2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++ ++extern char * __progname; ++ ++static int ++do_test (void) ++{ ++ char long_progname[2048]; ++ ++ memset (long_progname, 'X', sizeof (long_progname) - 1); ++ long_progname[sizeof (long_progname) - 1] = '\0'; ++ ++ __progname = long_progname; ++ ++ syslog (LOG_INFO, "Hello, World!"); ++ ++ return 0; ++} ++ ++#include +diff --git a/misc/tst-syslog-long-progname.root/postclean.req b/misc/tst-syslog-long-progname.root/postclean.req +new file mode 100644 +index 0000000000..e69de29bb2 +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch new file mode 100644 index 000000000..1ee6993bd --- /dev/null +++ b/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch @@ -0,0 +1,106 @@ +From d0338312aace5bbfef85e03055e1212dd0e49578 Mon Sep 17 00:00:00 2001 +From: Arjun Shankar +Date: Mon, 15 Jan 2024 17:44:44 +0100 +Subject: [PATCH 43/44] syslog: Fix heap buffer overflow in __vsyslog_internal + (CVE-2023-6779) + +__vsyslog_internal used the return value of snprintf/vsnprintf to +calculate buffer sizes for memory allocation. If these functions (for +any reason) failed and returned -1, the resulting buffer would be too +small to hold output. This commit fixes that. + +All snprintf/vsnprintf calls are checked for negative return values and +the function silently returns upon encountering them. + +Reviewed-by: Carlos O'Donell +(cherry picked from commit 7e5a0c286da33159d47d0122007aac016f3e02cd) +--- + misc/syslog.c | 39 ++++++++++++++++++++++++++++----------- + 1 file changed, 28 insertions(+), 11 deletions(-) + +diff --git a/misc/syslog.c b/misc/syslog.c +index 814d224a1e..53440e47ad 100644 +--- a/misc/syslog.c ++++ b/misc/syslog.c +@@ -185,11 +185,13 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + else + l = __snprintf (bufs, sizeof bufs, + SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); ++ if (l < 0) ++ goto out; + + char *pos; + size_t len; + +- if (0 <= l && l < sizeof bufs) ++ if (l < sizeof bufs) + { + /* At this point, there is still a chance that we can print the + remaining part of the log into bufs and use that. */ +@@ -215,12 +217,15 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + __set_errno (saved_errno); + + vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); ++ va_end (apc); ++ ++ if (vl < 0) ++ goto out; + +- if (!(0 <= vl && vl < len)) ++ if (vl >= len) + buf = NULL; + + bufsize = l + vl; +- va_end (apc); + } + + if (buf == NULL) +@@ -231,25 +236,37 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + /* Tell the cancellation handler to free this buffer. */ + clarg.buf = buf; + ++ int cl; + if (has_ts) +- __snprintf (buf, l + 1, +- SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); ++ cl = __snprintf (buf, l + 1, ++ SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); + else +- __snprintf (buf, l + 1, +- SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); ++ cl = __snprintf (buf, l + 1, ++ SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); ++ if (cl != l) ++ goto out; + + va_list apc; + va_copy (apc, ap); +- __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, +- mode_flags); ++ cl = __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, ++ mode_flags); + va_end (apc); ++ ++ if (cl != vl) ++ goto out; + } + else + { ++ int bl; + /* Nothing much to do but emit an error message. */ +- bufsize = __snprintf (bufs, sizeof bufs, +- "out of memory[%d]", __getpid ()); ++ bl = __snprintf (bufs, sizeof bufs, ++ "out of memory[%d]", __getpid ()); ++ if (bl < 0 || bl >= sizeof bufs) ++ goto out; ++ ++ bufsize = bl; + buf = bufs; ++ msgoff = 0; + } + } + +-- +2.39.2 + diff --git a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch b/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch new file mode 100644 index 000000000..b7ff1f94f --- /dev/null +++ b/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch @@ -0,0 +1,41 @@ +From d37c2b20a4787463d192b32041c3406c2bd91de0 Mon Sep 17 00:00:00 2001 +From: Arjun Shankar +Date: Mon, 15 Jan 2024 17:44:45 +0100 +Subject: [PATCH 44/44] syslog: Fix integer overflow in __vsyslog_internal + (CVE-2023-6780) + +__vsyslog_internal calculated a buffer size by adding two integers, but +did not first check if the addition would overflow. This commit fixes +that. + +Reviewed-by: Carlos O'Donell +Tested-by: Carlos O'Donell +(cherry picked from commit ddf542da94caf97ff43cc2875c88749880b7259b) +--- + misc/syslog.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/misc/syslog.c b/misc/syslog.c +index 53440e47ad..4af87f54fd 100644 +--- a/misc/syslog.c ++++ b/misc/syslog.c +@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)syslog.c 8.4 (Berkeley) 3/18/94"; + #include + #include + #include ++#include + + static int LogType = SOCK_DGRAM; /* type of socket connection */ + static int LogFile = -1; /* fd for log */ +@@ -219,7 +220,7 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); + va_end (apc); + +- if (vl < 0) ++ if (vl < 0 || vl >= INT_MAX - l) + goto out; + + if (vl >= len) +-- +2.39.2 + From 2240d0831265484474fd16b4d11d198cbceb74de Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 11:11:41 +0000 Subject: [PATCH 083/140] core184: Ship updated glibc Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/aarch64/glibc | 1 + config/rootfiles/core/184/filelists/riscv64/glibc | 1 + config/rootfiles/core/184/filelists/x86_64/glibc | 1 + config/rootfiles/core/184/update.sh | 3 ++- 4 files changed, 5 insertions(+), 1 deletion(-) create mode 120000 config/rootfiles/core/184/filelists/aarch64/glibc create mode 120000 config/rootfiles/core/184/filelists/riscv64/glibc create mode 120000 config/rootfiles/core/184/filelists/x86_64/glibc diff --git a/config/rootfiles/core/184/filelists/aarch64/glibc b/config/rootfiles/core/184/filelists/aarch64/glibc new file mode 120000 index 000000000..d13849ff9 --- /dev/null +++ b/config/rootfiles/core/184/filelists/aarch64/glibc @@ -0,0 +1 @@ +../../../../common/aarch64/glibc \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/riscv64/glibc b/config/rootfiles/core/184/filelists/riscv64/glibc new file mode 120000 index 000000000..36b731f7d --- /dev/null +++ b/config/rootfiles/core/184/filelists/riscv64/glibc @@ -0,0 +1 @@ +../../../../common/riscv64/glibc \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/x86_64/glibc b/config/rootfiles/core/184/filelists/x86_64/glibc new file mode 120000 index 000000000..111909966 --- /dev/null +++ b/config/rootfiles/core/184/filelists/x86_64/glibc @@ -0,0 +1 @@ +../../../../common/x86_64/glibc \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index 436984690..a5e53a564 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -52,10 +52,11 @@ ldconfig /usr/local/bin/sshctrl # Start services +telinit u /etc/init.d/vnstat start # This update needs a reboot... -#touch /var/run/need_reboot +touch /var/run/need_reboot # Finish /etc/init.d/fireinfo start From 5aba1a15f756c316af2f4a753054a971a859c974 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 31 Jan 2024 15:18:44 +0100 Subject: [PATCH 084/140] file: Update to version 5.45 - Update from version 5.44 to 5.45 - Update of rootfile not required - Changelog 5.45 * PR/465: psrok1: Avoid muslc asctime_r crash * add SIMH tape format support * bump the max size of the elf section notes to be read to 128K and make it configurable * PR/415: Fix decompression with program returning empty * PR/408: fix -p with seccomp * PR/412: fix MinGW compilation Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/file | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lfs/file b/lfs/file index 7877425ea..76c6441ef 100644 --- a/lfs/file +++ b/lfs/file @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.44 +VER = 5.45 THISAPP = file-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a90ccae738a95315d75a0aaee7bbff3624425cc9267daf18ba9147b7c9b9ebfb31288b54c63a73e4695eca0e876f206e40bcb81c422f1bf572b976e753b25a42 +$(DL_FILE)_BLAKE2 = 30fc77c091e6624f2e9a950f4c6fe69ea6aa46d4a8ad9f20d49320a3675617c5bfbc9ff1ebba5eeb2cf4435c38d71b47b8beeb5146c9f55fe3bac11fe65e89bd install : $(TARGET) @@ -70,7 +70,9 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr --disable-bzlib + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-bzlib cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) From 43894a9bab2f85a400831bc892cd216da454d881 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 17:05:30 +0000 Subject: [PATCH 085/140] core184: Ship file Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/file | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/file diff --git a/config/rootfiles/core/184/filelists/file b/config/rootfiles/core/184/filelists/file new file mode 120000 index 000000000..0c60e43aa --- /dev/null +++ b/config/rootfiles/core/184/filelists/file @@ -0,0 +1 @@ +../../../common/file \ No newline at end of file From 9d6db385d7796328027f14534f2c03fd917680b2 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 31 Jan 2024 15:18:45 +0100 Subject: [PATCH 086/140] help2man: Update to version 1.49.3 - Update from version 1.49.2 to 1.49.3 - Update of rootfile not required - Changelog 1.49.3 * Cleanup whitespace in po-texi/help2man-texi.pot. * Add Korean translation (thanks to Seong-ho Cho). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/help2man | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/help2man b/lfs/help2man index da5057c4f..721133e20 100644 --- a/lfs/help2man +++ b/lfs/help2man @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.49.2 +VER = 1.49.3 THISAPP = help2man-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 62db47a5915432093991f060390a62ebf2d1e5e6e78f7142d0cd5f8a273a1fd74f55de4b3ead5c1071aaf4de084e62782981a1d888b8a8b76da9c07e0cda20ea +$(DL_FILE)_BLAKE2 = a5ed9ea3ff78b5287fa5bc02302da6a3657fee8fefd4fc43289e209bbe128d58da633c38aa4039c93a761c4842d3549a73cc14e77ee2859ed256613a8fba6e23 install : $(TARGET) From 622c9fe03feac9f5176faee1752fcb87153e54b6 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 31 Jan 2024 15:18:46 +0100 Subject: [PATCH 087/140] iana-etc: Update to version 20240125 - Update from version 20231026 to 20240125 - Update of rootfile not required - Changelog - update of iana-etc files Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/iana-etc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/iana-etc b/lfs/iana-etc index 8e65cd5a8..744d85905 100644 --- a/lfs/iana-etc +++ b/lfs/iana-etc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20231026 +VER = 20240125 # https://github.com/Mic92/iana-etc THISAPP = iana-etc-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = ce00884cc5ffeb7cc9fe7e3efb8f793282649bb4e1f914c9be6208afc8d81a79511f5910ae2906ffe64a88004007fdd05affe40153782d771bf1824cae834c8e +$(DL_FILE)_BLAKE2 = 884a168ecfdc5d06f3cd8fc701a50d0ec4af44c975b6a563f41241b54b500191bf584b2efbd144f448271ae7f452847ee534982c3ee4fffdcf67c2c7f2bcffec install : $(TARGET) From c749cee1e55a0855d88838abda59334bd9065a16 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 17:06:09 +0000 Subject: [PATCH 088/140] core184: Ship iana-etc Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/iana-etc | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/iana-etc diff --git a/config/rootfiles/core/184/filelists/iana-etc b/config/rootfiles/core/184/filelists/iana-etc new file mode 120000 index 000000000..1f3d54dbd --- /dev/null +++ b/config/rootfiles/core/184/filelists/iana-etc @@ -0,0 +1 @@ +../../../common/iana-etc \ No newline at end of file From e9ba050b69fb162c9520063394bc52513dfa1a37 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 31 Jan 2024 15:18:47 +0100 Subject: [PATCH 089/140] readline: Update patches to patch 1 to patch 10 - Update from version 8.2 with patch 1 to 8.2 with patches 1 to 10 - Update of rootfile not required - Changelog Patch 10 Fix the case where text to be completed from the line buffer (quoted) is compared to the common prefix of the possible matches (unquoted) and the quoting makes the former appear to be longer than the latter. Readline assumes the match doesn't add any characters to the word and doesn't display multiple matches. Patch 9 Fix issue where the directory name portion of the word to be completed (the part that is passed to opendir()) requires both tilde expansion and dequoting. Readline only performed tilde expansion in this case, so filename completion would fail. Patch 8 Add missing prototypes for several function declarations. Patch 7 If readline is called with no prompt, it should display a newline if return is typed on an empty line. It should still suppress the final newline if return is typed on the last (empty) line of a multi-line command. Patch 6 This is a variant of the same issue as the one fixed by patch 5. In this case, the signal arrives and is pending before readline calls rl_getc(). When this happens, the pending signal will be handled by the loop, but may alter or destroy some state that the callback uses. Readline needs to treat this case the same way it would if a signal interrupts pselect/select, so compound operations like searches and reading numeric arguments get cleaned up properly. Patch 5 If an application is using readline in callback mode, and a signal arrives after readline checks for it in rl_callback_read_char() but before it restores the application's signal handlers, it won't get processed until the next time the application calls rl_callback_read_char(). Readline needs to check for and resend any pending signals after restoring the application's signal handlers. Patch 4 There are systems that supply one of select or pselect, but not both. Patch 3 The custom color prefix that readline uses to color possible completions must have a leading `.'. Patch 2 It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/readline | 9 ++- src/patches/readline/readline82-002 | 48 ++++++++++++++ src/patches/readline/readline82-003 | 43 +++++++++++++ src/patches/readline/readline82-004 | 65 +++++++++++++++++++ src/patches/readline/readline82-005 | 50 +++++++++++++++ src/patches/readline/readline82-006 | 99 +++++++++++++++++++++++++++++ src/patches/readline/readline82-007 | 48 ++++++++++++++ src/patches/readline/readline82-008 | 77 ++++++++++++++++++++++ src/patches/readline/readline82-009 | 73 +++++++++++++++++++++ src/patches/readline/readline82-010 | 67 +++++++++++++++++++ 10 files changed, 576 insertions(+), 3 deletions(-) create mode 100644 src/patches/readline/readline82-002 create mode 100644 src/patches/readline/readline82-003 create mode 100644 src/patches/readline/readline82-004 create mode 100644 src/patches/readline/readline82-005 create mode 100644 src/patches/readline/readline82-006 create mode 100644 src/patches/readline/readline82-007 create mode 100644 src/patches/readline/readline82-008 create mode 100644 src/patches/readline/readline82-009 create mode 100644 src/patches/readline/readline82-010 diff --git a/lfs/readline b/lfs/readline index ef083a60c..05d140de1 100644 --- a/lfs/readline +++ b/lfs/readline @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,6 +25,7 @@ include Config VER = 8.2 +# https://ftp.gnu.org/gnu/readline/ THISAPP = readline-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -71,11 +72,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - for i in $$(seq 1 1); do \ + for i in $$(seq 1 10); do \ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline82-$$(printf "%03d" "$${i}") || exit 1; \ done - cd $(DIR_APP) && ./configure --prefix=/usr --disable-static + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) SHLIB_LIBS=-lncurses cd $(DIR_APP) && make install diff --git a/src/patches/readline/readline82-002 b/src/patches/readline/readline82-002 new file mode 100644 index 000000000..453b9b85d --- /dev/null +++ b/src/patches/readline/readline82-002 @@ -0,0 +1,48 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-002 + +Bug-Reported-by: srobertson@peratonlabs.com +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-09/msg00049.html + +Bug-Description: + +It's possible for readline to try to zero out a line that's not null- +terminated, leading to a memory fault. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/display.c 2022-04-05 10:47:31.000000000 -0400 +--- display.c 2022-12-13 13:11:22.000000000 -0500 +*************** +*** 2684,2692 **** + + if (visible_line) +! { +! temp = visible_line; +! while (*temp) +! *temp++ = '\0'; +! } + rl_on_new_line (); + forced_display++; +--- 2735,2740 ---- + + if (visible_line) +! memset (visible_line, 0, line_size); +! + rl_on_new_line (); + forced_display++; +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 1 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 2 diff --git a/src/patches/readline/readline82-003 b/src/patches/readline/readline82-003 new file mode 100644 index 000000000..e9fe2c0d0 --- /dev/null +++ b/src/patches/readline/readline82-003 @@ -0,0 +1,43 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-003 + +Bug-Reported-by: Stefan Klinger +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2023-08/msg00018.html + +Bug-Description: + +Patch (apply with `patch -p0'): + +The custom color prefix that readline uses to color possible completions +must have a leading `.'. + +*** ../readline-8.2-patched/colors.c 2021-12-08 11:38:25.000000000 -0500 +--- colors.c 2023-08-28 16:40:04.000000000 -0400 +*************** +*** 74,78 **** + static void restore_default_color (void); + +! #define RL_COLOR_PREFIX_EXTENSION "readline-colored-completion-prefix" + + COLOR_EXT_TYPE *_rl_color_ext_list = 0; +--- 74,78 ---- + static void restore_default_color (void); + +! #define RL_COLOR_PREFIX_EXTENSION ".readline-colored-completion-prefix" + + COLOR_EXT_TYPE *_rl_color_ext_list = 0; +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 2 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 3 diff --git a/src/patches/readline/readline82-004 b/src/patches/readline/readline82-004 new file mode 100644 index 000000000..d60c662ec --- /dev/null +++ b/src/patches/readline/readline82-004 @@ -0,0 +1,65 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-004 + +Bug-Reported-by: Henry Bent +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00044.html + +Bug-Description: + +Patch (apply with `patch -p0'): + +There are systems that supply one of select or pselect, but not both. + +*** ../readline-8.2-patched/input.c 2022-04-08 15:43:24.000000000 -0400 +--- input.c 2022-11-28 09:41:08.000000000 -0500 +*************** +*** 152,156 **** +--- 152,158 ---- + int _rl_timeout_init (void); + int _rl_timeout_sigalrm_handler (void); ++ #if defined (RL_TIMEOUT_USE_SELECT) + int _rl_timeout_select (int, fd_set *, fd_set *, fd_set *, const struct timeval *, const sigset_t *); ++ #endif + + static void _rl_timeout_handle (void); +*************** +*** 249,253 **** + int chars_avail, k; + char input; +! #if defined(HAVE_SELECT) + fd_set readfds, exceptfds; + struct timeval timeout; +--- 251,255 ---- + int chars_avail, k; + char input; +! #if defined (HAVE_PSELECT) || defined (HAVE_SELECT) + fd_set readfds, exceptfds; + struct timeval timeout; +*************** +*** 806,810 **** + unsigned char c; + int fd; +! #if defined (HAVE_PSELECT) + sigset_t empty_set; + fd_set readfds; +--- 815,819 ---- + unsigned char c; + int fd; +! #if defined (HAVE_PSELECT) || defined (HAVE_SELECT) + sigset_t empty_set; + fd_set readfds; +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 3 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 4 diff --git a/src/patches/readline/readline82-005 b/src/patches/readline/readline82-005 new file mode 100644 index 000000000..57f507f61 --- /dev/null +++ b/src/patches/readline/readline82-005 @@ -0,0 +1,50 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-005 + +Bug-Reported-by: Simon Marchi +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-09/msg00005.html + +Bug-Description: + +If an application is using readline in callback mode, and a signal arrives +after readline checks for it in rl_callback_read_char() but before it +restores the application's signal handlers, it won't get processed until the +next time the application calls rl_callback_read_char(). Readline needs to +check for and resend any pending signals after restoring the application's +signal handlers. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/callback.c 2022-04-29 12:02:56.000000000 -0400 +--- callback.c 2022-10-11 10:59:06.000000000 -0400 +*************** +*** 116,120 **** + do { \ + if (rl_persistent_signal_handlers == 0) \ +! rl_clear_signals (); \ + return; \ + } while (0) +--- 116,123 ---- + do { \ + if (rl_persistent_signal_handlers == 0) \ +! { \ +! rl_clear_signals (); \ +! if (_rl_caught_signal) _rl_signal_handler (_rl_caught_signal); \ +! } \ + return; \ + } while (0) +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 4 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 5 diff --git a/src/patches/readline/readline82-006 b/src/patches/readline/readline82-006 new file mode 100644 index 000000000..9e315e889 --- /dev/null +++ b/src/patches/readline/readline82-006 @@ -0,0 +1,99 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-006 + +Bug-Reported-by: Tom de Vries +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-09/msg00001.html + +Bug-Description: + +This is a variant of the same issue as the one fixed by patch 5. In this +case, the signal arrives and is pending before readline calls rl_getc(). +When this happens, the pending signal will be handled by the loop, but may +alter or destroy some state that the callback uses. Readline needs to treat +this case the same way it would if a signal interrupts pselect/select, so +compound operations like searches and reading numeric arguments get cleaned +up properly. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/input.c 2022-12-22 16:15:48.000000000 -0500 +--- input.c 2023-01-10 11:53:45.000000000 -0500 +*************** +*** 812,816 **** + rl_getc (FILE *stream) + { +! int result; + unsigned char c; + int fd; +--- 812,816 ---- + rl_getc (FILE *stream) + { +! int result, ostate, osig; + unsigned char c; + int fd; +*************** +*** 823,828 **** +--- 823,842 ---- + while (1) + { ++ osig = _rl_caught_signal; ++ ostate = rl_readline_state; ++ + RL_CHECK_SIGNALS (); + ++ #if defined (READLINE_CALLBACKS) ++ /* Do signal handling post-processing here, but just in callback mode ++ for right now because the signal cleanup can change some of the ++ callback state, and we need to either let the application have a ++ chance to react or abort some current operation that gets cleaned ++ up by rl_callback_sigcleanup(). If not, we'll just run through the ++ loop again. */ ++ if (osig != 0 && (ostate & RL_STATE_CALLBACK)) ++ goto postproc_signal; ++ #endif ++ + /* We know at this point that _rl_caught_signal == 0 */ + +*************** +*** 888,891 **** +--- 902,908 ---- + + handle_error: ++ osig = _rl_caught_signal; ++ ostate = rl_readline_state; ++ + /* If the error that we received was EINTR, then try again, + this is simply an interrupted system call to read (). We allow +*************** +*** 928,933 **** +--- 945,959 ---- + #endif /* SIGALRM */ + ++ postproc_signal: ++ /* POSIX says read(2)/pselect(2)/select(2) don't return EINTR for any ++ reason other than being interrupted by a signal, so we can safely ++ call the application's signal event hook. */ + if (rl_signal_event_hook) + (*rl_signal_event_hook) (); ++ #if defined (READLINE_CALLBACKS) ++ else if (osig == SIGINT && (ostate & RL_STATE_CALLBACK) && (ostate & (RL_STATE_ISEARCH|RL_STATE_NSEARCH|RL_STATE_NUMERICARG))) ++ /* just these cases for now */ ++ _rl_abort_internal (); ++ #endif + } + } +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 5 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 6 diff --git a/src/patches/readline/readline82-007 b/src/patches/readline/readline82-007 new file mode 100644 index 000000000..b0394e0bb --- /dev/null +++ b/src/patches/readline/readline82-007 @@ -0,0 +1,48 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-007 + +Bug-Reported-by: Kevin Pulo +Bug-Reference-ID: +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-11/msg00002.html + +Bug-Description: + +If readline is called with no prompt, it should display a newline if return +is typed on an empty line. It should still suppress the final newline if +return is typed on the last (empty) line of a multi-line command. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/display.c 2022-04-05 10:47:31.000000000 -0400 +--- display.c 2022-12-13 13:11:22.000000000 -0500 +*************** +*** 3342,3348 **** + &last_face[_rl_screenwidth - 1 + woff], 1); + } +! _rl_vis_botlin = 0; +! if (botline_length > 0 || _rl_last_c_pos > 0) + rl_crlf (); + fflush (rl_outstream); + rl_display_fixed++; +--- 3394,3400 ---- + &last_face[_rl_screenwidth - 1 + woff], 1); + } +! if ((_rl_vis_botlin == 0 && botline_length == 0) || botline_length > 0 || _rl_last_c_pos > 0) + rl_crlf (); ++ _rl_vis_botlin = 0; + fflush (rl_outstream); + rl_display_fixed++; +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 6 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 7 diff --git a/src/patches/readline/readline82-008 b/src/patches/readline/readline82-008 new file mode 100644 index 000000000..2d8b368f1 --- /dev/null +++ b/src/patches/readline/readline82-008 @@ -0,0 +1,77 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-008 + +Bug-Reported-by: +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +Add missing prototypes for several function declarations. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/text.c Wed Oct 27 11:03:59 2021 +--- text.c Thu Nov 16 16:24:58 2023 +*************** +*** 1765,1770 **** + #if defined (READLINE_CALLBACKS) + static int +! _rl_char_search_callback (data) +! _rl_callback_generic_arg *data; + { + _rl_callback_func = 0; +--- 1765,1769 ---- + #if defined (READLINE_CALLBACKS) + static int +! _rl_char_search_callback (_rl_callback_generic_arg *data) + { + _rl_callback_func = 0; +*** ../readline-8.2-patched/bind.c Wed Feb 9 11:02:22 2022 +--- bind.c Thu Nov 16 16:25:17 2023 +*************** +*** 1168,1174 **** + + static int +! parse_comparison_op (s, indp) +! const char *s; +! int *indp; + { + int i, peekc, op; +--- 1168,1172 ---- + + static int +! parse_comparison_op (const char *s, int *indp) + { + int i, peekc, op; +*** ../readline-8.2-patched/rltty.c Fri Feb 18 11:14:22 2022 +--- rltty.c Thu Nov 16 16:25:36 2023 +*************** +*** 81,86 **** + to get the tty settings. */ + static void +! set_winsize (tty) +! int tty; + { + #if defined (TIOCGWINSZ) +--- 81,85 ---- + to get the tty settings. */ + static void +! set_winsize (int tty) + { + #if defined (TIOCGWINSZ) + +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 7 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 8 diff --git a/src/patches/readline/readline82-009 b/src/patches/readline/readline82-009 new file mode 100644 index 000000000..b3acc4150 --- /dev/null +++ b/src/patches/readline/readline82-009 @@ -0,0 +1,73 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-009 + +Bug-Reported-by: Stefan H. Holek +Bug-Reference-ID: <50F8DA45-B7F3-4DE1-AB94-19AE42649CDC@epy.co.at> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-10/msg00021.html + +Bug-Description: + +Fix issue where the directory name portion of the word to be completed (the +part that is passed to opendir()) requires both tilde expansion and dequoting. +Readline only performed tilde expansion in this case, so filename completion +would fail. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/complete.c 2022-04-05 10:47:06.000000000 -0400 +--- complete.c 2022-10-26 15:08:51.000000000 -0400 +*************** +*** 2527,2531 **** + xfree (dirname); + dirname = temp; +! tilde_dirname = 1; + } + +--- 2527,2532 ---- + xfree (dirname); + dirname = temp; +! if (*dirname != '~') +! tilde_dirname = 1; /* indicate successful tilde expansion */ + } + +*************** +*** 2546,2554 **** + users_dirname = savestring (dirname); + } +! else if (tilde_dirname == 0 && rl_completion_found_quote && rl_filename_dequoting_function) + { +! /* delete single and double quotes */ + xfree (dirname); +! dirname = savestring (users_dirname); + } + directory = opendir (dirname); +--- 2547,2560 ---- + users_dirname = savestring (dirname); + } +! else if (rl_completion_found_quote && rl_filename_dequoting_function) + { +! /* We already ran users_dirname through the dequoting function. +! If tilde_dirname == 1, we successfully performed tilde expansion +! on dirname. Now we need to reconcile those results. We either +! just copy the already-dequoted users_dirname or tilde expand it +! if we tilde-expanded dirname. */ +! temp = tilde_dirname ? tilde_expand (users_dirname) : savestring (users_dirname); + xfree (dirname); +! dirname = temp; + } + directory = opendir (dirname); + +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 8 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 9 diff --git a/src/patches/readline/readline82-010 b/src/patches/readline/readline82-010 new file mode 100644 index 000000000..d2ca5eae2 --- /dev/null +++ b/src/patches/readline/readline82-010 @@ -0,0 +1,67 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-010 + +Bug-Reported-by: Martin Castillo +Bug-Reference-ID: <2d42153b-cf65-caba-dff1-cd3bc6268c7e@uni-bremen.de> +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2023-01/msg00000.html + +Bug-Description: + +Fix the case where text to be completed from the line buffer (quoted) is +compared to the common prefix of the possible matches (unquoted) and the +quoting makes the former appear to be longer than the latter. Readline +assumes the match doesn't add any characters to the word and doesn't display +multiple matches. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/complete.c Tue Apr 5 10:47:06 2022 +--- complete.c Sat Jan 7 14:19:45 2023 +*************** +*** 2032,2038 **** + text = rl_copy_text (start, end); + matches = gen_completion_matches (text, start, end, our_func, found_quote, quote_char); + /* nontrivial_lcd is set if the common prefix adds something to the word + being completed. */ +! nontrivial_lcd = matches && compare_match (text, matches[0]) != 0; + if (what_to_do == '!' || what_to_do == '@') + tlen = strlen (text); +--- 2038,2060 ---- + text = rl_copy_text (start, end); + matches = gen_completion_matches (text, start, end, our_func, found_quote, quote_char); ++ /* If TEXT contains quote characters, it will be dequoted as part of ++ generating the matches, and the matches will not contain any quote ++ characters. We need to dequote TEXT before performing the comparison. ++ Since compare_match performs the dequoting, and we only want to do it ++ once, we don't call compare_matches after dequoting TEXT; we call ++ strcmp directly. */ + /* nontrivial_lcd is set if the common prefix adds something to the word + being completed. */ +! if (rl_filename_completion_desired && rl_filename_quoting_desired && +! rl_completion_found_quote && rl_filename_dequoting_function) +! { +! char *t; +! t = (*rl_filename_dequoting_function) (text, rl_completion_quote_character); +! xfree (text); +! text = t; +! nontrivial_lcd = matches && strcmp (text, matches[0]) != 0; +! } +! else +! nontrivial_lcd = matches && strcmp (text, matches[0]) != 0; + if (what_to_do == '!' || what_to_do == '@') + tlen = strlen (text); + +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 9 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 10 From 08fb3034d0e5db72138d2ff87b91ea0dcfa532a0 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jan 2024 17:06:33 +0000 Subject: [PATCH 090/140] core184: Ship readline Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/readline | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/readline diff --git a/config/rootfiles/core/184/filelists/readline b/config/rootfiles/core/184/filelists/readline new file mode 120000 index 000000000..84209f189 --- /dev/null +++ b/config/rootfiles/core/184/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file From 72a5fff634e357204cee76308f7e7ad4ddca406e Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 31 Jan 2024 15:18:48 +0100 Subject: [PATCH 091/140] sqlite: Update to version 3450100 - Update from version 3450000 to 3450100 - Update of rootfile not required - Changelog 3.45.1 Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. This resolves an issue introduced in version 3.44.0 but was undiscovered until after the 3.45.0 release. Fix issues associated with processing corrupt JSONB inputs: Prevent exponential runtime when converting a corrupt JSONB into text. Fix a possible read of one byte past the end of the JSONB blob when converting a corrupt JSONB into text. Enhanced testing using jfuzz to prevent any future JSONB problems such as the above. Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/sqlite | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/sqlite b/lfs/sqlite index 3ca4e45ff..0ad87a082 100644 --- a/lfs/sqlite +++ b/lfs/sqlite @@ -24,7 +24,7 @@ include Config -VER = 3450000 +VER = 3450100 THISAPP = sqlite-autoconf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 04ba8522be5fa8c0a0a101824f90030f83ad131b53dff622e0449d31b3ee3e50888ed0d8a663c5be3f7338d5d5b6efef1b828374fa599a675ab892bbbb3abec9 +$(DL_FILE)_BLAKE2 = 2725faccde5b964b3c037ae0f885b3461c01619e6c086e53f53cc1ecf7e75a46dd1ac4bec4803bc149014d158976607d195993e5d925b723284512a880010bf5 install : $(TARGET) From 88b6ad81123d2258aabc919055df0c2b478d8c00 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 31 Jan 2024 21:09:14 +0100 Subject: [PATCH 092/140] mympd: create/check config before first start this create missing folders for webradio and state. Signed-off-by: Arne Fitzenreiter --- src/paks/mympd/install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/paks/mympd/install.sh b/src/paks/mympd/install.sh index 11cae1207..529f415e6 100644 --- a/src/paks/mympd/install.sh +++ b/src/paks/mympd/install.sh @@ -27,4 +27,7 @@ ln -svf /etc/init.d/mympd /etc/rc.d/rc3.d/S66mympd ln -svf /etc/init.d/mympd /etc/rc.d/rc0.d/K34mympd ln -svf /etc/init.d/mympd /etc/rc.d/rc6.d/K34mympd restore_backup ${NAME} +# create/check config +/usr/bin/mympd -u nobody -c +# start service /etc/init.d/mympd start From fa96ada3a275daf21f68b77549f688db8cd5b5fc Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 1 Feb 2024 09:29:09 +0100 Subject: [PATCH 093/140] diffutils: Update to version 3.10 - Update from version 3.9 to 3.10 - Update of rootfile not required - Changelog 3.10 Bug fixes cmp/diff can again work with file dates past Y2K38 [bug introduced in 3.9] diff -D no longer fails to output #ifndef lines. [bug#61193 introduced in 3.9] Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/diffutils | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lfs/diffutils b/lfs/diffutils index 7fdfb5d87..80c6f2a95 100644 --- a/lfs/diffutils +++ b/lfs/diffutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.9 +VER = 3.10 THISAPP = diffutils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d43ed9f1643ac46b69083755974fc9611ad00c3b98b08332c681223d17d762567562233b51342a16f7dad8f28dfc5536999143594e33a64e6624001a71787c8f +$(DL_FILE)_BLAKE2 = 24a90162b3d876e6378243f19a85a1f1bb4cdfe98d130dee684740a902f2987509d5830dd32df4e26678b468b96960f6f9785ffb922e828cb8b4acce0d8587f6 install : $(TARGET) @@ -77,7 +77,9 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=$(PREFIX) --disable-nls + cd $(DIR_APP) && ./configure \ + --prefix=$(PREFIX) \ + --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) From 49758838337a5feebbd170dd30ad9829a5c2cc98 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Feb 2024 16:06:10 +0000 Subject: [PATCH 094/140] core184: Ship diffutils Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/diffutils | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/diffutils diff --git a/config/rootfiles/core/184/filelists/diffutils b/config/rootfiles/core/184/filelists/diffutils new file mode 120000 index 000000000..a5c02f3ff --- /dev/null +++ b/config/rootfiles/core/184/filelists/diffutils @@ -0,0 +1 @@ +../../../common/diffutils \ No newline at end of file From da63a6cc46e7b03b47b440a0e501ff57a077ebbd Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 1 Feb 2024 09:29:10 +0100 Subject: [PATCH 095/140] ed: Update to version 1.20 - Update from version 1.19 to 1.20 - Update of rootfile not required - Changelog 1.20 New command-line options '+line', '+/RE', and '+?RE' have been implemented to set the current line to the line number specified or to the first or last line matching the regular expression 'RE'. (Suggested by Matthew Polk and John Cowan). File names containing control characters 1 to 31 are now rejected unless they are allowed with the command-line option '--unsafe-names'. File names containing control characters 1 to 31 are now printed using octal escape sequences. Ed now rejects file names ending with a slash. Intervening commands that don't set the modified flag no longer make a second 'e' or 'q' command fail with a 'buffer modified' warning. Tilde expansion is now performed on file names supplied to commands; if a file name starts with '~/', the tilde (~) is expanded to the contents of the variable HOME. (Suggested by John Cowan). Ed now warns the first time that a command modifies a buffer loaded from a read-only file. (Suggested by Dan Jacobson). Ed now creates missing intermediate directories when writing to a file. It has been documented that 'e' creates an empty buffer if file does not exist. It has been documented that 'f' sets the default filename, whether or not its argument names an existing file. The description of the exit status has been improved in '--help' and in the manual. The variable MAKEINFO has been added to configure and Makefile.in. It has been documented in INSTALL that when choosing a C standard, the POSIX features need to be enabled explicitly: ./configure CFLAGS+='--std=c99 -D_POSIX_C_SOURCE=2' Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/ed | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lfs/ed b/lfs/ed index 0a7014fd7..633ec4055 100644 --- a/lfs/ed +++ b/lfs/ed @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.19 +VER = 1.20 THISAPP = ed-$(VER) DL_FILE = $(THISAPP).tar.lz @@ -39,7 +39,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 139305a1d64e96f7eadcb462325918e5eee18de229ec8e1b3fac29dc9b8ef58ceea4cd7ffdbd3674fd7f421d90bc0c9e3557318eb57830d7cd46e579828fa95d +$(DL_FILE)_BLAKE2 = d212c6d5302627145332ec25b989ca2d4a064ce5c0ea45ad1ad6b780ffd72037ff2144b933c52667c52192d6f5acd5766b5c31d4a2b5cf5993813c43e1523af3 install : $(TARGET) @@ -69,7 +69,10 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr --exec-prefix="" --disable-nls + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --exec-prefix="" \ + --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) From 2b2453568d000771541300b3bb7383277d6acaf8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Feb 2024 16:07:01 +0000 Subject: [PATCH 096/140] core184: Ship ed Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/ed | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/ed diff --git a/config/rootfiles/core/184/filelists/ed b/config/rootfiles/core/184/filelists/ed new file mode 120000 index 000000000..0ed331cfa --- /dev/null +++ b/config/rootfiles/core/184/filelists/ed @@ -0,0 +1 @@ +../../../common/ed \ No newline at end of file From 64aa5bf53e80349ed1ea029a1896e193b0dfb897 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 1 Feb 2024 09:29:11 +0100 Subject: [PATCH 097/140] gettext: Update to version 0.22.4 - Update from version 0.22 to 0.22.4 - Update of rootfile - Changelog 0.22.4 * Bug fixes: - AM_GNU_GETTEXT now recognizes a statically built libintl on macOS and AIX. - Build fixes on AIX. 0.22.3 * Portability: - The libintl library now works on macOS 14. (Older versions of libintl crash on macOS 14, due to an incompatible change in macOS.) 0.22.2 * Bug fixes: - The libintl shared library now exports again some symbols that were accidentally missing. This bug was introduced in version 0.22. 0.22.1 * Bug fixes: - xgettext's processing of large Perl files may have led to errors - "xgettext --join-existing" could encounter errors. These bugs were introduced in version 0.22. * Portability: - Building on Android is now supported. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/gettext | 30 ++++++++++++++++-------------- lfs/gettext | 6 +++--- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/config/rootfiles/common/gettext b/config/rootfiles/common/gettext index 3560e9601..31dcfa033 100644 --- a/config/rootfiles/common/gettext +++ b/config/rootfiles/common/gettext @@ -38,22 +38,24 @@ usr/bin/gettext.sh #usr/lib/libasprintf.so usr/lib/libasprintf.so.0 usr/lib/libasprintf.so.0.0.0 -usr/lib/libgettextlib-0.22.so +usr/lib/libgettextlib-0.22.4.so +usr/lib/libgettextlib.a #usr/lib/libgettextlib.la #usr/lib/libgettextlib.so #usr/lib/libgettextpo.a #usr/lib/libgettextpo.la #usr/lib/libgettextpo.so usr/lib/libgettextpo.so.0 -usr/lib/libgettextpo.so.0.5.9 -usr/lib/libgettextsrc-0.22.so +usr/lib/libgettextpo.so.0.5.10 +usr/lib/libgettextsrc-0.22.4.so +#usr/lib/libgettextsrc.a #usr/lib/libgettextsrc.la usr/lib/libgettextsrc.so #usr/lib/libtextstyle.a #usr/lib/libtextstyle.la #usr/lib/libtextstyle.so usr/lib/libtextstyle.so.0 -usr/lib/libtextstyle.so.0.2.0 +usr/lib/libtextstyle.so.0.2.1 usr/lib/preloadable_libintl.so #usr/share/aclocal/build-to-host.m4 #usr/share/aclocal/gettext.m4 @@ -1984,16 +1986,16 @@ usr/lib/preloadable_libintl.so #usr/share/doc/libtextstyle/libtextstyle_abt.html #usr/share/doc/libtextstyle/libtextstyle_toc.html #usr/share/gettext -#usr/share/gettext-0.22 -#usr/share/gettext-0.22/its -#usr/share/gettext-0.22/its/glade.loc -#usr/share/gettext-0.22/its/glade1.its -#usr/share/gettext-0.22/its/glade2.its -#usr/share/gettext-0.22/its/gsettings.its -#usr/share/gettext-0.22/its/gsettings.loc -#usr/share/gettext-0.22/its/gtkbuilder.its -#usr/share/gettext-0.22/its/metainfo.its -#usr/share/gettext-0.22/its/metainfo.loc +#usr/share/gettext-0.22.4 +#usr/share/gettext-0.22.4/its +#usr/share/gettext-0.22.4/its/glade.loc +#usr/share/gettext-0.22.4/its/glade1.its +#usr/share/gettext-0.22.4/its/glade2.its +#usr/share/gettext-0.22.4/its/gsettings.its +#usr/share/gettext-0.22.4/its/gsettings.loc +#usr/share/gettext-0.22.4/its/gtkbuilder.its +#usr/share/gettext-0.22.4/its/metainfo.its +#usr/share/gettext-0.22.4/its/metainfo.loc #usr/share/gettext/ABOUT-NLS #usr/share/gettext/archive.dir.tar.xz #usr/share/gettext/config.rpath diff --git a/lfs/gettext b/lfs/gettext index 57fead8ad..fb7462b5e 100644 --- a/lfs/gettext +++ b/lfs/gettext @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.22 +VER = 0.22.4 THISAPP = gettext-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e91c82eb793897bd7ed727503e9d6e72a47027adf51ca76cf5c936437c434e910508814b1d03b12694c5e87156018683cb2c8cc51637b121313ed41155bcd3e5 +$(DL_FILE)_BLAKE2 = 3f93aa5aef8e40d2e01acaa5aeed11efefd0de43ea26d084a0b9e743019685f7584d8e1bf05c1fd5772a5576d21ee1f052b81366f52c7827b6d14bd4d9890edc install : $(TARGET) From 7de5c351b5814e07a8c5d1954e05533648dcaa0d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Feb 2024 16:07:39 +0000 Subject: [PATCH 098/140] core184: Ship gettext Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/gettext | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/gettext diff --git a/config/rootfiles/core/184/filelists/gettext b/config/rootfiles/core/184/filelists/gettext new file mode 120000 index 000000000..b6c6c6f4f --- /dev/null +++ b/config/rootfiles/core/184/filelists/gettext @@ -0,0 +1 @@ +../../../common/gettext \ No newline at end of file From f7520e0addcb4162ba48aad221749a1f429763ff Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Thu, 1 Feb 2024 09:29:13 +0100 Subject: [PATCH 099/140] lzip: Update to version 1.24 - Update from version 1.23 to 1.24 - Update of rootfile not required - Changelog 1.24 The option '--empty-error', which forces exit status 2 if any empty member is found, has been added. The option '--marking-error', which forces exit status 2 if the first LZMA byte is non-zero in any member, has been added. File diagnostics have been reformatted as 'PROGRAM: FILE: MESSAGE'. Diagnostics caused by invalid arguments to command-line options now show the argument and the name of the option. The option '-o, --output' now preserves dates, permissions, and ownership of the file when (de)compressing exactly one file. The option '-o, --output' now creates missing intermediate directories when writing to a file. The variable MAKEINFO has been added to configure and Makefile.in. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/lzip | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lfs/lzip b/lfs/lzip index f539494d3..5e7da457f 100644 --- a/lfs/lzip +++ b/lfs/lzip @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.23 +VER = 1.24 THISAPP = lzip-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 934a35e31b0db76c4dcbe2fe903f04b60471485118aa5d4001599a3c23a7db74f05f703cf430bb299795be7025f71efb225afddff85c8245e962bdadcf82aef7 +$(DL_FILE)_BLAKE2 = ef6b7b51e7369b7b07ca2d5bbdd57a287f3a96866f50b327237a35ce9a4d19b2e3f7586a099ff4191c3c793de2dfe59120a42b8d744e220c4f7652d049df87f5 install : $(TARGET) @@ -75,7 +75,8 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=$(PREFIX) + cd $(DIR_APP) && ./configure \ + --prefix=$(PREFIX) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) From e95d12e5ee8dad6a605c306098f4e2618c8d7872 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Feb 2024 16:09:02 +0000 Subject: [PATCH 100/140] core184: Ship lzip Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/lzip | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/lzip diff --git a/config/rootfiles/core/184/filelists/lzip b/config/rootfiles/core/184/filelists/lzip new file mode 120000 index 000000000..dd4b832b1 --- /dev/null +++ b/config/rootfiles/core/184/filelists/lzip @@ -0,0 +1 @@ +../../../common/lzip \ No newline at end of file From d145574673a2822fc219cda4d1e19184b94c1078 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 2 Feb 2024 07:33:38 +0000 Subject: [PATCH 101/140] kernel: update to 6.6.15 Signed-off-by: Arne Fitzenreiter --- config/kernel/kernel.config.aarch64-ipfire | 6 +++--- config/kernel/kernel.config.riscv64-ipfire | 4 +--- config/kernel/kernel.config.x86_64-ipfire | 2 +- config/rootfiles/common/aarch64/linux | 2 ++ lfs/linux | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 411e95be9..04d65d6ce 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.13-ipfire Kernel Configuration +# Linux/arm64 6.6.15-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -378,7 +378,9 @@ CONFIG_ARM64_ERRATUM_2067961=y CONFIG_ARM64_ERRATUM_2441009=y CONFIG_ARM64_ERRATUM_2457168=y CONFIG_ARM64_ERRATUM_2645198=y +CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD=y CONFIG_ARM64_ERRATUM_2966298=y +CONFIG_ARM64_ERRATUM_3117295=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23154=y CONFIG_CAVIUM_ERRATUM_27456=y @@ -6859,8 +6861,6 @@ CONFIG_MMC_CQHCI=m CONFIG_MMC_BCM2835=y # CONFIG_MMC_MTK is not set # CONFIG_MMC_SDHCI_XENON is not set -# CONFIG_MMC_SDHCI_OMAP is not set -# CONFIG_MMC_SDHCI_AM654 is not set # CONFIG_SCSI_UFSHCD is not set # CONFIG_MEMSTICK is not set CONFIG_NEW_LEDS=y diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index 620854021..52a7c1c45 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/riscv 6.6.13-ipfire Kernel Configuration +# Linux/riscv 6.6.15-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -5820,8 +5820,6 @@ CONFIG_MMC_CQHCI=m # CONFIG_MMC_TOSHIBA_PCI is not set # CONFIG_MMC_MTK is not set CONFIG_MMC_SDHCI_XENON=m -# CONFIG_MMC_SDHCI_OMAP is not set -# CONFIG_MMC_SDHCI_AM654 is not set CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFS_BSG=y CONFIG_SCSI_UFS_CRYPTO=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 96da4cdb7..79375e954 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.13-ipfire Kernel Configuration +# Linux/x86 6.6.15-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index a32c3770e..92c4a4286 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7263,6 +7263,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_2645198 #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_2658417 #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_2966298 +#lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_3117295 #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_819472 #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_824069 #lib/modules/KVER-ipfire/build/include/config/ARM64_ERRATUM_826319 @@ -7294,6 +7295,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/ARM64_WORKAROUND_CLEAN_CACHE #lib/modules/KVER-ipfire/build/include/config/ARM64_WORKAROUND_REPEAT_TLBI #lib/modules/KVER-ipfire/build/include/config/ARM64_WORKAROUND_SPECULATIVE_AT +#lib/modules/KVER-ipfire/build/include/config/ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD #lib/modules/KVER-ipfire/build/include/config/ARM64_WORKAROUND_TSB_FLUSH_FAILURE #lib/modules/KVER-ipfire/build/include/config/ARMADA_37XX_CLK #lib/modules/KVER-ipfire/build/include/config/ARMADA_37XX_WATCHDOG diff --git a/lfs/linux b/lfs/linux index 023f48a4b..efd3e8533 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ include Config -VER = 6.6.13 +VER = 6.6.15 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -72,7 +72,7 @@ objects = \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1d644e48fa4fd3740712130b0d5756b75d70471cda2a7206083434ec89d288bd7487e633c8954ec038e3784d56d7a787e6cab1c93e5fbfcfc0b44a7b55b0debd +$(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7 install : $(TARGET) From cd5d0b7658f67a5db50332434b93f579bda24e74 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 3 Feb 2024 14:47:41 +0000 Subject: [PATCH 102/140] checkrootfiles: fix search for wrong rootfiles Im not sure when the grep syntax has changed but grep -r not like/ignore the leading "/" anymore. --- tools/checkrootfiles | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tools/checkrootfiles b/tools/checkrootfiles index 05b16f368..5036ce2d0 100755 --- a/tools/checkrootfiles +++ b/tools/checkrootfiles @@ -33,31 +33,35 @@ if [ "${?}" == "0" ]; then echo "Comment this and create it at initskript if needed !" fi -grep -r '/x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ +grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \ - --exclude update.sh \ + --exclude update.sh --exclude qemu --exclude cmake --exclude xfsprogs \ --exclude-dir oldcore --exclude-dir x86_64 >/dev/null 2>&1 if [ "${?}" == "0" ]; then echo "Error! '/x86_64' in rootfiles files found!" - grep -r '/x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ + grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \ - --exclude update.sh \ + --exclude update.sh --exclude qemu --exclude cmake --exclude xfsprogs \ --exclude-dir oldcore --exclude-dir x86_64 echo "Replace by xxxMACHINExxx !" fi -grep -r '/aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 +grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb \ + --exclude qemu --exclude liburcu --exclude abseil-cpp \ + --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 if [ "${?}" == "0" ]; then - echo "Error! '/aarch64' in rootfiles files found!" - grep -r '/aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \ + echo "Error! 'aarch64' in rootfiles files found!" + grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb \ + --exclude qemu --exclude liburcu --exclude abseil-cpp \ --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 echo "Replace by xxxMACHINExxx !" fi -grep -r '/riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 +grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude qemu \ + --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1 if [ "${?}" == "0" ]; then - echo "Error! '/riscv64' in rootfiles files found!" - grep -r '/riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude go \ + echo "Error! 'riscv64' in rootfiles files found!" + grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude go --exclude qemu \ --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 echo "Replace by xxxMACHINExxx !" fi From 84a8b679cb0f32126983f390b34f286b5a20d309 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 4 Feb 2024 06:53:49 +0000 Subject: [PATCH 103/140] python3-msgpack: fix rootfile Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/python3-msgpack | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rootfiles/packages/python3-msgpack b/config/rootfiles/packages/python3-msgpack index 2347b0834..e5742ddb9 100644 --- a/config/rootfiles/packages/python3-msgpack +++ b/config/rootfiles/packages/python3-msgpack @@ -6,7 +6,7 @@ usr/lib/python3.10/site-packages/msgpack #usr/lib/python3.10/site-packages/msgpack-1.0.7-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/msgpack/__init__.py usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpp -usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/msgpack/_cmsgpack.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/msgpack/_cmsgpack.pyx usr/lib/python3.10/site-packages/msgpack/_packer.pyx usr/lib/python3.10/site-packages/msgpack/_unpacker.pyx From 9a003afb9d35475fca024a8f0fa7049488f6c35f Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 4 Feb 2024 06:54:38 +0000 Subject: [PATCH 104/140] python3-pyfuse3: fix rootfile Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/python3-pyfuse3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rootfiles/packages/python3-pyfuse3 b/config/rootfiles/packages/python3-pyfuse3 index 32f863c8e..57339adf2 100644 --- a/config/rootfiles/packages/python3-pyfuse3 +++ b/config/rootfiles/packages/python3-pyfuse3 @@ -6,5 +6,5 @@ usr/lib/python3.10/site-packages/_pyfuse3.py #usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/requires.txt #usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/top_level.txt #usr/lib/python3.10/site-packages/pyfuse3-3.3.0-py3.10.egg-info/zip-safe -usr/lib/python3.10/site-packages/pyfuse3.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/pyfuse3.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/pyfuse3_asyncio.py From 8fcd99355b0386522f22fe08c098afc9df375b22 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 4 Feb 2024 06:55:10 +0000 Subject: [PATCH 105/140] borgbackup: fix rootfile Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/borgbackup | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/packages/borgbackup b/config/rootfiles/packages/borgbackup index 897d1d1be..eb08045c2 100644 --- a/config/rootfiles/packages/borgbackup +++ b/config/rootfiles/packages/borgbackup @@ -6,23 +6,23 @@ usr/lib/python3.10/site-packages/borg/__main__.py usr/lib/python3.10/site-packages/borg/_version.py #usr/lib/python3.10/site-packages/borg/algorithms usr/lib/python3.10/site-packages/borg/algorithms/__init__.py -usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/algorithms/checksums.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/borg/archive.py usr/lib/python3.10/site-packages/borg/archiver.py usr/lib/python3.10/site-packages/borg/cache.py -usr/lib/python3.10/site-packages/borg/chunker.cpython-310-x86_64-linux-gnu.so -usr/lib/python3.10/site-packages/borg/compress.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/chunker.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/compress.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/borg/constants.py #usr/lib/python3.10/site-packages/borg/crypto usr/lib/python3.10/site-packages/borg/crypto/__init__.py usr/lib/python3.10/site-packages/borg/crypto/file_integrity.py usr/lib/python3.10/site-packages/borg/crypto/key.py usr/lib/python3.10/site-packages/borg/crypto/keymanager.py -usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/crypto/low_level.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/borg/crypto/nonces.py usr/lib/python3.10/site-packages/borg/fuse.py usr/lib/python3.10/site-packages/borg/fuse_impl.py -usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/hashindex.cpython-310-xxxMACHINExxx-linux-gnu.so #usr/lib/python3.10/site-packages/borg/helpers usr/lib/python3.10/site-packages/borg/helpers/__init__.py usr/lib/python3.10/site-packages/borg/helpers/checks.py @@ -37,7 +37,7 @@ usr/lib/python3.10/site-packages/borg/helpers/process.py usr/lib/python3.10/site-packages/borg/helpers/progress.py usr/lib/python3.10/site-packages/borg/helpers/time.py usr/lib/python3.10/site-packages/borg/helpers/yes.py -usr/lib/python3.10/site-packages/borg/item.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/item.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/borg/locking.py usr/lib/python3.10/site-packages/borg/logger.py usr/lib/python3.10/site-packages/borg/lrucache.py @@ -47,9 +47,9 @@ usr/lib/python3.10/site-packages/borg/patterns.py #usr/lib/python3.10/site-packages/borg/platform usr/lib/python3.10/site-packages/borg/platform/__init__.py usr/lib/python3.10/site-packages/borg/platform/base.py -usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-x86_64-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-x86_64-linux-gnu.so -usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-x86_64-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/linux.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/posix.cpython-310-xxxMACHINExxx-linux-gnu.so +usr/lib/python3.10/site-packages/borg/platform/syncfilerange.cpython-310-xxxMACHINExxx-linux-gnu.so usr/lib/python3.10/site-packages/borg/platform/xattr.py usr/lib/python3.10/site-packages/borg/platformflags.py usr/lib/python3.10/site-packages/borg/remote.py From cbf32e7dd20dcc008aafe4c34d5b8898ccea2dd4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 5 Feb 2024 11:02:25 +0100 Subject: [PATCH 106/140] vdr: update to 2.6.6 Signed-off-by: Arne Fitzenreiter --- lfs/vdr | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lfs/vdr b/lfs/vdr index 2fd58ed27..eb761123d 100644 --- a/lfs/vdr +++ b/lfs/vdr @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,11 +26,11 @@ include Config SUMMARY = Video Disk Recorder -VER = 2.4.7 +VER = 2.6.6 # VDRPLUGVER must match with APIVERSION! in config.h # after change this update also all vdr plugins -VDRPLUGVER = 2.4.7 +VDRPLUGVER = 2.6.6 THISAPP = vdr-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -39,7 +39,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr -PAK_VER = 15 +PAK_VER = 16 DEPS = vdr_streamdev @@ -71,7 +71,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = be4e1ec365330855e4b2b26f44b1f35dc323e4783e96ef344a67b3e9fe2c0499760ab0f3d27c5e3bdddf5a65ebb65b0c81a62092301d34370aa19d0dd63bb1ab +$(DL_FILE)_BLAKE2 = 22ad6d0d4048347ff16a48ad137900f32dda7adfc7fb54bb1501f14cfc426185f942ffa4997de1e0318ca8c6b67a7dfc48d49b30bfda9367d7337b2d601544fc install : $(TARGET) From bc4b8c485863d4a5d71f083b684080132fa726d2 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 5 Feb 2024 11:03:33 +0100 Subject: [PATCH 107/140] vdr_dvbapi: update pluginver for new vdr Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/vdr_dvbapi | 2 +- lfs/vdr_dvbapi | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/vdr_dvbapi b/config/rootfiles/packages/vdr_dvbapi index b874d9e7e..c6892374d 100644 --- a/config/rootfiles/packages/vdr_dvbapi +++ b/config/rootfiles/packages/vdr_dvbapi @@ -1,3 +1,3 @@ etc/sysconfig/vdr-plugins.d/dvbapi.conf etc/vdr/plugins/dvbapi -usr/lib/vdr/libvdr-dvbapi.so.2.4.7 +usr/lib/vdr/libvdr-dvbapi.so.2.6.6 diff --git a/lfs/vdr_dvbapi b/lfs/vdr_dvbapi index 17f4c3a17..d36f75d69 100644 --- a/lfs/vdr_dvbapi +++ b/lfs/vdr_dvbapi @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,13 +35,13 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr_dvbapi -PAK_VER = 6 +PAK_VER = 7 DEPS = SERVICES = -VDRPLUGVER = 2.4.7 +VDRPLUGVER = 2.6.6 EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CFLAGS += $(EXTRA_FLAGS) From 2c930773f56b75903c590cf41bcdfe680c743c3c Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 5 Feb 2024 11:05:02 +0100 Subject: [PATCH 108/140] vdr_eepg: update PLUGVER to new vdr Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/vdr_eepg | 2 +- lfs/vdr_eepg | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/vdr_eepg b/config/rootfiles/packages/vdr_eepg index 4f8389cc9..61f13c812 100644 --- a/config/rootfiles/packages/vdr_eepg +++ b/config/rootfiles/packages/vdr_eepg @@ -1,2 +1,2 @@ etc/vdr/plugins/eepg -usr/lib/vdr/libvdr-eepg.so.2.4.7 +usr/lib/vdr/libvdr-eepg.so.2.6.6 diff --git a/lfs/vdr_eepg b/lfs/vdr_eepg index 5836a25de..61c156da3 100644 --- a/lfs/vdr_eepg +++ b/lfs/vdr_eepg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -38,13 +38,13 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr_eepg -PAK_VER = 5 +PAK_VER = 6 DEPS = SERVICES = -VDRPLUGVER = 2.4.7 +VDRPLUGVER = 2.6.6 EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CFLAGS += $(EXTRA_FLAGS) From 6179f056da9a9191d26a0ea7a54dbb231ff97036 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 5 Feb 2024 11:06:29 +0100 Subject: [PATCH 109/140] vdr_epgsearch: update to 2.4.2 Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/vdr_epgsearch | 8 ++++---- lfs/vdr_epgsearch | 15 +++++++-------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/vdr_epgsearch b/config/rootfiles/packages/vdr_epgsearch index 9143aec02..765f8fa7e 100644 --- a/config/rootfiles/packages/vdr_epgsearch +++ b/config/rootfiles/packages/vdr_epgsearch @@ -5,10 +5,10 @@ etc/sysconfig/vdr-plugins.d/quickepgsearch.conf etc/vdr/plugins/epgsearch etc/vdr/plugins/epgsearch/conf.d usr/bin/createcats -usr/lib/vdr/libvdr-conflictcheckonly.so.2.4.7 -usr/lib/vdr/libvdr-epgsearch.so.2.4.7 -usr/lib/vdr/libvdr-epgsearchonly.so.2.4.7 -usr/lib/vdr/libvdr-quickepgsearch.so.2.4.7 +usr/lib/vdr/libvdr-conflictcheckonly.so.2.6.6 +usr/lib/vdr/libvdr-epgsearch.so.2.6.6 +usr/lib/vdr/libvdr-epgsearchonly.so.2.6.6 +usr/lib/vdr/libvdr-quickepgsearch.so.2.6.6 #var/lib/vdr #var/lib/vdr/data var/lib/vdr/data/epgsearch diff --git a/lfs/vdr_epgsearch b/lfs/vdr_epgsearch index 353f81271..dceea2cc8 100644 --- a/lfs/vdr_epgsearch +++ b/lfs/vdr_epgsearch @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,22 +26,22 @@ include Config SUMMARY = Searchtimer and replacement of the VDR program menu -VER = 2.4.0+git20191101 +VER = 2.4.2 -THISAPP = vdr-plugin-epgsearch_$(VER).orig +THISAPP = vdr-plugin-epgsearch-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/vdr-plugin-epgsearch +DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr_epgsearch -PAK_VER = 11 +PAK_VER = 12 DEPS = SERVICES = -VDRPLUGVER = 2.4.7 +VDRPLUGVER = 2.6.6 EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CFLAGS += $(EXTRA_FLAGS) @@ -55,7 +55,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d48a3174c451ddca257d36c45747d41f7c628b8963558115f27053ef6d57cc5b3c6d5860a6af46dd37f16d6ad7f29c9fb10c4295be76e60cbfef4943ca456241 +$(DL_FILE)_BLAKE2 = 1e2ed02a2d8ac1ba1e2ffd72b7830c4bb9a3478cebce8affd871e7cac25ac7759f21908447d74652632541dca74cbeb8e4de9773550bad65d279770677b7e146 install : $(TARGET) @@ -89,7 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/vdr-epgsearch-2.4.0-debian-paths.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/vdr-epgsearch-2.4.0-gcc1.patch cd $(DIR_APP) && make $(MAKE_TUNING) LIBDIR=. VDRDIR=/usr/lib/vdr \ CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" \ From 437bfd678013cf2b56b673b67a3eb6d68a0831cd Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 5 Feb 2024 11:07:03 +0100 Subject: [PATCH 110/140] vdr_streamdev: update to 0.6.3 Signed-off-by: Arne Fitzenreiter --- config/rootfiles/packages/vdr_streamdev | 2 +- lfs/vdr_streamdev | 15 +++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/packages/vdr_streamdev b/config/rootfiles/packages/vdr_streamdev index 3cd8440f0..8e631a3fd 100644 --- a/config/rootfiles/packages/vdr_streamdev +++ b/config/rootfiles/packages/vdr_streamdev @@ -4,4 +4,4 @@ etc/vdr/plugins/streamdev-server etc/vdr/plugins/streamdev-server/streamdevhosts.conf #usr/lib/vdr/bin usr/lib/vdr/bin/externremux.sh -usr/lib/vdr/libvdr-streamdev-server.so.2.4.7 +usr/lib/vdr/libvdr-streamdev-server.so.2.6.6 diff --git a/lfs/vdr_streamdev b/lfs/vdr_streamdev index 7c9f63246..af13b392b 100644 --- a/lfs/vdr_streamdev +++ b/lfs/vdr_streamdev @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,23 +26,22 @@ include Config SUMMARY = VDR implementation of the VTP (Video Transfer Protocol) -VER = 0.6.1 -GIT_VER = e2a9b979d3fb92967c7a6a8221e674eb7e55c813 +VER = 0.6.3 -THISAPP = vdr-plugin-streamdev-$(GIT_VER) -DL_FILE = $(THISAPP).tar.bz2 +THISAPP = vdr-plugin-streamdev-$(VER) +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = vdr_streamdev -PAK_VER = 7 +PAK_VER = 8 DEPS = SERVICES = -VDRPLUGVER = 2.4.7 +VDRPLUGVER = 2.6.6 EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CFLAGS += $(EXTRA_FLAGS) @@ -56,7 +55,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4cacadc091ab8d28ccd4318eaf18aaef8f45e6caab86ef461d1b1047039ec921984ebad091d29420779982b5b37606defe5aa6c6828e8f28788886ba9839efea +$(DL_FILE)_BLAKE2 = 300c24aac6f0c59fc438eafa9a300e0b68dbfb43064cf887ab9d1fbdc1b22a8ec5349a38fa5c2188ef78dbc1ac7f238e88abe0ed9d1cbcd01e4a1afde7b890cf install : $(TARGET) From 816af4dfb78eb5f7b95390d1bd3e444f7fbb42fe Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 6 Feb 2024 22:27:35 +0100 Subject: [PATCH 111/140] elfutils: Move from addon to core program. Required by suricata-7.0.2 for execution - Updated lfs file to core program type - Moved rootfile from packages to common - Older suricata versions required elfutils only for building but suricata-7.0.2 fails to start if elfutils is not present due to libelf.so.1 being missing. - The requirement for elfutils is not mentioned at all in the changelog. Fixes: Bug#13516 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/{packages => common}/elfutils | 0 lfs/elfutils | 11 +---------- 2 files changed, 1 insertion(+), 10 deletions(-) rename config/rootfiles/{packages => common}/elfutils (100%) diff --git a/config/rootfiles/packages/elfutils b/config/rootfiles/common/elfutils similarity index 100% rename from config/rootfiles/packages/elfutils rename to config/rootfiles/common/elfutils diff --git a/lfs/elfutils b/lfs/elfutils index 9fb69af62..7dd95caa2 100644 --- a/lfs/elfutils +++ b/lfs/elfutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -33,12 +33,6 @@ DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -PROG = elfutils -PAK_VER = 10 - -DEPS = - -SERVICES = ############################################################################### # Top-level Rules @@ -58,9 +52,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects)) b2 : $(subst %,%_BLAKE2,$(objects)) -dist: - @$(PAK) - ############################################################################### # Downloading, checking, b2sum ############################################################################### From 30dc4c0248a65b70baf89cb46cc5b18993788501 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 6 Feb 2024 22:27:36 +0100 Subject: [PATCH 112/140] frr: elfutils moved from addon dependency to core program Fixes: Bug#13516 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/frr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/frr b/lfs/frr index a1555af64..f0954aae5 100644 --- a/lfs/frr +++ b/lfs/frr @@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 7 +PAK_VER = 8 -DEPS = elfutils +DEPS = SERVICES = frr From c09d2324479fa2fceec9eb5166b5e8e7af45fb0a Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 6 Feb 2024 22:27:37 +0100 Subject: [PATCH 113/140] ltrace: elfutils moved from addon dependency to core program Fixes: Bug#13516 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/ltrace | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/ltrace b/lfs/ltrace index 3d1fdee3f..f3f07c0b1 100644 --- a/lfs/ltrace +++ b/lfs/ltrace @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ltrace -PAK_VER = 2 +PAK_VER = 3 -DEPS = elfutils +DEPS = SERVICES = From 4b1254520ab884792aa41a342a7e2e31320519db Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 6 Feb 2024 22:27:38 +0100 Subject: [PATCH 114/140] qemu: elfutils moved from addon dependency to core program Fixes: Bug#13516 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/qemu | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/qemu b/lfs/qemu index 2c45d7156..d65282743 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = qemu -PAK_VER = 41 +PAK_VER = 42 -DEPS = alsa elfutils libusbredir spice libseccomp libslirp +DEPS = alsa libusbredir spice libseccomp libslirp SERVICES = From 0e16c27908960fd911efe8193489a16eb970455f Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Tue, 6 Feb 2024 22:27:39 +0100 Subject: [PATCH 115/140] strace: elfutils moved from addon dependency to core program Fixes: Bug#13516 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- lfs/strace | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/strace b/lfs/strace index 2ce9b26d8..97253340a 100644 --- a/lfs/strace +++ b/lfs/strace @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = strace -PAK_VER = 10 +PAK_VER = 11 -DEPS = elfutils +DEPS = SERVICES = From fb7d13725fc3d16eeddad73e5cfa86a15bc58408 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 7 Feb 2024 10:58:21 +0000 Subject: [PATCH 116/140] core184: Remove elfutils pakfire metadata (if installed) Signed-off-by: Michael Tremer --- config/rootfiles/core/184/update.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index a5e53a564..b7deea6cf 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -37,6 +37,12 @@ done # Extract files extract_files +# Remove dropped elfutils addon +rm -vf \ + /opt/pakfire/db/installed/meta-elfutils \ + /opt/pakfire/db/meta/meta-elfutils \ + /opt/pakfire/db/rootfiles/elfutils + # Remove files # update linker config From 7d0f48668b681b4b788f8adffd5a6d0ad56d02a5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 7 Feb 2024 11:01:25 +0000 Subject: [PATCH 117/140] elfutils: Don't ship tools I don't think there is any point that we ship these. Signed-off-by: Michael Tremer --- config/rootfiles/common/elfutils | 36 ++++++++++++++--------------- config/rootfiles/core/184/update.sh | 20 +++++++++++++++- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/config/rootfiles/common/elfutils b/config/rootfiles/common/elfutils index f7d56ad89..830638e2b 100644 --- a/config/rootfiles/common/elfutils +++ b/config/rootfiles/common/elfutils @@ -1,21 +1,21 @@ -usr/bin/eu-addr2line -usr/bin/eu-ar -usr/bin/eu-elfclassify -usr/bin/eu-elfcmp -usr/bin/eu-elfcompress -usr/bin/eu-elflint -usr/bin/eu-findtextrel -usr/bin/eu-make-debug-archive -usr/bin/eu-nm -usr/bin/eu-objdump -usr/bin/eu-ranlib -usr/bin/eu-readelf -usr/bin/eu-size -usr/bin/eu-srcfiles -usr/bin/eu-stack -usr/bin/eu-strings -usr/bin/eu-strip -usr/bin/eu-unstrip +#usr/bin/eu-addr2line +#usr/bin/eu-ar +#usr/bin/eu-elfclassify +#usr/bin/eu-elfcmp +#usr/bin/eu-elfcompress +#usr/bin/eu-elflint +#usr/bin/eu-findtextrel +#usr/bin/eu-make-debug-archive +#usr/bin/eu-nm +#usr/bin/eu-objdump +#usr/bin/eu-ranlib +#usr/bin/eu-readelf +#usr/bin/eu-size +#usr/bin/eu-srcfiles +#usr/bin/eu-stack +#usr/bin/eu-strings +#usr/bin/eu-strip +#usr/bin/eu-unstrip #usr/include/dwarf.h #usr/include/elfutils #usr/include/elfutils/elf-knowledge.h diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index b7deea6cf..520817fe3 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -41,7 +41,25 @@ extract_files rm -vf \ /opt/pakfire/db/installed/meta-elfutils \ /opt/pakfire/db/meta/meta-elfutils \ - /opt/pakfire/db/rootfiles/elfutils + /opt/pakfire/db/rootfiles/elfutils \ + /usr/bin/eu-addr2line \ + /usr/bin/eu-ar \ + /usr/bin/eu-elfclassify \ + /usr/bin/eu-elfcmp \ + /usr/bin/eu-elfcompress \ + /usr/bin/eu-elflint \ + /usr/bin/eu-findtextrel \ + /usr/bin/eu-make-debug-archive \ + /usr/bin/eu-nm \ + /usr/bin/eu-objdump \ + /usr/bin/eu-ranlib \ + /usr/bin/eu-readelf \ + /usr/bin/eu-size \ + /usr/bin/eu-srcfiles \ + /usr/bin/eu-stack \ + /usr/bin/eu-strings \ + /usr/bin/eu-strip \ + /usr/bin/eu-unstrip # Remove files From 89645d1bbfbb26bdf0351fe01b69978f73fc0074 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:47 +0100 Subject: [PATCH 118/140] optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic - This v3 version has split the logging choice for drop hostile to separate the logging of incoming drop hostile and outgoing drop hostile. - The bug originator had no port forwards so all hostile would be dropped normally anyway. However the logs were being swamped by the logging of drop hostile making analysis difficult. So incoming drop hostile was desired to not be logged. However logging of outgoing drop hostile was desired to identify if clients on the internal lan were infected with malware trying to reach home. - Added option with drop hostile section to decide if the dropped traffic should be logged or not. Fixes: bug12981 Tested-by: Adolf Belka Reviewed-by: Bernhard Bitsch Tested-by: Bernhard Bitsch Signed-off-by: Michael Tremer --- html/cgi-bin/optionsfw.cgi | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index fbff67b2f..52ac1b01e 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -94,6 +94,12 @@ if (!$settings{'DROPSPOOFEDMARTIAN'}) { if (!$settings{'DROPHOSTILE'}) { $settings{'DROPHOSTILE'} = 'off'; } +if (!$settings{'LOGDROPHOSTILEIN'}) { + $settings{'LOGDROPHOSTILEIN'} = 'on'; +} +if (!$settings{'LOGDROPHOSTILEOUT'}) { + $settings{'LOGDROPHOSTILEOUT'} = 'on'; +} if (!$settings{'LOGDROPCTINVALID'}) { $settings{'LOGDROPCTINVALID'} = 'on'; } @@ -125,6 +131,12 @@ $checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMARTIAN'}} = "checked='chec $checked{'DROPHOSTILE'}{'off'} = ''; $checked{'DROPHOSTILE'}{'on'} = ''; $checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} = "checked='checked'"; +$checked{'LOGDROPHOSTILEIN'}{'off'} = ''; +$checked{'LOGDROPHOSTILEIN'}{'on'} = ''; +$checked{'LOGDROPHOSTILEIN'}{$settings{'LOGDROPHOSTILEIN'}} = "checked='checked'"; +$checked{'LOGDROPHOSTILEOUT'}{'off'} = ''; +$checked{'LOGDROPHOSTILEOUT'}{'on'} = ''; +$checked{'LOGDROPHOSTILEOUT'}{$settings{'LOGDROPHOSTILEOUT'}} = "checked='checked'"; $checked{'LOGDROPCTINVALID'}{'off'} = ''; $checked{'LOGDROPCTINVALID'}{'on'} = ''; $checked{'LOGDROPCTINVALID'}{$settings{'LOGDROPCTINVALID'}} = "checked='checked'"; @@ -279,6 +291,20 @@ END $Lang::tr{'off'} + + $Lang::tr{'log drop hostile in'} + + $Lang::tr{'on'} / + $Lang::tr{'off'} + + + + $Lang::tr{'log drop hostile out'} + + $Lang::tr{'on'} / + $Lang::tr{'off'} + +
From f23555a1c6acb12fbb626a27c2189dee4cb45c0c Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:48 +0100 Subject: [PATCH 119/140] rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile - This changes the action from HOSTILE_DROP to HOSTILE_DROP_IN for icnoming traffic and HOSTILE_DROP_OUT for outgoing traffic enabling logging decisions to be taken on each independently. Fixes: bug12981 Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch Acked-by: Bernhard Bitsch Signed-off-by: Michael Tremer --- config/firewall/rules.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 7edb910e2..a47c260a1 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -726,8 +726,8 @@ sub drop_hostile_networks () { &ipset_restore($HOSTILE_CCODE); # Check traffic in incoming/outgoing direction and drop if it matches - run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP"); - run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP"); + run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP_IN"); + run("$IPTABLES -A HOSTILE -o $RED_DEV -m set --match-set $HOSTILE_CCODE dst -j HOSTILE_DROP_OUT"); } sub ipblocklist () { From 37c5b4b62eb0e6bfb617a7173dd07d473c34f6a5 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:49 +0100 Subject: [PATCH 120/140] firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic - This v3 version now has two if loops allowing logging of incoming drop hostile or outgoing drop hostile or both or neither. - Dependent on the choice in optionsfw.cgi this loop will either log or not log the dropped hostile traffic. Fixes: bug12981 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch Signed-off-by: Michael Tremer --- src/initscripts/system/firewall | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 3aab7dd75..69bdcb594 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -179,9 +179,18 @@ iptables_init() { iptables -A FORWARD -j HOSTILE iptables -A OUTPUT -j HOSTILE - iptables -N HOSTILE_DROP - iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " - iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE" + iptables -N HOSTILE_DROP_IN + if [ "$LOGDROPHOSTILEIN" == "on" ]; then + iptables -A HOSTILE_DROP_IN -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " + fi + iptables -A HOSTILE_DROP_IN -j DROP -m comment --comment "DROP_HOSTILE" + + iptables -N HOSTILE_DROP_OUT + if [ "$LOGDROPHOSTILEOUT" == "on" ]; then + iptables -A HOSTILE_DROP_OUT -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " + fi + iptables -A HOSTILE_DROP_OUT -j DROP -m comment --comment "DROP_HOSTILE" + # IP Address Blocklist chains iptables -N BLOCKLISTIN From 6aa450ec3b4ab8a9a9ed37c710321c19b4db104d Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:50 +0100 Subject: [PATCH 121/140] en.pl: Fixes bug12981 - adds english language input for choice of drop hostile logging - In this v3 version have added translations for hostile networks in and hostile networks out and log drop hostile in and log drop hostile out. Fixes: bug12981 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- doc/language_issues.de | 5 +++++ doc/language_issues.en | 5 ++++- doc/language_issues.es | 5 +++++ doc/language_issues.fr | 5 +++++ doc/language_issues.it | 5 ++++- doc/language_issues.nl | 5 ++++- doc/language_issues.pl | 5 ++++- doc/language_issues.ru | 5 ++++- doc/language_issues.tr | 5 ++++- doc/language_missings | 37 ++++++++++++++++++++++++++++++++----- langs/en/cgi-bin/en.pl | 5 ++++- 11 files changed, 75 insertions(+), 12 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 4fd5a0819..29bf5b8d7 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -375,6 +375,7 @@ WARNING: translation string unused: host WARNING: translation string unused: host allow WARNING: translation string unused: host configuration WARNING: translation string unused: host deny +WARNING: translation string unused: hostile networks WARNING: translation string unused: hostname and domain already in use WARNING: translation string unused: hour-graph WARNING: translation string unused: hours2 @@ -923,12 +924,16 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids subscription code required = The selected ruleset requires a subscription code WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es) WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index b4327cb78..4f37e43f7 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1039,7 +1039,8 @@ WARNING: untranslated string: holdoff = Holdoff time (in seconds) WARNING: untranslated string: host certificate = Host Certificate WARNING: untranslated string: host ip = Host IP address WARNING: untranslated string: host to net vpn = Host-to-Net Virtual Private Network (RoadWarrior) -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: hostname = Hostname WARNING: untranslated string: hostname cant be empty = Hostname cannot be empty. WARNING: untranslated string: hostname not set = Hostname not set. @@ -1247,6 +1248,8 @@ WARNING: untranslated string: locationblock country is allowed = Incoming traffi WARNING: untranslated string: locationblock country is blocked = Incoming traffic from this country will be blocked WARNING: untranslated string: locationblock enable feature = Enable Location based blocking: WARNING: untranslated string: log = Log +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log lines per page = Lines per page WARNING: untranslated string: log server address = Syslog server: diff --git a/doc/language_issues.es b/doc/language_issues.es index 45ffdf5d7..22b6efbc3 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -415,6 +415,7 @@ WARNING: translation string unused: host WARNING: translation string unused: host allow WARNING: translation string unused: host configuration WARNING: translation string unused: host deny +WARNING: translation string unused: hostile networks WARNING: translation string unused: hostname and domain already in use WARNING: translation string unused: hour-graph WARNING: translation string unused: hours2 @@ -989,8 +990,12 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: no data = unknown string WARNING: untranslated string: openvpn cert expires soon = Expires Soon WARNING: untranslated string: openvpn cert has expired = Expired diff --git a/doc/language_issues.fr b/doc/language_issues.fr index cacfb1ec6..68514699d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -402,6 +402,7 @@ WARNING: translation string unused: host WARNING: translation string unused: host allow WARNING: translation string unused: host configuration WARNING: translation string unused: host deny +WARNING: translation string unused: hostile networks WARNING: translation string unused: hostname and domain already in use WARNING: translation string unused: hour-graph WARNING: translation string unused: hours2 @@ -947,6 +948,10 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. diff --git a/doc/language_issues.it b/doc/language_issues.it index 68ff12c86..fed7f4195 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1068,7 +1068,8 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply @@ -1159,6 +1160,8 @@ WARNING: untranslated string: locationblock configuration = Location Configurati WARNING: untranslated string: locationblock country is allowed = Incoming traffic from this country is allowed WARNING: untranslated string: locationblock country is blocked = Incoming traffic from this country will be blocked WARNING: untranslated string: locationblock enable feature = Enable Location based blocking: +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: WARNING: untranslated string: masquerade blue = Masquerade BLUE diff --git a/doc/language_issues.nl b/doc/language_issues.nl index d1a637215..9f9fce689 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1073,7 +1073,8 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply @@ -1166,6 +1167,8 @@ WARNING: untranslated string: locationblock configuration = Location Configurati WARNING: untranslated string: locationblock country is allowed = Incoming traffic from this country is allowed WARNING: untranslated string: locationblock country is blocked = Incoming traffic from this country will be blocked WARNING: untranslated string: locationblock enable feature = Enable Location based blocking: +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: WARNING: untranslated string: masquerade blue = Masquerade BLUE diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 893f73211..48c0974e8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1213,7 +1213,8 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply @@ -1315,6 +1316,8 @@ WARNING: untranslated string: locationblock configuration = Location Configurati WARNING: untranslated string: locationblock country is allowed = Incoming traffic from this country is allowed WARNING: untranslated string: locationblock country is blocked = Incoming traffic from this country will be blocked WARNING: untranslated string: locationblock enable feature = Enable Location based blocking: +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: WARNING: untranslated string: mac filter = MAC filter diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 64c9b5095..a1112396c 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1210,7 +1210,8 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply @@ -1313,6 +1314,8 @@ WARNING: untranslated string: locationblock configuration = Location Configurati WARNING: untranslated string: locationblock country is allowed = Incoming traffic from this country is allowed WARNING: untranslated string: locationblock country is blocked = Incoming traffic from this country will be blocked WARNING: untranslated string: locationblock enable feature = Enable Location based blocking: +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: log server protocol = protocol: WARNING: untranslated string: mac filter = MAC filter diff --git a/doc/language_issues.tr b/doc/language_issues.tr index eadbd33c7..649ebf6b4 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1010,7 +1010,8 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks = Hostile networks +WARNING: untranslated string: hostile networks in = Hostile networks in +WARNING: untranslated string: hostile networks out = Hostile networks out WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply @@ -1089,6 +1090,8 @@ WARNING: untranslated string: ipsec settings = IPsec Settings WARNING: untranslated string: itlb multihit = iTLB MultiHit WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks +WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: mitigated = Mitigated diff --git a/doc/language_missings b/doc/language_missings index 28ae29c2b..8a92fde97 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -58,6 +58,8 @@ < extrahd because it it outside the allowed mount path < g.dtm < g.lite +< hostile networks in +< hostile networks out < ids automatic rules update < ids subscription code required < insert removable device @@ -66,6 +68,8 @@ < ipsec invalid ip address or fqdn for rw endpoint < ipsec roadwarrior endpoint < link-layer encapsulation +< log drop hostile in +< log drop hostile out < netbios nameserver daemon < no entries < notes @@ -114,7 +118,11 @@ < extrahd not configured < extrahd not mounted < hardware vulnerabilities +< hostile networks in +< hostile networks out < invalid ip or hostname +< log drop hostile in +< log drop hostile out < openvpn cert expires soon < openvpn cert has expired < reiserfs warning1 @@ -138,6 +146,10 @@ < extrahd not mounted < g.dtm < g.lite +< hostile networks in +< hostile networks out +< log drop hostile in +< log drop hostile out < reiserfs warning1 < reiserfs warning2 < spec rstack overflow @@ -361,7 +373,8 @@ < guaranteed bandwidth < guardian < hardware vulnerabilities -< hostile networks +< hostile networks in +< hostile networks out < ids add provider < ids adjust ruleset < ids apply @@ -464,6 +477,8 @@ < locationblock country name < locationblock enable feature < locationblock flag +< log drop hostile in +< log drop hostile out < log dropped conntrack invalids < log server protocol < masquerade blue @@ -880,7 +895,8 @@ < generate ptr < guardian < hardware vulnerabilities -< hostile networks +< hostile networks in +< hostile networks out < ids add provider < ids adjust ruleset < ids apply @@ -985,6 +1001,8 @@ < locationblock country name < locationblock enable feature < locationblock flag +< log drop hostile in +< log drop hostile out < log dropped conntrack invalids < log server protocol < masquerade blue @@ -1704,7 +1722,8 @@ < grouptype < guardian < hardware vulnerabilities -< hostile networks +< hostile networks in +< hostile networks out < ids add provider < ids adjust ruleset < ids apply @@ -1819,6 +1838,8 @@ < locationblock country name < locationblock enable feature < locationblock flag +< log drop hostile in +< log drop hostile out < log dropped conntrack invalids < log server protocol < mac filter @@ -2695,7 +2716,8 @@ < grouptype < guardian < hardware vulnerabilities -< hostile networks +< hostile networks in +< hostile networks out < hour-graph < ids add provider < ids adjust ruleset @@ -2812,6 +2834,8 @@ < locationblock country name < locationblock enable feature < locationblock flag +< log drop hostile in +< log drop hostile out < log dropped conntrack invalids < log server protocol < mac filter @@ -3280,7 +3304,8 @@ < fw red < generate ptr < hardware vulnerabilities -< hostile networks +< hostile networks in +< hostile networks out < ids add provider < ids adjust ruleset < ids apply @@ -3368,6 +3393,8 @@ < legacy architecture warning < link-layer encapsulation < local ip address +< log drop hostile in +< log drop hostile out < log dropped conntrack invalids < meltdown < mitigated diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 16a3061b4..935217f0b 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1409,7 +1409,8 @@ 'host deny' => 'list with denied hosts', 'host ip' => 'Host IP address', 'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)', -'hostile networks' => 'Hostile networks', +'hostile networks in' => 'Hostile networks in', +'hostile networks out' => 'Hostile networks out', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname and domain already in use.', 'hostname cant be empty' => 'Hostname cannot be empty.', @@ -1686,6 +1687,8 @@ 'locationblock enable feature' => 'Enable Location based blocking:', 'locationblock flag' => 'Flag', 'log' => 'Log', +'log drop hostile in' => 'Log dropped packets FROM hostile networks', +'log drop hostile out' => 'Log dropped packets TO hostile networks', 'log dropped conntrack invalids' => 'Log dropped packets classified as INVALID by connection tracking', 'log enabled' => 'Log Enabled', 'log level' => 'Log Level', From d2b423b1dc866dccf70dba93d779da36871c1b84 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:51 +0100 Subject: [PATCH 122/140] collectd.conf: Fix bug12981 - This creates in and out drop hostile data collection - In this v3 version of the patch set the splitting of drop hostile logging into incoming and outgoing logging means that the data collection and graphs need to have drop hostile also split into incoming and outgoing. Fixes: bug12981 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/collectd/collectd.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index 4ef34ea07..cc49f0ba7 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -51,7 +51,8 @@ include "/etc/collectd.precache" Chain filter POLICYOUT DROP_OUTPUT Chain filter POLICYIN DROP_INPUT Chain filter SPOOFED_MARTIAN DROP_SPOOFED_MARTIAN - Chain filter HOSTILE_DROP DROP_HOSTILE + Chain filter HOSTILE_DROP_IN DROP_HOSTILE + Chain filter HOSTILE_DROP_OUT DROP_HOSTILE # From 216d4bfc3d42bb280ed4f88e066d9147b0f5b5c2 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:52 +0100 Subject: [PATCH 123/140] graphs.pl: Fixes bug12981 - Creates in and outgoing drop hostile graph entries - This v3 version of the patch set splits the single hostile networks graph entry into incoming hostile networks and outgoing hostile networks entries. Fixes: bug12981 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/cfgroot/graphs.pl | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 9803dd124..f527447b5 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -693,7 +693,8 @@ sub updatefwhitsgraph { "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", - "DEF:hostile=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), @@ -729,11 +730,16 @@ sub updatefwhitsgraph { "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j", - "STACK:hostile".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks'}), - "GPRINT:hostile:MAX:%8.1lf %sBps", - "GPRINT:hostile:AVERAGE:%8.1lf %sBps", - "GPRINT:hostile:MIN:%8.1lf %sBps", - "GPRINT:hostile:LAST:%8.1lf %sBps\\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", ); $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; From b4f6962c4dd5ddd18a376e4acec6a861cf870fa1 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sun, 21 Jan 2024 12:45:53 +0100 Subject: [PATCH 124/140] optionsfw.cgi: Move Firewall Options Drop commands to before the logging section - Moved the Firewall Options Drop commands to before the logging section, as discussed at January 2024 Video Call. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- html/cgi-bin/optionsfw.cgi | 47 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 52ac1b01e..60b1bdd91 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -224,6 +224,29 @@ END
+ + + + + + + + +
$Lang::tr{'fw red'}
$Lang::tr{'drop hostile'} + $Lang::tr{'on'} / + $Lang::tr{'off'} +
+
+ + + + + +
$Lang::tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / + $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / + $Lang::tr{'off'}
+
+ @@ -308,28 +331,6 @@ END
$Lang::tr{'fw logging'}

- - - - - - - - -
$Lang::tr{'fw red'}
$Lang::tr{'drop hostile'} - $Lang::tr{'on'} / - $Lang::tr{'off'} -
-
- - - - - -
$Lang::tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / - $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / - $Lang::tr{'off'}
-
- + END ; } else { @@ -3782,3 +3793,44 @@ sub make_subnets($$) { return join(",", @cidr_nets); } + +sub regenerate_host_certificate() { + my $errormessage = ""; + + &General::log("ipsec", "Regenerating host certificate..."); + + # Create a CSR based on the existing certificate + my $opt = " x509 -x509toreq -copy_extensions copyall"; + $opt .= " -signkey ${General::swroot}/certs/hostkey.pem"; + $opt .= " -in ${General::swroot}/certs/hostcert.pem"; + $opt .= " -out ${General::swroot}/certs/hostreq.pem"; + $errormessage = &callssl($opt); + + # Revoke the old certificate + if (!$errormessage) { + &General::log("ipsec", "Revoking the old host cert..."); + + my $opt = " ca -revoke ${General::swroot}/certs/hostcert.pem"; + $errormessage = &callssl($opt); + } + + # Sign the host certificate request + if (!$errormessage) { + &General::log("ipsec", "Self signing host cert..."); + + my $opt = " ca -md sha256 -days 825"; + $opt .= " -batch -notext"; + $opt .= " -in ${General::swroot}/certs/hostreq.pem"; + $opt .= " -out ${General::swroot}/certs/hostcert.pem"; + $errormessage = &callssl ($opt); + + unlink ("${General::swroot}/certs/hostreq.pem"); #no more needed + } + + # Reload the new certificate + if (!$errormessage) { + &General::system('/usr/local/bin/ipsecctrl', 'R'); + } + + return $errormessage; +} diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 27831a492..3246102ba 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2212,6 +2212,7 @@ 'refresh' => 'Refresh', 'refresh index page while connected' => 'Refresh index.cgi page while connected', 'refresh update list' => 'Refresh update list', +'regenerate host certificate' => 'Renew Host Certificate', 'registered user rules' => 'Talos VRT rules for registered users', 'reiserfs warning1' => 'Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.', 'reiserfs warning2' => 'Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.', From b8c898b4824624b802ffda8b92c7009ea5a9db46 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 7 Feb 2024 11:09:50 +0000 Subject: [PATCH 131/140] core184: Ship vpnmain.cgi Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/core/184/filelists/files index 7c98cba8f..dc8a1b28f 100644 --- a/config/rootfiles/core/184/filelists/files +++ b/config/rootfiles/core/184/filelists/files @@ -1,5 +1,6 @@ etc/rc.d/init.d/collectd etc/rc.d/init.d/firewall srv/web/ipfire/cgi-bin/optionsfw.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi usr/lib/firewall/rules.pl var/ipfire/graphs.pl From 3757d24e470975ab3451a1d8adb36281468c0532 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 7 Feb 2024 11:21:49 +0000 Subject: [PATCH 132/140] libvirt: Don't build for riscv64 There seems to be some problem that this package does not build from source, but as we don't currently have any hardware that supports thise, there is no point in debugging it. Signed-off-by: Michael Tremer --- lfs/libvirt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/libvirt b/lfs/libvirt index 3035844f0..ef122cfa7 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -# SUP_ARCH = x86_64 aarch64 +SUP_ARCH = x86_64 aarch64 PROG = libvirt PAK_VER = 34 From 49b8893ff5c28abaf717e35d9db2f6b8177ff53d Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 7 Feb 2024 12:13:19 +0100 Subject: [PATCH 133/140] expat: Update to version 2.6.0 - Update from version 2.5.0 to 2.6.0 - Update of rootfile - This update fixes two CVE's. Not sure if IPFire would be vulnerable or not but safer to update anyway. - Changelog 2.6.0 Security fixes: #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. #777 CVE-2023-52426 -- Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). Bug fixes: #753 Fix parse-size-dependent "invalid token" error for external entities that start with a byte order mark #780 Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined #812 #813 Protect against closing entities out of order Other changes: #723 Improve support for arc4random/arc4random_buf #771 #788 Improve buffer growth in XML_GetBuffer and XML_Parse #761 #770 xmlwf: Support --help and --version #759 #770 xmlwf: Support custom buffer size for XML_GetBuffer and read #744 xmlwf: Improve language and URL clickability in help output #673 examples: Add new example "element_declarations.c" #764 Be stricter about macro XML_CONTEXT_BYTES at build time #765 Make inclusion to expat_config.h consistent #726 #727 Autotools: configure.ac: Support --disable-maintainer-mode #678 #705 .. #706 #733 #792 Autotools: Sync CMake templates with CMake 3.26 #795 Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability #815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section "Cflags.private" in order to fix compilation against static libexpat using pkg-config on Windows #724 #751 Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) #793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable #750 #786 Autotools|CMake: Make test suite require a C++11 compiler #749 CMake: Require CMake >=3.5.0 #672 CMake: Lowercase off_t and size_t to help a bug in Meson #746 CMake: Sort xmlwf sources alphabetically #785 CMake|Windows: Fix generation of DLL file version info #790 CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON #745 #757 docs: Document the importance of isFinal + adjust tests accordingly #736 docs: Improve use of "NULL" and "null" #713 docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) #762 docs: reference.html: Promote function XML_ParseBuffer more #779 docs: reference.html: Add HTML anchors to XML_* macros #760 docs: reference.html: Upgrade to OK.css 1.2.0 #763 #739 docs: Fix typos #696 docs|CI: Use HTTPS URLs instead of HTTP at various places #669 #670 .. #692 #703 .. #733 #772 Address compiler warnings #798 #800 Address clang-tidy warnings #775 #776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do Infrastructure: #700 #701 docs: Document security policy in file SECURITY.md #766 docs: Improve parse buffer variables in-code documentation #674 #738 .. #740 #747 .. #748 #781 #782 Refactor coverage and conformance tests #714 #716 Refactor debug level variables to unsigned long #671 Improve handling of empty environment variable value in function getDebugLevel (without visible user effect) #755 #774 .. #758 #783 .. #784 #787 tests: Improve test coverage with regard to parse chunk size #660 #797 #801 Fuzzing: Improve fuzzing coverage #367 #799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests #698 #721 CI: Resolve some Travis CI leftovers #669 CI: Be robust towards absence of Git tags #693 #694 CI: Set permissions to "contents: read" for security #709 CI: Pin all GitHub Actions to specific commits for security #739 CI: Reject spelling errors using codespell #798 CI: Enforce clang-tidy clean code #773 #808 .. #809 #810 CI: Upgrade Clang from 15 to 18 #796 CI: Start using Clang's Control Flow Integrity sanitizer #675 #720 #722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images #689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging #763 CI: Adapt to breaking changes in codespell #803 CI: Adapt to breaking changes in Cppcheck Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/expat | 21 +++++++++++---------- lfs/expat | 8 ++++---- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 233c46283..499f99f8e 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -3,20 +3,21 @@ #usr/include/expat_config.h #usr/include/expat_external.h #usr/lib/cmake -#usr/lib/cmake/expat-2.5.0 -#usr/lib/cmake/expat-2.5.0/expat-config-version.cmake -#usr/lib/cmake/expat-2.5.0/expat-config.cmake -#usr/lib/cmake/expat-2.5.0/expat-noconfig.cmake -#usr/lib/cmake/expat-2.5.0/expat.cmake +#usr/lib/cmake/expat-2.6.0 +#usr/lib/cmake/expat-2.6.0/expat-config-version.cmake +#usr/lib/cmake/expat-2.6.0/expat-config.cmake +#usr/lib/cmake/expat-2.6.0/expat-noconfig.cmake +#usr/lib/cmake/expat-2.6.0/expat.cmake #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.8.10 +usr/lib/libexpat.so.1.9.0 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.5.0 -#usr/share/doc/expat-2.5.0/ok.min.css -#usr/share/doc/expat-2.5.0/reference.html -#usr/share/doc/expat-2.5.0/style.css +#usr/share/doc/expat-2.6.0 +#usr/share/doc/expat-2.6.0/ok.min.css +#usr/share/doc/expat-2.6.0/reference.html +#usr/share/doc/expat-2.6.0/style.css #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog +#usr/share/man/man1/xmlwf.1 diff --git a/lfs/expat b/lfs/expat index a89b6d114..acfdba6ea 100644 --- a/lfs/expat +++ b/lfs/expat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@ include Config -VER = 2.5.0 +VER = 2.6.0 THISAPP = expat-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 15a5dcd3af17995fb4299301710b38d609c1fe7a8d6a6284581fedd96e89e0c16526d0342fb55773ac9d678cd65dc5cdb1532c764eeb3a20ccdf1e168b96e337 +$(DL_FILE)_BLAKE2 = 2f0117317bde4e03d8662bcac1ff6c2bbb1af694846b21a82ac12d11ccd43032b481af72fa35298c3cb19b7426dba6a67e703904ca7b05663ffd854a42348bd0 install : $(TARGET) From 498d5613d6d46ea4392f0239485b2f1af8c91623 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 11:25:19 +0000 Subject: [PATCH 134/140] core184: Ship expat Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/expat | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/184/filelists/expat diff --git a/config/rootfiles/core/184/filelists/expat b/config/rootfiles/core/184/filelists/expat new file mode 120000 index 000000000..e1923cf63 --- /dev/null +++ b/config/rootfiles/core/184/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file From 8c2109bc217862207fc405fbbb1f6f9bfde53413 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Wed, 7 Feb 2024 18:37:23 +0100 Subject: [PATCH 135/140] squid: Update to 6.7 Signed-off-by: Matthias Fischer For details see: https://github.com/squid-cache/squid/commits/v6 Signed-off-by: Michael Tremer --- lfs/squid | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/squid b/lfs/squid index c0f465c16..3a2d1039c 100644 --- a/lfs/squid +++ b/lfs/squid @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.6 +VER = 6.7 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc +$(DL_FILE)_BLAKE2 = f91b0f617b6b32138c33575d5daec0bc6dfcb0d356939b6c01e9d4c33b77886ffb55c38678f31aeed9bf4d5d5e488c751d41098b846a956383c8b6db8c851cab install : $(TARGET) From 8e111d6f03f4e8f71bedd21e623700534ae7603b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 11:26:55 +0000 Subject: [PATCH 136/140] core184: Ship squid Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/squid | 1 + config/rootfiles/core/184/update.sh | 5 +++++ 2 files changed, 6 insertions(+) create mode 120000 config/rootfiles/core/184/filelists/squid diff --git a/config/rootfiles/core/184/filelists/squid b/config/rootfiles/core/184/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/184/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index d744b5119..c3593414e 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +/etc/init.d/squid stop /etc/init.d/vnstat stop # Extract files @@ -80,6 +81,10 @@ telinit u /etc/init.d/vnstat start /etc/init.d/collectd restart +if [ -f /var/ipfire/proxy/enable ]; then + /etc/init.d/squid start +fi + # This update needs a reboot... touch /var/run/need_reboot From ef387142af48f8827225ac7695183b765829aeae Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 11:30:38 +0000 Subject: [PATCH 137/140] suricata: Update to 6.0.16 https://redmine.openinfosecfoundation.org/versions/201 Signed-off-by: Michael Tremer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index 2e71ba49d..fbad89672 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 6.0.15 +VER = 6.0.16 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 +$(DL_FILE)_BLAKE2 = 831d18072b52bfdd8379ac43a99b1660e575b04a805034371c1341f7fb4875f1b110d2f35bbf7eb7834f2b6b44cafdb939b32dbc50b43c4657277fa24c4dd3f4 install : $(TARGET) From fced111d30804160fe0e96b8bdca30dd11b43774 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 11:33:23 +0000 Subject: [PATCH 138/140] libhtp: Update to 0.5.46 Signed-off-by: Michael Tremer --- lfs/libhtp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/libhtp b/lfs/libhtp index 987c159e5..882f191d7 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -24,7 +24,7 @@ include Config -VER = 0.5.44 +VER = 0.5.46 THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6b4c8d617e6a649997e9375677baed99315be83e598317ce4951883482e6099cb5fd28e27ae25ab68ecc765931b0955289d144a710ce2e1b11edf92848b1b613 +$(DL_FILE)_BLAKE2 = 326246433b3d8525cd211fec73bc0fdd9fb61a65001fc55d1fed4e966c53b16a1052ef0597990681d805c2c560e670b8b2d2558851971df6c31910dea571d0cc install : $(TARGET) From bce42f80eb06c1b14e1cc4eaeab5d72724a0e456 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 11:39:02 +0000 Subject: [PATCH 139/140] core184: Ship suricata & libhtp Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/libhtp | 1 + config/rootfiles/core/184/filelists/suricata | 1 + config/rootfiles/core/184/update.sh | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) create mode 120000 config/rootfiles/core/184/filelists/libhtp create mode 120000 config/rootfiles/core/184/filelists/suricata diff --git a/config/rootfiles/core/184/filelists/libhtp b/config/rootfiles/core/184/filelists/libhtp new file mode 120000 index 000000000..676e2c5e8 --- /dev/null +++ b/config/rootfiles/core/184/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/suricata b/config/rootfiles/core/184/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/184/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index c3593414e..024c44be7 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -80,7 +80,7 @@ ldconfig telinit u /etc/init.d/vnstat start /etc/init.d/collectd restart - +/etc/init.d/suricata restart if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi From 4c68bcb588de1bda5944e3bee09aaf314b450aa8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 9 Feb 2024 12:02:11 +0000 Subject: [PATCH 140/140] installer: Fail if the bootloader could not be installed If GRUB could not be installed during installation, the installer continued without reporting the error to the user. This change will make the installer fail. Signed-off-by: Michael Tremer --- src/installer/install-bootloader | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/installer/install-bootloader b/src/installer/install-bootloader index d6451e0b1..340dd6aa5 100644 --- a/src/installer/install-bootloader +++ b/src/installer/install-bootloader @@ -172,12 +172,12 @@ function main() { if device_is_mdraid "${device}"; then local slave for slave in $(mdraid_get_slaves "${device}"); do - grub_install "${slave}" + grub_install "${slave}" || return $? done # Handle normal block devices else - grub_install "${device}" + grub_install "${device}" || return $? fi return 0
$Lang::tr{'fw settings'}
$Lang::tr{'fw settings color'}$Lang::tr{'on'} / From 7c9a6cf1631cd68970762cbb61056618f6de4c2e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Feb 2024 18:11:48 +0000 Subject: [PATCH 125/140] firewall: graphs: Add a line for the total number of hostile hits Signed-off-by: Michael Tremer --- config/cfgroot/graphs.pl | 13 +++++++++++++ doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 ++++++++ langs/en/cgi-bin/en.pl | 1 + 12 files changed, 31 insertions(+) diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index f527447b5..a23e49c98 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -695,6 +695,14 @@ sub updatefwhitsgraph { "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values + # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown, + # we replace them with them sum of IN + OUT. + "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), @@ -740,6 +748,11 @@ sub updatefwhitsgraph { "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", "GPRINT:hostileout:MIN:%8.1lf %sBps", "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\\j", ); $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; diff --git a/doc/language_issues.de b/doc/language_issues.de index 29bf5b8d7..51186be08 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -926,6 +926,7 @@ WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids subscription code required = The selected ruleset requires a subscription code WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es) diff --git a/doc/language_issues.en b/doc/language_issues.en index 4f37e43f7..7f35bbc36 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1041,6 +1041,7 @@ WARNING: untranslated string: host ip = Host IP address WARNING: untranslated string: host to net vpn = Host-to-Net Virtual Private Network (RoadWarrior) WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: hostname = Hostname WARNING: untranslated string: hostname cant be empty = Hostname cannot be empty. WARNING: untranslated string: hostname not set = Hostname not set. diff --git a/doc/language_issues.es b/doc/language_issues.es index 22b6efbc3..cad67f5d3 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -992,6 +992,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 68514699d..c72cf45ae 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -950,6 +950,7 @@ WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. diff --git a/doc/language_issues.it b/doc/language_issues.it index fed7f4195..d3341e285 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1070,6 +1070,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 9f9fce689..065cacc49 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1075,6 +1075,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 48c0974e8..7c2425d57 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1215,6 +1215,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.ru b/doc/language_issues.ru index a1112396c..20d7afdff 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1212,6 +1212,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 649ebf6b4..d9a1891cb 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1012,6 +1012,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_missings b/doc/language_missings index 8a92fde97..eb58bd385 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -60,6 +60,7 @@ < g.lite < hostile networks in < hostile networks out +< hostile networks total < ids automatic rules update < ids subscription code required < insert removable device @@ -120,6 +121,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < invalid ip or hostname < log drop hostile in < log drop hostile out @@ -148,6 +150,7 @@ < g.lite < hostile networks in < hostile networks out +< hostile networks total < log drop hostile in < log drop hostile out < reiserfs warning1 @@ -375,6 +378,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -897,6 +901,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -1724,6 +1729,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -2718,6 +2724,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < hour-graph < ids add provider < ids adjust ruleset @@ -3306,6 +3313,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 935217f0b..303fc3d5b 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1411,6 +1411,7 @@ 'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)', 'hostile networks in' => 'Hostile networks in', 'hostile networks out' => 'Hostile networks out', +'hostile networks total' => 'Hostile networks total', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname and domain already in use.', 'hostname cant be empty' => 'Hostname cannot be empty.', From 3dfc7489461d52321bf6cb6a342b15416fd362bb Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Feb 2024 18:17:26 +0000 Subject: [PATCH 126/140] firewall: Improve labelling of hostile networks hits Signed-off-by: Michael Tremer --- doc/language_issues.de | 6 +++--- doc/language_issues.en | 6 +++--- doc/language_issues.es | 6 +++--- doc/language_issues.fr | 6 +++--- doc/language_issues.it | 6 +++--- doc/language_issues.nl | 6 +++--- doc/language_issues.pl | 6 +++--- doc/language_issues.ru | 6 +++--- doc/language_issues.tr | 6 +++--- langs/en/cgi-bin/en.pl | 6 +++--- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 51186be08..56bd09414 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -924,9 +924,9 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids subscription code required = The selected ruleset requires a subscription code WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es) diff --git a/doc/language_issues.en b/doc/language_issues.en index 7f35bbc36..c55a6fb2c 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1039,9 +1039,9 @@ WARNING: untranslated string: holdoff = Holdoff time (in seconds) WARNING: untranslated string: host certificate = Host Certificate WARNING: untranslated string: host ip = Host IP address WARNING: untranslated string: host to net vpn = Host-to-Net Virtual Private Network (RoadWarrior) -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: hostname = Hostname WARNING: untranslated string: hostname cant be empty = Hostname cannot be empty. WARNING: untranslated string: hostname not set = Hostname not set. diff --git a/doc/language_issues.es b/doc/language_issues.es index cad67f5d3..eef18d6e0 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -990,9 +990,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks diff --git a/doc/language_issues.fr b/doc/language_issues.fr index c72cf45ae..36cd4944b 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -948,9 +948,9 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. diff --git a/doc/language_issues.it b/doc/language_issues.it index d3341e285..43bbd4a1f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1068,9 +1068,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 065cacc49..761cda4a2 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1073,9 +1073,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 7c2425d57..8b6e3efd0 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1213,9 +1213,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 20d7afdff..93ff3c636 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1210,9 +1210,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d9a1891cb..05c16e1c2 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1010,9 +1010,9 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities -WARNING: untranslated string: hostile networks in = Hostile networks in -WARNING: untranslated string: hostile networks out = Hostile networks out -WARNING: untranslated string: hostile networks total = Hostile networks total +WARNING: untranslated string: hostile networks in = From Hostile Networks +WARNING: untranslated string: hostile networks out = To Hostile Networks +WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 303fc3d5b..27831a492 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1409,9 +1409,9 @@ 'host deny' => 'list with denied hosts', 'host ip' => 'Host IP address', 'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)', -'hostile networks in' => 'Hostile networks in', -'hostile networks out' => 'Hostile networks out', -'hostile networks total' => 'Hostile networks total', +'hostile networks in' => 'From Hostile Networks', +'hostile networks out' => 'To Hostile Networks', +'hostile networks total' => 'Total Hostile Networks', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname and domain already in use.', 'hostname cant be empty' => 'Hostname cannot be empty.', From 08c20b8457ec8c8fe24dda561b8d28a6f6b584a3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 7 Feb 2024 11:05:08 +0000 Subject: [PATCH 127/140] core184: Ship HOSTILE IN/OUT changes Signed-off-by: Michael Tremer --- config/rootfiles/core/184/filelists/files | 4 ++++ config/rootfiles/core/184/update.sh | 1 + 2 files changed, 5 insertions(+) diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/core/184/filelists/files index 4f1c7ed98..7c98cba8f 100644 --- a/config/rootfiles/core/184/filelists/files +++ b/config/rootfiles/core/184/filelists/files @@ -1 +1,5 @@ etc/rc.d/init.d/collectd +etc/rc.d/init.d/firewall +srv/web/ipfire/cgi-bin/optionsfw.cgi +usr/lib/firewall/rules.pl +var/ipfire/graphs.pl diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index 520817fe3..d744b5119 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -78,6 +78,7 @@ ldconfig # Start services telinit u /etc/init.d/vnstat start +/etc/init.d/collectd restart # This update needs a reboot... touch /var/run/need_reboot From 182743310ce47d9a78d5fd6d32c510bcbb163762 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 17:45:42 +0000 Subject: [PATCH 128/140] vpnmain.cgi: Do not use a bad source for randomness Signed-off-by: Michael Tremer --- html/cgi-bin/vpnmain.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 53507305f..8b05a0de7 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -2141,7 +2141,7 @@ END &General::log("ipsec", "Creating a cert..."); if (open(STDIN, "-|")) { - my $opt = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache"; + my $opt = " req -nodes"; $opt .= " -newkey rsa:4096"; $opt .= " -keyout ${General::swroot}/certs/$cgiparams{'NAME'}key.pem"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}req.pem"; From aa07e1bb3eba3606a0b8e647180e0926a411016b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 17:45:43 +0000 Subject: [PATCH 129/140] vpnmain.cgi: Return the entire error message if OpenSSL fails The function did not evaluate the return code which is why it used a hack to figure out if some output is an error or not. This is being fixed in this commit and the entire output is being returned if the return code is non-zero. Signed-off-by: Michael Tremer --- html/cgi-bin/vpnmain.cgi | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 8b05a0de7..d82e6b5c9 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -229,13 +229,14 @@ sub callssl ($) { my $opt = shift; my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr my $ret = ''; - foreach my $line (split (/\n/, $retssl)) { - &General::log("ipsec", "$line") if (0); # 1 for verbose logging - $ret .= '
'.$line if ( $line =~ /error|unknown/ ); - } - if ($ret) { - $ret= &Header::cleanhtml($ret); + + if ($?) { + foreach my $line (split (/\n/, $retssl)) { + &General::log("ipsec", "$line") if (0); # 1 for verbose logging + $ret .= '
' . &Header::escape($line); + } } + return $ret ? "$Lang::tr{'openssl produced an error'}: $ret" : '' ; } ### From 9f01011570be542e394503cb8a4c5184eb9be8d1 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 Jan 2024 17:45:44 +0000 Subject: [PATCH 130/140] vpnmain.cgi: Add option to regenerate the host certificate This is necessary since we now have a much shorter lifetime for the host certificate. However, it is complicated to do this is which is why we are copying the previous certificate and generate a new CSR. This is then signed. A caveat of this patch is that we do not rollover the key. Signed-off-by: Michael Tremer --- config/ssl/openssl.cnf | 1 + doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 ++++++ html/cgi-bin/vpnmain.cgi | 54 +++++++++++++++++++++++++++++++++++++++- langs/en/cgi-bin/en.pl | 1 + 13 files changed, 72 insertions(+), 1 deletion(-) diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf index 3b980fcd4..00c206ed8 100644 --- a/config/ssl/openssl.cnf +++ b/config/ssl/openssl.cnf @@ -23,6 +23,7 @@ default_md = sha256 preserve = no policy = policy_match email_in_dn = no +copy_extensions = copyall [ policy_match ] countryName = optional diff --git a/doc/language_issues.de b/doc/language_issues.de index 56bd09414..46fb9ee5a 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -939,6 +939,7 @@ WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Dae WARNING: untranslated string: no entries = No entries at the moment. WARNING: untranslated string: optional = Optional WARNING: untranslated string: pakfire invalid tree = Invalid repository selected +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: required = Required diff --git a/doc/language_issues.en b/doc/language_issues.en index c55a6fb2c..86d5890f2 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1582,6 +1582,7 @@ WARNING: untranslated string: red1 = RED WARNING: untranslated string: references = References WARNING: untranslated string: refresh = Refresh WARNING: untranslated string: refresh index page while connected = Refresh index.cgi page while connected +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release diff --git a/doc/language_issues.es b/doc/language_issues.es index eef18d6e0..30e20ae87 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1001,6 +1001,7 @@ WARNING: untranslated string: no data = unknown string WARNING: untranslated string: openvpn cert expires soon = Expires Soon WARNING: untranslated string: openvpn cert has expired = Expired WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: route config changed = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 36cd4944b..a53358147 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -954,6 +954,7 @@ WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: route config changed = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 43bbd4a1f..24efece2b 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1219,6 +1219,7 @@ WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 761cda4a2..b6a65fad2 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1241,6 +1241,7 @@ WARNING: untranslated string: ptr = PTR WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: required = Required diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 8b6e3efd0..1a4f62870 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1422,6 +1422,7 @@ WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received WARNING: untranslated string: red1 = RED +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 93ff3c636..8da6fe4b6 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1417,6 +1417,7 @@ WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received WARNING: untranslated string: red1 = RED +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 05c16e1c2..96fe71f7b 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1129,6 +1129,7 @@ WARNING: untranslated string: ptr = PTR WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received +WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date. WARNING: untranslated string: release = Release diff --git a/doc/language_missings b/doc/language_missings index eb58bd385..c92e1e6a3 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -78,6 +78,7 @@ < optional < quick control < random number generator daemon +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < required @@ -127,6 +128,7 @@ < log drop hostile out < openvpn cert expires soon < openvpn cert has expired +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < service boot setting unavailable @@ -153,6 +155,7 @@ < hostile networks total < log drop hostile in < log drop hostile out +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < spec rstack overflow @@ -542,6 +545,7 @@ < reboot fsck < rebooting ipfire fsck < received +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < release @@ -1086,6 +1090,7 @@ < rdns < rebooting ipfire fsck < received +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < required @@ -1970,6 +1975,7 @@ < rebooting ipfire fsck < received < red1 +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < release @@ -2965,6 +2971,7 @@ < rebooting ipfire fsck < received < red1 +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < release @@ -3440,6 +3447,7 @@ < reboot fsck < rebooting ipfire fsck < received +< regenerate host certificate < reiserfs warning1 < reiserfs warning2 < release diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index d82e6b5c9..9173a85d8 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -866,6 +866,12 @@ END exit(0); } ### +### Regenerate the host certificate +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'regenerate host certificate'}) { + $errormessage = ®enerate_host_certificate(); + +### ### Form for generating/importing the caroot+host certificate ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} || @@ -3612,7 +3618,12 @@ END 		 
+
+ + +
+