Merge branch 'master' into next

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 7992f21c58aba352c1c3548c2103b8d2f9ad2d66..b43420740037075b0b76173477333f86f0f8d90d 100644 (file)
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -75,6 +75,10 @@ make_backup() {
 restore_backup() {
        local filename="${1}"
 
+       # remove all openvpn certs to prevent old unusable
+       # certificates being left in directory after a restore
+       rm -f /var/ipfire/ovpn/certs/*
+
        # Extract backup
        if ! tar xvzpf "${filename}" -C / \
                        --exclude-from="/var/ipfire/backup/exclude" \

diff --git a/config/backup/includes/mpd b/config/backup/includes/mpd
new file mode 100644 (file)
index 0000000..a570a8d
--- /dev/null
+++ b/config/backup/includes/mpd
@@ -0,0 +1,4 @@
+/etc/asound.state
+/var/ipfire/mpd/db/
+/var/ipfire/mpd/mpd.conf
+/var/ipfire/mpd/mpd_state

diff --git a/config/backup/includes/mpfire b/config/backup/includes/mpfire
index 4ea18a2a1aedb1dcdf6089347dc0601fe126d0f4..a21e77a6f6fa6988e6866784932323cce3d323df 100644 (file)
--- a/config/backup/includes/mpfire
+++ b/config/backup/includes/mpfire
@@ -1,6 +1,2 @@
-/etc/asound.state
-/var/ipfire/mpfire/db/
-/var/ipfire/mpfire/mpd.conf
-/var/ipfire/mpfire/mpd_state
 /var/ipfire/mpfire/settings
 /var/ipfire/mpfire/webradio

diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt
index 59cc15df6e9ddcc3f273b5ac027662b6243df9c7..ed5e6cb17cab57dc8c4229a607428723e9354eb0 100644 (file)
--- a/config/ca-certificates/certdata.txt
+++ b/config/ca-certificates/certdata.txt
@@ -1294,138 +1294,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "Security Communication Root CA"
-#
-# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
-# Serial Number: 0 (0x0)
-# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
-# Not Valid Before: Tue Sep 30 04:20:49 2003
-# Not Valid After : Sat Sep 30 04:20:49 2023
-# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C
-# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Security Communication Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
-\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
-\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
-\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
-\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
-\101\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
-\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
-\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
-\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
-\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
-\101\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\000
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\132\060\202\002\102\240\003\002\001\002\002\001\000
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061\030
-\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040\124
-\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125\004
-\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155\155
-\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103\101
-\061\060\036\027\015\060\063\060\071\063\060\060\064\062\060\064
-\071\132\027\015\062\063\060\071\063\060\060\064\062\060\064\071
-\132\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120
-\061\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115
-\040\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003
-\125\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157
-\155\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164
-\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367
-\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
-\202\001\001\000\263\263\376\177\323\155\261\357\026\174\127\245
-\014\155\166\212\057\113\277\144\373\114\356\212\360\363\051\174
-\365\377\356\052\340\351\351\272\133\144\042\232\232\157\054\072
-\046\151\121\005\231\046\334\325\034\152\161\306\232\175\036\235
-\335\174\154\306\214\147\147\112\076\370\161\260\031\047\251\011
-\014\246\225\277\113\214\014\372\125\230\073\330\350\042\241\113
-\161\070\171\254\227\222\151\263\211\176\352\041\150\006\230\024
-\226\207\322\141\066\274\155\047\126\236\127\356\300\300\126\375
-\062\317\244\331\216\302\043\327\215\250\363\330\045\254\227\344
-\160\070\364\266\072\264\235\073\227\046\103\243\241\274\111\131
-\162\114\043\060\207\001\130\366\116\276\034\150\126\146\257\315
-\101\135\310\263\115\052\125\106\253\037\332\036\342\100\075\333
-\315\175\271\222\200\234\067\335\014\226\144\235\334\042\367\144
-\213\337\141\336\025\224\122\025\240\175\122\311\113\250\041\311
-\306\261\355\313\303\225\140\321\017\360\253\160\370\337\313\115
-\176\354\326\372\253\331\275\177\124\362\245\351\171\372\331\326
-\166\044\050\163\002\003\001\000\001\243\077\060\075\060\035\006
-\003\125\035\016\004\026\004\024\240\163\111\231\150\334\205\133
-\145\343\233\050\057\127\237\275\063\274\007\110\060\013\006\003
-\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\015\006\011\052\206
-\110\206\367\015\001\001\005\005\000\003\202\001\001\000\150\100
-\251\250\273\344\117\135\171\263\005\265\027\263\140\023\353\306
-\222\135\340\321\323\152\376\373\276\233\155\277\307\005\155\131
-\040\304\034\360\267\332\204\130\002\143\372\110\026\357\117\245
-\013\367\112\230\362\077\236\033\255\107\153\143\316\010\107\353
-\122\077\170\234\257\115\256\370\325\117\317\232\230\052\020\101
-\071\122\304\335\331\233\016\357\223\001\256\262\056\312\150\102
-\044\102\154\260\263\072\076\315\351\332\110\304\025\313\351\371
-\007\017\222\120\111\212\335\061\227\137\311\351\067\252\073\131
-\145\227\224\062\311\263\237\076\072\142\130\305\111\255\142\016
-\161\245\062\252\057\306\211\166\103\100\023\023\147\075\242\124
-\045\020\313\361\072\362\331\372\333\111\126\273\246\376\247\101
-\065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260
-\112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055
-\105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003
-\214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026
-\057\317\246\356\311\160\042\024\275\375\276\154\013\003
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "Security Communication Root CA"
-# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
-# Serial Number: 0 (0x0)
-# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
-# Not Valid Before: Tue Sep 30 04:20:49 2003
-# Not Valid After : Sat Sep 30 04:20:49 2023
-# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C
-# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Security Communication Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217
-\135\254\262\367
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\361\274\143\152\124\340\265\047\365\315\347\032\343\115\156\112
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
-\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
-\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
-\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
-\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
-\101\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\000
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "XRamp Global CA Root"
 #
@@ -13758,7 +13626,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \072\352
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -24617,3 +24485,877 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-Trust SBR Root CA 1 2022"
+#
+# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE
+# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95
+# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE
+# Not Valid Before: Wed Jul 06 11:30:00 2022
+# Not Valid After : Mon Jul 06 11:29:59 2037
+# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2
+# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\061\040\062\060\062\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\061\040\062\060\062\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011
+\214\225
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\136\060\202\001\343\240\003\002\001\002\002\020\122
+\317\344\214\155\240\112\367\077\202\227\014\200\011\214\225\060
+\012\006\010\052\206\110\316\075\004\003\003\060\111\061\013\060
+\011\006\003\125\004\006\023\002\104\105\061\025\060\023\006\003
+\125\004\012\023\014\104\055\124\162\165\163\164\040\107\155\142
+\110\061\043\060\041\006\003\125\004\003\023\032\104\055\124\162
+\165\163\164\040\123\102\122\040\122\157\157\164\040\103\101\040
+\061\040\062\060\062\062\060\036\027\015\062\062\060\067\060\066
+\061\061\063\060\060\060\132\027\015\063\067\060\067\060\066\061
+\061\062\071\065\071\132\060\111\061\013\060\011\006\003\125\004
+\006\023\002\104\105\061\025\060\023\006\003\125\004\012\023\014
+\104\055\124\162\165\163\164\040\107\155\142\110\061\043\060\041
+\006\003\125\004\003\023\032\104\055\124\162\165\163\164\040\123
+\102\122\040\122\157\157\164\040\103\101\040\061\040\062\060\062
+\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\131\223\071\366\214\111\146
+\050\327\141\014\310\253\177\014\243\055\337\242\244\174\222\053
+\150\325\056\176\036\100\313\264\150\111\177\022\241\253\177\127
+\237\031\056\143\056\133\376\146\161\014\063\017\271\336\153\304
+\210\303\261\357\354\071\100\343\226\253\333\345\173\256\037\334
+\371\257\106\232\152\106\006\057\307\067\144\213\027\142\376\226
+\303\242\356\204\340\260\227\071\274\243\201\217\060\201\214\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\361\051\243\036\001
+\022\035\075\165\126\115\307\120\174\305\031\252\017\030\267\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240\073
+\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055\164
+\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164
+\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143\141
+\137\061\137\062\060\062\062\056\143\162\154\060\012\006\010\052
+\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\227
+\371\336\256\113\217\230\265\036\100\177\062\175\115\124\103\332
+\211\315\302\252\222\074\321\202\036\163\317\372\114\222\040\373
+\143\047\305\365\163\075\011\075\367\247\141\206\214\363\152\002
+\061\000\347\057\174\270\365\045\214\073\071\037\066\253\215\365
+\206\242\056\341\172\144\332\147\071\002\376\376\063\077\331\163
+\266\130\133\072\374\262\244\331\140\170\167\314\171\247\246\256
+\125\275
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-Trust SBR Root CA 1 2022"
+# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE
+# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95
+# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE
+# Not Valid Before: Wed Jul 06 11:30:00 2022
+# Not Valid After : Mon Jul 06 11:29:59 2037
+# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2
+# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\017\122\072\153\116\175\035\030\005\245\110\371\115\315\344\303
+\036\033\351\346
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\023\074\033\202\352\156\352\355\144\142\351\132\171\005\151\004
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\061\040\062\060\062\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011
+\214\225
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-Trust SBR Root CA 2 2022"
+#
+# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE
+# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba
+# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Jul 07 07:30:00 2022
+# Not Valid After : Tue Jul 07 07:29:59 2037
+# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC
+# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\062\040\062\060\062\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\062\040\062\060\062\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041
+\112\272
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\254\060\202\003\224\240\003\002\001\002\002\020\124
+\325\243\225\036\075\225\272\162\033\232\320\061\041\112\272\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\111
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060
+\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040
+\107\155\142\110\061\043\060\041\006\003\125\004\003\023\032\104
+\055\124\162\165\163\164\040\123\102\122\040\122\157\157\164\040
+\103\101\040\062\040\062\060\062\062\060\036\027\015\062\062\060
+\067\060\067\060\067\063\060\060\060\132\027\015\063\067\060\067
+\060\067\060\067\062\071\065\071\132\060\111\061\013\060\011\006
+\003\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004
+\012\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061
+\043\060\041\006\003\125\004\003\023\032\104\055\124\162\165\163
+\164\040\123\102\122\040\122\157\157\164\040\103\101\040\062\040
+\062\060\062\062\060\202\002\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+\002\202\002\001\000\257\054\274\216\066\214\353\144\257\121\152
+\326\156\074\136\221\072\352\232\303\312\154\373\252\047\236\144
+\042\251\100\337\271\050\105\132\354\123\141\026\050\230\302\212
+\244\165\170\120\204\335\372\040\110\222\007\145\101\065\146\121
+\022\164\141\235\007\006\205\071\061\127\173\050\077\325\234\245
+\354\132\351\034\113\047\237\316\047\006\363\067\365\122\330\021
+\063\026\101\072\037\365\143\170\145\143\206\311\277\310\001\004
+\037\156\356\342\354\254\014\356\202\222\342\366\032\015\077\071
+\371\235\145\223\255\370\271\005\301\075\370\067\201\126\303\240
+\376\005\354\340\224\026\072\043\026\004\332\246\012\223\205\162
+\155\141\073\241\215\105\326\343\177\276\025\275\066\204\010\366
+\013\203\153\046\252\242\275\340\260\347\252\340\256\147\304\323
+\202\245\014\251\244\360\063\171\015\120\077\360\357\220\075\044
+\271\177\322\040\154\352\227\363\277\234\334\107\336\011\141\275
+\224\171\225\132\002\166\065\140\304\107\042\015\367\166\143\003
+\323\306\373\203\306\135\253\255\355\151\045\053\003\133\115\045
+\000\101\343\214\207\027\122\250\340\005\053\103\115\024\023\312
+\347\077\103\042\274\067\244\165\361\366\277\072\357\062\036\256
+\356\130\206\220\162\272\004\254\100\110\357\134\304\170\247\251
+\217\047\132\313\172\354\130\362\302\010\130\220\155\115\003\205
+\171\161\025\005\016\116\076\371\337\017\005\367\137\024\110\126
+\041\015\063\222\261\254\214\345\030\376\277\017\356\340\004\252
+\275\041\362\130\266\134\211\012\213\030\011\042\032\263\065\306
+\146\302\365\063\025\231\200\340\010\371\226\057\023\214\356\332
+\267\210\304\351\067\265\327\152\327\072\204\115\253\160\214\323
+\116\024\125\240\242\020\374\144\332\147\350\361\313\063\335\311
+\232\212\217\226\057\130\201\331\370\232\000\103\314\220\373\125
+\166\373\206\343\067\001\050\014\157\364\351\131\115\025\167\121
+\102\112\314\064\270\200\103\120\201\357\127\245\023\333\247\224
+\171\017\113\312\176\027\175\257\243\041\144\350\161\125\126\217
+\006\260\107\354\131\017\135\160\133\054\026\102\360\206\236\165
+\336\153\115\110\230\204\342\127\030\266\234\202\231\145\072\213
+\200\170\127\014\111\002\003\001\000\001\243\201\217\060\201\214
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\135\263\200\224
+\033\345\206\277\150\272\024\064\244\366\356\155\362\335\337\347
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240
+\073\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055
+\164\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055
+\164\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143
+\141\137\062\137\062\060\062\062\056\143\162\154\060\015\006\011
+\052\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000
+\064\124\056\130\030\126\315\112\275\227\323\365\175\053\334\257
+\017\121\341\115\274\041\113\223\364\000\104\023\007\020\013\045
+\030\076\110\131\226\367\241\341\223\220\170\146\032\075\043\353
+\042\253\001\246\216\014\121\063\346\155\214\061\356\254\244\001
+\160\071\110\336\307\146\054\153\015\313\163\237\207\222\351\076
+\107\037\270\357\057\356\267\126\214\110\211\360\070\247\025\071
+\262\356\300\077\027\244\163\002\010\234\274\006\212\244\302\267
+\141\141\371\303\333\304\320\172\174\141\336\261\130\221\365\335
+\145\114\057\013\370\353\075\265\355\212\276\167\034\272\131\002
+\022\146\161\345\230\047\316\016\075\257\121\242\105\371\202\373
+\132\245\224\160\367\213\204\303\114\145\045\233\173\342\037\060
+\160\263\100\216\072\356\275\364\347\150\305\235\311\051\107\161
+\016\223\310\265\110\116\365\146\273\007\210\161\151\153\173\110
+\216\157\360\021\304\264\311\160\024\230\040\275\355\247\352\001
+\332\156\245\233\022\376\076\104\060\263\360\353\165\122\300\364
+\303\372\167\046\244\167\202\055\157\363\050\036\116\225\360\060
+\367\211\370\054\242\120\133\362\276\062\176\154\124\333\162\311
+\052\132\340\034\266\013\330\122\232\131\241\343\260\001\047\305
+\240\026\120\146\334\353\256\155\364\233\133\075\204\155\133\207
+\347\251\211\273\156\270\340\233\123\211\300\377\056\100\032\211
+\104\056\030\103\147\070\344\174\162\137\331\243\051\045\101\101
+\075\034\167\033\144\250\303\125\356\143\161\146\142\203\364\177
+\046\231\240\124\073\241\022\155\160\142\316\323\371\270\275\042
+\374\324\232\324\273\342\070\026\057\267\175\071\302\260\251\003
+\351\234\317\176\030\215\166\334\137\021\273\353\102\354\120\011
+\076\134\354\220\061\330\032\162\272\077\151\007\356\230\064\302
+\064\244\326\332\023\326\251\204\362\000\206\300\124\272\036\021
+\260\342\271\304\007\264\221\347\252\346\061\126\157\261\104\304
+\052\142\274\311\260\145\234\064\374\014\032\123\337\041\027\273
+\302\155\241\012\346\361\260\252\104\011\120\111\070\172\135\161
+\342\061\056\031\260\337\225\102\004\175\204\210\316\012\043\147
+\153\070\235\026\336\006\376\050\160\070\245\132\256\374\203\355
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-Trust SBR Root CA 2 2022"
+# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE
+# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba
+# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Jul 07 07:30:00 2022
+# Not Valid After : Tue Jul 07 07:29:59 2037
+# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC
+# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\047\377\143\271\357\064\051\061\003\070\032\330\140\140\332\314
+\140\050\065\341
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\220\361\364\053\074\247\312\112\210\073\005\053\010\124\205\336
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023
+\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157
+\164\040\103\101\040\062\040\062\060\062\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041
+\112\272
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Telekom Security SMIME ECC Root 2021"
+#
+# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f
+# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Thu Mar 18 11:08:30 2021
+# Not Valid After : Sat Mar 17 23:59:59 2046
+# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55
+# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157
+\157\164\040\062\060\062\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157
+\157\164\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257
+\007\137
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\107\060\202\001\315\240\003\002\001\002\002\020\025
+\052\335\024\311\030\321\244\126\100\206\246\045\257\007\137\060
+\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060
+\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003
+\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145
+\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107
+\155\142\110\061\055\060\053\006\003\125\004\003\014\044\124\145
+\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\123
+\115\111\115\105\040\105\103\103\040\122\157\157\164\040\062\060
+\062\061\060\036\027\015\062\061\060\063\061\070\061\061\060\070
+\063\060\132\027\015\064\066\060\063\061\067\062\063\065\071\065
+\071\132\060\145\061\013\060\011\006\003\125\004\006\023\002\104
+\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165\164
+\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145\143
+\165\162\151\164\171\040\107\155\142\110\061\055\060\053\006\003
+\125\004\003\014\044\124\145\154\145\153\157\155\040\123\145\143
+\165\162\151\164\171\040\123\115\111\115\105\040\105\103\103\040
+\122\157\157\164\040\062\060\062\061\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\260\031\217\242\153\265\307\315\017\060\231\067\014\303\140
+\133\361\361\047\040\125\075\300\222\213\253\127\241\157\163\203
+\041\302\103\023\014\136\211\252\307\005\065\171\223\142\220\326
+\135\023\037\321\172\240\274\236\020\247\146\174\106\012\260\127
+\154\277\346\124\071\070\041\154\022\134\161\314\323\132\137\155
+\267\247\206\337\263\337\356\302\347\211\101\226\065\366\057\112
+\265\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024
+\053\313\001\014\143\303\123\022\245\250\127\257\320\234\203\373
+\275\220\072\113\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\012\006\010\052\206\110\316\075\004\003
+\003\003\150\000\060\145\002\061\000\326\274\110\222\207\107\003
+\307\160\073\045\266\037\256\106\147\163\164\000\047\113\344\245
+\004\242\003\337\136\050\255\156\136\003\310\335\150\234\266\277
+\224\020\110\225\057\017\377\030\213\002\060\001\100\063\236\227
+\227\115\005\362\164\124\014\315\071\375\152\153\011\301\044\077
+\141\216\070\241\267\350\327\104\025\021\142\377\016\141\067\107
+\113\100\177\112\137\262\147\132\163\165\302
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Telekom Security SMIME ECC Root 2021"
+# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f
+# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Thu Mar 18 11:08:30 2021
+# Not Valid After : Sat Mar 17 23:59:59 2046
+# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55
+# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\267\371\035\230\354\045\223\363\120\024\204\232\250\176\042\020
+\074\304\071\047
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\165\275\136\355\174\015\146\076\007\244\233\274\002\007\330\264
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157
+\157\164\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257
+\007\137
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Telekom Security TLS ECC Root 2020"
+#
+# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00
+# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Aug 25 07:48:20 2020
+# Not Valid After : Fri Aug 25 23:59:59 2045
+# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1
+# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164
+\040\062\060\062\060
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164
+\040\062\060\062\060
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345
+\127\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\102\060\202\001\311\240\003\002\001\002\002\020\066
+\072\226\214\311\134\262\130\315\320\001\135\305\345\127\000\060
+\012\006\010\052\206\110\316\075\004\003\003\060\143\061\013\060
+\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003
+\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145
+\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107
+\155\142\110\061\053\060\051\006\003\125\004\003\014\042\124\145
+\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\124
+\114\123\040\105\103\103\040\122\157\157\164\040\062\060\062\060
+\060\036\027\015\062\060\060\070\062\065\060\067\064\070\062\060
+\132\027\015\064\065\060\070\062\065\062\063\065\071\065\071\132
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164
+\040\062\060\062\060\060\166\060\020\006\007\052\206\110\316\075
+\002\001\006\005\053\201\004\000\042\003\142\000\004\316\277\376
+\127\250\277\325\252\367\020\232\315\274\321\021\242\275\147\102
+\314\220\353\025\030\220\331\242\315\014\052\045\353\076\117\316
+\265\322\217\017\363\065\332\103\213\002\200\276\157\121\044\035
+\017\153\053\312\237\302\157\120\062\345\067\040\266\040\377\210
+\015\017\155\111\273\333\006\244\207\220\222\224\364\011\320\317
+\177\310\200\013\301\227\263\273\065\047\311\302\033\243\102\060
+\100\060\035\006\003\125\035\016\004\026\004\024\343\162\314\156
+\225\231\107\261\346\263\141\114\321\313\253\343\272\315\336\237
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\012\006\010\052\206\110\316\075\004\003\003\003\147\000
+\060\144\002\060\165\122\213\267\244\020\117\256\112\020\213\262
+\204\133\102\341\346\052\066\002\332\240\156\031\077\045\277\332
+\131\062\216\344\373\220\334\223\144\316\255\264\101\107\140\342
+\317\247\313\036\002\060\067\101\214\146\337\101\153\326\203\000
+\101\375\057\132\367\120\264\147\321\054\250\161\327\103\312\234
+\047\044\221\203\110\015\317\315\367\124\201\257\354\177\344\147
+\333\270\220\356\335\045
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Telekom Security TLS ECC Root 2020"
+# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00
+# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Aug 25 07:48:20 2020
+# Not Valid After : Fri Aug 25 23:59:59 2045
+# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1
+# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\300\370\226\305\251\073\001\006\041\007\332\030\102\110\274\351
+\235\210\325\354
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\301\253\376\152\020\054\003\215\274\034\042\062\300\205\247\375
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164
+\040\062\060\062\060
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345
+\127\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Telekom Security SMIME RSA Root 2023"
+#
+# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8
+# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Mar 28 12:09:22 2023
+# Not Valid After : Fri Mar 27 23:59:59 2048
+# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48
+# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157
+\157\164\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157
+\157\164\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221
+\225\270
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\267\060\202\003\237\240\003\002\001\002\002\020\014
+\176\142\365\171\163\073\235\103\216\213\143\355\221\225\270\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060
+\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145
+\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164
+\171\040\107\155\142\110\061\055\060\053\006\003\125\004\003\014
+\044\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164
+\171\040\123\115\111\115\105\040\122\123\101\040\122\157\157\164
+\040\062\060\062\063\060\036\027\015\062\063\060\063\062\070\061
+\062\060\071\062\062\132\027\015\064\070\060\063\062\067\062\063
+\065\071\065\071\132\060\145\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\047\060\045\006\003\125\004\012\014\036\104
+\145\165\164\163\143\150\145\040\124\145\154\145\153\157\155\040
+\123\145\143\165\162\151\164\171\040\107\155\142\110\061\055\060
+\053\006\003\125\004\003\014\044\124\145\154\145\153\157\155\040
+\123\145\143\165\162\151\164\171\040\123\115\111\115\105\040\122
+\123\101\040\122\157\157\164\040\062\060\062\063\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\357\305\016
+\213\276\062\322\147\107\377\012\114\147\263\052\277\310\303\305
+\221\353\265\307\036\221\341\146\250\210\213\125\040\200\037\121
+\136\167\227\236\031\012\134\307\153\067\041\174\003\066\001\364
+\210\045\331\250\056\101\252\374\330\046\340\226\100\142\171\256
+\127\236\003\070\032\034\262\167\024\076\351\241\162\320\344\340
+\067\321\027\106\355\120\134\172\130\305\370\053\367\165\057\317
+\201\236\132\054\267\072\254\240\131\230\004\121\014\377\111\305
+\120\375\036\323\107\205\113\063\117\242\067\265\257\004\232\047
+\062\235\126\325\077\125\141\343\213\157\256\121\376\227\376\151
+\007\372\142\133\046\346\024\171\025\245\023\070\256\137\067\276
+\224\112\326\015\200\026\151\244\221\262\072\111\230\165\235\106
+\020\212\134\172\177\204\245\350\257\036\307\253\263\132\106\265
+\243\113\365\246\043\066\000\106\261\333\005\266\033\316\236\172
+\062\134\232\325\162\303\235\206\115\053\204\323\036\265\210\332
+\020\170\234\042\303\073\043\265\353\023\007\275\157\123\354\233
+\354\233\323\145\365\007\011\343\135\247\231\265\176\206\216\325
+\002\377\267\205\011\343\107\024\335\226\146\030\064\336\010\325
+\337\313\030\231\142\013\053\354\000\135\122\104\323\306\226\374
+\062\126\045\221\317\315\031\073\225\071\076\002\207\231\143\266
+\325\076\064\172\017\021\165\201\274\175\004\312\140\264\050\165
+\327\002\121\335\122\000\056\307\375\211\361\134\363\313\244\047
+\022\070\217\273\373\211\360\344\304\070\054\276\202\240\161\141
+\142\221\217\110\014\057\053\251\260\361\313\020\004\347\164\277
+\067\220\357\117\052\103\065\227\022\306\052\160\015\336\054\125
+\107\171\143\051\365\312\037\152\006\122\034\256\055\044\042\203
+\042\257\320\252\060\267\052\037\377\145\043\130\145\223\310\216
+\175\100\020\061\206\170\331\125\313\074\060\360\336\121\052\000
+\066\322\047\105\137\330\350\241\041\075\176\106\126\073\051\105
+\361\035\005\011\316\266\103\060\334\105\220\020\060\114\244\153
+\206\213\077\075\057\061\221\161\357\046\271\366\276\235\260\154
+\337\021\356\130\077\103\171\206\071\200\361\046\027\007\230\360
+\231\252\060\054\103\131\024\316\355\342\100\023\205\002\003\001
+\000\001\243\143\060\141\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\232\316\254\052\354\001\372\145\160\336\227\235\361\322\000
+\214\245\243\144\273\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\037\006\003\125\035\043\004\030\060
+\026\200\024\232\316\254\052\354\001\372\145\160\336\227\235\361
+\322\000\214\245\243\144\273\060\015\006\011\052\206\110\206\367
+\015\001\001\014\005\000\003\202\002\001\000\343\120\375\365\100
+\026\042\011\226\072\015\251\357\201\347\056\062\360\241\361\111
+\136\173\210\015\004\162\327\276\147\250\272\035\356\120\273\162
+\156\172\321\273\014\162\060\106\310\325\327\002\022\026\231\116
+\036\337\132\226\356\217\221\276\256\206\370\020\167\245\304\156
+\107\141\300\362\046\331\117\141\150\005\110\165\010\025\245\241
+\173\325\270\263\211\171\346\355\361\363\141\000\206\173\056\061
+\376\243\134\370\171\075\264\133\210\173\340\043\273\015\241\027
+\372\313\150\015\230\167\161\010\342\155\103\164\153\304\066\305
+\224\101\244\000\326\127\055\231\212\213\040\022\025\002\062\016
+\322\111\354\201\110\305\152\047\122\327\262\163\125\123\226\074
+\236\117\114\265\240\320\117\127\320\147\050\110\144\276\306\270
+\272\354\144\317\310\173\305\152\347\052\346\131\127\266\326\324
+\326\300\147\134\331\236\050\011\100\277\363\251\065\061\145\140
+\003\313\031\154\202\225\003\036\137\077\341\275\352\111\161\345
+\133\267\013\107\026\033\040\211\155\224\231\014\176\210\154\035
+\015\364\267\041\032\131\227\254\313\350\276\027\037\225\174\123
+\233\257\120\122\252\215\013\056\257\132\327\140\362\052\151\052
+\271\356\124\160\030\252\275\365\241\077\322\335\241\143\031\000
+\370\247\014\353\243\171\362\160\131\243\370\242\022\003\354\023
+\377\344\002\206\066\327\301\303\244\265\324\244\302\067\105\266
+\224\160\075\305\275\353\243\025\035\343\066\172\025\151\052\126
+\064\071\317\245\232\066\252\310\355\171\274\317\366\316\004\123
+\013\332\262\120\043\174\274\076\046\255\360\016\103\273\046\313
+\256\302\100\336\067\037\012\240\121\315\143\235\266\117\330\306
+\107\174\274\330\264\355\236\213\363\021\342\250\265\076\354\256
+\160\076\176\042\273\065\110\027\140\142\024\221\060\243\166\075
+\246\121\066\213\037\015\335\152\061\034\245\355\335\226\243\156
+\162\017\023\115\252\247\251\134\170\371\003\022\030\223\067\105
+\022\211\075\370\276\312\275\331\276\014\331\030\144\247\310\101
+\076\165\202\041\070\175\145\364\240\324\023\113\007\170\051\371
+\235\176\314\207\077\304\332\056\210\335\343\013\334\132\121\132
+\351\331\022\117\236\002\333\367\005\045\121
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Telekom Security SMIME RSA Root 2023"
+# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8
+# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Mar 28 12:09:22 2023
+# Not Valid After : Fri Mar 27 23:59:59 2048
+# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48
+# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\077\157\034\342\115\177\373\303\323\024\172\005\200\247\336
+\341\012\136\115
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\353\335\044\371\050\017\243\302\303\156\012\077\320\303\015\033
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004
+\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157
+\157\164\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221
+\225\270
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Telekom Security TLS RSA Root 2023"
+#
+# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97
+# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Mar 28 12:16:45 2023
+# Not Valid After : Fri Mar 27 23:59:59 2048
+# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46
+# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164
+\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164
+\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160
+\127\227
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\263\060\202\003\233\240\003\002\001\002\002\020\041
+\234\124\055\350\366\354\161\167\372\116\350\303\160\127\227\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\143
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060
+\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145
+\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164
+\171\040\107\155\142\110\061\053\060\051\006\003\125\004\003\014
+\042\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164
+\171\040\124\114\123\040\122\123\101\040\122\157\157\164\040\062
+\060\062\063\060\036\027\015\062\063\060\063\062\070\061\062\061
+\066\064\065\132\027\015\064\070\060\063\062\067\062\063\065\071
+\065\071\132\060\143\061\013\060\011\006\003\125\004\006\023\002
+\104\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165
+\164\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145
+\143\165\162\151\164\171\040\107\155\142\110\061\053\060\051\006
+\003\125\004\003\014\042\124\145\154\145\153\157\155\040\123\145
+\143\165\162\151\164\171\040\124\114\123\040\122\123\101\040\122
+\157\157\164\040\062\060\062\063\060\202\002\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
+\060\202\002\012\002\202\002\001\000\355\065\241\201\200\363\313
+\112\151\133\302\373\121\203\256\046\375\341\156\363\201\022\175
+\161\100\377\207\165\102\051\041\355\201\122\054\337\022\301\031
+\204\211\301\275\305\050\325\325\113\154\104\326\114\333\007\226
+\112\125\172\312\066\202\004\066\250\245\374\047\366\111\361\325
+\162\236\221\371\043\326\160\173\273\365\233\301\354\223\317\031
+\352\145\176\210\160\240\163\374\366\377\265\126\142\341\163\152
+\064\230\076\202\270\254\225\123\364\001\240\047\007\162\243\000
+\123\240\344\262\253\203\070\127\063\045\224\237\276\110\035\230
+\341\243\272\236\134\315\004\161\121\175\165\170\253\363\131\252
+\304\340\140\276\217\203\122\270\165\032\101\065\355\274\363\072
+\143\351\251\024\105\327\346\122\321\156\322\336\274\343\365\013
+\073\346\340\304\275\103\144\023\246\316\364\230\067\154\212\225
+\250\227\310\107\017\360\136\020\213\347\035\034\376\261\073\240
+\005\063\150\005\101\202\301\003\053\001\310\347\217\115\253\350
+\265\366\315\153\104\265\347\335\213\354\352\045\264\000\042\127
+\115\260\261\262\061\301\026\316\377\375\024\204\267\107\372\262
+\361\160\336\333\213\154\066\130\244\174\263\021\321\303\167\177
+\137\266\045\340\015\305\322\263\371\270\270\167\333\067\161\161
+\107\343\140\030\117\044\266\165\067\170\271\243\142\257\275\311
+\162\216\057\314\273\256\333\344\025\122\031\007\063\373\152\267
+\055\113\220\050\202\163\376\030\213\065\215\333\247\004\152\276
+\352\301\115\066\073\026\066\221\062\357\266\100\211\221\103\340
+\362\242\253\004\056\346\362\114\016\026\064\040\254\207\301\055
+\176\311\146\107\027\024\021\244\363\367\241\044\211\253\330\032
+\310\241\134\261\243\367\214\155\310\001\311\117\311\354\304\374
+\254\121\063\321\310\203\321\311\237\035\324\107\064\051\076\313
+\260\016\372\203\013\050\130\345\051\334\077\174\250\237\311\266
+\012\273\246\350\106\026\017\226\345\173\344\152\172\110\155\166
+\230\005\245\334\155\036\102\036\102\332\032\340\122\367\265\203
+\300\032\173\170\065\054\070\365\037\375\111\243\056\322\131\143
+\277\200\260\214\223\163\313\065\246\231\225\042\141\145\003\140
+\373\057\223\113\372\232\234\200\073\002\003\001\000\001\243\143
+\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+\001\006\060\035\006\003\125\035\016\004\026\004\024\266\247\227
+\202\075\164\205\233\367\074\237\223\232\225\171\165\122\214\155
+\107\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024\266
+\247\227\202\075\164\205\233\367\074\237\223\232\225\171\165\122
+\214\155\107\060\015\006\011\052\206\110\206\367\015\001\001\014
+\005\000\003\202\002\001\000\250\314\141\246\276\165\236\025\120
+\244\153\373\250\160\105\174\272\176\261\132\374\133\043\372\012
+\167\370\230\161\202\014\155\340\136\106\252\223\364\036\240\303
+\341\223\333\113\255\262\246\135\253\260\324\142\313\136\273\146
+\365\055\356\227\100\074\142\353\136\326\024\326\214\342\226\213
+\101\151\223\065\346\271\231\153\142\264\241\027\146\064\246\153
+\143\306\271\116\362\042\351\130\015\126\101\321\372\014\112\360
+\063\315\073\273\155\041\072\256\216\162\265\303\112\373\351\175
+\345\261\233\206\356\342\340\175\264\367\062\375\042\204\361\205
+\311\067\171\351\265\077\277\134\344\164\262\217\021\142\000\335
+\030\146\241\331\173\043\137\361\216\325\147\350\124\332\133\072
+\153\066\157\371\201\261\063\107\063\167\100\371\122\252\335\324
+\203\317\205\170\231\232\223\271\163\147\102\106\021\041\352\376
+\012\251\033\032\145\151\263\217\256\026\266\366\113\126\262\055
+\371\245\310\354\073\142\243\355\153\320\116\325\100\011\244\037
+\230\327\072\245\222\131\040\344\260\175\315\133\163\150\275\155
+\304\242\023\016\147\031\270\215\102\176\154\014\232\156\240\044
+\055\325\105\033\334\304\002\024\376\205\133\145\227\312\116\220
+\120\010\172\102\065\371\352\302\146\324\370\001\256\036\264\276
+\303\250\357\376\166\232\242\246\037\106\366\204\355\374\333\316
+\304\002\316\167\110\054\214\262\354\303\000\243\354\054\125\030
+\301\176\031\356\341\057\362\255\203\233\236\253\031\337\306\212
+\057\214\167\345\267\005\354\073\301\354\276\206\263\206\274\300
+\367\334\347\352\133\256\262\314\265\065\206\113\320\342\077\266
+\330\370\016\000\356\135\343\367\215\130\377\317\213\067\351\143
+\137\156\367\011\161\066\302\022\135\127\362\310\264\315\363\356
+\002\337\021\334\152\271\127\204\035\131\115\214\316\310\016\043
+\302\267\046\232\020\024\161\376\223\262\212\270\200\360\016\020
+\236\323\250\120\014\067\202\057\352\340\212\235\341\054\071\377
+\265\264\163\000\344\367\110\246\163\254\277\262\336\167\004\207
+\264\243\315\233\065\044\067\372\220\223\023\201\102\306\230\046
+\165\067\146\101\020\254\273\365\224\343\302\061\053\255\347\043
+\126\314\065\045\222\263\120
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Telekom Security TLS RSA Root 2023"
+# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97
+# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE
+# Not Valid Before: Tue Mar 28 12:16:45 2023
+# Not Valid After : Fri Mar 27 23:59:59 2048
+# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46
+# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\124\323\254\263\275\127\126\366\205\235\316\345\303\041\342\324
+\255\203\320\223
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\277\133\353\124\100\315\110\161\304\040\215\175\336\012\102\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004
+\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162
+\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164
+\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160
+\127\227
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

diff --git a/config/cfgroot/manualpages b/config/cfgroot/manualpages
index fe5ebc0b821cca8b7fa6239090588ea07fa7fe24..f70381f12fa6a5234246d84849d427432d7a6b37 100644 (file)
--- a/config/cfgroot/manualpages
+++ b/config/cfgroot/manualpages
@@ -2,7 +2,7 @@
 # The CGI files are referenced relative to the "/cgi-bin/" path
 
 # Fixed base URL (without trailing slash)
-BASE_URL=https://wiki.ipfire.org
+BASE_URL=https://www.ipfire.org/docs
 
 #      System menu
 index.cgi=configuration/system/startpage

diff --git a/config/menu/EX-mympd.menu b/config/menu/EX-mympd.menu
new file mode 100644 (file)
index 0000000..b3108d3
--- /dev/null
+++ b/config/menu/EX-mympd.menu
@@ -0,0 +1,5 @@
+    $subipfire->{'41.mympd'} = {'caption' => myMPD,
+                                 'uri' => '/cgi-bin/mympd.cgi',
+                                 'title' => myMPD,
+                                 'enabled' => 1,
+                                 };

diff --git a/config/menu/EX-transmission.menu b/config/menu/EX-transmission.menu
new file mode 100644 (file)
index 0000000..5199f6c
--- /dev/null
+++ b/config/menu/EX-transmission.menu
@@ -0,0 +1,5 @@
+    $subipfire->{'42.transmission'} = {'caption' => TransmissionBT,
+                                 'uri' => '/cgi-bin/transmission.cgi',
+                                 'title' => TransmissionBT,
+                                 'enabled' => 1,
+                                 };

diff --git a/config/menu/EX-vdr.menu b/config/menu/EX-vdr.menu
new file mode 100644 (file)
index 0000000..3164067
--- /dev/null
+++ b/config/menu/EX-vdr.menu
@@ -0,0 +1,5 @@
+    $subipfire->{'60.vdr'} = {'caption' => VDR,
+                                 'uri' => '/cgi-bin/vdr.cgi',
+                                 'title' => VDR,
+                                 'enabled' => 1,
+                                 };

diff --git a/config/mpfire/mpd.conf b/config/mpd/mpd.conf
similarity index 93%
rename from config/mpfire/mpd.conf
rename to config/mpd/mpd.conf
index d66481ecfdd6ef7ad33755a70876961f0b637f01..c4aabdf0b4bcfb4c10e5135cce6e6673fba500df 100644 (file)
--- a/config/mpfire/mpd.conf
+++ b/config/mpd/mpd.conf
@@ -5,7 +5,7 @@
 ##################### REQUIRED ###########################
 port "6600"
 music_directory "/var/mp3"
-playlist_directory "/var/ipfire/mpfire"
+playlist_directory "/var/ipfire/mpd"
 log_file "/var/log/mpd.log"
 pid_file "/var/run/mpd.pid"
 ##########################################################
@@ -18,7 +18,7 @@ pid_file "/var/run/mpd.pid"
 #
 # Location of DB file 
 #
-db_file                "/var/ipfire/mpfire/db/mpd.db"
+db_file                "/var/ipfire/mpd/db/mpd.db"
 #
 # The state file (if set) will be a file
 # for storing all current information 
@@ -27,7 +27,7 @@ db_file               "/var/ipfire/mpfire/db/mpd.db"
 # to recreate your last MPD session after
 # restart.
 #
-state_file "/var/ipfire/mpfire/mpd_state"
+state_file "/var/ipfire/mpd/mpd_state"
 #
 ##########################################################
 
@@ -104,12 +104,6 @@ audio_output {
 #
 audio_buffer_size      "2048"
 #
-# This means exactly what it says, it will
-# buffer your file up to the percentage of
-# the buffer before it begins playing.
-#
-buffer_before_play     "25%"
-#
 ##########################################################
 
 
@@ -189,9 +183,6 @@ connection_timeout  "60"
 #
 filesystem_charset              "UTF-8"
 #
-# The encoding that ID3v1 tags should be converted from.
-#
-id3v1_encoding                  "UTF-8"
 metadata_to_use "artist,album,title,track,name,comment,date,genre"
 #
 ################################################################

diff --git a/config/mpfire/mpfire.pl b/config/mpfire/mpfire.pl
index 66413145de61a1545bd4ac992a3801d6f7168f39..15abd78932143678bc40eada4a173555a95c5be0 100644 (file)
--- a/config/mpfire/mpfire.pl
+++ b/config/mpfire/mpfire.pl
@@ -87,7 +87,7 @@ sub shuffle(){
   }
 
 sub checkplaylist(){
- my $Datei = "/var/ipfire/mpfire/playlist.m3u";
+ my $Datei = "/var/ipfire/mpd/playlist.m3u";
  my @Info = stat($Datei);
  if ( $Info[7] eq '' || $Info[7] eq '0' ){print "There is no playlist";exit(1);}
 }

diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf
index 96c3dcb09dbbe99354ee24370c9844f4570bd72a..bfa7ad744c086aa54d83240c1b8fd23f3945f985 100644 (file)
--- a/config/ovpn/openssl/ovpn.cnf
+++ b/config/ovpn/openssl/ovpn.cnf
@@ -79,13 +79,10 @@ extendedKeyUsage               = clientAuth
 keyUsage                       = digitalSignature
 
 [ server ]
-
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints               = CA:FALSE
 nsCertType                     = server
 nsComment                      = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier           = hash
-authorityKeyIdentifier         = keyid,issuer:always 
 extendedKeyUsage               = serverAuth
 keyUsage                       = digitalSignature, keyEncipherment
 

diff --git a/config/rootfiles/common/aarch64/binutils b/config/rootfiles/common/aarch64/binutils
index 64bf0db7a31d8c682e3fef63011dfb2365dd2064..3f9475665bd59d66d19aeb1ae0736bf9919940c1 100644 (file)
--- a/config/rootfiles/common/aarch64/binutils
+++ b/config/rootfiles/common/aarch64/binutils
@@ -312,7 +312,8 @@ usr/lib/bfd-plugins/libdep.so
 #usr/lib/ldscripts/armelfb_linux_eabi.xu
 #usr/lib/ldscripts/armelfb_linux_eabi.xw
 #usr/lib/ldscripts/armelfb_linux_eabi.xwe
-usr/lib/libbfd-2.41.so
+#usr/lib/ldscripts/stamp
+usr/lib/libbfd-2.42.so
 #usr/lib/libbfd.a
 #usr/lib/libbfd.la
 #usr/lib/libbfd.so
@@ -331,7 +332,7 @@ usr/lib/libctf.so.0.0.0
 #usr/lib/libgprofng.so
 usr/lib/libgprofng.so.0
 usr/lib/libgprofng.so.0.0.0
-usr/lib/libopcodes-2.41.so
+usr/lib/libopcodes-2.42.so
 #usr/lib/libopcodes.a
 #usr/lib/libopcodes.la
 #usr/lib/libopcodes.so
@@ -405,6 +406,7 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/ja/LC_MESSAGES/ld.mo
 #usr/share/locale/ka/LC_MESSAGES/bfd.mo
 #usr/share/locale/ka/LC_MESSAGES/gprof.mo
+#usr/share/locale/ka/LC_MESSAGES/ld.mo
 #usr/share/locale/ms
 #usr/share/locale/ms/LC_MESSAGES
 #usr/share/locale/ms/LC_MESSAGES/gprof.mo
@@ -418,6 +420,7 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/ro/LC_MESSAGES/bfd.mo
 #usr/share/locale/ro/LC_MESSAGES/binutils.mo
 #usr/share/locale/ro/LC_MESSAGES/gprof.mo
+#usr/share/locale/ro/LC_MESSAGES/ld.mo
 #usr/share/locale/ro/LC_MESSAGES/opcodes.mo
 #usr/share/locale/ru/LC_MESSAGES/bfd.mo
 #usr/share/locale/ru/LC_MESSAGES/binutils.mo

diff --git a/config/rootfiles/common/aarch64/glibc b/config/rootfiles/common/aarch64/glibc
index f6cd12331b0eeea409bc1d49a6ff8a3554b4fb07..99481d6b30646e238e08e3be251103be7f4a486d 100644 (file)
--- a/config/rootfiles/common/aarch64/glibc
+++ b/config/rootfiles/common/aarch64/glibc
@@ -124,6 +124,7 @@ usr/bin/locale
 #usr/include/bits/netdb.h
 #usr/include/bits/param.h
 #usr/include/bits/poll.h
+#usr/include/bits/platform/features.h
 #usr/include/bits/poll2.h
 #usr/include/bits/posix1_lim.h
 #usr/include/bits/posix2_lim.h
@@ -168,6 +169,7 @@ usr/bin/locale
 #usr/include/bits/socket.h
 #usr/include/bits/socket2.h
 #usr/include/bits/socket_type.h
+#usr/include/bits/spawn_ext.h
 #usr/include/bits/ss_flags.h
 #usr/include/bits/stab.def
 #usr/include/bits/stat.h
@@ -176,6 +178,7 @@ usr/bin/locale
 #usr/include/bits/statx-generic.h
 #usr/include/bits/statx.h
 #usr/include/bits/stdint-intn.h
+#usr/include/bits/stdint-least.h
 #usr/include/bits/stdint-uintn.h
 #usr/include/bits/stdio-ldbl.h
 #usr/include/bits/stdio.h
@@ -417,6 +420,7 @@ usr/bin/locale
 #usr/include/signal.h
 #usr/include/spawn.h
 #usr/include/stab.h
+#usr/include/stdbit.h
 #usr/include/stdc-predef.h
 #usr/include/stdint.h
 #usr/include/stdio.h
@@ -808,7 +812,7 @@ usr/lib/gconv
 #usr/lib/libc_nonshared.a
 #usr/lib/libdl.a
 #usr/lib/libg.a
-#usr/lib/libm-2.38.a
+#usr/lib/libm-2.39.a
 #usr/lib/libm.a
 #usr/lib/libm.so
 #usr/lib/libmcheck.a
@@ -880,20 +884,6 @@ usr/lib/locale
 #usr/lib/locale/aa_ER/LC_PAPER
 #usr/lib/locale/aa_ER/LC_TELEPHONE
 #usr/lib/locale/aa_ER/LC_TIME
-#usr/lib/locale/aa_ER@saaho
-#usr/lib/locale/aa_ER@saaho/LC_ADDRESS
-#usr/lib/locale/aa_ER@saaho/LC_COLLATE
-#usr/lib/locale/aa_ER@saaho/LC_CTYPE
-#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION
-#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MONETARY
-#usr/lib/locale/aa_ER@saaho/LC_NAME
-#usr/lib/locale/aa_ER@saaho/LC_NUMERIC
-#usr/lib/locale/aa_ER@saaho/LC_PAPER
-#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE
-#usr/lib/locale/aa_ER@saaho/LC_TIME
 #usr/lib/locale/aa_ET
 #usr/lib/locale/aa_ET/LC_ADDRESS
 #usr/lib/locale/aa_ET/LC_COLLATE
@@ -2126,6 +2116,20 @@ usr/lib/locale
 #usr/lib/locale/cmn_TW/LC_PAPER
 #usr/lib/locale/cmn_TW/LC_TELEPHONE
 #usr/lib/locale/cmn_TW/LC_TIME
+#usr/lib/locale/crh_RU
+#usr/lib/locale/crh_RU/LC_ADDRESS
+#usr/lib/locale/crh_RU/LC_COLLATE
+#usr/lib/locale/crh_RU/LC_CTYPE
+#usr/lib/locale/crh_RU/LC_IDENTIFICATION
+#usr/lib/locale/crh_RU/LC_MEASUREMENT
+#usr/lib/locale/crh_RU/LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MONETARY
+#usr/lib/locale/crh_RU/LC_NAME
+#usr/lib/locale/crh_RU/LC_NUMERIC
+#usr/lib/locale/crh_RU/LC_PAPER
+#usr/lib/locale/crh_RU/LC_TELEPHONE
+#usr/lib/locale/crh_RU/LC_TIME
 #usr/lib/locale/crh_UA
 #usr/lib/locale/crh_UA/LC_ADDRESS
 #usr/lib/locale/crh_UA/LC_COLLATE
@@ -4142,6 +4146,20 @@ usr/lib/locale
 #usr/lib/locale/ga_IE@euro/LC_PAPER
 #usr/lib/locale/ga_IE@euro/LC_TELEPHONE
 #usr/lib/locale/ga_IE@euro/LC_TIME
+#usr/lib/locale/gbm_IN
+#usr/lib/locale/gbm_IN/LC_ADDRESS
+#usr/lib/locale/gbm_IN/LC_COLLATE
+#usr/lib/locale/gbm_IN/LC_CTYPE
+#usr/lib/locale/gbm_IN/LC_IDENTIFICATION
+#usr/lib/locale/gbm_IN/LC_MEASUREMENT
+#usr/lib/locale/gbm_IN/LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MONETARY
+#usr/lib/locale/gbm_IN/LC_NAME
+#usr/lib/locale/gbm_IN/LC_NUMERIC
+#usr/lib/locale/gbm_IN/LC_PAPER
+#usr/lib/locale/gbm_IN/LC_TELEPHONE
+#usr/lib/locale/gbm_IN/LC_TIME
 #usr/lib/locale/gd_GB
 #usr/lib/locale/gd_GB.utf8
 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS
@@ -4968,6 +4986,20 @@ usr/lib/locale
 #usr/lib/locale/ku_TR/LC_PAPER
 #usr/lib/locale/ku_TR/LC_TELEPHONE
 #usr/lib/locale/ku_TR/LC_TIME
+#usr/lib/locale/kv_RU
+#usr/lib/locale/kv_RU/LC_ADDRESS
+#usr/lib/locale/kv_RU/LC_COLLATE
+#usr/lib/locale/kv_RU/LC_CTYPE
+#usr/lib/locale/kv_RU/LC_IDENTIFICATION
+#usr/lib/locale/kv_RU/LC_MEASUREMENT
+#usr/lib/locale/kv_RU/LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MONETARY
+#usr/lib/locale/kv_RU/LC_NAME
+#usr/lib/locale/kv_RU/LC_NUMERIC
+#usr/lib/locale/kv_RU/LC_PAPER
+#usr/lib/locale/kv_RU/LC_TELEPHONE
+#usr/lib/locale/kv_RU/LC_TIME
 #usr/lib/locale/kw_GB
 #usr/lib/locale/kw_GB.utf8
 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS
@@ -6662,6 +6694,20 @@ usr/lib/locale
 #usr/lib/locale/ss_ZA/LC_PAPER
 #usr/lib/locale/ss_ZA/LC_TELEPHONE
 #usr/lib/locale/ss_ZA/LC_TIME
+#usr/lib/locale/ssy_ER
+#usr/lib/locale/ssy_ER/LC_ADDRESS
+#usr/lib/locale/ssy_ER/LC_COLLATE
+#usr/lib/locale/ssy_ER/LC_CTYPE
+#usr/lib/locale/ssy_ER/LC_IDENTIFICATION
+#usr/lib/locale/ssy_ER/LC_MEASUREMENT
+#usr/lib/locale/ssy_ER/LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MONETARY
+#usr/lib/locale/ssy_ER/LC_NAME
+#usr/lib/locale/ssy_ER/LC_NUMERIC
+#usr/lib/locale/ssy_ER/LC_PAPER
+#usr/lib/locale/ssy_ER/LC_TELEPHONE
+#usr/lib/locale/ssy_ER/LC_TIME
 #usr/lib/locale/st_ZA
 #usr/lib/locale/st_ZA.utf8
 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS
@@ -6690,6 +6736,20 @@ usr/lib/locale
 #usr/lib/locale/st_ZA/LC_PAPER
 #usr/lib/locale/st_ZA/LC_TELEPHONE
 #usr/lib/locale/st_ZA/LC_TIME
+#usr/lib/locale/su_ID
+#usr/lib/locale/su_ID/LC_ADDRESS
+#usr/lib/locale/su_ID/LC_COLLATE
+#usr/lib/locale/su_ID/LC_CTYPE
+#usr/lib/locale/su_ID/LC_IDENTIFICATION
+#usr/lib/locale/su_ID/LC_MEASUREMENT
+#usr/lib/locale/su_ID/LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MONETARY
+#usr/lib/locale/su_ID/LC_NAME
+#usr/lib/locale/su_ID/LC_NUMERIC
+#usr/lib/locale/su_ID/LC_PAPER
+#usr/lib/locale/su_ID/LC_TELEPHONE
+#usr/lib/locale/su_ID/LC_TIME
 #usr/lib/locale/sv_FI
 #usr/lib/locale/sv_FI.utf8
 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS
@@ -7054,6 +7114,20 @@ usr/lib/locale
 #usr/lib/locale/to_TO/LC_PAPER
 #usr/lib/locale/to_TO/LC_TELEPHONE
 #usr/lib/locale/to_TO/LC_TIME
+#usr/lib/locale/tok
+#usr/lib/locale/tok/LC_ADDRESS
+#usr/lib/locale/tok/LC_COLLATE
+#usr/lib/locale/tok/LC_CTYPE
+#usr/lib/locale/tok/LC_IDENTIFICATION
+#usr/lib/locale/tok/LC_MEASUREMENT
+#usr/lib/locale/tok/LC_MESSAGES
+#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/tok/LC_MONETARY
+#usr/lib/locale/tok/LC_NAME
+#usr/lib/locale/tok/LC_NUMERIC
+#usr/lib/locale/tok/LC_PAPER
+#usr/lib/locale/tok/LC_TELEPHONE
+#usr/lib/locale/tok/LC_TIME
 #usr/lib/locale/tpi_PG
 #usr/lib/locale/tpi_PG/LC_ADDRESS
 #usr/lib/locale/tpi_PG/LC_COLLATE
@@ -7502,6 +7576,20 @@ usr/lib/locale
 #usr/lib/locale/yuw_PG/LC_PAPER
 #usr/lib/locale/yuw_PG/LC_TELEPHONE
 #usr/lib/locale/yuw_PG/LC_TIME
+#usr/lib/locale/zgh_MA
+#usr/lib/locale/zgh_MA/LC_ADDRESS
+#usr/lib/locale/zgh_MA/LC_COLLATE
+#usr/lib/locale/zgh_MA/LC_CTYPE
+#usr/lib/locale/zgh_MA/LC_IDENTIFICATION
+#usr/lib/locale/zgh_MA/LC_MEASUREMENT
+#usr/lib/locale/zgh_MA/LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MONETARY
+#usr/lib/locale/zgh_MA/LC_NAME
+#usr/lib/locale/zgh_MA/LC_NUMERIC
+#usr/lib/locale/zgh_MA/LC_PAPER
+#usr/lib/locale/zgh_MA/LC_TELEPHONE
+#usr/lib/locale/zgh_MA/LC_TIME
 #usr/lib/locale/zh_CN
 #usr/lib/locale/zh_CN.gb18030
 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS
@@ -7941,7 +8029,6 @@ usr/lib/locale
 #usr/share/i18n/locales/POSIX
 #usr/share/i18n/locales/aa_DJ
 #usr/share/i18n/locales/aa_ER
-#usr/share/i18n/locales/aa_ER@saaho
 #usr/share/i18n/locales/aa_ET
 #usr/share/i18n/locales/ab_GE
 #usr/share/i18n/locales/af_ZA
@@ -8004,6 +8091,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ckb_IQ
 #usr/share/i18n/locales/cmn_TW
 #usr/share/i18n/locales/cns11643_stroke
+#usr/share/i18n/locales/crh_RU
 #usr/share/i18n/locales/crh_UA
 #usr/share/i18n/locales/cs_CZ
 #usr/share/i18n/locales/csb_PL
@@ -8093,6 +8181,7 @@ usr/lib/locale
 #usr/share/i18n/locales/fy_NL
 #usr/share/i18n/locales/ga_IE
 #usr/share/i18n/locales/ga_IE@euro
+#usr/share/i18n/locales/gbm_IN
 #usr/share/i18n/locales/gd_GB
 #usr/share/i18n/locales/gez_ER
 #usr/share/i18n/locales/gez_ER@abegede
@@ -8139,6 +8228,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ks_IN
 #usr/share/i18n/locales/ks_IN@devanagari
 #usr/share/i18n/locales/ku_TR
+#usr/share/i18n/locales/kv_RU
 #usr/share/i18n/locales/kw_GB
 #usr/share/i18n/locales/ky_KG
 #usr/share/i18n/locales/lb_LU
@@ -8232,7 +8322,9 @@ usr/lib/locale
 #usr/share/i18n/locales/sr_RS
 #usr/share/i18n/locales/sr_RS@latin
 #usr/share/i18n/locales/ss_ZA
+#usr/share/i18n/locales/ssy_ER
 #usr/share/i18n/locales/st_ZA
+#usr/share/i18n/locales/su_ID
 #usr/share/i18n/locales/sv_FI
 #usr/share/i18n/locales/sv_FI@euro
 #usr/share/i18n/locales/sv_SE
@@ -8254,6 +8346,7 @@ usr/lib/locale
 #usr/share/i18n/locales/tl_PH
 #usr/share/i18n/locales/tn_ZA
 #usr/share/i18n/locales/to_TO
+#usr/share/i18n/locales/tok
 #usr/share/i18n/locales/tpi_PG
 #usr/share/i18n/locales/tr_CY
 #usr/share/i18n/locales/tr_TR
@@ -8262,6 +8355,7 @@ usr/lib/locale
 #usr/share/i18n/locales/translit_cjk_variants
 #usr/share/i18n/locales/translit_combining
 #usr/share/i18n/locales/translit_compat
+#usr/share/i18n/locales/translit_emojis
 #usr/share/i18n/locales/translit_font
 #usr/share/i18n/locales/translit_fraction
 #usr/share/i18n/locales/translit_hangul
@@ -8291,6 +8385,7 @@ usr/lib/locale
 #usr/share/i18n/locales/yo_NG
 #usr/share/i18n/locales/yue_HK
 #usr/share/i18n/locales/yuw_PG
+#usr/share/i18n/locales/zgh_MA
 #usr/share/i18n/locales/zh_CN
 #usr/share/i18n/locales/zh_HK
 #usr/share/i18n/locales/zh_SG
@@ -8308,6 +8403,7 @@ usr/lib/locale
 #usr/share/info/libc.info-16
 #usr/share/info/libc.info-17
 #usr/share/info/libc.info-18
+#usr/share/info/libc.info-19
 #usr/share/info/libc.info-2
 #usr/share/info/libc.info-3
 #usr/share/info/libc.info-4

diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index b920dd248c1879c7ee311ff07534378e05135bd1..a286a15383393aa753b359fc9477c324e01bb977 100644 (file)
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -120,8 +120,11 @@ var/ipfire/menu.d/70-log.menu
 #var/ipfire/menu.d/EX-apcupsd.menu
 #var/ipfire/menu.d/EX-guardian.menu
 #var/ipfire/menu.d/EX-mpfire.menu
+#var/ipfire/menu.d/EX-mympd.menu
 #var/ipfire/menu.d/EX-samba.menu
 #var/ipfire/menu.d/EX-tor.menu
+#var/ipfire/menu.d/EX-transmission.menu
+#var/ipfire/menu.d/EX-vdr.menu
 #var/ipfire/menu.d/EX-wio.menu
 #var/ipfire/menu.d/EX-wlanap.menu
 var/ipfire/modem

diff --git a/config/rootfiles/common/elfutils b/config/rootfiles/common/elfutils
index 830638e2be01ff8d561893033161a869fe8806ae..04773db9f46c612417206cdbb043a84f3fe7d66a 100644 (file)
--- a/config/rootfiles/common/elfutils
+++ b/config/rootfiles/common/elfutils
@@ -28,15 +28,15 @@
 #usr/include/gelf.h
 #usr/include/libelf.h
 #usr/include/nlist.h
-usr/lib/libasm-0.190.so
+usr/lib/libasm-0.191.so
 #usr/lib/libasm.a
 #usr/lib/libasm.so
 usr/lib/libasm.so.1
-usr/lib/libdw-0.190.so
+usr/lib/libdw-0.191.so
 #usr/lib/libdw.a
 #usr/lib/libdw.so
 usr/lib/libdw.so.1
-usr/lib/libelf-0.190.so
+usr/lib/libelf-0.191.so
 #usr/lib/libelf.a
 #usr/lib/libelf.so
 usr/lib/libelf.so.1

diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat
index 499f99f8eeb10d81bae4a398e636f47b035db87d..2ab49e910ebad5fc55fa65ddeff157522629bb66 100644 (file)
--- a/config/rootfiles/common/expat
+++ b/config/rootfiles/common/expat
@@ -3,21 +3,21 @@
 #usr/include/expat_config.h
 #usr/include/expat_external.h
 #usr/lib/cmake
-#usr/lib/cmake/expat-2.6.0
-#usr/lib/cmake/expat-2.6.0/expat-config-version.cmake
-#usr/lib/cmake/expat-2.6.0/expat-config.cmake
-#usr/lib/cmake/expat-2.6.0/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.6.0/expat.cmake
+#usr/lib/cmake/expat-2.6.2
+#usr/lib/cmake/expat-2.6.2/expat-config-version.cmake
+#usr/lib/cmake/expat-2.6.2/expat-config.cmake
+#usr/lib/cmake/expat-2.6.2/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.6.2/expat.cmake
 #usr/lib/libexpat.la
 #usr/lib/libexpat.so
 usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.9.0
+usr/lib/libexpat.so.1.9.2
 #usr/lib/pkgconfig/expat.pc
 #usr/share/doc/expat
-#usr/share/doc/expat-2.6.0
-#usr/share/doc/expat-2.6.0/ok.min.css
-#usr/share/doc/expat-2.6.0/reference.html
-#usr/share/doc/expat-2.6.0/style.css
+#usr/share/doc/expat-2.6.2
+#usr/share/doc/expat-2.6.2/ok.min.css
+#usr/share/doc/expat-2.6.2/reference.html
+#usr/share/doc/expat-2.6.2/style.css
 #usr/share/doc/expat/AUTHORS
 #usr/share/doc/expat/changelog
 #usr/share/man/man1/xmlwf.1

diff --git a/config/rootfiles/common/gdb b/config/rootfiles/common/gdb
index 6a366ac7d148c376e775816bffa2384ddbe73aaa..be23b3e79bebcb1735ab772dfb2f3ff4aabec00b 100644 (file)
--- a/config/rootfiles/common/gdb
+++ b/config/rootfiles/common/gdb
@@ -2,14 +2,10 @@
 #usr/bin/gdb
 #usr/bin/gdb-add-index
 #usr/bin/gdbserver
-#usr/bin/run
 #usr/include/gdb
 #usr/include/gdb/jit-reader.h
 #usr/include/sim
-#usr/include/sim/callback.h
-#usr/include/sim/sim.h
 #usr/lib/libinproctrace.so
-#usr/lib/libsim.a
 #usr/share/gdb/python
 #usr/share/gdb/python/gdb
 #usr/share/gdb/python/gdb/FrameDecorator.py
@@ -24,6 +20,29 @@
 #usr/share/gdb/python/gdb/command/type_printers.py
 #usr/share/gdb/python/gdb/command/unwinders.py
 #usr/share/gdb/python/gdb/command/xmethods.py
+#usr/share/gdb/python/gdb/dap
+#usr/share/gdb/python/gdb/dap/__init__.py
+#usr/share/gdb/python/gdb/dap/breakpoint.py
+#usr/share/gdb/python/gdb/dap/bt.py
+#usr/share/gdb/python/gdb/dap/disassemble.py
+#usr/share/gdb/python/gdb/dap/evaluate.py
+#usr/share/gdb/python/gdb/dap/events.py
+#usr/share/gdb/python/gdb/dap/frames.py
+#usr/share/gdb/python/gdb/dap/io.py
+#usr/share/gdb/python/gdb/dap/launch.py
+#usr/share/gdb/python/gdb/dap/locations.py
+#usr/share/gdb/python/gdb/dap/memory.py
+#usr/share/gdb/python/gdb/dap/modules.py
+#usr/share/gdb/python/gdb/dap/next.py
+#usr/share/gdb/python/gdb/dap/pause.py
+#usr/share/gdb/python/gdb/dap/scopes.py
+#usr/share/gdb/python/gdb/dap/server.py
+#usr/share/gdb/python/gdb/dap/sources.py
+#usr/share/gdb/python/gdb/dap/startup.py
+#usr/share/gdb/python/gdb/dap/state.py
+#usr/share/gdb/python/gdb/dap/threads.py
+#usr/share/gdb/python/gdb/dap/typecheck.py
+#usr/share/gdb/python/gdb/dap/varref.py
 #usr/share/gdb/python/gdb/disassembler.py
 #usr/share/gdb/python/gdb/frames.py
 #usr/share/gdb/python/gdb/function
@@ -70,6 +89,7 @@
 #usr/share/info/gdb.info-6
 #usr/share/info/gdb.info-7
 #usr/share/info/gdb.info-8
+#usr/share/info/gdb.info-9
 #usr/share/info/stabs.info
 #usr/share/man/man1/gcore.1
 #usr/share/man/man1/gdb-add-index.1

diff --git a/config/rootfiles/common/glib b/config/rootfiles/common/glib
index 4481c2c7e5a4e771e5ed8a828f64d1caff9bb2b3..251004a6179355e8e8338fa071c1e6530ed2de03 100644 (file)
--- a/config/rootfiles/common/glib
+++ b/config/rootfiles/common/glib
@@ -571,4 +571,3 @@ usr/lib/libgthread-2.0.so.0.7700.0
 #usr/share/locale/zh_HK/LC_MESSAGES
 #usr/share/locale/zh_HK/LC_MESSAGES/glib20.mo
 #usr/share/locale/zh_TW/LC_MESSAGES/glib20.mo
-

diff --git a/config/rootfiles/common/i2c-tools b/config/rootfiles/common/i2c-tools
index 7dec1eec1cb513e3acd7b9294b42f18dc454d918..da9cb57b4fb30524a1790bc93fc75718116d17d7 100644 (file)
--- a/config/rootfiles/common/i2c-tools
+++ b/config/rootfiles/common/i2c-tools
@@ -22,4 +22,3 @@ usr/sbin/i2ctransfer
 #usr/share/man/man8/i2cget.8
 #usr/share/man/man8/i2cset.8
 #usr/share/man/man8/i2ctransfer.8
-

diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2
index fb68e31f24ec51d9cdb0b87cd861d76c41d8f35e..da7134d2dc9e7ddbae43080d5c5064e917784953 100644 (file)
--- a/config/rootfiles/common/iproute2
+++ b/config/rootfiles/common/iproute2
@@ -30,8 +30,6 @@ sbin/vdpa
 #usr/include/iproute2/bpf_elf.h
 #usr/lib/tc
 #usr/lib/tc/experimental.dist
-usr/lib/tc/m_ipt.so
-usr/lib/tc/m_xt.so
 #usr/lib/tc/normal.dist
 #usr/lib/tc/pareto.dist
 #usr/lib/tc/paretonormal.dist
@@ -129,6 +127,7 @@ usr/share/bash-completion/completions/tc
 #usr/share/man/man8/tc-fq_codel.8
 #usr/share/man/man8/tc-fq_pie.8
 #usr/share/man/man8/tc-fw.8
+#usr/share/man/man8/tc-gact.8
 #usr/share/man/man8/tc-gate.8
 #usr/share/man/man8/tc-hfsc.8
 #usr/share/man/man8/tc-htb.8
@@ -160,7 +159,6 @@ usr/share/bash-completion/completions/tc
 #usr/share/man/man8/tc-tunnel_key.8
 #usr/share/man/man8/tc-u32.8
 #usr/share/man/man8/tc-vlan.8
-#usr/share/man/man8/tc-xt.8
 #usr/share/man/man8/tc.8
 #usr/share/man/man8/tipc-bearer.8
 #usr/share/man/man8/tipc-link.8

diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot
index 6660b27d11cc4e8afb5f6eade806060383f3a03c..0fc076c104e55b35eadd42ae747f057addd2ca91 100644 (file)
--- a/config/rootfiles/common/knot
+++ b/config/rootfiles/common/knot
@@ -9,7 +9,7 @@ usr/lib/libdnssec.so.9.0.0
 #usr/lib/libknot.la
 #usr/lib/libknot.lai
 #usr/lib/libknot.so
-usr/lib/libknot.so.13
-usr/lib/libknot.so.13.0.0
+usr/lib/libknot.so.14
+usr/lib/libknot.so.14.0.0
 #usr/lib/libknotus.a
 #usr/lib/libknotus.la

diff --git a/config/rootfiles/common/libffi b/config/rootfiles/common/libffi
index 02c161e54b303ae5c36b101355879283b35185c0..41cf2959388fc4802a36dfbdb2fcd33603a1d8f2 100644 (file)
--- a/config/rootfiles/common/libffi
+++ b/config/rootfiles/common/libffi
@@ -4,7 +4,7 @@
 #usr/lib/libffi.la
 #usr/lib/libffi.so
 usr/lib/libffi.so.8
-usr/lib/libffi.so.8.1.2
+usr/lib/libffi.so.8.1.4
 #usr/lib/pkgconfig/libffi.pc
 #usr/share/info/libffi.info
 #usr/share/man/man3/ffi.3

diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error
index 08079ed9c567a6062bc243939080c7131d6e28e7..ce3492a246b445c012d0a5f2f03e8e1c43c58a0c 100644 (file)
--- a/config/rootfiles/common/libgpg-error
+++ b/config/rootfiles/common/libgpg-error
@@ -6,7 +6,7 @@ usr/bin/gpg-error
 #usr/lib/libgpg-error.la
 #usr/lib/libgpg-error.so
 usr/lib/libgpg-error.so.0
-usr/lib/libgpg-error.so.0.34.0
+usr/lib/libgpg-error.so.0.35.0
 #usr/lib/pkgconfig/gpg-error.pc
 #usr/share/aclocal/gpg-error.m4
 #usr/share/aclocal/gpgrt.m4

diff --git a/config/rootfiles/common/meson b/config/rootfiles/common/meson
index ff8e294d17d984eb830cca4d5c7d36ae4e30ff90..6db0e34edf0869c16080728a8e83d8f866281989 100644 (file)
--- a/config/rootfiles/common/meson
+++ b/config/rootfiles/common/meson
@@ -1,11 +1,11 @@
 #usr/bin/meson
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/PKG-INFO
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/SOURCES.txt
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/dependency_links.txt
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/entry_points.txt
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/requires.txt
-#usr/lib/python3.10/site-packages/meson-1.3.1-py3.10.egg-info/top_level.txt
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/entry_points.txt
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/requires.txt
+#usr/lib/python3.10/site-packages/meson-1.4.0-py3.10.egg-info/top_level.txt
 #usr/lib/python3.10/site-packages/mesonbuild
 #usr/lib/python3.10/site-packages/mesonbuild/__init__.py
 #usr/lib/python3.10/site-packages/mesonbuild/_pathlib.py

diff --git a/config/rootfiles/common/newt b/config/rootfiles/common/newt
index b3d9a581b2839a19d4b44996b166cf8fc1da490f..adcc9cace608200df20ce57271fbfdaca0eeec10 100644 (file)
--- a/config/rootfiles/common/newt
+++ b/config/rootfiles/common/newt
@@ -3,7 +3,7 @@ usr/bin/whiptail
 #usr/lib/libnewt.a
 #usr/lib/libnewt.so
 usr/lib/libnewt.so.0.52
-usr/lib/libnewt.so.0.52.23
+usr/lib/libnewt.so.0.52.24
 #usr/lib/pkgconfig/libnewt.pc
 #usr/lib/python3.10/site-packages/_snack.so
 #usr/lib/python3.10/site-packages/snack.py

diff --git a/config/rootfiles/common/openjpeg b/config/rootfiles/common/openjpeg
index 7d1effd4080903d0b9df3280d5892efad560e6bf..19a9198e7aca3a1a82632d3f1a01190f9f78ba40 100644 (file)
--- a/config/rootfiles/common/openjpeg
+++ b/config/rootfiles/common/openjpeg
@@ -4,12 +4,12 @@ usr/bin/opj_dump
 #usr/include/openjpeg-2.5
 #usr/include/openjpeg-2.5/openjpeg.h
 #usr/include/openjpeg-2.5/opj_config.h
-#usr/include/openjpeg-2.5/opj_stdint.h
+#usr/lib/cmake/openjpeg-2.5
+#usr/lib/cmake/openjpeg-2.5/OpenJPEGConfig.cmake
+#usr/lib/cmake/openjpeg-2.5/OpenJPEGConfigVersion.cmake
+#usr/lib/cmake/openjpeg-2.5/OpenJPEGTargets-release.cmake
+#usr/lib/cmake/openjpeg-2.5/OpenJPEGTargets.cmake
 #usr/lib/libopenjp2.so
-usr/lib/libopenjp2.so.2.5.0
+usr/lib/libopenjp2.so.2.5.2
 usr/lib/libopenjp2.so.7
-#usr/lib/openjpeg-2.5
-#usr/lib/openjpeg-2.5/OpenJPEGConfig.cmake
-#usr/lib/openjpeg-2.5/OpenJPEGTargets-release.cmake
-#usr/lib/openjpeg-2.5/OpenJPEGTargets.cmake
 #usr/lib/pkgconfig/libopenjp2.pc

diff --git a/config/rootfiles/common/pango b/config/rootfiles/common/pango
index a50610e7c579293bf95dfdcd6f25c051a0af0731..4cfba12c271d4c794e524990f839c1e650c27494 100644 (file)
--- a/config/rootfiles/common/pango
+++ b/config/rootfiles/common/pango
@@ -41,13 +41,13 @@ usr/bin/pango-view
 #usr/include/pango-1.0/pango/pangoft2.h
 #usr/lib/libpango-1.0.so
 usr/lib/libpango-1.0.so.0
-usr/lib/libpango-1.0.so.0.5000.13
+usr/lib/libpango-1.0.so.0.5200.0
 #usr/lib/libpangocairo-1.0.so
 usr/lib/libpangocairo-1.0.so.0
-usr/lib/libpangocairo-1.0.so.0.5000.13
+usr/lib/libpangocairo-1.0.so.0.5200.0
 #usr/lib/libpangoft2-1.0.so
 usr/lib/libpangoft2-1.0.so.0
-usr/lib/libpangoft2-1.0.so.0.5000.13
+usr/lib/libpangoft2-1.0.so.0.5200.0
 #usr/lib/pkgconfig/pango.pc
 #usr/lib/pkgconfig/pangocairo.pc
 #usr/lib/pkgconfig/pangofc.pc

diff --git a/config/rootfiles/common/pciutils b/config/rootfiles/common/pciutils
index 491bf0567317ab17b9e0860f590d71eef325da4c..b23079526016ea376f4808ca476961dda09bdb67 100644 (file)
--- a/config/rootfiles/common/pciutils
+++ b/config/rootfiles/common/pciutils
@@ -1,7 +1,7 @@
 bin/lspci
 bin/setpci
 lib/libpci.so.3
-lib/libpci.so.3.10.0
+lib/libpci.so.3.11.1
 sbin/update-pciids
 #usr/include/pci
 #usr/include/pci/config.h

diff --git a/config/rootfiles/common/perl b/config/rootfiles/common/perl
index fb360c874799d8b9ea79d56da9720d9d78b59f97..94e37db0e837fb0fd7b173ef83c742c0ab6618bc 100644 (file)
--- a/config/rootfiles/common/perl
+++ b/config/rootfiles/common/perl
@@ -2797,4 +2797,3 @@ usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/threads/shared.pm
 #usr/share/man/man3/vmsish.3
 #usr/share/man/man3/warnings.3
 #usr/share/man/man3/warnings::register.3
-

diff --git a/config/rootfiles/common/pixman b/config/rootfiles/common/pixman
index c48845cdefa1fcb70059d014844e8c19b821cb36..d6ed58f3cdd857b46f69b0521e71da14511ffa45 100644 (file)
--- a/config/rootfiles/common/pixman
+++ b/config/rootfiles/common/pixman
@@ -3,5 +3,5 @@
 #usr/include/pixman-1/pixman.h
 #usr/lib/libpixman-1.so
 usr/lib/libpixman-1.so.0
-usr/lib/libpixman-1.so.0.43.0
+usr/lib/libpixman-1.so.0.43.4
 #usr/lib/pkgconfig/pixman-1.pc

diff --git a/config/rootfiles/common/poppler b/config/rootfiles/common/poppler
index 68deecd650c3e1e3e424a780cd43808f5f9d3a64..192011364bb043cbd62e66ebbd64443c849d5d41 100644 (file)
--- a/config/rootfiles/common/poppler
+++ b/config/rootfiles/common/poppler
@@ -173,8 +173,8 @@ usr/lib/libpoppler-cpp.so.0.11.0
 usr/lib/libpoppler-glib.so.8
 usr/lib/libpoppler-glib.so.8.26.0
 #usr/lib/libpoppler.so
-usr/lib/libpoppler.so.133
-usr/lib/libpoppler.so.133.0.0
+usr/lib/libpoppler.so.135
+usr/lib/libpoppler.so.135.0.0
 #usr/lib/pkgconfig/poppler-cpp.pc
 #usr/lib/pkgconfig/poppler-glib.pc
 #usr/lib/pkgconfig/poppler.pc

diff --git a/config/rootfiles/common/qpdf b/config/rootfiles/common/qpdf
index 4bc9120cce6d75e65d8cc90457438f2a6cdd952a..322845aa0ec4232086f10714bbc7c3a2a2abfe9f 100644 (file)
--- a/config/rootfiles/common/qpdf
+++ b/config/rootfiles/common/qpdf
@@ -66,6 +66,7 @@ usr/bin/qpdf
 #usr/include/qpdf/auto_job_c_enc.hh
 #usr/include/qpdf/auto_job_c_main.hh
 #usr/include/qpdf/auto_job_c_pages.hh
+#usr/include/qpdf/auto_job_c_set_page_labels.hh
 #usr/include/qpdf/auto_job_c_uo.hh
 #usr/include/qpdf/qpdf-c.h
 #usr/include/qpdf/qpdfjob-c.h
@@ -77,7 +78,7 @@ usr/bin/qpdf
 #usr/lib/cmake/qpdf/qpdfConfigVersion.cmake
 #usr/lib/libqpdf.so
 usr/lib/libqpdf.so.29
-usr/lib/libqpdf.so.29.7.0
+usr/lib/libqpdf.so.29.9.0
 #usr/lib/pkgconfig/libqpdf.pc
 #usr/share/doc/qpdf
 #usr/share/doc/qpdf/README-doc.txt

diff --git a/config/rootfiles/common/riscv64/binutils b/config/rootfiles/common/riscv64/binutils
index 6ecd90ac28a14f4d9812489b8cc6f32b1bc37761..88dadbe6bbdd9531d889517b0727dd4f771639d4 100644 (file)
--- a/config/rootfiles/common/riscv64/binutils
+++ b/config/rootfiles/common/riscv64/binutils
@@ -293,7 +293,8 @@ usr/bin/strings
 #usr/lib/ldscripts/elf64lriscv_lp64f.xu
 #usr/lib/ldscripts/elf64lriscv_lp64f.xw
 #usr/lib/ldscripts/elf64lriscv_lp64f.xwe
-usr/lib/libbfd-2.41.so
+#usr/lib/ldscripts/stamp
+usr/lib/libbfd-2.42.so
 #usr/lib/libbfd.a
 #usr/lib/libbfd.la
 #usr/lib/libbfd.so
@@ -307,7 +308,7 @@ usr/lib/libctf-nobfd.so.0.0.0
 #usr/lib/libctf.so
 usr/lib/libctf.so.0
 usr/lib/libctf.so.0.0.0
-usr/lib/libopcodes-2.41.so
+usr/lib/libopcodes-2.42.so
 #usr/lib/libopcodes.a
 #usr/lib/libopcodes.la
 #usr/lib/libopcodes.so
@@ -380,6 +381,7 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/ja/LC_MESSAGES/ld.mo
 #usr/share/locale/ka/LC_MESSAGES/bfd.mo
 #usr/share/locale/ka/LC_MESSAGES/gprof.mo
+#usr/share/locale/ka/LC_MESSAGES/ld.mo
 #usr/share/locale/ms
 #usr/share/locale/ms/LC_MESSAGES
 #usr/share/locale/ms/LC_MESSAGES/gprof.mo
@@ -393,6 +395,7 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/ro/LC_MESSAGES/bfd.mo
 #usr/share/locale/ro/LC_MESSAGES/binutils.mo
 #usr/share/locale/ro/LC_MESSAGES/gprof.mo
+#usr/share/locale/ro/LC_MESSAGES/ld.mo
 #usr/share/locale/ro/LC_MESSAGES/opcodes.mo
 #usr/share/locale/ru/LC_MESSAGES/bfd.mo
 #usr/share/locale/ru/LC_MESSAGES/binutils.mo

diff --git a/config/rootfiles/common/riscv64/glibc b/config/rootfiles/common/riscv64/glibc
index cf1df065a6c5a9bb841a0ca127db38ed4110194f..1ee4b92bdb10376f5c7e98d62e5a084e2680f0b2 100644 (file)
--- a/config/rootfiles/common/riscv64/glibc
+++ b/config/rootfiles/common/riscv64/glibc
@@ -124,6 +124,7 @@ usr/bin/locale
 #usr/include/bits/param.h
 #usr/include/bits/poll.h
 #usr/include/bits/poll2.h
+#usr/include/bits/platform/features.h
 #usr/include/bits/posix1_lim.h
 #usr/include/bits/posix2_lim.h
 #usr/include/bits/posix_opt.h
@@ -167,6 +168,7 @@ usr/bin/locale
 #usr/include/bits/socket.h
 #usr/include/bits/socket2.h
 #usr/include/bits/socket_type.h
+#usr/include/bits/spawn_ext.h
 #usr/include/bits/ss_flags.h
 #usr/include/bits/stab.def
 #usr/include/bits/stat.h
@@ -175,6 +177,7 @@ usr/bin/locale
 #usr/include/bits/statx-generic.h
 #usr/include/bits/statx.h
 #usr/include/bits/stdint-intn.h
+#usr/include/bits/stdint-least.h
 #usr/include/bits/stdint-uintn.h
 #usr/include/bits/stdio-ldbl.h
 #usr/include/bits/stdio.h
@@ -416,6 +419,7 @@ usr/bin/locale
 #usr/include/signal.h
 #usr/include/spawn.h
 #usr/include/stab.h
+#usr/include/stdbit.h
 #usr/include/stdc-predef.h
 #usr/include/stdint.h
 #usr/include/stdio.h
@@ -875,20 +879,6 @@ usr/lib/locale
 #usr/lib/locale/aa_ER/LC_PAPER
 #usr/lib/locale/aa_ER/LC_TELEPHONE
 #usr/lib/locale/aa_ER/LC_TIME
-#usr/lib/locale/aa_ER@saaho
-#usr/lib/locale/aa_ER@saaho/LC_ADDRESS
-#usr/lib/locale/aa_ER@saaho/LC_COLLATE
-#usr/lib/locale/aa_ER@saaho/LC_CTYPE
-#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION
-#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MONETARY
-#usr/lib/locale/aa_ER@saaho/LC_NAME
-#usr/lib/locale/aa_ER@saaho/LC_NUMERIC
-#usr/lib/locale/aa_ER@saaho/LC_PAPER
-#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE
-#usr/lib/locale/aa_ER@saaho/LC_TIME
 #usr/lib/locale/aa_ET
 #usr/lib/locale/aa_ET/LC_ADDRESS
 #usr/lib/locale/aa_ET/LC_COLLATE
@@ -2121,6 +2111,20 @@ usr/lib/locale
 #usr/lib/locale/cmn_TW/LC_PAPER
 #usr/lib/locale/cmn_TW/LC_TELEPHONE
 #usr/lib/locale/cmn_TW/LC_TIME
+#usr/lib/locale/crh_RU
+#usr/lib/locale/crh_RU/LC_ADDRESS
+#usr/lib/locale/crh_RU/LC_COLLATE
+#usr/lib/locale/crh_RU/LC_CTYPE
+#usr/lib/locale/crh_RU/LC_IDENTIFICATION
+#usr/lib/locale/crh_RU/LC_MEASUREMENT
+#usr/lib/locale/crh_RU/LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MONETARY
+#usr/lib/locale/crh_RU/LC_NAME
+#usr/lib/locale/crh_RU/LC_NUMERIC
+#usr/lib/locale/crh_RU/LC_PAPER
+#usr/lib/locale/crh_RU/LC_TELEPHONE
+#usr/lib/locale/crh_RU/LC_TIME
 #usr/lib/locale/crh_UA
 #usr/lib/locale/crh_UA/LC_ADDRESS
 #usr/lib/locale/crh_UA/LC_COLLATE
@@ -4137,6 +4141,20 @@ usr/lib/locale
 #usr/lib/locale/ga_IE@euro/LC_PAPER
 #usr/lib/locale/ga_IE@euro/LC_TELEPHONE
 #usr/lib/locale/ga_IE@euro/LC_TIME
+#usr/lib/locale/gbm_IN
+#usr/lib/locale/gbm_IN/LC_ADDRESS
+#usr/lib/locale/gbm_IN/LC_COLLATE
+#usr/lib/locale/gbm_IN/LC_CTYPE
+#usr/lib/locale/gbm_IN/LC_IDENTIFICATION
+#usr/lib/locale/gbm_IN/LC_MEASUREMENT
+#usr/lib/locale/gbm_IN/LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MONETARY
+#usr/lib/locale/gbm_IN/LC_NAME
+#usr/lib/locale/gbm_IN/LC_NUMERIC
+#usr/lib/locale/gbm_IN/LC_PAPER
+#usr/lib/locale/gbm_IN/LC_TELEPHONE
+#usr/lib/locale/gbm_IN/LC_TIME
 #usr/lib/locale/gd_GB
 #usr/lib/locale/gd_GB.utf8
 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS
@@ -4963,6 +4981,20 @@ usr/lib/locale
 #usr/lib/locale/ku_TR/LC_PAPER
 #usr/lib/locale/ku_TR/LC_TELEPHONE
 #usr/lib/locale/ku_TR/LC_TIME
+#usr/lib/locale/kv_RU
+#usr/lib/locale/kv_RU/LC_ADDRESS
+#usr/lib/locale/kv_RU/LC_COLLATE
+#usr/lib/locale/kv_RU/LC_CTYPE
+#usr/lib/locale/kv_RU/LC_IDENTIFICATION
+#usr/lib/locale/kv_RU/LC_MEASUREMENT
+#usr/lib/locale/kv_RU/LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MONETARY
+#usr/lib/locale/kv_RU/LC_NAME
+#usr/lib/locale/kv_RU/LC_NUMERIC
+#usr/lib/locale/kv_RU/LC_PAPER
+#usr/lib/locale/kv_RU/LC_TELEPHONE
+#usr/lib/locale/kv_RU/LC_TIME
 #usr/lib/locale/kw_GB
 #usr/lib/locale/kw_GB.utf8
 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS
@@ -6657,6 +6689,20 @@ usr/lib/locale
 #usr/lib/locale/ss_ZA/LC_PAPER
 #usr/lib/locale/ss_ZA/LC_TELEPHONE
 #usr/lib/locale/ss_ZA/LC_TIME
+#usr/lib/locale/ssy_ER
+#usr/lib/locale/ssy_ER/LC_ADDRESS
+#usr/lib/locale/ssy_ER/LC_COLLATE
+#usr/lib/locale/ssy_ER/LC_CTYPE
+#usr/lib/locale/ssy_ER/LC_IDENTIFICATION
+#usr/lib/locale/ssy_ER/LC_MEASUREMENT
+#usr/lib/locale/ssy_ER/LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MONETARY
+#usr/lib/locale/ssy_ER/LC_NAME
+#usr/lib/locale/ssy_ER/LC_NUMERIC
+#usr/lib/locale/ssy_ER/LC_PAPER
+#usr/lib/locale/ssy_ER/LC_TELEPHONE
+#usr/lib/locale/ssy_ER/LC_TIME
 #usr/lib/locale/st_ZA
 #usr/lib/locale/st_ZA.utf8
 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS
@@ -6685,6 +6731,20 @@ usr/lib/locale
 #usr/lib/locale/st_ZA/LC_PAPER
 #usr/lib/locale/st_ZA/LC_TELEPHONE
 #usr/lib/locale/st_ZA/LC_TIME
+#usr/lib/locale/su_ID
+#usr/lib/locale/su_ID/LC_ADDRESS
+#usr/lib/locale/su_ID/LC_COLLATE
+#usr/lib/locale/su_ID/LC_CTYPE
+#usr/lib/locale/su_ID/LC_IDENTIFICATION
+#usr/lib/locale/su_ID/LC_MEASUREMENT
+#usr/lib/locale/su_ID/LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MONETARY
+#usr/lib/locale/su_ID/LC_NAME
+#usr/lib/locale/su_ID/LC_NUMERIC
+#usr/lib/locale/su_ID/LC_PAPER
+#usr/lib/locale/su_ID/LC_TELEPHONE
+#usr/lib/locale/su_ID/LC_TIME
 #usr/lib/locale/sv_FI
 #usr/lib/locale/sv_FI.utf8
 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS
@@ -7049,6 +7109,20 @@ usr/lib/locale
 #usr/lib/locale/to_TO/LC_PAPER
 #usr/lib/locale/to_TO/LC_TELEPHONE
 #usr/lib/locale/to_TO/LC_TIME
+#usr/lib/locale/tok
+#usr/lib/locale/tok/LC_ADDRESS
+#usr/lib/locale/tok/LC_COLLATE
+#usr/lib/locale/tok/LC_CTYPE
+#usr/lib/locale/tok/LC_IDENTIFICATION
+#usr/lib/locale/tok/LC_MEASUREMENT
+#usr/lib/locale/tok/LC_MESSAGES
+#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/tok/LC_MONETARY
+#usr/lib/locale/tok/LC_NAME
+#usr/lib/locale/tok/LC_NUMERIC
+#usr/lib/locale/tok/LC_PAPER
+#usr/lib/locale/tok/LC_TELEPHONE
+#usr/lib/locale/tok/LC_TIME
 #usr/lib/locale/tpi_PG
 #usr/lib/locale/tpi_PG/LC_ADDRESS
 #usr/lib/locale/tpi_PG/LC_COLLATE
@@ -7497,6 +7571,20 @@ usr/lib/locale
 #usr/lib/locale/yuw_PG/LC_PAPER
 #usr/lib/locale/yuw_PG/LC_TELEPHONE
 #usr/lib/locale/yuw_PG/LC_TIME
+#usr/lib/locale/zgh_MA
+#usr/lib/locale/zgh_MA/LC_ADDRESS
+#usr/lib/locale/zgh_MA/LC_COLLATE
+#usr/lib/locale/zgh_MA/LC_CTYPE
+#usr/lib/locale/zgh_MA/LC_IDENTIFICATION
+#usr/lib/locale/zgh_MA/LC_MEASUREMENT
+#usr/lib/locale/zgh_MA/LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MONETARY
+#usr/lib/locale/zgh_MA/LC_NAME
+#usr/lib/locale/zgh_MA/LC_NUMERIC
+#usr/lib/locale/zgh_MA/LC_PAPER
+#usr/lib/locale/zgh_MA/LC_TELEPHONE
+#usr/lib/locale/zgh_MA/LC_TIME
 #usr/lib/locale/zh_CN
 #usr/lib/locale/zh_CN.gb18030
 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS
@@ -7935,7 +8023,6 @@ usr/lib/locale
 #usr/share/i18n/locales/POSIX
 #usr/share/i18n/locales/aa_DJ
 #usr/share/i18n/locales/aa_ER
-#usr/share/i18n/locales/aa_ER@saaho
 #usr/share/i18n/locales/aa_ET
 #usr/share/i18n/locales/ab_GE
 #usr/share/i18n/locales/af_ZA
@@ -7998,6 +8085,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ckb_IQ
 #usr/share/i18n/locales/cmn_TW
 #usr/share/i18n/locales/cns11643_stroke
+#usr/share/i18n/locales/crh_RU
 #usr/share/i18n/locales/crh_UA
 #usr/share/i18n/locales/cs_CZ
 #usr/share/i18n/locales/csb_PL
@@ -8087,6 +8175,7 @@ usr/lib/locale
 #usr/share/i18n/locales/fy_NL
 #usr/share/i18n/locales/ga_IE
 #usr/share/i18n/locales/ga_IE@euro
+#usr/share/i18n/locales/gbm_IN
 #usr/share/i18n/locales/gd_GB
 #usr/share/i18n/locales/gez_ER
 #usr/share/i18n/locales/gez_ER@abegede
@@ -8133,6 +8222,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ks_IN
 #usr/share/i18n/locales/ks_IN@devanagari
 #usr/share/i18n/locales/ku_TR
+#usr/share/i18n/locales/kv_RU
 #usr/share/i18n/locales/kw_GB
 #usr/share/i18n/locales/ky_KG
 #usr/share/i18n/locales/lb_LU
@@ -8226,7 +8316,9 @@ usr/lib/locale
 #usr/share/i18n/locales/sr_RS
 #usr/share/i18n/locales/sr_RS@latin
 #usr/share/i18n/locales/ss_ZA
+#usr/share/i18n/locales/ssy_ER
 #usr/share/i18n/locales/st_ZA
+#usr/share/i18n/locales/su_ID
 #usr/share/i18n/locales/sv_FI
 #usr/share/i18n/locales/sv_FI@euro
 #usr/share/i18n/locales/sv_SE
@@ -8248,6 +8340,7 @@ usr/lib/locale
 #usr/share/i18n/locales/tl_PH
 #usr/share/i18n/locales/tn_ZA
 #usr/share/i18n/locales/to_TO
+#usr/share/i18n/locales/tok
 #usr/share/i18n/locales/tpi_PG
 #usr/share/i18n/locales/tr_CY
 #usr/share/i18n/locales/tr_TR
@@ -8256,6 +8349,7 @@ usr/lib/locale
 #usr/share/i18n/locales/translit_cjk_variants
 #usr/share/i18n/locales/translit_combining
 #usr/share/i18n/locales/translit_compat
+#usr/share/i18n/locales/translit_emojis
 #usr/share/i18n/locales/translit_font
 #usr/share/i18n/locales/translit_fraction
 #usr/share/i18n/locales/translit_hangul
@@ -8285,6 +8379,7 @@ usr/lib/locale
 #usr/share/i18n/locales/yo_NG
 #usr/share/i18n/locales/yue_HK
 #usr/share/i18n/locales/yuw_PG
+#usr/share/i18n/locales/zgh_MA
 #usr/share/i18n/locales/zh_CN
 #usr/share/i18n/locales/zh_HK
 #usr/share/i18n/locales/zh_SG
@@ -8302,6 +8397,7 @@ usr/lib/locale
 #usr/share/info/libc.info-16
 #usr/share/info/libc.info-17
 #usr/share/info/libc.info-18
+#usr/share/info/libc.info-19
 #usr/share/info/libc.info-2
 #usr/share/info/libc.info-3
 #usr/share/info/libc.info-4

diff --git a/config/rootfiles/common/squidguard b/config/rootfiles/common/squidguard
index a6bab0c181b925284799f4c8e9a0b0d0ab6b43d3..389f03787f6803912b8beecdde02d0deef125cc9 100644 (file)
--- a/config/rootfiles/common/squidguard
+++ b/config/rootfiles/common/squidguard
@@ -80,4 +80,3 @@ var/lib/squidguard
 #var/log/squidGuard
 var/log/squidGuard/squidGuard.log
 var/urlrepo
-

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index c414cf61b1179f902dd4b88c382a4dcdddad147f..53224d006e4b08a64dc652211d21160390dff5d0 100644 (file)
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,7 +1,6 @@
 etc/suricata
 etc/suricata/suricata.yaml
 usr/bin/suricata
-#usr/include/suricata-plugin.h
 usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
@@ -27,6 +26,7 @@ usr/share/suricata
 #usr/share/suricata/rules/dnp3-events.rules
 #usr/share/suricata/rules/dns-events.rules
 #usr/share/suricata/rules/files.rules
+#usr/share/suricata/rules/ftp-events.rules
 #usr/share/suricata/rules/http-events.rules
 #usr/share/suricata/rules/http2-events.rules
 #usr/share/suricata/rules/ipsec-events.rules
@@ -35,6 +35,7 @@ usr/share/suricata
 #usr/share/suricata/rules/mqtt-events.rules
 #usr/share/suricata/rules/nfs-events.rules
 #usr/share/suricata/rules/ntp-events.rules
+#usr/share/suricata/rules/quic-events.rules
 #usr/share/suricata/rules/rfb-events.rules
 #usr/share/suricata/rules/smb-events.rules
 #usr/share/suricata/rules/smtp-events.rules

diff --git a/config/rootfiles/common/tar b/config/rootfiles/common/tar
index 6dbb6ee71c9797b2e15a610e66b34b3137159249..11b92eb2c6888813b5697266d34719be7b49e24e 100644 (file)
--- a/config/rootfiles/common/tar
+++ b/config/rootfiles/common/tar
@@ -6,4 +6,3 @@ bin/tar
 #usr/share/man/man1/tar.1
 #usr/share/man/man8/rmt.8
 #usr/sbin/rmt
-

diff --git a/config/rootfiles/common/tcl b/config/rootfiles/common/tcl
index 5dd185c51b85f388a44cf736b548581bb280f3a4..e01d7cfa2c85658934699363671395e91ae97060 100644 (file)
--- a/config/rootfiles/common/tcl
+++ b/config/rootfiles/common/tcl
@@ -25,20 +25,20 @@ usr/bin/tclsh8.6
 #usr/include/tdbc.h
 #usr/include/tdbcDecls.h
 #usr/include/tdbcInt.h
-usr/lib/itcl4.2.3
-usr/lib/itcl4.2.3/itcl.tcl
-usr/lib/itcl4.2.3/itclConfig.sh
-usr/lib/itcl4.2.3/itclHullCmds.tcl
-usr/lib/itcl4.2.3/itclWidget.tcl
-usr/lib/itcl4.2.3/libitcl4.2.3.so
-usr/lib/itcl4.2.3/libitclstub4.2.3.a
-usr/lib/itcl4.2.3/pkgIndex.tcl
+usr/lib/itcl4.2.4
+usr/lib/itcl4.2.4/itcl.tcl
+usr/lib/itcl4.2.4/itclConfig.sh
+usr/lib/itcl4.2.4/itclHullCmds.tcl
+usr/lib/itcl4.2.4/itclWidget.tcl
+usr/lib/itcl4.2.4/libitcl4.2.4.so
+usr/lib/itcl4.2.4/libitclstub4.2.4.a
+usr/lib/itcl4.2.4/pkgIndex.tcl
 usr/lib/libtcl8.6.so
 #usr/lib/libtclstub8.6.a
 #usr/lib/pkgconfig/tcl.pc
-#usr/lib/sqlite3.40.0
-usr/lib/sqlite3.40.0/libsqlite3.40.0.so
-usr/lib/sqlite3.40.0/pkgIndex.tcl
+usr/lib/sqlite3.44.2
+usr/lib/sqlite3.44.2/libsqlite3.44.2.so
+usr/lib/sqlite3.44.2/pkgIndex.tcl
 #usr/lib/tcl8
 #usr/lib/tcl8.6
 usr/lib/tcl8.6/auto.tcl
@@ -273,35 +273,35 @@ usr/lib/tcl8/8.4/platform-1.0.19.tm
 usr/lib/tcl8/8.4/platform/shell-1.1.4.tm
 #usr/lib/tcl8/8.5
 usr/lib/tcl8/8.5/msgcat-1.6.1.tm
-usr/lib/tcl8/8.5/tcltest-2.5.5.tm
+usr/lib/tcl8/8.5/tcltest-2.5.7.tm
 #usr/lib/tcl8/8.6
 usr/lib/tcl8/8.6/http-2.9.8.tm
 usr/lib/tcl8/8.6/tdbc
-usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.5.tm
+usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.7.tm
 usr/lib/tclConfig.sh
 usr/lib/tclooConfig.sh
-usr/lib/tdbc1.1.5
-usr/lib/tdbc1.1.5/libtdbc1.1.5.so
-usr/lib/tdbc1.1.5/libtdbcstub1.1.5.a
-usr/lib/tdbc1.1.5/pkgIndex.tcl
-usr/lib/tdbc1.1.5/tdbc.tcl
-usr/lib/tdbc1.1.5/tdbcConfig.sh
-#usr/lib/tdbcmysql1.1.5
-usr/lib/tdbcmysql1.1.5/libtdbcmysql1.1.5.so
-usr/lib/tdbcmysql1.1.5/pkgIndex.tcl
-usr/lib/tdbcmysql1.1.5/tdbcmysql.tcl
-#usr/lib/tdbcodbc1.1.5
-usr/lib/tdbcodbc1.1.5/libtdbcodbc1.1.5.so
-usr/lib/tdbcodbc1.1.5/pkgIndex.tcl
-usr/lib/tdbcodbc1.1.5/tdbcodbc.tcl
-#usr/lib/tdbcpostgres1.1.5
-usr/lib/tdbcpostgres1.1.5/libtdbcpostgres1.1.5.so
-usr/lib/tdbcpostgres1.1.5/pkgIndex.tcl
-usr/lib/tdbcpostgres1.1.5/tdbcpostgres.tcl
-#usr/lib/thread2.8.8
-usr/lib/thread2.8.8/libthread2.8.8.so
-usr/lib/thread2.8.8/pkgIndex.tcl
-usr/lib/thread2.8.8/ttrace.tcl
+usr/lib/tdbc1.1.7
+usr/lib/tdbc1.1.7/libtdbc1.1.7.so
+usr/lib/tdbc1.1.7/libtdbcstub1.1.7.a
+usr/lib/tdbc1.1.7/pkgIndex.tcl
+usr/lib/tdbc1.1.7/tdbc.tcl
+usr/lib/tdbc1.1.7/tdbcConfig.sh
+usr/lib/tdbcmysql1.1.7
+usr/lib/tdbcmysql1.1.7/libtdbcmysql1.1.7.so
+usr/lib/tdbcmysql1.1.7/pkgIndex.tcl
+usr/lib/tdbcmysql1.1.7/tdbcmysql.tcl
+usr/lib/tdbcodbc1.1.7
+usr/lib/tdbcodbc1.1.7/libtdbcodbc1.1.7.so
+usr/lib/tdbcodbc1.1.7/pkgIndex.tcl
+usr/lib/tdbcodbc1.1.7/tdbcodbc.tcl
+usr/lib/tdbcpostgres1.1.7
+usr/lib/tdbcpostgres1.1.7/libtdbcpostgres1.1.7.so
+usr/lib/tdbcpostgres1.1.7/pkgIndex.tcl
+usr/lib/tdbcpostgres1.1.7/tdbcpostgres.tcl
+usr/lib/thread2.8.9
+usr/lib/thread2.8.9/libthread2.8.9.so
+usr/lib/thread2.8.9/pkgIndex.tcl
+usr/lib/thread2.8.9/ttrace.tcl
 #usr/man/man1/tclsh.1
 #usr/man/man3
 #usr/man/man3/DString.3

diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 1badd605abfff14dc17630d7b5eb335cedaff427..f5274dcd1ece873a3313579e90a35718c198550d 100644 (file)
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.24
+usr/lib/libunbound.so.8.1.25
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 2fbbcbcf2e3434edb0919539c2794518a60fea6b..d2ef6ab103aa3c460eb79eb85a5e45beec43aea3 100644 (file)
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -57,6 +57,7 @@ srv/web/ipfire/cgi-bin/memory.cgi
 srv/web/ipfire/cgi-bin/modem-status.cgi
 srv/web/ipfire/cgi-bin/modem.cgi
 #srv/web/ipfire/cgi-bin/mpfire.cgi
+#srv/web/ipfire/cgi-bin/mympd.cgi
 srv/web/ipfire/cgi-bin/netexternal.cgi
 srv/web/ipfire/cgi-bin/netinternal.cgi
 srv/web/ipfire/cgi-bin/netother.cgi
@@ -78,8 +79,10 @@ srv/web/ipfire/cgi-bin/system.cgi
 srv/web/ipfire/cgi-bin/time.cgi
 #srv/web/ipfire/cgi-bin/tor.cgi
 srv/web/ipfire/cgi-bin/traffic.cgi
+#srv/web/ipfire/cgi-bin/transmission.cgi
 srv/web/ipfire/cgi-bin/updatexlrator.cgi
 srv/web/ipfire/cgi-bin/urlfilter.cgi
+#srv/web/ipfire/cgi-bin/vdr.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 srv/web/ipfire/cgi-bin/vulnerabilities.cgi
 srv/web/ipfire/cgi-bin/wakeonlan.cgi

diff --git a/config/rootfiles/common/x86_64/binutils b/config/rootfiles/common/x86_64/binutils
index b38eb4a43cdc4046fe362e1081e892ea26cbaded..44863503dc0e66ddeea966317b8013b85310a4c1 100644 (file)
--- a/config/rootfiles/common/x86_64/binutils
+++ b/config/rootfiles/common/x86_64/binutils
@@ -136,7 +136,8 @@ usr/bin/strings
 #usr/lib/ldscripts/elf_x86_64.xu
 #usr/lib/ldscripts/elf_x86_64.xw
 #usr/lib/ldscripts/elf_x86_64.xwe
-usr/lib/libbfd-2.41.so
+#usr/lib/ldscripts/stamp
+usr/lib/libbfd-2.42.so
 #usr/lib/libbfd.a
 #usr/lib/libbfd.la
 #usr/lib/libbfd.so
@@ -155,7 +156,7 @@ usr/lib/libctf.so.0.0.0
 #usr/lib/libgprofng.so
 usr/lib/libgprofng.so.0
 usr/lib/libgprofng.so.0.0.0
-usr/lib/libopcodes-2.41.so
+usr/lib/libopcodes-2.42.so
 #usr/lib/libopcodes.a
 #usr/lib/libopcodes.la
 #usr/lib/libopcodes.so
@@ -229,6 +230,7 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/ja/LC_MESSAGES/ld.mo
 #usr/share/locale/ka/LC_MESSAGES/bfd.mo
 #usr/share/locale/ka/LC_MESSAGES/gprof.mo
+#usr/share/locale/ka/LC_MESSAGES/ld.mo
 #usr/share/locale/ms
 #usr/share/locale/ms/LC_MESSAGES
 #usr/share/locale/ms/LC_MESSAGES/gprof.mo
@@ -239,11 +241,10 @@ usr/lib/libsframe.so.1.0.0
 #usr/share/locale/pt_BR/LC_MESSAGES/gprof.mo
 #usr/share/locale/pt_BR/LC_MESSAGES/ld.mo
 #usr/share/locale/pt_BR/LC_MESSAGES/opcodes.mo
-#usr/share/locale/ro
-#usr/share/locale/ro/LC_MESSAGES
 #usr/share/locale/ro/LC_MESSAGES/bfd.mo
 #usr/share/locale/ro/LC_MESSAGES/binutils.mo
 #usr/share/locale/ro/LC_MESSAGES/gprof.mo
+#usr/share/locale/ro/LC_MESSAGES/ld.mo
 #usr/share/locale/ro/LC_MESSAGES/opcodes.mo
 #usr/share/locale/ru/LC_MESSAGES/bfd.mo
 #usr/share/locale/ru/LC_MESSAGES/binutils.mo

diff --git a/config/rootfiles/common/x86_64/glibc b/config/rootfiles/common/x86_64/glibc
index 66d310e3845473f6defe3dcd8b872660fc0cf4b7..929a8f6609f3bc09a4ef002c462d1a604186b4d1 100644 (file)
--- a/config/rootfiles/common/x86_64/glibc
+++ b/config/rootfiles/common/x86_64/glibc
@@ -124,6 +124,7 @@ usr/bin/locale
 #usr/include/bits/netdb.h
 #usr/include/bits/param.h
 #usr/include/bits/platform
+#usr/include/bits/platform/features.h
 #usr/include/bits/platform/x86.h
 #usr/include/bits/poll.h
 #usr/include/bits/poll2.h
@@ -170,6 +171,7 @@ usr/bin/locale
 #usr/include/bits/socket.h
 #usr/include/bits/socket2.h
 #usr/include/bits/socket_type.h
+#usr/include/bits/spawn_ext.h
 #usr/include/bits/ss_flags.h
 #usr/include/bits/stab.def
 #usr/include/bits/stat.h
@@ -178,6 +180,7 @@ usr/bin/locale
 #usr/include/bits/statx-generic.h
 #usr/include/bits/statx.h
 #usr/include/bits/stdint-intn.h
+#usr/include/bits/stdint-least.h
 #usr/include/bits/stdint-uintn.h
 #usr/include/bits/stdio-ldbl.h
 #usr/include/bits/stdio.h
@@ -419,6 +422,7 @@ usr/bin/locale
 #usr/include/signal.h
 #usr/include/spawn.h
 #usr/include/stab.h
+#usr/include/stdbit.h
 #usr/include/stdc-predef.h
 #usr/include/stdint.h
 #usr/include/stdio.h
@@ -816,7 +820,7 @@ usr/lib/gconv
 #usr/lib/libc_nonshared.a
 #usr/lib/libdl.a
 #usr/lib/libg.a
-#usr/lib/libm-2.38.a
+#usr/lib/libm-2.39.a
 #usr/lib/libm.a
 #usr/lib/libm.so
 #usr/lib/libmcheck.a
@@ -888,20 +892,6 @@ usr/lib/locale
 #usr/lib/locale/aa_ER/LC_PAPER
 #usr/lib/locale/aa_ER/LC_TELEPHONE
 #usr/lib/locale/aa_ER/LC_TIME
-#usr/lib/locale/aa_ER@saaho
-#usr/lib/locale/aa_ER@saaho/LC_ADDRESS
-#usr/lib/locale/aa_ER@saaho/LC_COLLATE
-#usr/lib/locale/aa_ER@saaho/LC_CTYPE
-#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION
-#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES
-#usr/lib/locale/aa_ER@saaho/LC_MONETARY
-#usr/lib/locale/aa_ER@saaho/LC_NAME
-#usr/lib/locale/aa_ER@saaho/LC_NUMERIC
-#usr/lib/locale/aa_ER@saaho/LC_PAPER
-#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE
-#usr/lib/locale/aa_ER@saaho/LC_TIME
 #usr/lib/locale/aa_ET
 #usr/lib/locale/aa_ET/LC_ADDRESS
 #usr/lib/locale/aa_ET/LC_COLLATE
@@ -2134,6 +2124,20 @@ usr/lib/locale
 #usr/lib/locale/cmn_TW/LC_PAPER
 #usr/lib/locale/cmn_TW/LC_TELEPHONE
 #usr/lib/locale/cmn_TW/LC_TIME
+#usr/lib/locale/crh_RU
+#usr/lib/locale/crh_RU/LC_ADDRESS
+#usr/lib/locale/crh_RU/LC_COLLATE
+#usr/lib/locale/crh_RU/LC_CTYPE
+#usr/lib/locale/crh_RU/LC_IDENTIFICATION
+#usr/lib/locale/crh_RU/LC_MEASUREMENT
+#usr/lib/locale/crh_RU/LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/crh_RU/LC_MONETARY
+#usr/lib/locale/crh_RU/LC_NAME
+#usr/lib/locale/crh_RU/LC_NUMERIC
+#usr/lib/locale/crh_RU/LC_PAPER
+#usr/lib/locale/crh_RU/LC_TELEPHONE
+#usr/lib/locale/crh_RU/LC_TIME
 #usr/lib/locale/crh_UA
 #usr/lib/locale/crh_UA/LC_ADDRESS
 #usr/lib/locale/crh_UA/LC_COLLATE
@@ -4150,6 +4154,20 @@ usr/lib/locale
 #usr/lib/locale/ga_IE@euro/LC_PAPER
 #usr/lib/locale/ga_IE@euro/LC_TELEPHONE
 #usr/lib/locale/ga_IE@euro/LC_TIME
+#usr/lib/locale/gbm_IN
+#usr/lib/locale/gbm_IN/LC_ADDRESS
+#usr/lib/locale/gbm_IN/LC_COLLATE
+#usr/lib/locale/gbm_IN/LC_CTYPE
+#usr/lib/locale/gbm_IN/LC_IDENTIFICATION
+#usr/lib/locale/gbm_IN/LC_MEASUREMENT
+#usr/lib/locale/gbm_IN/LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/gbm_IN/LC_MONETARY
+#usr/lib/locale/gbm_IN/LC_NAME
+#usr/lib/locale/gbm_IN/LC_NUMERIC
+#usr/lib/locale/gbm_IN/LC_PAPER
+#usr/lib/locale/gbm_IN/LC_TELEPHONE
+#usr/lib/locale/gbm_IN/LC_TIME
 #usr/lib/locale/gd_GB
 #usr/lib/locale/gd_GB.utf8
 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS
@@ -4976,6 +4994,20 @@ usr/lib/locale
 #usr/lib/locale/ku_TR/LC_PAPER
 #usr/lib/locale/ku_TR/LC_TELEPHONE
 #usr/lib/locale/ku_TR/LC_TIME
+#usr/lib/locale/kv_RU
+#usr/lib/locale/kv_RU/LC_ADDRESS
+#usr/lib/locale/kv_RU/LC_COLLATE
+#usr/lib/locale/kv_RU/LC_CTYPE
+#usr/lib/locale/kv_RU/LC_IDENTIFICATION
+#usr/lib/locale/kv_RU/LC_MEASUREMENT
+#usr/lib/locale/kv_RU/LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/kv_RU/LC_MONETARY
+#usr/lib/locale/kv_RU/LC_NAME
+#usr/lib/locale/kv_RU/LC_NUMERIC
+#usr/lib/locale/kv_RU/LC_PAPER
+#usr/lib/locale/kv_RU/LC_TELEPHONE
+#usr/lib/locale/kv_RU/LC_TIME
 #usr/lib/locale/kw_GB
 #usr/lib/locale/kw_GB.utf8
 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS
@@ -6670,6 +6702,20 @@ usr/lib/locale
 #usr/lib/locale/ss_ZA/LC_PAPER
 #usr/lib/locale/ss_ZA/LC_TELEPHONE
 #usr/lib/locale/ss_ZA/LC_TIME
+#usr/lib/locale/ssy_ER
+#usr/lib/locale/ssy_ER/LC_ADDRESS
+#usr/lib/locale/ssy_ER/LC_COLLATE
+#usr/lib/locale/ssy_ER/LC_CTYPE
+#usr/lib/locale/ssy_ER/LC_IDENTIFICATION
+#usr/lib/locale/ssy_ER/LC_MEASUREMENT
+#usr/lib/locale/ssy_ER/LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/ssy_ER/LC_MONETARY
+#usr/lib/locale/ssy_ER/LC_NAME
+#usr/lib/locale/ssy_ER/LC_NUMERIC
+#usr/lib/locale/ssy_ER/LC_PAPER
+#usr/lib/locale/ssy_ER/LC_TELEPHONE
+#usr/lib/locale/ssy_ER/LC_TIME
 #usr/lib/locale/st_ZA
 #usr/lib/locale/st_ZA.utf8
 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS
@@ -6698,6 +6744,20 @@ usr/lib/locale
 #usr/lib/locale/st_ZA/LC_PAPER
 #usr/lib/locale/st_ZA/LC_TELEPHONE
 #usr/lib/locale/st_ZA/LC_TIME
+#usr/lib/locale/su_ID
+#usr/lib/locale/su_ID/LC_ADDRESS
+#usr/lib/locale/su_ID/LC_COLLATE
+#usr/lib/locale/su_ID/LC_CTYPE
+#usr/lib/locale/su_ID/LC_IDENTIFICATION
+#usr/lib/locale/su_ID/LC_MEASUREMENT
+#usr/lib/locale/su_ID/LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/su_ID/LC_MONETARY
+#usr/lib/locale/su_ID/LC_NAME
+#usr/lib/locale/su_ID/LC_NUMERIC
+#usr/lib/locale/su_ID/LC_PAPER
+#usr/lib/locale/su_ID/LC_TELEPHONE
+#usr/lib/locale/su_ID/LC_TIME
 #usr/lib/locale/sv_FI
 #usr/lib/locale/sv_FI.utf8
 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS
@@ -7062,6 +7122,20 @@ usr/lib/locale
 #usr/lib/locale/to_TO/LC_PAPER
 #usr/lib/locale/to_TO/LC_TELEPHONE
 #usr/lib/locale/to_TO/LC_TIME
+#usr/lib/locale/tok
+#usr/lib/locale/tok/LC_ADDRESS
+#usr/lib/locale/tok/LC_COLLATE
+#usr/lib/locale/tok/LC_CTYPE
+#usr/lib/locale/tok/LC_IDENTIFICATION
+#usr/lib/locale/tok/LC_MEASUREMENT
+#usr/lib/locale/tok/LC_MESSAGES
+#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/tok/LC_MONETARY
+#usr/lib/locale/tok/LC_NAME
+#usr/lib/locale/tok/LC_NUMERIC
+#usr/lib/locale/tok/LC_PAPER
+#usr/lib/locale/tok/LC_TELEPHONE
+#usr/lib/locale/tok/LC_TIME
 #usr/lib/locale/tpi_PG
 #usr/lib/locale/tpi_PG/LC_ADDRESS
 #usr/lib/locale/tpi_PG/LC_COLLATE
@@ -7510,6 +7584,20 @@ usr/lib/locale
 #usr/lib/locale/yuw_PG/LC_PAPER
 #usr/lib/locale/yuw_PG/LC_TELEPHONE
 #usr/lib/locale/yuw_PG/LC_TIME
+#usr/lib/locale/zgh_MA
+#usr/lib/locale/zgh_MA/LC_ADDRESS
+#usr/lib/locale/zgh_MA/LC_COLLATE
+#usr/lib/locale/zgh_MA/LC_CTYPE
+#usr/lib/locale/zgh_MA/LC_IDENTIFICATION
+#usr/lib/locale/zgh_MA/LC_MEASUREMENT
+#usr/lib/locale/zgh_MA/LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES
+#usr/lib/locale/zgh_MA/LC_MONETARY
+#usr/lib/locale/zgh_MA/LC_NAME
+#usr/lib/locale/zgh_MA/LC_NUMERIC
+#usr/lib/locale/zgh_MA/LC_PAPER
+#usr/lib/locale/zgh_MA/LC_TELEPHONE
+#usr/lib/locale/zgh_MA/LC_TIME
 #usr/lib/locale/zh_CN
 #usr/lib/locale/zh_CN.gb18030
 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS
@@ -7949,7 +8037,6 @@ usr/lib/locale
 #usr/share/i18n/locales/POSIX
 #usr/share/i18n/locales/aa_DJ
 #usr/share/i18n/locales/aa_ER
-#usr/share/i18n/locales/aa_ER@saaho
 #usr/share/i18n/locales/aa_ET
 #usr/share/i18n/locales/ab_GE
 #usr/share/i18n/locales/af_ZA
@@ -8012,6 +8099,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ckb_IQ
 #usr/share/i18n/locales/cmn_TW
 #usr/share/i18n/locales/cns11643_stroke
+#usr/share/i18n/locales/crh_RU
 #usr/share/i18n/locales/crh_UA
 #usr/share/i18n/locales/cs_CZ
 #usr/share/i18n/locales/csb_PL
@@ -8101,6 +8189,7 @@ usr/lib/locale
 #usr/share/i18n/locales/fy_NL
 #usr/share/i18n/locales/ga_IE
 #usr/share/i18n/locales/ga_IE@euro
+#usr/share/i18n/locales/gbm_IN
 #usr/share/i18n/locales/gd_GB
 #usr/share/i18n/locales/gez_ER
 #usr/share/i18n/locales/gez_ER@abegede
@@ -8147,6 +8236,7 @@ usr/lib/locale
 #usr/share/i18n/locales/ks_IN
 #usr/share/i18n/locales/ks_IN@devanagari
 #usr/share/i18n/locales/ku_TR
+#usr/share/i18n/locales/kv_RU
 #usr/share/i18n/locales/kw_GB
 #usr/share/i18n/locales/ky_KG
 #usr/share/i18n/locales/lb_LU
@@ -8240,7 +8330,9 @@ usr/lib/locale
 #usr/share/i18n/locales/sr_RS
 #usr/share/i18n/locales/sr_RS@latin
 #usr/share/i18n/locales/ss_ZA
+#usr/share/i18n/locales/ssy_ER
 #usr/share/i18n/locales/st_ZA
+#usr/share/i18n/locales/su_ID
 #usr/share/i18n/locales/sv_FI
 #usr/share/i18n/locales/sv_FI@euro
 #usr/share/i18n/locales/sv_SE
@@ -8262,6 +8354,7 @@ usr/lib/locale
 #usr/share/i18n/locales/tl_PH
 #usr/share/i18n/locales/tn_ZA
 #usr/share/i18n/locales/to_TO
+#usr/share/i18n/locales/tok
 #usr/share/i18n/locales/tpi_PG
 #usr/share/i18n/locales/tr_CY
 #usr/share/i18n/locales/tr_TR
@@ -8270,6 +8363,7 @@ usr/lib/locale
 #usr/share/i18n/locales/translit_cjk_variants
 #usr/share/i18n/locales/translit_combining
 #usr/share/i18n/locales/translit_compat
+#usr/share/i18n/locales/translit_emojis
 #usr/share/i18n/locales/translit_font
 #usr/share/i18n/locales/translit_fraction
 #usr/share/i18n/locales/translit_hangul
@@ -8299,6 +8393,7 @@ usr/lib/locale
 #usr/share/i18n/locales/yo_NG
 #usr/share/i18n/locales/yue_HK
 #usr/share/i18n/locales/yuw_PG
+#usr/share/i18n/locales/zgh_MA
 #usr/share/i18n/locales/zh_CN
 #usr/share/i18n/locales/zh_HK
 #usr/share/i18n/locales/zh_SG
@@ -8316,6 +8411,7 @@ usr/lib/locale
 #usr/share/info/libc.info-16
 #usr/share/info/libc.info-17
 #usr/share/info/libc.info-18
+#usr/share/info/libc.info-19
 #usr/share/info/libc.info-2
 #usr/share/info/libc.info-3
 #usr/share/info/libc.info-4

diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode
index 7f96329732e111b9bed7460a1a69d7b4baac5984..5037ac6a8ce4725d4d55901df14eb6263fcc8328 100644 (file)
--- a/config/rootfiles/common/x86_64/intel-microcode
+++ b/config/rootfiles/common/x86_64/intel-microcode
@@ -95,7 +95,6 @@ lib/firmware/intel-ucode/06-8e-09
 lib/firmware/intel-ucode/06-8e-0a
 lib/firmware/intel-ucode/06-8e-0b
 lib/firmware/intel-ucode/06-8e-0c
-lib/firmware/intel-ucode/06-8f-04
 lib/firmware/intel-ucode/06-8f-05
 lib/firmware/intel-ucode/06-8f-06
 lib/firmware/intel-ucode/06-8f-07
@@ -117,12 +116,16 @@ lib/firmware/intel-ucode/06-a5-05
 lib/firmware/intel-ucode/06-a6-00
 lib/firmware/intel-ucode/06-a6-01
 lib/firmware/intel-ucode/06-a7-01
+lib/firmware/intel-ucode/06-aa-04
 lib/firmware/intel-ucode/06-b7-01
 lib/firmware/intel-ucode/06-ba-02
 lib/firmware/intel-ucode/06-ba-03
+lib/firmware/intel-ucode/06-ba-08
 lib/firmware/intel-ucode/06-be-00
 lib/firmware/intel-ucode/06-bf-02
 lib/firmware/intel-ucode/06-bf-05
+lib/firmware/intel-ucode/06-cf-01
+lib/firmware/intel-ucode/06-cf-02
 lib/firmware/intel-ucode/0f-00-07
 lib/firmware/intel-ucode/0f-00-0a
 lib/firmware/intel-ucode/0f-01-02

diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz
index c38db650a3bbc27ec5603c0afd664a56d97a308c..73c0e4d2420d03980f70ef733d267f2e09304252 100644 (file)
--- a/config/rootfiles/common/xz
+++ b/config/rootfiles/common/xz
@@ -41,17 +41,18 @@ usr/bin/xzmore
 #usr/lib/liblzma.la
 #usr/lib/liblzma.so
 usr/lib/liblzma.so.5
-usr/lib/liblzma.so.5.4.6
+usr/lib/liblzma.so.5.6.1
 #usr/lib/pkgconfig/liblzma.pc
 #usr/share/doc/xz
 #usr/share/doc/xz/AUTHORS
 #usr/share/doc/xz/COPYING
+#usr/share/doc/xz/COPYING.0BSD
 #usr/share/doc/xz/COPYING.GPLv2
 #usr/share/doc/xz/NEWS
 #usr/share/doc/xz/README
 #usr/share/doc/xz/THANKS
-#usr/share/doc/xz/TODO
 #usr/share/doc/xz/api
+#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0
 #usr/share/doc/xz/api/annotated.html
 #usr/share/doc/xz/api/base_8h.html
 #usr/share/doc/xz/api/bc_s.png
@@ -120,16 +121,15 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/doc/xz/api/tabs.css
 #usr/share/doc/xz/api/version_8h.html
 #usr/share/doc/xz/api/vli_8h.html
+#usr/share/doc/xz/api/xz-logo.png
 #usr/share/doc/xz/examples
 #usr/share/doc/xz/examples/00_README.txt
 #usr/share/doc/xz/examples/01_compress_easy.c
 #usr/share/doc/xz/examples/02_decompress.c
 #usr/share/doc/xz/examples/03_compress_custom.c
 #usr/share/doc/xz/examples/04_compress_easy_mt.c
+#usr/share/doc/xz/examples/11_file_info.c
 #usr/share/doc/xz/examples/Makefile
-#usr/share/doc/xz/examples_old
-#usr/share/doc/xz/examples_old/xz_pipe_comp.c
-#usr/share/doc/xz/examples_old/xz_pipe_decomp.c
 #usr/share/doc/xz/faq.txt
 #usr/share/doc/xz/history.txt
 #usr/share/doc/xz/lzma-file-format.txt
@@ -168,6 +168,7 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/de/man1/lzless.1
 #usr/share/man/de/man1/lzma.1
 #usr/share/man/de/man1/lzmadec.1
+#usr/share/man/de/man1/lzmainfo.1
 #usr/share/man/de/man1/lzmore.1
 #usr/share/man/de/man1/unlzma.1
 #usr/share/man/de/man1/unxz.1
@@ -184,21 +185,16 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/fr
 #usr/share/man/fr/man1
 #usr/share/man/fr/man1/lzcat.1
-#usr/share/man/fr/man1/lzcmp.1
-#usr/share/man/fr/man1/lzdiff.1
 #usr/share/man/fr/man1/lzless.1
 #usr/share/man/fr/man1/lzma.1
 #usr/share/man/fr/man1/lzmadec.1
-#usr/share/man/fr/man1/lzmore.1
+#usr/share/man/fr/man1/lzmainfo.1
 #usr/share/man/fr/man1/unlzma.1
 #usr/share/man/fr/man1/unxz.1
 #usr/share/man/fr/man1/xz.1
 #usr/share/man/fr/man1/xzcat.1
-#usr/share/man/fr/man1/xzcmp.1
 #usr/share/man/fr/man1/xzdec.1
-#usr/share/man/fr/man1/xzdiff.1
 #usr/share/man/fr/man1/xzless.1
-#usr/share/man/fr/man1/xzmore.1
 #usr/share/man/ko
 #usr/share/man/ko/man1
 #usr/share/man/ko/man1/lzcat.1
@@ -210,6 +206,7 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/ko/man1/lzless.1
 #usr/share/man/ko/man1/lzma.1
 #usr/share/man/ko/man1/lzmadec.1
+#usr/share/man/ko/man1/lzmainfo.1
 #usr/share/man/ko/man1/lzmore.1
 #usr/share/man/ko/man1/unlzma.1
 #usr/share/man/ko/man1/unxz.1
@@ -249,27 +246,16 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/pt_BR
 #usr/share/man/pt_BR/man1
 #usr/share/man/pt_BR/man1/lzcat.1
-#usr/share/man/pt_BR/man1/lzcmp.1
-#usr/share/man/pt_BR/man1/lzdiff.1
-#usr/share/man/pt_BR/man1/lzegrep.1
-#usr/share/man/pt_BR/man1/lzfgrep.1
-#usr/share/man/pt_BR/man1/lzgrep.1
 #usr/share/man/pt_BR/man1/lzless.1
 #usr/share/man/pt_BR/man1/lzma.1
 #usr/share/man/pt_BR/man1/lzmadec.1
-#usr/share/man/pt_BR/man1/lzmore.1
+#usr/share/man/pt_BR/man1/lzmainfo.1
 #usr/share/man/pt_BR/man1/unlzma.1
 #usr/share/man/pt_BR/man1/unxz.1
 #usr/share/man/pt_BR/man1/xz.1
 #usr/share/man/pt_BR/man1/xzcat.1
-#usr/share/man/pt_BR/man1/xzcmp.1
 #usr/share/man/pt_BR/man1/xzdec.1
-#usr/share/man/pt_BR/man1/xzdiff.1
-#usr/share/man/pt_BR/man1/xzegrep.1
-#usr/share/man/pt_BR/man1/xzfgrep.1
-#usr/share/man/pt_BR/man1/xzgrep.1
 #usr/share/man/pt_BR/man1/xzless.1
-#usr/share/man/pt_BR/man1/xzmore.1
 #usr/share/man/ro
 #usr/share/man/ro/man1
 #usr/share/man/ro/man1/lzcat.1
@@ -281,6 +267,7 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/ro/man1/lzless.1
 #usr/share/man/ro/man1/lzma.1
 #usr/share/man/ro/man1/lzmadec.1
+#usr/share/man/ro/man1/lzmainfo.1
 #usr/share/man/ro/man1/lzmore.1
 #usr/share/man/ro/man1/unlzma.1
 #usr/share/man/ro/man1/unxz.1
@@ -305,6 +292,7 @@ usr/lib/liblzma.so.5.4.6
 #usr/share/man/uk/man1/lzless.1
 #usr/share/man/uk/man1/lzma.1
 #usr/share/man/uk/man1/lzmadec.1
+#usr/share/man/uk/man1/lzmainfo.1
 #usr/share/man/uk/man1/lzmore.1
 #usr/share/man/uk/man1/unlzma.1
 #usr/share/man/uk/man1/unxz.1

diff --git a/config/rootfiles/core/184/exclude b/config/rootfiles/core/185/exclude
similarity index 100%
rename from config/rootfiles/core/184/exclude
rename to config/rootfiles/core/185/exclude

diff --git a/config/rootfiles/core/185/filelists/aarch64/binutils b/config/rootfiles/core/185/filelists/aarch64/binutils
new file mode 120000 (symlink)
index 0000000..6da9d39
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/aarch64/binutils
@@ -0,0 +1 @@
+../../../../common/aarch64/binutils
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/aarch64/glibc b/config/rootfiles/core/185/filelists/aarch64/glibc
similarity index 100%
rename from config/rootfiles/core/184/filelists/aarch64/glibc
rename to config/rootfiles/core/185/filelists/aarch64/glibc

diff --git a/config/rootfiles/core/185/filelists/aarch64/util-linux b/config/rootfiles/core/185/filelists/aarch64/util-linux
new file mode 120000 (symlink)
index 0000000..9c253c6
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/aarch64/util-linux
@@ -0,0 +1 @@
+../../../../common/aarch64/util-linux
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/arping b/config/rootfiles/core/185/filelists/arping
new file mode 120000 (symlink)
index 0000000..5662e8d
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/arping
@@ -0,0 +1 @@
+../../../common/arping
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/bind b/config/rootfiles/core/185/filelists/bind
similarity index 100%
rename from config/rootfiles/core/184/filelists/bind
rename to config/rootfiles/core/185/filelists/bind

diff --git a/config/rootfiles/core/185/filelists/ca-certificates b/config/rootfiles/core/185/filelists/ca-certificates
new file mode 120000 (symlink)
index 0000000..320fea8
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/ca-certificates
@@ -0,0 +1 @@
+../../../common/ca-certificates
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/core-files b/config/rootfiles/core/185/filelists/core-files
similarity index 100%
rename from config/rootfiles/core/184/filelists/core-files
rename to config/rootfiles/core/185/filelists/core-files

diff --git a/config/rootfiles/core/185/filelists/elfutils b/config/rootfiles/core/185/filelists/elfutils
new file mode 120000 (symlink)
index 0000000..8367974
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/elfutils
@@ -0,0 +1 @@
+../../../common/elfutils
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/ethtool b/config/rootfiles/core/185/filelists/ethtool
new file mode 120000 (symlink)
index 0000000..494a53e
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/ethtool
@@ -0,0 +1 @@
+../../../common/ethtool
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/expat b/config/rootfiles/core/185/filelists/expat
similarity index 100%
rename from config/rootfiles/core/184/filelists/expat
rename to config/rootfiles/core/185/filelists/expat

diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files
new file mode 100644 (file)
index 0000000..750a006
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/files
@@ -0,0 +1,54 @@
+etc/rc.d/init.d/functions
+etc/sudoers.d/logwatch-mdadm
+lib/firmware/brcm/BCM-0a5c-6410.hcd
+lib/firmware/brcm/brcmfmac43012-sdio.bin
+lib/firmware/brcm/brcmfmac43012-sdio.clm_blob
+lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
+lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.txt
+lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-plus.txt
+lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-ultra.txt
+lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-zero.txt
+lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m3.txt
+lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
+lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt
+lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi 4 Model B.txt
+lib/firmware/brcm/brcmfmac43455-sdio.Raspberry Pi Foundation-Raspberry Pi Compute Module 4.txt
+lib/firmware/brcm/brcmfmac4354-sdio.clm_blob
+lib/firmware/brcm/brcmfmac4356-pcie.clm_blob
+lib/firmware/brcm/brcmfmac4356-sdio.clm_blob
+lib/firmware/brcm/brcmfmac4356-sdio.khadas,vim2.txt
+lib/firmware/brcm/brcmfmac43570-pcie.clm_blob
+lib/firmware/brcm/brcmfmac4373-sdio.clm_blob
+lib/firmware/brcm/brcmfmac54591-pcie.bin
+lib/firmware/brcm/brcmfmac54591-pcie.clm_blob
+lib/firmware/cxgb4/t4-config.txt
+lib/firmware/cxgb4/t5-config.txt
+lib/firmware/cxgb4/t6-config.txt
+lib/firmware/intel/ice/ddp/ice.pkg
+lib/firmware/netronome/flower/nic_AMDA0058-0011_1x100.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0011_2x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0011_4x10_1x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0011_8x10.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0012_1x100.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0012_2x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0012_4x10_1x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0058-0012_8x10.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0011_1x100.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0011_2x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0011_4x10_1x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0011_8x10.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0012_1x100.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0012_2x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0012_4x10_1x40.nffw
+lib/firmware/netronome/flower/nic_AMDA0078-0012_8x10.nffw
+lib/firmware/nvidia/tegra124/vic.bin
+lib/firmware/nvidia/tegra186/vic.bin
+lib/firmware/nvidia/tegra210/vic.bin
+srv/web/ipfire/cgi-bin/dhcp.cgi
+srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/time.cgi
+var/ipfire/backup/bin/backup.pl
+var/ipfire/main/manualpages
+var/ipfire/ovpn/openssl/ovpn.cnf

diff --git a/config/rootfiles/core/184/filelists/iproute2 b/config/rootfiles/core/185/filelists/iproute2
similarity index 100%
rename from config/rootfiles/core/184/filelists/iproute2
rename to config/rootfiles/core/185/filelists/iproute2

diff --git a/config/rootfiles/core/184/filelists/iputils b/config/rootfiles/core/185/filelists/iputils
similarity index 100%
rename from config/rootfiles/core/184/filelists/iputils
rename to config/rootfiles/core/185/filelists/iputils

diff --git a/config/rootfiles/core/185/filelists/knot b/config/rootfiles/core/185/filelists/knot
new file mode 120000 (symlink)
index 0000000..28e96f8
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/knot
@@ -0,0 +1 @@
+../../../common/knot
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/libcap b/config/rootfiles/core/185/filelists/libcap
new file mode 120000 (symlink)
index 0000000..ed67d95
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/libcap
@@ -0,0 +1 @@
+../../../common/libcap
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/libffi b/config/rootfiles/core/185/filelists/libffi
new file mode 120000 (symlink)
index 0000000..c391acd
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/libffi
@@ -0,0 +1 @@
+../../../common/libffi
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/libgpg-error b/config/rootfiles/core/185/filelists/libgpg-error
new file mode 120000 (symlink)
index 0000000..cad4313
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/libgpg-error
@@ -0,0 +1 @@
+../../../common/libgpg-error
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/libpng b/config/rootfiles/core/185/filelists/libpng
similarity index 100%
rename from config/rootfiles/core/184/filelists/libpng
rename to config/rootfiles/core/185/filelists/libpng

diff --git a/config/rootfiles/core/185/filelists/newt b/config/rootfiles/core/185/filelists/newt
new file mode 120000 (symlink)
index 0000000..fb3eb20
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/newt
@@ -0,0 +1 @@
+../../../common/newt
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/ntp b/config/rootfiles/core/185/filelists/ntp
new file mode 120000 (symlink)
index 0000000..7542d86
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/ntp
@@ -0,0 +1 @@
+../../../common/ntp
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/openjpeg b/config/rootfiles/core/185/filelists/openjpeg
new file mode 120000 (symlink)
index 0000000..5b71a3c
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/openjpeg
@@ -0,0 +1 @@
+../../../common/openjpeg
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/openssh b/config/rootfiles/core/185/filelists/openssh
new file mode 120000 (symlink)
index 0000000..d8c77fd
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/pango b/config/rootfiles/core/185/filelists/pango
new file mode 120000 (symlink)
index 0000000..6c37231
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/pango
@@ -0,0 +1 @@
+../../../common/pango
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/pciutils b/config/rootfiles/core/185/filelists/pciutils
new file mode 120000 (symlink)
index 0000000..aeb45e7
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/pciutils
@@ -0,0 +1 @@
+../../../common/pciutils
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/pixman b/config/rootfiles/core/185/filelists/pixman
similarity index 100%
rename from config/rootfiles/core/184/filelists/pixman
rename to config/rootfiles/core/185/filelists/pixman

diff --git a/config/rootfiles/core/184/filelists/poppler b/config/rootfiles/core/185/filelists/poppler
similarity index 100%
rename from config/rootfiles/core/184/filelists/poppler
rename to config/rootfiles/core/185/filelists/poppler

diff --git a/config/rootfiles/core/185/filelists/qpdf b/config/rootfiles/core/185/filelists/qpdf
new file mode 120000 (symlink)
index 0000000..2d6c43d
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/qpdf
@@ -0,0 +1 @@
+../../../common/qpdf
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/riscv64/binutils b/config/rootfiles/core/185/filelists/riscv64/binutils
new file mode 120000 (symlink)
index 0000000..c5f3990
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/riscv64/binutils
@@ -0,0 +1 @@
+../../../../common/riscv64/binutils
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/riscv64/glibc b/config/rootfiles/core/185/filelists/riscv64/glibc
similarity index 100%
rename from config/rootfiles/core/184/filelists/riscv64/glibc
rename to config/rootfiles/core/185/filelists/riscv64/glibc

diff --git a/config/rootfiles/core/185/filelists/riscv64/util-linux b/config/rootfiles/core/185/filelists/riscv64/util-linux
new file mode 120000 (symlink)
index 0000000..f8e6802
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/riscv64/util-linux
@@ -0,0 +1 @@
+../../../../common/riscv64/util-linux
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/shadow b/config/rootfiles/core/185/filelists/shadow
similarity index 100%
rename from config/rootfiles/core/184/filelists/shadow
rename to config/rootfiles/core/185/filelists/shadow

diff --git a/config/rootfiles/core/184/filelists/sqlite b/config/rootfiles/core/185/filelists/sqlite
similarity index 100%
rename from config/rootfiles/core/184/filelists/sqlite
rename to config/rootfiles/core/185/filelists/sqlite

diff --git a/config/rootfiles/core/184/filelists/squid b/config/rootfiles/core/185/filelists/squid
similarity index 100%
rename from config/rootfiles/core/184/filelists/squid
rename to config/rootfiles/core/185/filelists/squid

diff --git a/config/rootfiles/core/184/filelists/suricata b/config/rootfiles/core/185/filelists/suricata
similarity index 100%
rename from config/rootfiles/core/184/filelists/suricata
rename to config/rootfiles/core/185/filelists/suricata

diff --git a/config/rootfiles/core/185/filelists/tcl b/config/rootfiles/core/185/filelists/tcl
new file mode 120000 (symlink)
index 0000000..7f620c6
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/tcl
@@ -0,0 +1 @@
+../../../common/tcl
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/unbound b/config/rootfiles/core/185/filelists/unbound
similarity index 100%
rename from config/rootfiles/core/184/filelists/unbound
rename to config/rootfiles/core/185/filelists/unbound

diff --git a/config/rootfiles/core/185/filelists/wget b/config/rootfiles/core/185/filelists/wget
new file mode 120000 (symlink)
index 0000000..fcb57df
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/wget
@@ -0,0 +1 @@
+../../../common/wget
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/whois b/config/rootfiles/core/185/filelists/whois
new file mode 120000 (symlink)
index 0000000..60cbd18
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/whois
@@ -0,0 +1 @@
+../../../common/whois
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/x86_64/binutils b/config/rootfiles/core/185/filelists/x86_64/binutils
new file mode 120000 (symlink)
index 0000000..7d0fda5
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/x86_64/binutils
@@ -0,0 +1 @@
+../../../../common/x86_64/binutils
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/x86_64/glibc b/config/rootfiles/core/185/filelists/x86_64/glibc
similarity index 100%
rename from config/rootfiles/core/184/filelists/x86_64/glibc
rename to config/rootfiles/core/185/filelists/x86_64/glibc

diff --git a/config/rootfiles/core/185/filelists/x86_64/intel-microcode b/config/rootfiles/core/185/filelists/x86_64/intel-microcode
new file mode 120000 (symlink)
index 0000000..d5ac074
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/x86_64/intel-microcode
@@ -0,0 +1 @@
+../../../../common/x86_64/intel-microcode
\ No newline at end of file

diff --git a/config/rootfiles/core/185/filelists/x86_64/util-linux b/config/rootfiles/core/185/filelists/x86_64/util-linux
new file mode 120000 (symlink)
index 0000000..7b5558d
--- /dev/null
+++ b/config/rootfiles/core/185/filelists/x86_64/util-linux
@@ -0,0 +1 @@
+../../../../common/x86_64/util-linux
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/xz b/config/rootfiles/core/185/filelists/xz
similarity index 100%
rename from config/rootfiles/core/184/filelists/xz
rename to config/rootfiles/core/185/filelists/xz

diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
new file mode 100644 (file)
index 0000000..3dce469
--- /dev/null
+++ b/config/rootfiles/core/185/update.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2024 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=185
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/ntp stop
+/etc/init.d/squid stop
+
+# Extract files
+extract_files
+
+# Remove files
+rm -rvf \
+       /etc/pango \
+       /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \
+       /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \
+       /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \
+       /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \
+       /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \
+       /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \
+       /lib/firmware/intel-ucode/06-86-04 \
+       /lib/firmware/intel-ucode/06-86-05 \
+       /lib/firmware/intel-ucode/06-8f-04 \
+       /sbin/xtables-multi \
+       /srv/web/ipfire/html/themes/ipfire-rounded \
+       /usr/lib/crda/pubkeys/linville.key.pub.pem \
+       /usr/lib/grub/i386-pc/efiemu{32,64}.o \
+       /usr/lib/grub/i386-pc/verifiers.* \
+       /usr/lib/grub/i386-pc/verify.* \
+       /usr/lib/grub/x86_64-efi/shim_lock.* \
+       /usr/lib/grub/x86_64-efi/verifiers.* \
+       /usr/lib/grub/x86_64-efi/verify.* \
+       /usr/lib/snort_dynamic* \
+       /usr/local/bin/snortctrl \
+       /usr/share/usb_modeswitch/1033:0035 \
+       /usr/share/vim/vim7* \
+       /var/ipfire/geoip-functions.pl \
+       /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \
+       /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \
+       /var/lib/location/tmp*
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Filesytem cleanup
+/usr/local/bin/filesystem-cleanup
+
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
+# Fix permissions of /etc/sudoers.d/
+chmod -v 750 /etc/sudoers.d
+chmod -v 640 /etc/sudoers.d/*
+
+# Start services
+telinit u
+/etc/init.d/sshd restart
+/etc/init.d/suricata restart
+/etc/init.d/unbound restart
+/etc/init.d/ntp start
+if [ -f /var/ipfire/proxy/enable ]; then
+       /etc/init.d/squid start
+fi
+## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
+# Check if ovpnconfig exists and is not empty
+if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+       awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+
+       # Make all N2N connections 'no-pass' since they do not use encryption
+       awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       # Copy all RW connections unchanged to the new ovpnconfig file
+       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+           awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+
+       done
+fi
+
+# Replace existing ovpnconfig with updated index
+mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+# Set correct ownership
+chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
+# Rebuild initial ramdisks
+dracut --regenerate-all --force
+KVER="xxxKVERxxx"
+case "$(uname -m)" in
+       aarch64)
+               mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
+               # dont remove initramfs because grub need this to boot.
+               ;;
+esac
+
+# This update needs a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+       grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0

diff --git a/config/rootfiles/oldcore/184/exclude b/config/rootfiles/oldcore/184/exclude
new file mode 100644 (file)
index 0000000..8ee1c3c
--- /dev/null
+++ b/config/rootfiles/oldcore/184/exclude
@@ -0,0 +1,35 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+boot/uEnv.txt
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/firewall/locationblock
+var/ipfire/fwhosts/customlocationgrp
+var/ipfire/ovpn
+var/ipfire/urlfilter/blacklist
+var/ipfire/urlfilter/settings
+var/lib/alternatives
+var/lib/location/database.db
+var/lib/location/ipset
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache

diff --git a/config/rootfiles/oldcore/184/filelists/aarch64/glibc b/config/rootfiles/oldcore/184/filelists/aarch64/glibc
new file mode 120000 (symlink)
index 0000000..d13849f
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/aarch64/glibc
@@ -0,0 +1 @@
+../../../../common/aarch64/glibc
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/acl b/config/rootfiles/oldcore/184/filelists/acl
similarity index 100%
rename from config/rootfiles/core/184/filelists/acl
rename to config/rootfiles/oldcore/184/filelists/acl

diff --git a/config/rootfiles/core/184/filelists/attr b/config/rootfiles/oldcore/184/filelists/attr
similarity index 100%
rename from config/rootfiles/core/184/filelists/attr
rename to config/rootfiles/oldcore/184/filelists/attr

diff --git a/config/rootfiles/core/184/filelists/bash b/config/rootfiles/oldcore/184/filelists/bash
similarity index 100%
rename from config/rootfiles/core/184/filelists/bash
rename to config/rootfiles/oldcore/184/filelists/bash

diff --git a/config/rootfiles/oldcore/184/filelists/bind b/config/rootfiles/oldcore/184/filelists/bind
new file mode 120000 (symlink)
index 0000000..48a0eba
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/bind
@@ -0,0 +1 @@
+../../../common/bind
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/core-files b/config/rootfiles/oldcore/184/filelists/core-files
new file mode 100644 (file)
index 0000000..0dec37e
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/core-files
@@ -0,0 +1,5 @@
+etc/system-release
+etc/issue
+etc/os-release
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs

diff --git a/config/rootfiles/core/184/filelists/dhcpcd b/config/rootfiles/oldcore/184/filelists/dhcpcd
similarity index 100%
rename from config/rootfiles/core/184/filelists/dhcpcd
rename to config/rootfiles/oldcore/184/filelists/dhcpcd

diff --git a/config/rootfiles/core/184/filelists/diffutils b/config/rootfiles/oldcore/184/filelists/diffutils
similarity index 100%
rename from config/rootfiles/core/184/filelists/diffutils
rename to config/rootfiles/oldcore/184/filelists/diffutils

diff --git a/config/rootfiles/core/184/filelists/ed b/config/rootfiles/oldcore/184/filelists/ed
similarity index 100%
rename from config/rootfiles/core/184/filelists/ed
rename to config/rootfiles/oldcore/184/filelists/ed

diff --git a/config/rootfiles/oldcore/184/filelists/expat b/config/rootfiles/oldcore/184/filelists/expat
new file mode 120000 (symlink)
index 0000000..e1923cf
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/expat
@@ -0,0 +1 @@
+../../../common/expat
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/file b/config/rootfiles/oldcore/184/filelists/file
similarity index 100%
rename from config/rootfiles/core/184/filelists/file
rename to config/rootfiles/oldcore/184/filelists/file

diff --git a/config/rootfiles/core/184/filelists/files b/config/rootfiles/oldcore/184/filelists/files
similarity index 100%
rename from config/rootfiles/core/184/filelists/files
rename to config/rootfiles/oldcore/184/filelists/files

diff --git a/config/rootfiles/core/184/filelists/gettext b/config/rootfiles/oldcore/184/filelists/gettext
similarity index 100%
rename from config/rootfiles/core/184/filelists/gettext
rename to config/rootfiles/oldcore/184/filelists/gettext

diff --git a/config/rootfiles/core/184/filelists/gnutls b/config/rootfiles/oldcore/184/filelists/gnutls
similarity index 100%
rename from config/rootfiles/core/184/filelists/gnutls
rename to config/rootfiles/oldcore/184/filelists/gnutls

diff --git a/config/rootfiles/core/184/filelists/iana-etc b/config/rootfiles/oldcore/184/filelists/iana-etc
similarity index 100%
rename from config/rootfiles/core/184/filelists/iana-etc
rename to config/rootfiles/oldcore/184/filelists/iana-etc

diff --git a/config/rootfiles/oldcore/184/filelists/iproute2 b/config/rootfiles/oldcore/184/filelists/iproute2
new file mode 120000 (symlink)
index 0000000..05f0f71
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/iproute2
@@ -0,0 +1 @@
+../../../common/iproute2
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/ipset b/config/rootfiles/oldcore/184/filelists/ipset
similarity index 100%
rename from config/rootfiles/core/184/filelists/ipset
rename to config/rootfiles/oldcore/184/filelists/ipset

diff --git a/config/rootfiles/oldcore/184/filelists/iputils b/config/rootfiles/oldcore/184/filelists/iputils
new file mode 120000 (symlink)
index 0000000..361c28f
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/iputils
@@ -0,0 +1 @@
+../../../common/iputils
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/libhtp b/config/rootfiles/oldcore/184/filelists/libhtp
similarity index 100%
rename from config/rootfiles/core/184/filelists/libhtp
rename to config/rootfiles/oldcore/184/filelists/libhtp

diff --git a/config/rootfiles/core/184/filelists/libidn b/config/rootfiles/oldcore/184/filelists/libidn
similarity index 100%
rename from config/rootfiles/core/184/filelists/libidn
rename to config/rootfiles/oldcore/184/filelists/libidn

diff --git a/config/rootfiles/oldcore/184/filelists/libpng b/config/rootfiles/oldcore/184/filelists/libpng
new file mode 120000 (symlink)
index 0000000..8ef96e2
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/libpng
@@ -0,0 +1 @@
+../../../common/libpng
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/lvm2 b/config/rootfiles/oldcore/184/filelists/lvm2
similarity index 100%
rename from config/rootfiles/core/184/filelists/lvm2
rename to config/rootfiles/oldcore/184/filelists/lvm2

diff --git a/config/rootfiles/core/184/filelists/lzip b/config/rootfiles/oldcore/184/filelists/lzip
similarity index 100%
rename from config/rootfiles/core/184/filelists/lzip
rename to config/rootfiles/oldcore/184/filelists/lzip

diff --git a/config/rootfiles/core/184/filelists/memtest b/config/rootfiles/oldcore/184/filelists/memtest
similarity index 100%
rename from config/rootfiles/core/184/filelists/memtest
rename to config/rootfiles/oldcore/184/filelists/memtest

diff --git a/config/rootfiles/core/184/filelists/openssl b/config/rootfiles/oldcore/184/filelists/openssl
similarity index 100%
rename from config/rootfiles/core/184/filelists/openssl
rename to config/rootfiles/oldcore/184/filelists/openssl

diff --git a/config/rootfiles/core/184/filelists/pam b/config/rootfiles/oldcore/184/filelists/pam
similarity index 100%
rename from config/rootfiles/core/184/filelists/pam
rename to config/rootfiles/oldcore/184/filelists/pam

diff --git a/config/rootfiles/oldcore/184/filelists/pixman b/config/rootfiles/oldcore/184/filelists/pixman
new file mode 120000 (symlink)
index 0000000..fdb6346
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/pixman
@@ -0,0 +1 @@
+../../../common/pixman
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/poppler b/config/rootfiles/oldcore/184/filelists/poppler
new file mode 120000 (symlink)
index 0000000..39aa6c2
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/poppler
@@ -0,0 +1 @@
+../../../common/poppler
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/readline b/config/rootfiles/oldcore/184/filelists/readline
similarity index 100%
rename from config/rootfiles/core/184/filelists/readline
rename to config/rootfiles/oldcore/184/filelists/readline

diff --git a/config/rootfiles/oldcore/184/filelists/riscv64/glibc b/config/rootfiles/oldcore/184/filelists/riscv64/glibc
new file mode 120000 (symlink)
index 0000000..36b731f
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/riscv64/glibc
@@ -0,0 +1 @@
+../../../../common/riscv64/glibc
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/shadow b/config/rootfiles/oldcore/184/filelists/shadow
new file mode 120000 (symlink)
index 0000000..c0824b7
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/shadow
@@ -0,0 +1 @@
+../../../common/shadow
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/sqlite b/config/rootfiles/oldcore/184/filelists/sqlite
new file mode 120000 (symlink)
index 0000000..4ea5697
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/sqlite
@@ -0,0 +1 @@
+../../../common/sqlite
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/squid b/config/rootfiles/oldcore/184/filelists/squid
new file mode 120000 (symlink)
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/suricata b/config/rootfiles/oldcore/184/filelists/suricata
new file mode 120000 (symlink)
index 0000000..f671f69
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/suricata
@@ -0,0 +1 @@
+../../../common/suricata
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/unbound b/config/rootfiles/oldcore/184/filelists/unbound
new file mode 120000 (symlink)
index 0000000..66adf09
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/vnstat b/config/rootfiles/oldcore/184/filelists/vnstat
similarity index 100%
rename from config/rootfiles/core/184/filelists/vnstat
rename to config/rootfiles/oldcore/184/filelists/vnstat

diff --git a/config/rootfiles/core/184/filelists/x86_64/dmidecode b/config/rootfiles/oldcore/184/filelists/x86_64/dmidecode
similarity index 100%
rename from config/rootfiles/core/184/filelists/x86_64/dmidecode
rename to config/rootfiles/oldcore/184/filelists/x86_64/dmidecode

diff --git a/config/rootfiles/oldcore/184/filelists/x86_64/glibc b/config/rootfiles/oldcore/184/filelists/x86_64/glibc
new file mode 120000 (symlink)
index 0000000..1119099
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/x86_64/glibc
@@ -0,0 +1 @@
+../../../../common/x86_64/glibc
\ No newline at end of file

diff --git a/config/rootfiles/oldcore/184/filelists/xz b/config/rootfiles/oldcore/184/filelists/xz
new file mode 120000 (symlink)
index 0000000..734e926
--- /dev/null
+++ b/config/rootfiles/oldcore/184/filelists/xz
@@ -0,0 +1 @@
+../../../common/xz
\ No newline at end of file

diff --git a/config/rootfiles/core/184/filelists/zlib b/config/rootfiles/oldcore/184/filelists/zlib
similarity index 100%
rename from config/rootfiles/core/184/filelists/zlib
rename to config/rootfiles/oldcore/184/filelists/zlib

diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/oldcore/184/update.sh
similarity index 100%
rename from config/rootfiles/core/184/update.sh
rename to config/rootfiles/oldcore/184/update.sh

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 428f73e6c34213fb2fde7be8b302732472580ce1..2c7242d7e5809ecf38ee04dcf42a64c3ae33f98f 100644 (file)
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -14,16 +14,17 @@ usr/bin/sigtool
 #usr/include/libfreshclam.h
 usr/lib/libclamav.so
 usr/lib/libclamav.so.12
-usr/lib/libclamav.so.12.0.1
+usr/lib/libclamav.so.12.0.2
+#usr/lib/libclamav_rust.a
 usr/lib/libclammspack.so
 usr/lib/libclammspack.so.0
 usr/lib/libclammspack.so.0.8.0
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.12
-usr/lib/libclamunrar.so.12.0.1
+usr/lib/libclamunrar.so.12.0.2
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.12
-usr/lib/libclamunrar_iface.so.12.0.1
+usr/lib/libclamunrar_iface.so.12.0.2
 usr/lib/libfreshclam.so
 usr/lib/libfreshclam.so.3
 usr/lib/libfreshclam.so.3.0.1
@@ -98,6 +99,7 @@ usr/sbin/clamd
 #usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-italic.woff2
 #usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-regular.woff2
 #usr/share/doc/ClamAV/html/fonts/source-code-pro-v11-all-charsets-500.woff2
+#usr/share/doc/ClamAV/html/googled62299e9391332c4.html
 #usr/share/doc/ClamAV/html/highlight.css
 #usr/share/doc/ClamAV/html/highlight.js
 #usr/share/doc/ClamAV/html/images
@@ -167,6 +169,7 @@ usr/sbin/clamd
 #usr/share/doc/ClamAV/html/searcher.js
 #usr/share/doc/ClamAV/html/searchindex.js
 #usr/share/doc/ClamAV/html/searchindex.json
+#usr/share/doc/ClamAV/html/sitemap.xml
 #usr/share/doc/ClamAV/html/theme-dawn.js
 #usr/share/doc/ClamAV/html/theme-tomorrow_night.js
 #usr/share/doc/ClamAV/html/tomorrow-night.css

diff --git a/config/rootfiles/packages/ghostscript b/config/rootfiles/packages/ghostscript
index c7af93ce23d7e596561fcd43b92e38e7b1f61069..05242f7258b7971d456b608322c5a7c287488fa7 100644 (file)
--- a/config/rootfiles/packages/ghostscript
+++ b/config/rootfiles/packages/ghostscript
@@ -25,170 +25,170 @@ usr/bin/ps2ps
 usr/bin/ps2ps2
 usr/bin/unix-lpr.sh
 #usr/share/doc/ghostscript
-#usr/share/doc/ghostscript/10.02.1
-#usr/share/doc/ghostscript/10.02.1/COPYING
-#usr/share/doc/ghostscript/10.02.1/GS9_Color_Management.pdf
-#usr/share/doc/ghostscript/10.02.1/Ghostscript.pdf
-#usr/share/doc/ghostscript/10.02.1/News.html
+#usr/share/doc/ghostscript/10.03.0
+#usr/share/doc/ghostscript/10.03.0/COPYING
+#usr/share/doc/ghostscript/10.03.0/GS9_Color_Management.pdf
+#usr/share/doc/ghostscript/10.03.0/Ghostscript.pdf
+#usr/share/doc/ghostscript/10.03.0/News.html
 #usr/share/ghostscript
-#usr/share/ghostscript/10.02.1
-#usr/share/ghostscript/10.02.1/lib
-#usr/share/ghostscript/10.02.1/lib/PDFA_def.ps
-#usr/share/ghostscript/10.02.1/lib/PDFX_def.ps
-#usr/share/ghostscript/10.02.1/lib/PM760p.upp
-#usr/share/ghostscript/10.02.1/lib/PM760pl.upp
-#usr/share/ghostscript/10.02.1/lib/PM820p.upp
-#usr/share/ghostscript/10.02.1/lib/PM820pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stc670p.upp
-#usr/share/ghostscript/10.02.1/lib/Stc670pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stc680p.upp
-#usr/share/ghostscript/10.02.1/lib/Stc680pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stc740p.upp
-#usr/share/ghostscript/10.02.1/lib/Stc740pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stc760p.upp
-#usr/share/ghostscript/10.02.1/lib/Stc760pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stc777p.upp
-#usr/share/ghostscript/10.02.1/lib/Stc777pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stp720p.upp
-#usr/share/ghostscript/10.02.1/lib/Stp720pl.upp
-#usr/share/ghostscript/10.02.1/lib/Stp870p.upp
-#usr/share/ghostscript/10.02.1/lib/Stp870pl.upp
-#usr/share/ghostscript/10.02.1/lib/acctest.ps
-#usr/share/ghostscript/10.02.1/lib/align.ps
-#usr/share/ghostscript/10.02.1/lib/bj8.rpd
-#usr/share/ghostscript/10.02.1/lib/bj8gc12f.upp
-#usr/share/ghostscript/10.02.1/lib/bj8hg12f.upp
-#usr/share/ghostscript/10.02.1/lib/bj8oh06n.upp
-#usr/share/ghostscript/10.02.1/lib/bj8pa06n.upp
-#usr/share/ghostscript/10.02.1/lib/bj8pp12f.upp
-#usr/share/ghostscript/10.02.1/lib/bj8ts06n.upp
-#usr/share/ghostscript/10.02.1/lib/bjc6000a1.upp
-#usr/share/ghostscript/10.02.1/lib/bjc6000b1.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a0.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a1.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a2.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a3.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a4.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a5.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a6.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a7.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610a8.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b1.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b2.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b3.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b4.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b6.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b7.upp
-#usr/share/ghostscript/10.02.1/lib/bjc610b8.upp
-#usr/share/ghostscript/10.02.1/lib/caption.ps
-#usr/share/ghostscript/10.02.1/lib/cbjc600.ppd
-#usr/share/ghostscript/10.02.1/lib/cbjc800.ppd
-#usr/share/ghostscript/10.02.1/lib/cdj550.upp
-#usr/share/ghostscript/10.02.1/lib/cdj690.upp
-#usr/share/ghostscript/10.02.1/lib/cdj690ec.upp
-#usr/share/ghostscript/10.02.1/lib/cid2code.ps
-#usr/share/ghostscript/10.02.1/lib/dnj750c.upp
-#usr/share/ghostscript/10.02.1/lib/dnj750m.upp
-#usr/share/ghostscript/10.02.1/lib/docie.ps
-#usr/share/ghostscript/10.02.1/lib/font2pcl.ps
-#usr/share/ghostscript/10.02.1/lib/ghostpdf.ppd
-#usr/share/ghostscript/10.02.1/lib/gs_ce_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_css_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_il2_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_kanji.ps
-#usr/share/ghostscript/10.02.1/lib/gs_ksb_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_l.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_l.xpm
-#usr/share/ghostscript/10.02.1/lib/gs_l_m.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_lgo_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_lgx_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_m.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_m.xpm
-#usr/share/ghostscript/10.02.1/lib/gs_m_m.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_s.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_s.xpm
-#usr/share/ghostscript/10.02.1/lib/gs_s_m.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_t.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_t.xpm
-#usr/share/ghostscript/10.02.1/lib/gs_t_m.xbm
-#usr/share/ghostscript/10.02.1/lib/gs_wl1_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_wl2_e.ps
-#usr/share/ghostscript/10.02.1/lib/gs_wl5_e.ps
-#usr/share/ghostscript/10.02.1/lib/gslp.ps
-#usr/share/ghostscript/10.02.1/lib/gsnup.ps
-#usr/share/ghostscript/10.02.1/lib/ht_ccsto.ps
-#usr/share/ghostscript/10.02.1/lib/image-qa.ps
-#usr/share/ghostscript/10.02.1/lib/jispaper.ps
-#usr/share/ghostscript/10.02.1/lib/landscap.ps
-#usr/share/ghostscript/10.02.1/lib/lines.ps
-#usr/share/ghostscript/10.02.1/lib/mkcidfm.ps
-#usr/share/ghostscript/10.02.1/lib/necp2x.upp
-#usr/share/ghostscript/10.02.1/lib/necp2x6.upp
-#usr/share/ghostscript/10.02.1/lib/pdf2dsc.ps
-#usr/share/ghostscript/10.02.1/lib/pdf_info.ps
-#usr/share/ghostscript/10.02.1/lib/pf2afm.ps
-#usr/share/ghostscript/10.02.1/lib/pfbtopfa.ps
-#usr/share/ghostscript/10.02.1/lib/ppath.ps
-#usr/share/ghostscript/10.02.1/lib/pphs.ps
-#usr/share/ghostscript/10.02.1/lib/prfont.ps
-#usr/share/ghostscript/10.02.1/lib/printafm.ps
-#usr/share/ghostscript/10.02.1/lib/ps2ai.ps
-#usr/share/ghostscript/10.02.1/lib/ps2epsi.ps
-#usr/share/ghostscript/10.02.1/lib/ras1.upp
-#usr/share/ghostscript/10.02.1/lib/ras24.upp
-#usr/share/ghostscript/10.02.1/lib/ras3.upp
-#usr/share/ghostscript/10.02.1/lib/ras32.upp
-#usr/share/ghostscript/10.02.1/lib/ras4.upp
-#usr/share/ghostscript/10.02.1/lib/ras8m.upp
-#usr/share/ghostscript/10.02.1/lib/rollconv.ps
-#usr/share/ghostscript/10.02.1/lib/s400a1.upp
-#usr/share/ghostscript/10.02.1/lib/s400b1.upp
-#usr/share/ghostscript/10.02.1/lib/sharp.upp
-#usr/share/ghostscript/10.02.1/lib/sipixa6.upp
-#usr/share/ghostscript/10.02.1/lib/st640ih.upp
-#usr/share/ghostscript/10.02.1/lib/st640ihg.upp
-#usr/share/ghostscript/10.02.1/lib/st640p.upp
-#usr/share/ghostscript/10.02.1/lib/st640pg.upp
-#usr/share/ghostscript/10.02.1/lib/st640pl.upp
-#usr/share/ghostscript/10.02.1/lib/st640plg.upp
-#usr/share/ghostscript/10.02.1/lib/stc.upp
-#usr/share/ghostscript/10.02.1/lib/stc1520h.upp
-#usr/share/ghostscript/10.02.1/lib/stc2.upp
-#usr/share/ghostscript/10.02.1/lib/stc200_h.upp
-#usr/share/ghostscript/10.02.1/lib/stc2_h.upp
-#usr/share/ghostscript/10.02.1/lib/stc2s_h.upp
-#usr/share/ghostscript/10.02.1/lib/stc300.upp
-#usr/share/ghostscript/10.02.1/lib/stc300bl.upp
-#usr/share/ghostscript/10.02.1/lib/stc300bm.upp
-#usr/share/ghostscript/10.02.1/lib/stc500p.upp
-#usr/share/ghostscript/10.02.1/lib/stc500ph.upp
-#usr/share/ghostscript/10.02.1/lib/stc600ih.upp
-#usr/share/ghostscript/10.02.1/lib/stc600p.upp
-#usr/share/ghostscript/10.02.1/lib/stc600pl.upp
-#usr/share/ghostscript/10.02.1/lib/stc640p.upp
-#usr/share/ghostscript/10.02.1/lib/stc740ih.upp
-#usr/share/ghostscript/10.02.1/lib/stc800ih.upp
-#usr/share/ghostscript/10.02.1/lib/stc800p.upp
-#usr/share/ghostscript/10.02.1/lib/stc800pl.upp
-#usr/share/ghostscript/10.02.1/lib/stc_h.upp
-#usr/share/ghostscript/10.02.1/lib/stc_l.upp
-#usr/share/ghostscript/10.02.1/lib/stcany.upp
-#usr/share/ghostscript/10.02.1/lib/stcany_h.upp
-#usr/share/ghostscript/10.02.1/lib/stcinfo.ps
-#usr/share/ghostscript/10.02.1/lib/stcolor.ps
-#usr/share/ghostscript/10.02.1/lib/stocht.ps
-#usr/share/ghostscript/10.02.1/lib/traceimg.ps
-#usr/share/ghostscript/10.02.1/lib/traceop.ps
-#usr/share/ghostscript/10.02.1/lib/uninfo.ps
-#usr/share/ghostscript/10.02.1/lib/viewcmyk.ps
-#usr/share/ghostscript/10.02.1/lib/viewgif.ps
-#usr/share/ghostscript/10.02.1/lib/viewjpeg.ps
-#usr/share/ghostscript/10.02.1/lib/viewmiff.ps
-#usr/share/ghostscript/10.02.1/lib/viewpbm.ps
-#usr/share/ghostscript/10.02.1/lib/viewpcx.ps
-#usr/share/ghostscript/10.02.1/lib/viewps2a.ps
-#usr/share/ghostscript/10.02.1/lib/winmaps.ps
-#usr/share/ghostscript/10.02.1/lib/zeroline.ps
+#usr/share/ghostscript/10.03.0
+#usr/share/ghostscript/10.03.0/lib
+#usr/share/ghostscript/10.03.0/lib/PDFA_def.ps
+#usr/share/ghostscript/10.03.0/lib/PDFX_def.ps
+#usr/share/ghostscript/10.03.0/lib/PM760p.upp
+#usr/share/ghostscript/10.03.0/lib/PM760pl.upp
+#usr/share/ghostscript/10.03.0/lib/PM820p.upp
+#usr/share/ghostscript/10.03.0/lib/PM820pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stc670p.upp
+#usr/share/ghostscript/10.03.0/lib/Stc670pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stc680p.upp
+#usr/share/ghostscript/10.03.0/lib/Stc680pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stc740p.upp
+#usr/share/ghostscript/10.03.0/lib/Stc740pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stc760p.upp
+#usr/share/ghostscript/10.03.0/lib/Stc760pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stc777p.upp
+#usr/share/ghostscript/10.03.0/lib/Stc777pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stp720p.upp
+#usr/share/ghostscript/10.03.0/lib/Stp720pl.upp
+#usr/share/ghostscript/10.03.0/lib/Stp870p.upp
+#usr/share/ghostscript/10.03.0/lib/Stp870pl.upp
+#usr/share/ghostscript/10.03.0/lib/acctest.ps
+#usr/share/ghostscript/10.03.0/lib/align.ps
+#usr/share/ghostscript/10.03.0/lib/bj8.rpd
+#usr/share/ghostscript/10.03.0/lib/bj8gc12f.upp
+#usr/share/ghostscript/10.03.0/lib/bj8hg12f.upp
+#usr/share/ghostscript/10.03.0/lib/bj8oh06n.upp
+#usr/share/ghostscript/10.03.0/lib/bj8pa06n.upp
+#usr/share/ghostscript/10.03.0/lib/bj8pp12f.upp
+#usr/share/ghostscript/10.03.0/lib/bj8ts06n.upp
+#usr/share/ghostscript/10.03.0/lib/bjc6000a1.upp
+#usr/share/ghostscript/10.03.0/lib/bjc6000b1.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a0.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a1.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a2.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a3.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a4.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a5.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a6.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a7.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610a8.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b1.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b2.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b3.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b4.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b6.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b7.upp
+#usr/share/ghostscript/10.03.0/lib/bjc610b8.upp
+#usr/share/ghostscript/10.03.0/lib/caption.ps
+#usr/share/ghostscript/10.03.0/lib/cbjc600.ppd
+#usr/share/ghostscript/10.03.0/lib/cbjc800.ppd
+#usr/share/ghostscript/10.03.0/lib/cdj550.upp
+#usr/share/ghostscript/10.03.0/lib/cdj690.upp
+#usr/share/ghostscript/10.03.0/lib/cdj690ec.upp
+#usr/share/ghostscript/10.03.0/lib/cid2code.ps
+#usr/share/ghostscript/10.03.0/lib/dnj750c.upp
+#usr/share/ghostscript/10.03.0/lib/dnj750m.upp
+#usr/share/ghostscript/10.03.0/lib/docie.ps
+#usr/share/ghostscript/10.03.0/lib/font2pcl.ps
+#usr/share/ghostscript/10.03.0/lib/ghostpdf.ppd
+#usr/share/ghostscript/10.03.0/lib/gs_ce_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_css_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_il2_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_kanji.ps
+#usr/share/ghostscript/10.03.0/lib/gs_ksb_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_l.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_l.xpm
+#usr/share/ghostscript/10.03.0/lib/gs_l_m.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_lgo_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_lgx_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_m.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_m.xpm
+#usr/share/ghostscript/10.03.0/lib/gs_m_m.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_s.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_s.xpm
+#usr/share/ghostscript/10.03.0/lib/gs_s_m.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_t.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_t.xpm
+#usr/share/ghostscript/10.03.0/lib/gs_t_m.xbm
+#usr/share/ghostscript/10.03.0/lib/gs_wl1_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_wl2_e.ps
+#usr/share/ghostscript/10.03.0/lib/gs_wl5_e.ps
+#usr/share/ghostscript/10.03.0/lib/gslp.ps
+#usr/share/ghostscript/10.03.0/lib/gsnup.ps
+#usr/share/ghostscript/10.03.0/lib/ht_ccsto.ps
+#usr/share/ghostscript/10.03.0/lib/image-qa.ps
+#usr/share/ghostscript/10.03.0/lib/jispaper.ps
+#usr/share/ghostscript/10.03.0/lib/landscap.ps
+#usr/share/ghostscript/10.03.0/lib/lines.ps
+#usr/share/ghostscript/10.03.0/lib/mkcidfm.ps
+#usr/share/ghostscript/10.03.0/lib/necp2x.upp
+#usr/share/ghostscript/10.03.0/lib/necp2x6.upp
+#usr/share/ghostscript/10.03.0/lib/pdf2dsc.ps
+#usr/share/ghostscript/10.03.0/lib/pdf_info.ps
+#usr/share/ghostscript/10.03.0/lib/pf2afm.ps
+#usr/share/ghostscript/10.03.0/lib/pfbtopfa.ps
+#usr/share/ghostscript/10.03.0/lib/ppath.ps
+#usr/share/ghostscript/10.03.0/lib/pphs.ps
+#usr/share/ghostscript/10.03.0/lib/prfont.ps
+#usr/share/ghostscript/10.03.0/lib/printafm.ps
+#usr/share/ghostscript/10.03.0/lib/ps2ai.ps
+#usr/share/ghostscript/10.03.0/lib/ps2epsi.ps
+#usr/share/ghostscript/10.03.0/lib/ras1.upp
+#usr/share/ghostscript/10.03.0/lib/ras24.upp
+#usr/share/ghostscript/10.03.0/lib/ras3.upp
+#usr/share/ghostscript/10.03.0/lib/ras32.upp
+#usr/share/ghostscript/10.03.0/lib/ras4.upp
+#usr/share/ghostscript/10.03.0/lib/ras8m.upp
+#usr/share/ghostscript/10.03.0/lib/rollconv.ps
+#usr/share/ghostscript/10.03.0/lib/s400a1.upp
+#usr/share/ghostscript/10.03.0/lib/s400b1.upp
+#usr/share/ghostscript/10.03.0/lib/sharp.upp
+#usr/share/ghostscript/10.03.0/lib/sipixa6.upp
+#usr/share/ghostscript/10.03.0/lib/st640ih.upp
+#usr/share/ghostscript/10.03.0/lib/st640ihg.upp
+#usr/share/ghostscript/10.03.0/lib/st640p.upp
+#usr/share/ghostscript/10.03.0/lib/st640pg.upp
+#usr/share/ghostscript/10.03.0/lib/st640pl.upp
+#usr/share/ghostscript/10.03.0/lib/st640plg.upp
+#usr/share/ghostscript/10.03.0/lib/stc.upp
+#usr/share/ghostscript/10.03.0/lib/stc1520h.upp
+#usr/share/ghostscript/10.03.0/lib/stc2.upp
+#usr/share/ghostscript/10.03.0/lib/stc200_h.upp
+#usr/share/ghostscript/10.03.0/lib/stc2_h.upp
+#usr/share/ghostscript/10.03.0/lib/stc2s_h.upp
+#usr/share/ghostscript/10.03.0/lib/stc300.upp
+#usr/share/ghostscript/10.03.0/lib/stc300bl.upp
+#usr/share/ghostscript/10.03.0/lib/stc300bm.upp
+#usr/share/ghostscript/10.03.0/lib/stc500p.upp
+#usr/share/ghostscript/10.03.0/lib/stc500ph.upp
+#usr/share/ghostscript/10.03.0/lib/stc600ih.upp
+#usr/share/ghostscript/10.03.0/lib/stc600p.upp
+#usr/share/ghostscript/10.03.0/lib/stc600pl.upp
+#usr/share/ghostscript/10.03.0/lib/stc640p.upp
+#usr/share/ghostscript/10.03.0/lib/stc740ih.upp
+#usr/share/ghostscript/10.03.0/lib/stc800ih.upp
+#usr/share/ghostscript/10.03.0/lib/stc800p.upp
+#usr/share/ghostscript/10.03.0/lib/stc800pl.upp
+#usr/share/ghostscript/10.03.0/lib/stc_h.upp
+#usr/share/ghostscript/10.03.0/lib/stc_l.upp
+#usr/share/ghostscript/10.03.0/lib/stcany.upp
+#usr/share/ghostscript/10.03.0/lib/stcany_h.upp
+#usr/share/ghostscript/10.03.0/lib/stcinfo.ps
+#usr/share/ghostscript/10.03.0/lib/stcolor.ps
+#usr/share/ghostscript/10.03.0/lib/stocht.ps
+#usr/share/ghostscript/10.03.0/lib/traceimg.ps
+#usr/share/ghostscript/10.03.0/lib/traceop.ps
+#usr/share/ghostscript/10.03.0/lib/uninfo.ps
+#usr/share/ghostscript/10.03.0/lib/viewcmyk.ps
+#usr/share/ghostscript/10.03.0/lib/viewgif.ps
+#usr/share/ghostscript/10.03.0/lib/viewjpeg.ps
+#usr/share/ghostscript/10.03.0/lib/viewmiff.ps
+#usr/share/ghostscript/10.03.0/lib/viewpbm.ps
+#usr/share/ghostscript/10.03.0/lib/viewpcx.ps
+#usr/share/ghostscript/10.03.0/lib/viewps2a.ps
+#usr/share/ghostscript/10.03.0/lib/winmaps.ps
+#usr/share/ghostscript/10.03.0/lib/zeroline.ps
 #usr/share/ghostscript/fonts
 #usr/share/ghostscript/fonts/COPYING
 #usr/share/ghostscript/fonts/ChangeLog

diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git
index 306767e4b8d96e85bc33273060c4835efaede1df..17efb20122bd46e0f4cf3b9f00ecb1554dfbe6b0 100644 (file)
--- a/config/rootfiles/packages/git
+++ b/config/rootfiles/packages/git
@@ -133,6 +133,7 @@ usr/libexec/git-core/git-remote-http
 usr/libexec/git-core/git-remote-https
 usr/libexec/git-core/git-repack
 usr/libexec/git-core/git-replace
+usr/libexec/git-core/git-replay
 usr/libexec/git-core/git-request-pull
 usr/libexec/git-core/git-rerere
 usr/libexec/git-core/git-reset

diff --git a/config/rootfiles/packages/gnump3d b/config/rootfiles/packages/gnump3d
index 4679c87b1b6d000b3c2865b77b69c3c8244ce013..ab1f0282cb94810c3a3aaf31bf2cfd0b98fb6510 100644 (file)
--- a/config/rootfiles/packages/gnump3d
+++ b/config/rootfiles/packages/gnump3d
@@ -387,4 +387,5 @@ usr/share/gnump3d
 var/cache/gnump3d
 var/cache/gnump3d/serving
 var/log/gnump3d
+#var/mp3
 var/mp3/info

diff --git a/config/rootfiles/packages/gutenprint b/config/rootfiles/packages/gutenprint
index 8d6fdd489b410c51a22e9e237ab226bb21ae52bd..fb44ab7e484d2290490602f579b1964d11b185fa 100644 (file)
--- a/config/rootfiles/packages/gutenprint
+++ b/config/rootfiles/packages/gutenprint
@@ -450,4 +450,3 @@ usr/share/gutenprint/samples/testpattern.sample
 #usr/share/man/man8/cups-genppd.8
 #usr/share/man/man8/cups-genppdupdate.8
 var/ipfire/cups/command.types
-

diff --git a/config/rootfiles/packages/libmpdclient b/config/rootfiles/packages/libmpdclient
index 531afce82de1a317c5e604e4fd7545267d53576c..1c9da51f9ad1bfdf796aae3940b5c003575ecf0a 100644 (file)
--- a/config/rootfiles/packages/libmpdclient
+++ b/config/rootfiles/packages/libmpdclient
@@ -1,6 +1,8 @@
 #usr/include/mpd
+#usr/include/mpd/albumart.h
 #usr/include/mpd/async.h
 #usr/include/mpd/audio_format.h
+#usr/include/mpd/binary.h
 #usr/include/mpd/capabilities.h
 #usr/include/mpd/client.h
 #usr/include/mpd/compiler.h
@@ -23,8 +25,10 @@
 #usr/include/mpd/password.h
 #usr/include/mpd/player.h
 #usr/include/mpd/playlist.h
+#usr/include/mpd/position.h
 #usr/include/mpd/protocol.h
 #usr/include/mpd/queue.h
+#usr/include/mpd/readpicture.h
 #usr/include/mpd/recv.h
 #usr/include/mpd/replay_gain.h
 #usr/include/mpd/response.h
@@ -40,13 +44,11 @@
 #usr/include/mpd/version.h
 usr/lib/libmpdclient.so
 usr/lib/libmpdclient.so.2
-usr/lib/libmpdclient.so.2.19
+usr/lib/libmpdclient.so.2.22
 #usr/lib/pkgconfig/libmpdclient.pc
 #usr/share/doc/libmpdclient
 #usr/share/doc/libmpdclient/AUTHORS
-#usr/share/doc/libmpdclient/COPYING
+#usr/share/doc/libmpdclient/BSD-2-Clause.txt
+#usr/share/doc/libmpdclient/BSD-3-Clause.txt
 #usr/share/doc/libmpdclient/NEWS
 #usr/share/doc/libmpdclient/README.rst
-#usr/share/vala
-#usr/share/vala/vapi
-#usr/share/vala/vapi/libmpdclient.vapi

diff --git a/config/rootfiles/packages/libplist b/config/rootfiles/packages/libplist
index 8f2d3b9e0521b2117ab25729eb545383a9223486..53be64faaf9816be08c4a3c7c7310c1e0057e9dc 100644 (file)
--- a/config/rootfiles/packages/libplist
+++ b/config/rootfiles/packages/libplist
@@ -17,11 +17,11 @@
 #usr/lib/libplist++-2.0.la
 #usr/lib/libplist++-2.0.so
 usr/lib/libplist++-2.0.so.4
-usr/lib/libplist++-2.0.so.4.3.0
+usr/lib/libplist++-2.0.so.4.4.0
 #usr/lib/libplist-2.0.la
 #usr/lib/libplist-2.0.so
 usr/lib/libplist-2.0.so.4
-usr/lib/libplist-2.0.so.4.3.0
+usr/lib/libplist-2.0.so.4.4.0
 #usr/lib/pkgconfig/libplist++-2.0.pc
 #usr/lib/pkgconfig/libplist-2.0.pc
 #usr/share/man/man1/plistutil.1

diff --git a/config/rootfiles/packages/mpd b/config/rootfiles/packages/mpd
index 85501238bad8638c0d0c0bcedc5b4e95890b3577..828ae31e17aeda0a7f50c99eecde8ae6dffad63f 100644 (file)
--- a/config/rootfiles/packages/mpd
+++ b/config/rootfiles/packages/mpd
@@ -8,3 +8,10 @@ usr/bin/mpd
 #usr/share/icons/hicolor/scalable/apps/mpd.svg
 var/log/mpd.error.log
 var/log/mpd.log
+var/ipfire/backup/addons/includes/mpd
+#var/ipfire/mpd
+#var/ipfire/mpd/db
+var/ipfire/mpd/db/info
+var/ipfire/mpd/mpd.conf
+var/ipfire/mpd/playlist.m3u
+var/mp3/info

diff --git a/config/rootfiles/packages/mpfire b/config/rootfiles/packages/mpfire
index ec0ea439595360676095a29dc677c974e79f00bf..ab12bde03275ece6a8e66068b5969c320e2128d9 100644 (file)
--- a/config/rootfiles/packages/mpfire
+++ b/config/rootfiles/packages/mpfire
@@ -27,15 +27,9 @@ var/ipfire/menu.d/EX-mpfire.menu
 var/ipfire/mpfire
 var/ipfire/mpfire/bin
 var/ipfire/mpfire/bin/mpfire.pl
-#var/ipfire/mpfire/db
-var/ipfire/mpfire/db/info
-var/ipfire/mpfire/mpd.conf
-var/ipfire/mpfire/playlist.m3u
 var/ipfire/mpfire/settings
 var/ipfire/mpfire/webradio
-var/mp3/info
 usr/local/bin/mpfirectrl
 srv/web/ipfire/cgi-bin/mpfire.cgi
 srv/web/ipfire/html/images/mpfire
 var/ipfire/menu.d/EX-mpfire.menu
-#var/mp3

diff --git a/config/rootfiles/packages/mympd b/config/rootfiles/packages/mympd
index bc9912b85aa84991c15de6d38d820d034112b1e7..b0ac2859fcf5b2d00d6fecfcd22a4df814c69b3e 100644 (file)
--- a/config/rootfiles/packages/mympd
+++ b/config/rootfiles/packages/mympd
@@ -1,5 +1,6 @@
 etc/rc.d/init.d/mympd
 usr/bin/mympd
+usr/bin/mympd-config
 usr/bin/mympd-script
 #usr/lib/systemd/system/mympd.service
 #usr/share/doc/mympd
@@ -7,6 +8,7 @@ usr/bin/mympd-script
 #usr/share/doc/mympd/LICENSE.md
 #usr/share/doc/mympd/README.md
 #usr/share/doc/mympd/SECURITY.md
+#usr/share/man/man1/mympd-config.1.gz
 #usr/share/man/man1/mympd-script.1.gz
 #usr/share/man/man1/mympd.1.gz
 var/ipfire/backup/addons/includes/mympd
@@ -16,3 +18,5 @@ var/lib/mympd
 #var/lib/mympd/config/ssl_port
 #var/lib/mympd/state
 #var/lib/mympd/state/music_directory
+srv/web/ipfire/cgi-bin/mympd.cgi
+var/ipfire/menu.d/EX-mympd.menu

diff --git a/config/rootfiles/packages/opus b/config/rootfiles/packages/opus
index 398135c3da83266427278be50ec20fd4347c9b36..1865d30e24a8879c851a20c6981f625eaa717fe9 100644 (file)
--- a/config/rootfiles/packages/opus
+++ b/config/rootfiles/packages/opus
@@ -8,6 +8,6 @@
 #usr/lib/libopus.la
 #usr/lib/libopus.so
 usr/lib/libopus.so.0
-usr/lib/libopus.so.0.9.0
+usr/lib/libopus.so.0.10.0
 #usr/lib/pkgconfig/opus.pc
 #usr/share/aclocal/opus.m4

diff --git a/config/rootfiles/packages/sdl2 b/config/rootfiles/packages/sdl2
index 10691044c12e4a63397512fe9bd40a32557d14fc..b0d9606604aa01f7c38d1dccb13aa1ffbacc7f82 100644 (file)
--- a/config/rootfiles/packages/sdl2
+++ b/config/rootfiles/packages/sdl2
@@ -82,7 +82,7 @@
 #usr/lib/cmake/SDL2/sdl2-config-version.cmake
 #usr/lib/cmake/SDL2/sdl2-config.cmake
 usr/lib/libSDL2-2.0.so.0
-usr/lib/libSDL2-2.0.so.0.2800.5
+usr/lib/libSDL2-2.0.so.0.3000.1
 #usr/lib/libSDL2.la
 usr/lib/libSDL2.so
 #usr/lib/libSDL2_test.a

diff --git a/config/rootfiles/packages/transmission b/config/rootfiles/packages/transmission
index 827205a11e1b816c199e86007b562ff598d8f7d4..66b832e3c99a7ac242b06c912a8a500b8303cc0d 100644 (file)
--- a/config/rootfiles/packages/transmission
+++ b/config/rootfiles/packages/transmission
@@ -17,3 +17,5 @@ usr/share/transmission
 #usr/share/transmission/public_html/transmission-app.js
 #usr/share/transmission/public_html/transmission-app.js.LEGAL.txt
 var/ipfire/backup/addons/includes/transmission
+srv/web/ipfire/cgi-bin/transmission.cgi
+var/ipfire/menu.d/EX-transmission.menu

diff --git a/config/rootfiles/packages/vdr b/config/rootfiles/packages/vdr
index b08f1f04d0fb50533e5dd91cd7d2bc7b4c77adb8..8a6895df4fa1bc6cb707f8e608165367b5b464f4 100644 (file)
--- a/config/rootfiles/packages/vdr
+++ b/config/rootfiles/packages/vdr
@@ -87,3 +87,5 @@ usr/share/vdr
 var/cache/vdr
 var/ipfire/backup/addons/includes/vdr
 #var/video
+srv/web/ipfire/cgi-bin/vdr.cgi
+var/ipfire/menu.d/EX-vdr.menu

diff --git a/config/rootfiles/packages/wsdd b/config/rootfiles/packages/wsdd
new file mode 100644 (file)
index 0000000..ce22504
--- /dev/null
+++ b/config/rootfiles/packages/wsdd
@@ -0,0 +1,2 @@
+etc/rc.d/init.d/wsdd
+usr/bin/wsdd

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index 729a47ac620cfe200cdb1b4863569896082d6ee1..8e10cb4c8ad098e93cd1f20043ed48c0d4a52bf9 100644 (file)
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -20,3 +20,6 @@ var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf
 var/ipfire/zabbix_agentd/userparameters
 var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+var/ipfire/zabbix_agentd/scripts
+var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh

diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 14d1b865f3b99f1cd929c3372707879805e53f60..2b3b4ffcb7f1441d9eb6a6bd76f69bb167d3a5ba 100644 (file)
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,44 +97,14 @@ our %Providers = (
                dl_type => "plain",
        },
 
-       # Positive Technologies Attack Detection Team rules.
-       attack_detection => {
-               summary => "PT Attack Detection Team Rules",
-               website => "https://github.com/ptresearch/AttackDetection",
-               tr_string => "attack detection team rules",
+       # ThreatFox
+       threatfox => {
+               summary => "ThreatFox Indicators Of Compromise Rules",
+               website => "https://threatfox.abuse.ch/",
+               tr_string => "threatfox rules",
                requires_subscription => "False",
-               dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz",
-               dl_type => "archive",
-       },
-
-       # Secureworks Security rules.
-       secureworks_security => {
-               summary => "Secureworks Security Ruleset",
-               website => "https://www.secureworks.com",
-               tr_string => "secureworks security ruleset",
-               requires_subscription => "True",
-               dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz",
-               dl_type => "archive",
-       },
-
-       # Secureworks Malware rules.
-       secureworks_malware => {
-               summary => "Secureworks Malware Ruleset",
-               website => "https://www.secureworks.com",
-               tr_string => "secureworks malware ruleset",
-               requires_subscription => "True",
-               dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz",
-               dl_type => "archive",
-       },
-
-       # Secureworks Enhanced rules.
-       secureworks_enhanced => {
-               summary => "Secureworks Enhanced Ruleset",
-               website => "https://www.secureworks.com",
-               tr_string => "secureworks enhanced ruleset",
-               requires_subscription => "True",
-               dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz",
-               dl_type => "archive",
+               dl_url => "https://threatfox.abuse.ch/downloads/threatfox_suricata.rules",
+               dl_type => "plain",
        },
 
        # Travis B. Green hunting rules.

diff --git a/config/zabbix_agentd/ipfire_certificate_detail.sh b/config/zabbix_agentd/ipfire_certificate_detail.sh
new file mode 100755 (executable)
index 0000000..9ca0ef5
--- /dev/null
+++ b/config/zabbix_agentd/ipfire_certificate_detail.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+###############################################################################
+# ipfire_certificate_detail.sh - Get certificate details and validation results
+#                                in JSON format for use by Zabbix agent
+#
+# Author: robin.roevens (at) disroot.org
+# Version: 1.0
+#
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org> 
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License 
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# 
+###############################################################################
+
+# Required binaries
+OPENSSL=/usr/bin/openssl
+DATE=/bin/date
+
+# Parameter checking
+[[ $1 ]] || { echo "{\"error\":\"No CA certificate file given.\"}"; exit 1; }
+[[ -f $1 ]] || { echo "{\"error\":\"CA certificate not found: $1.\"}"; exit 1; }
+[[ -r $1 ]] || { echo "{\"error\":\"No read permission on CA certificate: $1.\"}"; exit 1; }
+[[ $2 ]] || { echo "{\"error\":\"No certificate file given.\"}"; exit 1; }
+[[ -f $2 ]] || { echo "{\"error\":\"Certificate not found: $2.\"}"; exit 1; }
+[[ -r $2 ]] || { echo "{\"error\":\"No read permission on certificate $2.\"}"; exit 1; }
+[[ -x $OPENSSL ]] || { echo "{\"error\":\"$OPENSSL binary not found or no permission.\"}"; exit 1; }
+[[ -x $DATE ]] || { echo "{\"error\":\"$DATE binary not found or no permission.\"}"; exit 1; }
+
+cafile=$1
+cert=$2
+
+# Parse certificate details
+cert_details=$(${OPENSSL} x509 -in "${cert}" -noout -text -certopt no_header,no_sigdump)
+version=$(echo "${cert_details}" | grep "Version:" | sed 's/^ \+Version: \([0-9]\+\) (.\+)$/\1/g')
+serial_number=$(echo "${cert_details}" | grep -A1 "Serial Number:" | tr -d '\n' | sed 's/^ \+Serial Number:\(\( \(.*\) ([0-9]\+x[0-9]\+).*\)\|\( \+\(.*\)$\)\)/\3\5/g')
+signature_algorithm=$(echo "${cert_details}" | grep "Signature Algorithm:" | sed 's/^ \+Signature Algorithm: //g')
+issuer=$(echo "${cert_details}" | grep "Issuer:" | sed 's/^ \+Issuer: //g' | sed 's/"/\\"/g')
+not_before_value=$(echo "${cert_details}" | grep "Not Before:" | sed 's/^ \+Not Before: //g')
+not_before_timestamp=$(${DATE} -d "${not_before_value}" +%s)
+not_after_value=$(echo "${cert_details}" | grep "Not After :" | sed 's/^ \+Not After : //g')
+not_after_timestamp=$(${DATE} -d "${not_after_value}" +%s)
+subject=$(echo "${cert_details}" | grep "Subject:" | sed 's/^ \+Subject: //g' | sed 's/"/\\"/g')
+public_key_algorithm=$(echo "${cert_details}" | grep "Public Key Algorithm:" | sed 's/^ \+Public Key Algorithm: //g')
+
+# Verify certificate
+cert_verify=$(${OPENSSL} verify -CAfile "${cafile}" "${cert}" 2>&1)
+if [[ $? != 0 ]]; then
+       result_value="invalid"
+       result_message="failed to verify certificate: x509: $(echo "${cert_verify}" | grep -E "error [0-9]+" | sed 's/^.\+: \(.\+\)/\1/g')"
+else
+       result_value="valid"
+       result_message="certificate verified successfully"
+fi
+
+# Generate fingerprints
+sha1_fingerprint=$(${OPENSSL} x509 -in "${cert}" -noout -fingerprint -sha1 | cut -d= -f2)
+sha256_fingerprint=$(${OPENSSL} x509 -in "${cert}" -noout -fingerprint -sha256 | cut -d= -f2)
+
+# Print certificate details in JSON
+echo -n "{\"x509\":{"
+echo -n "\"version\":\"${version}\","
+echo -n "\"serial_number\":\"${serial_number}\","
+echo -n "\"signature_algorithm\":\"${signature_algorithm}\","
+echo -n "\"issuer\":\"${issuer}\","
+echo -n "\"not_before\":{"
+echo -n "\"value\":\"${not_before_value}\","
+echo -n "\"timestamp\":\"${not_before_timestamp}\"},"
+echo -n "\"not_after\":{"
+echo -n "\"value\":\"${not_after_value}\","
+echo -n "\"timestamp\":\"${not_after_timestamp}\"},"
+echo -n "\"subject\":\"${subject}\","
+echo -n "\"public_key_algorithm\":\"${public_key_algorithm}\"},"
+echo -n "\"result\":{"
+echo -n "\"value\":\"${result_value}\","
+echo -n "\"message\":\"${result_message}\"},"
+echo -n "\"sha1_fingerprint\":\"${sha1_fingerprint}\","
+echo -n "\"sha256_fingerprint\":\"${sha256_fingerprint}\""
+echo -n "}"
+
+exit 0
\ No newline at end of file

diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index d93ec5d5566650a32cd4232ed81d753af031fdef..138c75635a1c41652e086fedb7a7ee277fbb079b 100644 (file)
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,3 +9,4 @@
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh

diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf
index ba0c6c2ca3538307c12475260c3662830184ff03..d2d0c83078528c5630a92e9c4657fa2873a3afc1 100644 (file)
--- a/config/zabbix_agentd/userparameter_ipfire.conf
+++ b/config/zabbix_agentd/userparameter_ipfire.conf
@@ -9,10 +9,4 @@ UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/
 # Number of currently Active DHCP leases
 UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l
 # Number of Captive Portal clients
-UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients
-# Discovery of configured ovpn clients
-UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
-# Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
-# Allow item key to be called with (unused) parameters. This allows the #SINGLETON method of discovering this item only when openvpn service is active
-Alias=ipfire.ovpn.statusreport.get[]:ipfire.ovpn.statusreport.get
\ No newline at end of file
+UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients
\ No newline at end of file

diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf
new file mode 100644 (file)
index 0000000..a7a6d85
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -0,0 +1,13 @@
+# Parameters for monitoring IPFire OpenVPN specific metrics
+#
+# Discovery of configured ovpn clients
+UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
+# Get OpenVPN status report
+UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+# Get OpenVPN client certificate details
+UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
+UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
+
+# Allow item key to be called with (unused) parameters. This allows the #SINGLETON method of discovering this item only when openvpn service is active
+Alias=ipfire.ovpn.statusreport.get[]:ipfire.ovpn.statusreport.get
+Alias=ipfire.ovpn.cacert[]:ipfire.ovpn.cacert
\ No newline at end of file

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 86d5890f23e77a034e5af0cfc8c95cfbd258398d..2eca62e6065682d55141cc7cdbbd184da5286cba 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -687,7 +687,7 @@ WARNING: untranslated string: drop outgoing = Log dropped outgoing packets
 WARNING: untranslated string: drop portscan = Log dropped portscan packets
 WARNING: untranslated string: drop proxy = Drop all packets not addressed to proxy
 WARNING: untranslated string: drop samba = Drop all Microsoft ports 135,137,138,139,445,1025
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: drop wirelessforward = Log dropped wireless forward packets
 WARNING: untranslated string: drop wirelessinput = Log dropped wireless input packets
 WARNING: untranslated string: dst port = Dst Port
@@ -1743,6 +1743,7 @@ WARNING: untranslated string: system = System
 WARNING: untranslated string: system information = System Information
 WARNING: untranslated string: system is offline = The system is offline.
 WARNING: untranslated string: system logs = System Logs
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
@@ -1756,6 +1757,7 @@ WARNING: untranslated string: thirty minutes = 30 Minutes
 WARNING: untranslated string: thursday = Thursday
 WARNING: untranslated string: time = Time
 WARNING: untranslated string: time server = Time Server
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: timeout must be a number = Timeout must be a number.
 WARNING: untranslated string: title = Title
 WARNING: untranslated string: to = To

diff --git a/doc/language_issues.es b/doc/language_issues.es
index 30e20ae87df4e94ed1a424e7227d9351bd24f2a0..ff5434e05df83c82bd948a534ea433a78acdc968 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1010,6 +1010,8 @@ WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: routing table = unknown string
 WARNING: untranslated string: service boot setting unavailable = No valid runlevel symlink was found for the initscript of this service.
 WARNING: untranslated string: spec rstack overflow = Speculative Return Stack Overflow
+WARNING: untranslated string: system time = System Time (as of last page load)
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: wio = unknown string
 WARNING: untranslated string: wio checked = unknown string

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index a53358147c9e93e968685fb07fff4d8bf1a426fe..395afd99826a694737f0f8c3eb4a7a359cd5d41d 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -908,15 +908,10 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val vlan tag range error
 WARNING: translation string unused: zoneconf val zoneslave amount error
 WARNING: untranslated string: core notice 3 = available.
-WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
 WARNING: untranslated string: enable disable client = unknown string
 WARNING: untranslated string: enable disable dyndns = unknown string
 WARNING: untranslated string: error message = unknown string
 WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string
-WARNING: untranslated string: extrahd mounted = Mounted
-WARNING: untranslated string: extrahd no mount point given = No mount point given
-WARNING: untranslated string: extrahd not configured = Not configured
-WARNING: untranslated string: extrahd not mounted = Not mounted
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string
@@ -948,19 +943,12 @@ WARNING: untranslated string: guardian logtarget_file = unknown string
 WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
-WARNING: untranslated string: hostile networks in = From Hostile Networks
-WARNING: untranslated string: hostile networks out = To Hostile Networks
 WARNING: untranslated string: hostile networks total = Total Hostile Networks
-WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
-WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
 WARNING: untranslated string: pakfire ago = ago.
-WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
-WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
-WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
-WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
-WARNING: untranslated string: spec rstack overflow = Speculative Return Stack Overflow
+WARNING: untranslated string: system time = System Time (as of last page load)
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: wio = unknown string
 WARNING: untranslated string: wio checked = unknown string
 WARNING: untranslated string: wio cron = unknown string

diff --git a/doc/language_issues.it b/doc/language_issues.it
index 24efece2b42269e7847e8ee388444944f91ae743..d9bad7f14ca93fa10b12fc4e8314e0cbd05b6081 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -973,7 +973,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
 WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.)
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
@@ -1260,10 +1260,12 @@ WARNING: untranslated string: strict = Strict
 WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscription code = Subscription code
 WARNING: untranslated string: system is offline = The system is offline.
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index b6a65fad29ac77b32a1401052c919ad220598a0c..b93cc1cd19073403402e17ad52a75029797e89c6 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -978,7 +978,7 @@ WARNING: untranslated string: download apple profile = Download Apple Configurat
 WARNING: untranslated string: download tls-auth key = Download tls-auth key
 WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.)
 WARNING: untranslated string: drop outgoing = Log dropped outgoing packets
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
@@ -1283,11 +1283,13 @@ WARNING: untranslated string: strict = Strict
 WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscription code = Subscription code
 WARNING: untranslated string: system is offline = The system is offline.
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 1a4f62870fdbb4f8540d1ce047445ade960f6f1f..ab220103f52d5eb3702e2a38693c978bb3bc7ad5 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -965,7 +965,7 @@ WARNING: untranslated string: drop action2 = Default behaviour of (input) firewa
 WARNING: untranslated string: drop forward = Log dropped forward packets
 WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.)
 WARNING: untranslated string: drop outgoing = Log dropped outgoing packets
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
@@ -1471,11 +1471,13 @@ WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscription code = Subscription code
 WARNING: untranslated string: support donation = Support the IPFire project with your donation
 WARNING: untranslated string: system is offline = The system is offline.
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor = Tor

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 8da6fe4b6d25934856af07be868a42ad6206bf51..533b21a0dcedb6a800fd2f6d5a4c4486f4b99c8b 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -962,7 +962,7 @@ WARNING: untranslated string: drop action2 = Default behaviour of (input) firewa
 WARNING: untranslated string: drop forward = Log dropped forward packets
 WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.)
 WARNING: untranslated string: drop outgoing = Log dropped outgoing packets
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
@@ -1466,11 +1466,13 @@ WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscription code = Subscription code
 WARNING: untranslated string: support donation = Support the IPFire project with your donation
 WARNING: untranslated string: system is offline = The system is offline.
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor = Tor

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 96fe71f7b5027a76bf2f86bbe03136bae35a49e8..d9caa290e4afb3f020744e5a307a2c288a3448a1 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -953,7 +953,7 @@ WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: downfall gather data sampling = Downfall/Gather Data Sampling
 WARNING: untranslated string: download apple profile = Download Apple Configuration Profile
 WARNING: untranslated string: drop hostile = Drop packets from and to hostile networks (listed at <a href="https://www.spamhaus.org/drop/" target="_blank">Spamhaus DROP</a>, etc.)
-WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and marsians
+WARNING: untranslated string: drop spoofed martians = Log dropped spoofed packets and martians
 WARNING: untranslated string: duration = Duration
 WARNING: untranslated string: email recipient invalid = Invalid email recipient
 WARNING: untranslated string: email tls explicit = explicit (STARTTLS)
@@ -1166,7 +1166,9 @@ WARNING: untranslated string: strict = Strict
 WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: subscription code = Subscription code
 WARNING: untranslated string: system is offline = The system is offline.
+WARNING: untranslated string: system time = System Time (as of last page load)
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort/ZombieLoad v2
+WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country

diff --git a/doc/language_missings b/doc/language_missings
index c92e1e6a367764f1fa78f65434ea87237dc2b2cb..65d69daee3b929e9ef51aa77aa276c2618a73729 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -133,6 +133,8 @@
 < reiserfs warning2
 < service boot setting unavailable
 < spec rstack overflow
+< system time
+< timeformat
 < transport mode does not support vti
 < wlanap
 < wlan client configuration
@@ -142,23 +144,12 @@
 < ansi t1.483
 < bewan adsl pci st
 < bewan adsl usb
-< downfall gather data sampling
 < extrahd because it it outside the allowed mount path
-< extrahd mounted
-< extrahd no mount point given
-< extrahd not configured
-< extrahd not mounted
 < g.dtm
 < g.lite
-< hostile networks in
-< hostile networks out
 < hostile networks total
-< log drop hostile in
-< log drop hostile out
-< regenerate host certificate
-< reiserfs warning1
-< reiserfs warning2
-< spec rstack overflow
+< system time
+< timeformat
 < upload fcdsl.o
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
@@ -583,10 +574,12 @@
 < subnet mask
 < subscription code
 < system is offline
+< system time
 < taa zombieload2
 < tcp more reliable
 < ten minutes
 < thirty minutes
+< timeformat
 < token
 < token not set
 < tor guard country
@@ -1129,12 +1122,14 @@
 < subnet mask
 < subscription code
 < system is offline
+< system time
 < taa zombieload2
 < ta key
 < tcp more reliable
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< timeformat
 < token
 < token not set
 < tor guard country
@@ -2021,12 +2016,14 @@
 < subscription code
 < support donation
 < system is offline
+< system time
 < taa zombieload2
 < ta key
 < tcp more reliable
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< timeformat
 < token
 < token not set
 < tor
@@ -3017,12 +3014,14 @@
 < subscription code
 < support donation
 < system is offline
+< system time
 < taa zombieload2
 < ta key
 < tcp more reliable
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< timeformat
 < token
 < token not set
 < tor
@@ -3481,7 +3480,9 @@
 < subnet mask
 < subscription code
 < system is offline
+< system time
 < taa zombieload2
+< timeformat
 < token
 < token not set
 < tor guard country

diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index c079fe1aeead7f4d6cf3ad1cb5ccb6010968b7ae..be00f199a8b8215632307789d37e212b2dc2f6d8 100644 (file)
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -48,7 +48,7 @@ my @nosaved=();
 my %color = ();
 
 #Basic syntax allowed for new Option definition. Not implemented: RECORDS & array of RECORDS
-our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of ip-address';
+our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of (ip-address|integer (8|16|32))';
 
 &Header::showhttpheaders();
 our @ITFs=('GREEN');

diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 0a34d3fd6c59e3c430a7b406dca4994adf966d98..1181523d473694e88c100f5004b180730c60f621 100644 (file)
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2020  IPFire Development Team                                 #
+# Copyright (C) 2005-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -21,6 +21,7 @@
 
 use strict;
 use IO::Socket;
+use Encode;
 
 # enable only the following on debugging purpose
 #use warnings;
@@ -142,8 +143,18 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
        # Go further if there was no error.
        if ( ! $errormessage) {
                # Check if a remark has been entered.
+
+               # decode the UTF-8 text so that characters with diacritical marks such as
+               # umlauts are treated correctly by the following cleanhtml command
+               $cgiparams{'REMARK'} = decode("UTF-8", $cgiparams{'REMARK'});
+
+               # run the REMARK text through cleanhtml to ensure all unsafe html characters
+               # are correctly encoded to their html entities
                $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
 
+               # encode the text back to UTF-8 after running the cleanhtml command
+               $cgiparams{'REMARK'} = encode("UTF-8", $cgiparams{'REMARK'});
+
                my %dns_servers = ();
                my $id;
                my $status;

diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 65773244c5d67bed9ac7dc6abde32a58f09a94c0..5e32ce038196058e735e32e44ad65e4461316552 100644 (file)
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -564,6 +564,7 @@ my $temp2=();
 my @df = `/bin/df -B M -P -x rootfs`;
 foreach my $line (@df) {
        next if $line =~ m/^Filesystem/;
+       next if $line =~ m/^efivarfs/;
        if ($line =~ m/root/ ) {
                $line =~ m/^.* (\d+)M.*$/;
                @temp = split(/ +/,$line);

diff --git a/html/cgi-bin/mpfire.cgi b/html/cgi-bin/mpfire.cgi
index ea83d1db17f2e3b8fdc5b0beb6ed15c2d348071d..5685053e668fd3f80b9ea0abdd8a0c1c4c3edf21 100644 (file)
--- a/html/cgi-bin/mpfire.cgi
+++ b/html/cgi-bin/mpfire.cgi
@@ -214,11 +214,11 @@ if ( $mpfiresettings{'ACTION'} eq "scan" ){
        delete $mpfiresettings{'PAGE'}; delete $mpfiresettings{'FRAME'};
        &General::writehash("${General::swroot}/mpfire/settings", \%mpfiresettings);
 
-       open(DATEI, "<${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden";
+       open(DATEI, "<${General::swroot}/mpd/mpd.conf") || die "Datei nicht gefunden";
        my @Zeilen = <DATEI>;
        close(DATEI);
 
-       open(DATEI, ">${General::swroot}/mpfire/mpd.conf") || die "Datei nicht gefunden";
+       open(DATEI, ">${General::swroot}/mpd/mpd.conf") || die "Datei nicht gefunden";
        foreach (@Zeilen){
                if ( $_ =~ /music_directory/){
                        print DATEI "music_directory \"".$mpfiresettings{'MUSICDIR'}."\"\n";

diff --git a/html/cgi-bin/mympd.cgi b/html/cgi-bin/mympd.cgi
new file mode 100644 (file)
index 0000000..4b524d2
--- /dev/null
+++ b/html/cgi-bin/mympd.cgi
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+print "Status: 302 Moved Temporarily\n";
+print "Location: https://$ENV{SERVER_ADDR}:8800\n\n";
+
+exit (0);

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index eb89c5095569ccd691772a4fb9f314ecd3fd1257..c92d0237d2d1372656d0d6a71d9b9ee5bc663c9a 100755 (executable)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) {
        $confighash{$key}[31] = $n2ntunmtu[1];
        $confighash{$key}[39] = $n2nauth[1];
        $confighash{$key}[40] = $n2ncipher[1];
-       $confighash{$key}[41] = 'disabled';
+       $confighash{$key}[41] = 'no-pass';
 
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
@@ -4216,15 +4216,25 @@ if ($cgiparams{'TYPE'} eq 'net') {
                }
            }
 
-               # Check for RW if client name is already set
-               if ($cgiparams{'TYPE'} eq 'host') {
-                       foreach my $key (keys %confighash) {
-                               if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
-                                       $errormessage = $Lang::tr{'a connection with this name already exists'};
-                                       goto VPNCONF_ERROR;
-                               }
-                       }
-               }
+           # Check for RW if client name is already set
+           if ($cgiparams{'TYPE'} eq 'host') {
+                   foreach my $key (keys %confighash) {
+                           if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
+                                   $errormessage = $Lang::tr{'a connection with this name already exists'};
+                                   goto VPNCONF_ERROR;
+                   }
+                   }
+           }
+
+           # Check if there is no other entry with this common name
+           if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
+               foreach my $key (keys %confighash) {
+                   if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
+                       $errormessage = $Lang::tr{'a connection with this common name already exists'};
+                       goto VPNCONF_ERROR;
+                   }
+               }
+           }
 
            # Replace empty strings with a .
            (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
@@ -4309,16 +4319,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
            goto VPNCONF_ERROR;
        }
 
-       # Check if there is no other entry with this common name
-       if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
-           foreach my $key (keys %confighash) {
-               if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
-                   $errormessage = $Lang::tr{'a connection with this common name already exists'};
-                   goto VPNCONF_ERROR;
-               }
-           }
-       }
-
     # Save the config
        my $key = $cgiparams{'KEY'};
 

diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi
index 57a02a4b630b55ba7d0f6d0e3f8187093d0fedfa..04c1e771f792e8f178f0602b7911facafc66d51f 100644 (file)
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -287,6 +287,10 @@ print <<END
 </table>
 END
 ;
+
+my $now = strftime($Lang::tr{'timeformat'}, localtime);
+print "<hr>$Lang::tr{'system time'}: $now";
+
 &Header::closebox();
 &Header::openbox('100%',1,$Lang::tr{'ntp sync'});
 print <<END

diff --git a/html/cgi-bin/transmission.cgi b/html/cgi-bin/transmission.cgi
new file mode 100644 (file)
index 0000000..8fdcc5c
--- /dev/null
+++ b/html/cgi-bin/transmission.cgi
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+print "Status: 302 Moved Temporarily\n";
+print "Location: http://$ENV{SERVER_ADDR}:9091\n\n";
+
+exit (0);

diff --git a/html/cgi-bin/vdr.cgi b/html/cgi-bin/vdr.cgi
new file mode 100644 (file)
index 0000000..aaf722e
--- /dev/null
+++ b/html/cgi-bin/vdr.cgi
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+print "Status: 302 Moved Temporarily\n";
+print "Location: http://$ENV{SERVER_ADDR}:3000\n\n";
+
+exit (0);

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 49018f6a572692ebf6ed61ec619e8a4403592c6e..f13bddf4bce6a02e21f2cc8adf1c0c5a6495adff 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2391,6 +2391,7 @@
 'system log viewer' => 'Betrachter der Systemprotokolldateien',
 'system logs' => 'Systemprotokolldateien',
 'system status information' => 'System-Statusinformationen',
+'system time' => 'Systemzeit (zur Zeit des Ladens der Seite)',
 'ta key' => 'TLS-Authentifizierungsschlüssel',
 'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
 'tcp more reliable' => 'TCP (zuverlässiger)',
@@ -2418,6 +2419,7 @@
 'time' => 'Uhrzeit',
 'time date manually reset' => 'Datum/Zeit wurden manuell zurückgesetzt.',
 'time server' => 'Zeitserver',
+'timeformat' => '%d.%m.%Y um %H:%M:%S %Z',
 'timeout must be a number' => 'Wartezeit muss eine Zahl sein.',
 'title' => 'Titel',
 'to' => 'Bis',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 3246102ba58d0aa06a2cc6d9ecf888078515f24f..0113f8811fa2c58dfad95a04cc25033d3b5aeecb 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -959,7 +959,7 @@
 'drop portscan' => 'Log dropped portscan packets',
 'drop proxy' => 'Drop all packets not addressed to proxy',
 'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
-'drop spoofed martians' => 'Log dropped spoofed packets and marsians',
+'drop spoofed martians' => 'Log dropped spoofed packets and martians',
 'drop wirelessforward' => 'Log dropped wireless forward packets',
 'drop wirelessinput' => 'Log dropped wireless input packets',
 'dst port' => 'Dst Port',
@@ -2462,6 +2462,7 @@
 'system log viewer' => 'System Log Viewer',
 'system logs' => 'System Logs',
 'system status information' => 'System Status Information',
+'system time' => 'System Time (as of last page load)',
 'ta key' => 'TLS-Authentification-Key',
 'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
 'tcp more reliable' => 'TCP (more reliable)',
@@ -2490,6 +2491,7 @@
 'time' => 'Time',
 'time date manually reset' => 'Time/Date manually reset.',
 'time server' => 'Time Server',
+'timeformat' => '%Y-%m-%d at %H:%M:%S %Z',
 'timeout must be a number' => 'Timeout must be a number.',
 'title' => 'Title',
 'to' => 'To',

diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index 87ec52e8b2f0e89a266f438abbc38470d644ec5f..6034de409d17f0275c2d948418736a2a85d9743a 100644 (file)
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -936,6 +936,7 @@
 'done' => 'Fait',
 'dos charset' => 'Jeu de car. DOS',
 'down and up speed' => 'Entrez votre débit descendant et montant <br /> et cliquez sur <i>Sauvegarder</i>.',
+'downfall gather data sampling' => 'Chute / collecte échantillons de données - proc. Intel',
 'downlink' => 'Liaison descendante',
 'downlink speed' => 'Débit descendant - download (kbit/sec) ',
 'downlink std class' => 'Classe standard de réception ',
@@ -1077,11 +1078,15 @@
 'external access rule removed' => 'Règle d\'accès externe supprimée ; Redémarrage du contrôleur d\'accès',
 'external aliases configuration' => 'Configuration des alias externes',
 'extrahd' => 'Options stockage',
-'extrahd because there is already a device mounted' => ' car vous avez déjà un support de monté',
+'extrahd because there is already a device mounted' => ', car il y a déjà un périphérique monté',
 'extrahd cant umount' => 'Impossible de démonter',
 'extrahd detected drives' => 'Périphériques de stockage détectés',
 'extrahd install or load driver' => 'Si votre stockage n\'est pas visible ici, vous devez installer ou charger son pilote.<br />Si vous voyez votre stockage mais pas de partitions, vous devez tout d\'abord les créer.',
 'extrahd maybe the device is in use' => '. Votre support est peut-être en cours d\'utilisation',
+'extrahd mounted' => 'Monté',
+'extrahd no mount point given' => 'Aucun point de montage indiqué',
+'extrahd not configured' => 'Non configuré',
+'extrahd not mounted' => 'Non monté',
 'extrahd to' => 'vers',
 'extrahd to root' => 'vers root',
 'extrahd unable to read' => 'Impossible de lire',
@@ -1406,7 +1411,9 @@
 'host deny' => 'Liste des hôtes non autorisés',
 'host ip' => 'Adresse IP de l\'hôte ',
 'host to net vpn' => 'Réseau privé virtuel (VPN) de l\'hôte au réseau (client nomade) ',
-'hostile networks' => 'Réseaux hostiles',
+'hostile networks' => 'Total réseaux hostiles',
+'hostile networks in' => 'Depuis réseaux hostiles',
+'hostile networks out' => 'Vers réseaux hostiles',
 'hostname' => 'Nom hôte ',
 'hostname and domain already in use' => 'Le nom d\'hôte et de domaine sont déjà utilisés.',
 'hostname cant be empty' => 'Le nom d\'hôte ne peut pas être vide.',
@@ -1442,8 +1449,8 @@
 'ids hide' => 'Cacher',
 'ids ignored hosts' => 'Hôtes de liste blanche',
 'ids log hits' => 'Total du nombre de règles activées pour',
-'ids log viewer' => 'Rapport IDs',
-'ids logs' => 'Rapports IDs',
+'ids log viewer' => 'Rapport IDS',
+'ids logs' => 'Rapports IDS',
 'ids merge classifications' => 'Fusion des classements...',
 'ids merge sid files' => 'Fusion des sid aux fichiers de messages...',
 'ids monitor traffic only' => 'Surveiller seulement le trafic',
@@ -1686,6 +1693,8 @@
 'locationblock enable feature' => 'Activer le blocage par localisation :',
 'locationblock flag' => 'Drap.',
 'log' => 'Rapport :',
+'log drop hostile in' => 'Journaliser les paquets abandonnés depuis des réseaux hostiles',
+'log drop hostile out' => 'Journaliser les paquets abandonnés vers des réseaux hostiles',
 'log dropped conntrack invalids' => 'Journaliser les paquets abandonnés classés comme INVALIDES par le suivi de connexion',
 'log enabled' => 'Journal activé',
 'log level' => 'Niveau de rapport',
@@ -2211,7 +2220,10 @@
 'refresh' => 'Actualiser',
 'refresh index page while connected' => 'Actualiser la page index.cgi pendant la connexion',
 'refresh update list' => 'Actualiser la liste des mises à jour',
+'regenerate host certificate' => 'Renouveler le certificat hôte',
 'registered user rules' => 'Règles Sourcefire VRT pour les utilisateurs enregistrés',
+'reiserfs warning1' => 'Reiserfs est obsolète et devrait être supprimé du noyau en 2025.',
+'reiserfs warning2' => 'Assurez-vous qu\'une nouvelle installation est effectuée à l\'aide des systèmes de fichiers ext4 ou xfs avant cette date.',
 'release' => 'Révision',
 'released' => 'Disponible',
 'reload' => 'Recharger',
@@ -2255,7 +2267,7 @@
 'root certificate' => 'Certificat racine',
 'root path' => 'Répertoire root',
 'root user password' => 'Mot de passe root',
-'route config changed' => '',
+'route config changed' => 'La configuration de la route a été modifiée',
 'route subnet is invalid' => 'L\'itinéraire additionnel push du sous-réseau est non valide',
 'router ip' => 'Adresse IP du routeur :',
 'routing table' => 'Table de routage',
@@ -2379,6 +2391,7 @@
 'source port overlaps' => 'La plage de port source chevauche une plage de port existante.',
 'speaker off' => 'Haut-parleur éteint :',
 'speaker on' => 'Haut-parleur allumé :',
+'spec rstack overflow' => 'Débordement de la pile de rendement spéculative - proc. AMD',
 'spectre variant 1' => 'Spectre - variante 1',
 'spectre variant 2' => 'Spectre - variante 2',
 'spectre variant 4' => 'Spectre - variante 4',
@@ -2460,7 +2473,7 @@
 'system logs' => 'Rapports système',
 'system status information' => 'Informations sur le statut du système',
 'ta key' => 'Clé d\'authentification TLS',
-'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
+'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2',
 'tcp more reliable' => 'TCP (plus fiable)',
 'telephone not set' => 'Numéro de téléphone non défini.',
 'template' => 'Préétabli',

diff --git a/lfs/binutils b/lfs/binutils
index b4b3cd921293f5366d907e0d4894573952db6889..7af8251d1910f867b9685e73b4e5f852a59134ef 100644 (file)
--- a/lfs/binutils
+++ b/lfs/binutils
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.41
+VER        = 2.42
 
 THISAPP    = binutils-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -96,7 +96,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 3bccec2b52f7e82a727121bf2a2e51a6249ba63dcd74c665fd834e858645c912ffd8245d848435288b938852830b482905606f55c40df4061215fd75c52ffc75
+$(DL_FILE)_BLAKE2 = e67a5c028fba70e70088fd11b38ec8c9c4ed5a019badefda25abeb6275997b16f0891e7ff3424c4b82bbfae92e8992669826920dd53df61cd48469d8f7cd5bd1
 
 install : $(TARGET)
 

diff --git a/lfs/ca-certificates b/lfs/ca-certificates
index e828b55713ee56099f1cd85c1a181d4b6c97f4be..5fe5ca5501c14f34b31327459ba467f54058e067 100644 (file)
--- a/lfs/ca-certificates
+++ b/lfs/ca-certificates
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 20231204
+VER        = 20240217
 
 # From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
 

diff --git a/lfs/clamav b/lfs/clamav
index b64753c4430d1a317c24a0f58ead04d0c44a1d09..5a1089187848a83e0e7d734e6c569f506fbccc66 100644 (file)
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Antivirus Toolkit
 
-VER        = 1.2.1
+VER        = 1.3.0
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 70
+PAK_VER    = 71
 
 DEPS       =
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 1373c6882b165e769dcc3c3631dfe7183231b2fe4830608b57d919af1a8e9a5a73aa3cc4767981a27bb9845390165b5241750904d50e1a90b7237200b97f7ef3
+$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282
 
 
 install : $(TARGET)

diff --git a/lfs/dnsdist b/lfs/dnsdist
index ac5c602b4547fa8a5fcf8f8ecfc6d856a408fa0e..a0cc2dffc549317606b8cc5dd93913672b08136c 100644 (file)
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = A highly DNS-, DoS- and abuse-aware loadbalancer
 
-VER        = 1.8.0
+VER        = 1.9.1
 
 THISAPP    = dnsdist-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = dnsdist
-PAK_VER    = 17
+PAK_VER    = 19
 
 SUP_ARCH   = x86_64 aarch64
 
@@ -52,7 +52,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 47cfcfe3756cdc4520c1ba1e11b7d60191125ef900ba829ff7437ac2041352b845ab5f7183f53fea9b3aa6f44c5745de3878c2b72f2be048fa57d2c2e9325c0c
+$(DL_FILE)_BLAKE2 = 2225ffde3e7c1f864fc87256d9d2bfe99edfd9dd5127e72cda32026316119546288cd0cc9c603fa883775fb824e270bce022ac6bbd7da66c364124da287e63ef
 
 install : $(TARGET)
 

diff --git a/lfs/elfutils b/lfs/elfutils
index 7dd95caa25510d592fd6720cd1361c098376fcdb..901b82d42e7fa45a306176d728239cd21fc39710 100644 (file)
--- a/lfs/elfutils
+++ b/lfs/elfutils
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Higher-level library to access ELF files
 
-VER        = 0.190
+VER        = 0.191
 
 THISAPP    = elfutils-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 9934aff08f1898377708b28595fb52130ef9f80408132ac7d306845b10672ba45cf1ac69783da07b3eea9fd647741d44da45b8b2626c45a768cb2844c6186513
+$(DL_FILE)_BLAKE2 = 2a7ad251369eca7ba609ab8644181fd479ad8596ee58dc068398ca22be25a978e96b81a10a92a5555d7574fd1b9227c8d54fb41dceb4025aedfc6ae32870bbca
 
 install : $(TARGET)
 

diff --git a/lfs/ethtool b/lfs/ethtool
index e6d65ea12c4a93c037503d8880ad64197abfa1af..c6b54aa4edffa3faaef31a484e4eec0fb9882197 100644 (file)
--- a/lfs/ethtool
+++ b/lfs/ethtool
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.3
+VER        = 6.7
 
 THISAPP    = ethtool-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = c06509525db47f8ee7c220d0b880fe80323a4a00036e9698432b1b9c85ad75045e98b23498f6283497728cafd187ca173b15f3ad60f8e6f8b4d0c5688d84a1f9
+$(DL_FILE)_BLAKE2 = 94a6fd8d29ff479eb894fe56bf991f522fff9af5a94c176d06be2819fe2520125cb48dbded229df1a9f5a0308aeaec503c55caf5d248eef87640c7f90f1132ec
 
 install : $(TARGET)
 

diff --git a/lfs/expat b/lfs/expat
index acfdba6ea4407e37a42b287efbabc8b836f2b930..3a37bf2d2a7ebb4759a7e0a472618f62f36d14a7 100644 (file)
--- a/lfs/expat
+++ b/lfs/expat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.6.0
+VER        = 2.6.2
 
 THISAPP    = expat-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2f0117317bde4e03d8662bcac1ff6c2bbb1af694846b21a82ac12d11ccd43032b481af72fa35298c3cb19b7426dba6a67e703904ca7b05663ffd854a42348bd0
+$(DL_FILE)_BLAKE2 = aae019270e1ab233fe8480b7eaa77f648f23ef3383dc772dc946cb13163067431716dc5446862eb502315fd089f2f52f3d476589b74a97e462575cd54df44db4
 
 install : $(TARGET)
 

diff --git a/lfs/gdb b/lfs/gdb
index f534774e0641d5715812c855abeac1cf4a309169..c8cb4703946eac0e35b0b57604e9b3bdce1533df 100644 (file)
--- a/lfs/gdb
+++ b/lfs/gdb
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 13.2
+VER        = 14.2
 
 THISAPP    = gdb-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bf5216ba2286448a46f9e0a405367c5a678e6d7540204722d355b618018b7b75a2ebc5b51353304c5ded02a3979223a81781d305f5afa5be82516cdc2863d49f
+$(DL_FILE)_BLAKE2 = 65765dfd1ed08e19bb881fc7ae98d6ee4914f38a9a2bb0d0ca73bef472669664f807fe9c04e8dffd7025be98e736ac52f88ff5851ceddbb01a361885b18befc8
 
 install : $(TARGET)
 

diff --git a/lfs/ghostscript b/lfs/ghostscript
index 9c947df7d68513239b95b3c8ef67450160286fbb..57634f6f66f3709a1be75ddecf8c4ff5777a30eb 100644 (file)
--- a/lfs/ghostscript
+++ b/lfs/ghostscript
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = The Ghostscript interpreter for PostScript and PDF
 
-VER        = 10.02.1
+VER        = 10.03.0
 
 THISAPP    = ghostscript-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = ghostscript
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = cups dbus
 
@@ -52,7 +52,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 ghostscript-fonts-std-8.11.tar.gz = $(URL_IPFIRE)/ghostscript-fonts-std-8.11.tar.gz
 gnu-gs-fonts-other-6.0.tar.gz = $(URL_IPFIRE)/gnu-gs-fonts-other-6.0.tar.gz
 
-$(DL_FILE)_BLAKE2 = b491473f0b3d50121e4373e21af3d8cdf55d9ca4390b240c4cb88d0d44e707e32570a7f1f05cb656d1b65443fcd7e37f5eab404d72a20f83d8fd87370a585467
+$(DL_FILE)_BLAKE2 = c64e0fc9dd290b81e61793671e8645f16b04070685f6ab9d35a60cb910d7504e1e686525af8b74121ae31a5b344e2332efd8bdf99f2a4c5586bff747b8df78d7
 ghostscript-fonts-std-8.11.tar.gz_BLAKE2 = 1d8ae8f7813623a36e160bdd0ca9ccf33c67b945dd96952eb0e37e9bb5bb4ba5daf7df4da5ba53c1d25d6598a0576990ba7e094b8c395778cb9cdfd32761454c
 gnu-gs-fonts-other-6.0.tar.gz_BLAKE2 = 001709983161519365bcef23fef3705071b67253ff3b557c45d2ec892987815444d8dd1d213e94bc02e361917c061c723043bf04c98b0a1e38c9cd1f265d1312
 

diff --git a/lfs/git b/lfs/git
index 6489215255e5a11501135219030407f0a315aa9d..d10ca469c22ee4c707e8970c62f3d0ebe03ee5ad 100644 (file)
--- a/lfs/git
+++ b/lfs/git
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.43.0
+VER        = 2.44.0
 SUMMARY    = Fast, scalable, distributed revision control system
 
 THISAPP    = git-$(VER)
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = git
-PAK_VER    = 31
+PAK_VER    = 32
 
 DEPS       = perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL
 
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 5da19211df56e306eb95cef65b2a987134d2f0853dc1db30e1cc99d0357b3f5ab7f1e434e73948d7b6ad6b7bfc44f75349479f46050ee63a6516c72b774b4eba
+$(DL_FILE)_BLAKE2 = 6dc145e20e737763fb738ccb4a65ba2f8d6f35bb4e30520a0c79f4fcc0eaaaf4e99a9be00eaa9e14dec231ed122d54be7dfa9212a3e5a75707730256391896d4
 
 install : $(TARGET)
 

diff --git a/lfs/glibc b/lfs/glibc
index 5c62aaa448dc6f6a90dacf6913605c47b97c1ec7..43523e46f5269987afe56332c0a8f5c5a56b59c5 100644 (file)
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.38
+VER        = 2.39
 
 THISAPP    = glibc-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -82,7 +82,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = f9b039f0ef98a7dd8e1cba228ed10286b9e4fbe4dd89af4d26fa5c4e4cf266f19c2746b44d797ce54739d86499e74cf334aaf311bcf6e30120fd7748453e653f
+$(DL_FILE)_BLAKE2 = 9d98459a2d58401e07c081e0d841935b23998da75a7eb5a7ebd23a1f9ebab99dee623fe166397c1b6c926960c570f62dbca5cb3b5ce84a918adff6b7a15e16bb
 
 install : $(TARGET)
 
@@ -114,52 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
        @mkdir $(DIR_SRC)/glibc-build
 
-       # Patches from upstream
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch
-
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch
 
 ifneq "$(TOOLCHAIN)" "1"

diff --git a/lfs/gptfdisk b/lfs/gptfdisk
index eb1c60357f692278a0b49a9046389f41248b2d5c..9e6f4310a83755a80da2df0f19592fe2f9498ad9 100644 (file)
--- a/lfs/gptfdisk
+++ b/lfs/gptfdisk
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 1.0.9
+VER        = 1.0.10
 
 THISAPP    = gptfdisk-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = gptfdisk
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       =
 
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 1939ffd75972a4d7f92af2bfab90c7b0223825b5478b6b808dd35af943c687d38ba81663cd7ba5e0f9400656db4dac019c13a9f75d90b7bd716568c676c24dd2
+$(DL_FILE)_BLAKE2 = 9047bf68a2c5c254bda9b2815488963dc19a9415c90fbf4a127268a37fe8a545b7d45a333e356bd9da22e37ef649d9f60896ffedfdc35b60c7642a48e4ed2e5a
 
 install : $(TARGET)
 

diff --git a/lfs/intel-microcode b/lfs/intel-microcode
index 5e262dda35653f09a2a2b89ff3edf825f399833b..785b2303b6a440561bea6624b4309ad9c08de6b1 100644 (file)
--- a/lfs/intel-microcode
+++ b/lfs/intel-microcode
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 20231114
+VER        = 20240312
 
 THISAPP    = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612
+$(DL_FILE)_BLAKE2 = 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747
 
 install : $(TARGET)
 

diff --git a/lfs/ipfire-netboot b/lfs/ipfire-netboot
index e7ba44af958c98eecac3e0700a69cc00c3a38432..9e7e3c5ea4ad2aea3cff1f95e6b7a7f1d6bf7c63 100644 (file)
--- a/lfs/ipfire-netboot
+++ b/lfs/ipfire-netboot
@@ -25,7 +25,7 @@
 include Config
 
 VER        = v2.0
-PXE_VER    = 1b67a05
+PXE_VER    = 0cc0f47
 
 THISAPP    = ipfire-netboot-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -44,7 +44,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 ipxe-$(PXE_VER).tar.gz = $(URL_IPFIRE)/ipxe-$(PXE_VER).tar.gz
 
 $(DL_FILE)_BLAKE2 = 5f66932b7be228f5a246b92352e31c99d4f4e8666da9795a6f9762c979f480fb3c2620fc128af14d396065d0c9362e1cdc10eddce2bb58901567581c0d5e8cee
-ipxe-$(PXE_VER).tar.gz_BLAKE2 = 5a6b7c422856157ff1f6aeb7e835add5a2bdd6678d8cc960eae2d926709ce73803484bbe0a428022de2fbc5b018096526ba48f2172c2c25540e1dc12c7a1f8e1
+ipxe-$(PXE_VER).tar.gz_BLAKE2 = f678abfe4cb1bf4ff85667719417c694365aece144c05fff8f8df82008100a6172bd27799498f27eddf8c38f43b3d553e704191037ef94dfbcaf19428c07028c
 
 install : $(TARGET)
 
@@ -77,10 +77,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        # Extract iPXE source
        cd $(DIR_APP) && tar axf $(DIR_DL)/ipxe-$(PXE_VER).tar.gz
-       cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch
-       cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-handle-R_X86_64_PLT32.patch
-       cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch
-       cd $(DIR_APP)/ipxe-$(PXE_VER) && patch -Np1 < $(DIR_SRC)/src/patches/ipxe-use-the-right-sized-register-for-push.patch
        cd $(DIR_APP) && rm -rfv ipxe && ln -s ipxe-$(PXE_VER) ipxe
        cd $(DIR_APP) && make $(MAKETUNING) bin/ipxe.lkrn
 ifeq "$(BUILD_ARCH)" "x86_64"

diff --git a/lfs/iproute2 b/lfs/iproute2
index ce2ee1f81e5c150c28c134660947114c606f4857..17f25dddc51415c28c04d64e6213d9340fc7a40a 100644 (file)
--- a/lfs/iproute2
+++ b/lfs/iproute2
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.7.0
+VER        = 6.8.0
 #              https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/
 
 THISAPP    = iproute2-$(VER)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE)             = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = df55dffc54ed196d43a86ce40e887dca6390b91289a492266568ff31aa8b2827fbd91c18676e14706df844fbfe3a5c50bf927ed4401e098e385d401ec3d5c116
+$(DL_FILE)_BLAKE2 = d30cdff8522627c27c9165f068f42adbec38f15548a8f2cd31276f283880dc402e10c5989e7227e80cdc891bcc4a574b330d634ae550e689758b849c0506c31f
 
 install : $(TARGET)
 

diff --git a/lfs/knot b/lfs/knot
index feb3c89311593dde5d6dc59fb4146fca8c338509..2fe4752bab203a24b07a2d465f5b9280894a02e1 100644 (file)
--- a/lfs/knot
+++ b/lfs/knot
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.2.4
+VER        = 3.3.5
 
 THISAPP    = knot-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1
+$(DL_FILE)_BLAKE2 = 201da56486eb551560b5f8a32cf54b9367a15347e3da9ff743c0fc41696b12d2de4091ceb575070e61d83f1c06542f7d08fc88d8e2ce6da8e8f69c2ab4b68df3
 
 install : $(TARGET)
 

diff --git a/lfs/libffi b/lfs/libffi
index bfd02b57fd72324c684454fddc86fc675c9dda2c..ffe7803aa112a777f94366701e1d170bd660519a 100644 (file)
--- a/lfs/libffi
+++ b/lfs/libffi
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.4.4
+VER        = 3.4.6
 
 THISAPP    = libffi-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 189fe1ffe9507f204581b0ab09995dc7e7b761bb4eac7e338e9f5ff81431aebcef6c182c1839c9f9acb2706697a260c67e6d1351cf7e2aed7c4eb5d694f6f8fd
+$(DL_FILE)_BLAKE2 = af8402a09bdbd59b4e9400d2d71bd5ce98f6f1d981d35d1ab40d77a831b13b32c5bd34ca54ff75999e39f0d8a9c066381fae7a8d6c5216d955e064f929f08b88
 
 install : $(TARGET)
 

diff --git a/lfs/libgpg-error b/lfs/libgpg-error
index f60f1ae8204bc5ddcdc8d44ab908fe31b2be1bf1..c402d0bf819a02c95c377c66254a556411fd9b7d 100644 (file)
--- a/lfs/libgpg-error
+++ b/lfs/libgpg-error
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.47
+VER        = 1.48
 
 THISAPP    = libgpg-error-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bc04efa0686b1b7d7cdce045fc080c090c1abec60349b673c2e1ce27900483aea090eb6ebcb3fb49a4eed36f18156a12413d5446f739475632f4ed2a2481ff27
+$(DL_FILE)_BLAKE2 = 4ced63058586558f4d001bcc468f4bd419b8ec29fbd7dbcaa1a21f959d847c9e12c10c548a0038fd4eac0bdfc9907b61e9f6be71c95fc61c964c649e2415dfd7
 
 install : $(TARGET)
 

diff --git a/lfs/libloc b/lfs/libloc
index 5c67d11952e08bb33cc04c821dcf08193f3aa8af..35a711286ffdce5af88a114e9ec6308d4950c7fb 100644 (file)
--- a/lfs/libloc
+++ b/lfs/libloc
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 include Config
 
 VER        = 0.9.17
-DB_DATE    = 2023-08-09
+DB_DATE    = 2024-02-17
 
 THISAPP    = libloc-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -44,7 +44,7 @@ $(DL_FILE)                    = https://source.ipfire.org/releases/libloc/$(DL_F
 location-$(DB_DATE).db.xz     = https://location.ipfire.org/databases/1/archive/location-$(DB_DATE).db.xz
 
 $(DL_FILE)_BLAKE2 = b0bf860ebaccd3cb49c58c066c430f7a1f936a2029957db9b88e22c04240af0268a8f6388e8ca512102f14033037a2ab8bbb93fe83e525b9859c790c5c382df4
-location-$(DB_DATE).db.xz_BLAKE2 = 24ad4dc2496d3c0a7fe645374a02c8d4bf4724796ccf4ed00d2de9adfaa08f31cb70314afa5d8f7b7acebd4ccbd4d1f8a15b8da09a27b0092d74412cf30aa721
+location-$(DB_DATE).db.xz_BLAKE2 = 36432bed306871e96a741d364fdefaa677d47245e38596d1c7fb6a8f0a143e3ffa549e16effa58289b5481220b0a2560255e75b0bfe53219b1400d6d250aa02b
 
 install : $(TARGET)
 

diff --git a/lfs/libmpdclient b/lfs/libmpdclient
index 69e54803e601b9e904a14c790cd76577a6736b83..6335f1b4a1590c8a36d1e580cc0ce573a98a69e5 100644 (file)
--- a/lfs/libmpdclient
+++ b/lfs/libmpdclient
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Library for interfacing the Music Player Daemon
 
-VER        = 2.19
+VER        = 2.22
 
 THISAPP    = libmpdclient-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = libmpdclient
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = c045c4847d43f166a3e1549654784bd994fa4156e3ecebf7c02a412b34ca150940f3c43cdc385839cd7c281bd4ed4fd1935b757d8505133d146ea955ec2d0832
+$(DL_FILE)_BLAKE2 = 2ff692baaeb8160ce757e754ae08db57aca803628989e4dc3616f88eb02ebf1823d269d5a17afaa32bf32c7a384da0342db1ef083199f85ea7e0687cae0e8455
 
 install : $(TARGET)
 

diff --git a/lfs/libplist b/lfs/libplist
index dd4df36e6589de1ff37d8925450207f2bc8329c8..8cf4f547063d01d0323c4fb2b30cf4a45055a24a 100644 (file)
--- a/lfs/libplist
+++ b/lfs/libplist
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = A library to handle Apple Property List format in binary or XML
 
-VER        = 2.3.0
+VER        = 2.4.0
 
 THISAPP    = libplist-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = libplist
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = e8c8fc59e7d694b1d69f0da3538ff313eb84d3c9ecad966c514d098e14308cc0bf9f67bfb4fe5b27c2638d1fc71294ed34fc9f881204e9c009f30c68a89b1a38
+$(DL_FILE)_BLAKE2 = b12d929d4451389dfab4a2eaef2b8e85c5695a17feedad80f7dfbee7238f6b78b5d3819b9b59593612bb8f39b887147403a8de469b2d44ad26b8fa8c35b8fbef
 
 install : $(TARGET)
 

diff --git a/lfs/libpng b/lfs/libpng
index 3a0704e591907866447b5462f79fc768e5a680c6..b22b64b65a713e9a3df1c66044939d147c074c8f 100644 (file)
--- a/lfs/libpng
+++ b/lfs/libpng
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.6.41
+VER        = 1.6.42
 
 THISAPP    = libpng-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 43d8d1c563d9df46b663f706dca9563e31e6e47a2809a77a5d059de8cfa348721054df724d08ac24ef4717ffc101989941127df2d026c9537532375d9b432b68
+$(DL_FILE)_BLAKE2 = 8a8895b673ff90416a00c9ff775d7bdc38ab1ab0d83fd6e70cfffea2ed78bd42896950a64bf48ad9a00ea50d8c5d5702975b0bae7bb3300d4de4c82b334e513e
 
 install : $(TARGET)
 

diff --git a/lfs/meson b/lfs/meson
index 47156561f2ff6710d9fb6e2c52cf1384bfb23fff..fa5512b811bb8c6bbebb2bd25767802bfeba438b 100644 (file)
--- a/lfs/meson
+++ b/lfs/meson
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.3.1
+VER        = 1.4.0
 
 THISAPP    = meson-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 64d53eddc8cb321a4e2dabaa4b7499798a7b68764b1a7a5182bfa21d081dc07105acab616119b88ff610e5d75504f03d1c0aefee3602ddf538fc491ff3d0204a
+$(DL_FILE)_BLAKE2 = 7f742ef870c182e552c1ff3508d65f251009d610def6a08e01fddb6c6a4ed6d608ead0d52cf8ca7d66b5bd7a4732dccd7ab5d98f141a4a61e275398885f79486
 
 install : $(TARGET)
 

diff --git a/lfs/mpc b/lfs/mpc
index 78fd9488c6aee2b5f653eae73f3ce154cb4b8af0..3bf4914e190256634cedf744cdbf49f5f75470ee 100644 (file)
--- a/lfs/mpc
+++ b/lfs/mpc
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Client for the Music Player Daemon
 
-VER        = 0.34
+VER        = 0.35
 
 THISAPP    = mpc-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mpc
-PAK_VER    = 9
+PAK_VER    = 10
 
 DEPS       = mpd libmpdclient
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 709f54ceebd66f703e5b1bf6ff8deb890e484fdc29c0b2198922763e347caac89d6eec5f74101f9fa860436e7493e2b02cc6b1b26e800e783546fe5a0c6e0d8f
+$(DL_FILE)_BLAKE2 = 7e47d78b762b7334f5fec13897bdf11859310932371a55c189c4554b347f097852e5fa17be3df03d047fabcc60699a3b310d0aa395aadd96a5ebff009a2ddba0
 
 install : $(TARGET)
 

diff --git a/lfs/mpd b/lfs/mpd
index a9807b3cda1ef790aa7a0b4873663eb01e2c3a5a..c05d34d8e5fefba6e12cb6da27c260b606903091 100644 (file)
--- a/lfs/mpd
+++ b/lfs/mpd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Music Player Daemon
 
-VER        = 0.23.14
+VER        = 0.23.15
 
 THISAPP    = mpd-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/${THISAPP}
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mpd
-PAK_VER    = 33
+PAK_VER    = 37
 # SUP_ARCH   = aarch64 x86_64
 
 DEPS       = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr fmt
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = c048f128111d1d65775c317182b91d113339a5b09d3005c320cc3b14a79b7c1da0d1ba3d53f6bf348a3a404ceea33c1ad2427225f4a1f3d1cde4a921e71d6e1c
+$(DL_FILE)_BLAKE2 = 78036078b850afab900b5d50e44ce83cbbf900369f5028d4177fdbfc4128dd3c35c59a773528a1fcfcc0179d0e579566b827fe87ef780a88082dc3b7f70cd5e7
 
 install : $(TARGET)
 
@@ -105,6 +105,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        #install initscripts
        $(call INSTALL_INITSCRIPTS,$(SERVICES))
 
+       -mkdir -p /var/ipfire/mpd/db
+       touch /var/ipfire/mpd/playlist.m3u
+       install -v -m 664 $(DIR_SRC)/config/mpd/mpd.conf /var/ipfire/mpd/
+       echo "Folder for mpd database" > /var/ipfire/mpd/db/info
+       -mkdir -p /var/mp3
+       echo "Folder for music files" > /var/mp3/info
+       chown root.nobody /var/ipfire/mpd/{mpd.conf,playlist.m3u}
+       chmod 664 /var/ipfire/mpd/playlist.m3u
+       install -v -m 644 $(DIR_SRC)/config/backup/includes/mpd /var/ipfire/backup/addons/includes/mpd
+
        @rm -rf $(DIR_APP)
        touch /var/log/mpd.error.log
        touch /var/log/mpd.log

diff --git a/lfs/mpfire b/lfs/mpfire
index 590cf31ef315178f2f591227c987e12b991a3f3e..54551a0b6d02c4df08e9e1095102441fa5d206a6 100644 (file)
--- a/lfs/mpfire
+++ b/lfs/mpfire
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2019  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@ THISAPP    = mpfire-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mpfire
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = mpd mpc
 
@@ -61,17 +61,11 @@ dist:
 
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
-       -mkdir -p /var/ipfire/mpfire/{bin,db}
-       touch /var/ipfire/mpfire/{settings,playlist.m3u}
+       -mkdir -p /var/ipfire/mpfire/bin
+       touch /var/ipfire/mpfire/settings
        install -v -m 755 $(DIR_SRC)/config/mpfire/mpfire.pl /var/ipfire/mpfire/bin
-       install -v -m 664 $(DIR_SRC)/config/mpfire/mpd.conf /var/ipfire/mpfire/
        install -v -m 644 $(DIR_SRC)/config/mpfire/webradio /var/ipfire/mpfire/
-       echo "Folder for mpd database" > /var/ipfire/mpfire/db/info
-       -mkdir -p /var/mp3
-       echo "Folder for music files" > /var/mp3/info
-       chown root.nobody /var/ipfire/mpfire/{mpd.conf,playlist.m3u}
        chown nobody.nobody /var/ipfire/mpfire/{settings,webradio}
-       chmod 664 /var/ipfire/mpfire/playlist.m3u
        chmod 755 /srv/web/ipfire/html/images/mpfire
        install -v -m 644 $(DIR_SRC)/config/backup/includes/mpfire /var/ipfire/backup/addons/includes/mpfire
        -mkdir -p /usr/lib/perl5/site_perl/5.36.0/Audio/

diff --git a/lfs/multipath-tools b/lfs/multipath-tools
index 61b6183f01797fd0cb32b21d7533fd23b74e9617..0ff8d813f746077413579fa208ab99743e7cea1b 100644 (file)
--- a/lfs/multipath-tools
+++ b/lfs/multipath-tools
@@ -73,7 +73,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP)/kpartx && make $(MAKETUNING)
+       cd $(DIR_APP)/kpartx && make $(MAKETUNING) CPPFLAGS=
        cd $(DIR_APP)/kpartx && make install PREFIX=/usr
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/mympd b/lfs/mympd
index ffedcdcce12ac4cd12c916ceab70ab17982860fc..bb7215ba1bc747d54eb08ed6524587b9b6900029 100644 (file)
--- a/lfs/mympd
+++ b/lfs/mympd
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Webfrontend for Music Player Daemon
 
-VER        = 13.0.6
+VER        = 14.1.0
 
 THISAPP    = myMPD-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,10 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mympd
-PAK_VER    = 1
+PAK_VER    = 4
 
-# TODO move mpd initskript and config to mpd package to run without mpfire
-DEPS       = mpd libmpdclient mpfire
+DEPS       = mpd libmpdclient
 
 SERVICES   = mympd
 
@@ -49,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2ecd8d42b9398e85fc6c149c9e55f760f2039434039d558ac1914b447858a59676ed9300bc89b2a25757b8d9828dec5934376d4587f6b84026d07adbfd2e4a33
+$(DL_FILE)_BLAKE2 = 621ecc2b9ecf78c606005120837480b1bccc92fd3b9c201781e719ea524fc689b58f587f59fd388b73a0a1e63befce951e9182ee865e625f83a175a61572759b
 
 install : $(TARGET)
 
@@ -82,6 +81,10 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+       # Do not try to re-define _FORTIFY_SOURCE
+       cd $(DIR_APP) && sed -e "/D_FORTIFY_SOURCE/d" -i CMakeLists.txt
+
        cd $(DIR_APP) && mkdir -p build
        cd $(DIR_APP)/build && cmake -Wno-dev \
                -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release ..

diff --git a/lfs/newt b/lfs/newt
index fa2254d2e0a28106fc6e28835f994f684389536e..156a0df4cd62d421cc36e76927c9f082dda55fce 100644 (file)
--- a/lfs/newt
+++ b/lfs/newt
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.52.23
+VER        = 0.52.24
 
 THISAPP    = newt-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 55046155d02a406ac618f9c1a1f668e6794b6875e4d9083e3d5da32fe008df3deb79eddadfce40c193346b7a705b8c5c18e7bb7076e8ea8729f35384fa944a97
+$(DL_FILE)_BLAKE2 = 4ab5b343d1cc72855ee330d4a7f03a0dd5b090748410b64844277a7d9464f9166459ac6d943d07e844b22b7187ed851473840739dde8991e3b4b2dae97e6dcf4
 
 install : $(TARGET)
 

diff --git a/lfs/openjpeg b/lfs/openjpeg
index 40c642c0738afc99acc0127d0b518511812a8aa8..f2637fb5179a049a4c4c4a335717694747eab0a0 100644 (file)
--- a/lfs/openjpeg
+++ b/lfs/openjpeg
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.5.0
+VER        = 2.5.2
 
 THISAPP    = openjpeg-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 472d9998a7407574d3bc059d1c0b662a8a553cfe5cb7806a022cb35e14564417a8e06e9970f06d8e65ef149019bab747caefa8e29bc793d07ad86e076909d306
+$(DL_FILE)_BLAKE2 = 4c23eecd603c620d3555fa02055104d292cdf4bbb88ab3d8d8a8f62e3c21b52d3c6d9211d8dd6f11d76fb1ca6f2333a7305ae07b5883a62eb7fc28ec9dfafc0f
 
 install : $(TARGET)
 

diff --git a/lfs/openssh b/lfs/openssh
index 3833f2ca73fcf6488dbf096774e7f61615a0da0c..315b1a70b0ebf0a5aa4264089023fb1b966f56d3 100644 (file)
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 9.6p1
+VER        = 9.7p1
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd
+$(DL_FILE)_BLAKE2 = 520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b
 
 install : $(TARGET)
 

diff --git a/lfs/opus b/lfs/opus
index e91c6a0e1364c5592f0534709e1aaee38e6761a3..a7858f5c82b6a9541ef4bb6b3e24dfccc763ff87 100644 (file)
--- a/lfs/opus
+++ b/lfs/opus
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Opus Audio Codec Library
 
-VER        = 1.4
+VER        = 1.5.1
 
 THISAPP    = opus-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = opus
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       =
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 21f11df745cb868f4da1586d678901045fd9bd0c0590628015f3adc2522c88b0660df88096abe975051fec3188b76b93762c4a01907c2ab2b23c40fde79cf6ad
+$(DL_FILE)_BLAKE2 = 5ba1d6f28594f366b545507bafb22751e15a0e78e152e7cdef456dccb0bc9fc512faa18c90fb4ea5455a9535de89df987dea8a0fabce9a25c285d0c410d4b482
 
 install : $(TARGET)
 check : $(patsubst %,$(DIR_CHK)/%,$(objects))

diff --git a/lfs/pango b/lfs/pango
index 19b5100591268ede27ca5ea9e2a71ef873a7882e..016c3b04337755458f17232b1c304e3a258fdffd 100644 (file)
--- a/lfs/pango
+++ b/lfs/pango
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.50.13
+VER        = 1.52.0
 
 THISAPP    = pango-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 8524d5ff478137e6f3795aff8428a8bc864d72338d93c579c039c94eba368526d38f999b7a9b1964e3649d748393dbe2fffaa29a11732df5bd0adff010d79e05
+$(DL_FILE)_BLAKE2 = 3b90c1b104fc2624d0d3c5f35262dc6718f7d795a8932ee6d674ab107c12896f9fced16e9eaa1028db1e92833a108d9d608741df17c0a3aaa7fdf43a6b68e754
 
 install : $(TARGET)
 

diff --git a/lfs/pciutils b/lfs/pciutils
index eb9a0b2d7e2925073f6d0bb199de6bf23b0da9f9..bb06ba0298dcf3467c0281db589bb276b40f7c83 100644 (file)
--- a/lfs/pciutils
+++ b/lfs/pciutils
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.10.0
+VER        = 3.11.1
 
 THISAPP    = pciutils-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2e1255eb5508c9d1339f5bc772c2592a03cae4d8d097e8939748c9bb5d5d949be53d705d1b7d903f7ea88b2abeea91e39de16e39d2f46f0a1f62f8a9e32c6faa
+$(DL_FILE)_BLAKE2 = 447d0e3fa209d2d27a0310a5824a75b543b539c459caed23e9218f4ff3f9a3c2a99c65dd5ddf92a56c2b880ecfaeff6f3edc458c3e5973a1a4937325740915ac
 
 install : $(TARGET)
 

diff --git a/lfs/pixman b/lfs/pixman
index a1f362febe0ffbd577373112f741ae143c74ee45..8b4644757ddb9d6b2317ac31c9d9b18926ccdda3 100644 (file)
--- a/lfs/pixman
+++ b/lfs/pixman
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.43.0
+VER        = 0.43.4
 
 THISAPP    = pixman-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 1a807d4d5598a5fe6077d6bbc7786cba41a698a1f03801cc5367ade8707500ee215a0faf65afe85f9e040b0380f1074c2fdfd31c0805dc41a4e5e34e36416764
+$(DL_FILE)_BLAKE2 = c31e5700bfadcd72f522af50509a4a6cd7bbf90c918c75b108e50246f1c76e858125138902a222040ada192710ec788deb43eb65085416f3eff88e3ed970933e
 
 install : $(TARGET)
 

diff --git a/lfs/poppler b/lfs/poppler
index 03838d09a2fd1a92d7d4bb58ddccc086252934ee..27b06c5ea19af7bdf5b26275b81d8168a9fcb0ce 100644 (file)
--- a/lfs/poppler
+++ b/lfs/poppler
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 24.01.0
+VER        = 24.03.0
 
 THISAPP    = poppler-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 16c87a4338c73fcccfac3ac477807a7f96c8e95e68efff484d9d544da10815972f20d40f71091c6092913d82b205ca0d1bd25acbaba79277e1a1bf19ba397e6d
+$(DL_FILE)_BLAKE2 = 34cd3b64b1fbee53727d99bf73a896331c15d816ea77aa678a9ebe4bc6ddf8c859ae004915aba36346dbcb13862d7d6670562e45d99888d444c523d83c90b58a
 
 install : $(TARGET)
 

diff --git a/lfs/qpdf b/lfs/qpdf
index b91ca693f567700348ad9e68aa9569f37a0889c7..fabb4565b5e12f278b84e722e63e35eed5f27696 100644 (file)
--- a/lfs/qpdf
+++ b/lfs/qpdf
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 11.7.0
+VER        = 11.9.0
 
 THISAPP    = qpdf-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = aa10e154899a7fd53d696b9521cc8a44d4a336094711ddc2a506dac8841ae12ce5bcd604555725d2b6bae3c63a6a3f6ef0e9ab6baf38dd3d7fa71507234378a3
+$(DL_FILE)_BLAKE2 = 3f79bef4b8d276cb73db1a08eb72cc67dec803c942c5e6f5322ecfc2fb017c7169aebb6b0790f1789970c86f4c8790465d0315ff8b355dd7e395a02192a605cb
 
 install : $(TARGET)
 

diff --git a/lfs/samba b/lfs/samba
index 7ebac8ded2f64bdb28c7cb4ee60ab0f314e065e0..76088abfadea0555dee303eb96848afc20a85bf7 100644 (file)
--- a/lfs/samba
+++ b/lfs/samba
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.19.3
+VER        = 4.19.5
 SUMMARY    = A SMB/CIFS File, Print, and Authentication Server
 
 THISAPP    = samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 98
+PAK_VER    = 99
 
 DEPS       = avahi cups perl-Parse-Yapp perl-JSON
 
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = f83af3b50d795bdc4a250fe96040721150acc3b8effddd473e3cfa3ef6eeec99928b1307a18a472be45049e1d0b74650b9f6dd4bf5c434277c94ab88cb493b3b
+$(DL_FILE)_BLAKE2 = 0f0081380ad459cca914e5e4cf505a4783ce97f0fb8c0471a6e558c747c16b0b327e545358265f365599c3807540985bcddb68aa67d14136cee4dbcb5158090c
 
 install : $(TARGET)
 

diff --git a/lfs/sdl2 b/lfs/sdl2
index 51d7de8cc1401ea50ffbd7422d2c3b368a5ea8d3..de7a5e7365c640632662e3a1543456b169f14286 100644 (file)
--- a/lfs/sdl2
+++ b/lfs/sdl2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.28.5
+VER        = 2.30.1
 SUMMARY    = Simple DirectMedia Layer Library
 
 THISAPP    = SDL2-$(VER)
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = sdl2
-PAK_VER    = 14
+PAK_VER    = 15
 
 DEPS       = alsa
 
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = c96481bc02af6b6d077247238f7e46b0e3ec216664584add29cafb0a91d06dc6ddc637a01519dbd7182d4fa59cfaf26ad6733f72583021cf65849416f9c4b698
+$(DL_FILE)_BLAKE2 = 5cc651bcb38a1a3989a966351074b1a77f511b5bef0d3c9aef06d67d89f1d0ee926f5cba4bf2d45be28bb3f1e9da9b3f17a85f094c8547586072b24ee342777d
 
 install : $(TARGET)
 

diff --git a/lfs/shadow b/lfs/shadow
index a3495474aa81ec8f35f857c58ffb9ef29f891348..46b716c27d636b680d934108f94b0a10de171fa9 100644 (file)
--- a/lfs/shadow
+++ b/lfs/shadow
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.14.3
+VER        = 4.15.0
 
 THISAPP    = shadow-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 6707cae41a0f8478cadd94ea5eaba95cdc6b1b23896b8dd903c62c931839a82b0538f04f8c12433f148da5b23c12a033963380be81f6fc97fa0e3f9399e51b21
+$(DL_FILE)_BLAKE2 = 1a7594c6f93d1c8cad8caa574cdcda60a48d7c001c9ad48e540b26763d9a1cd7fba9501a0a451a5a64889dd6c0cbcf4d026fc72a7ee5a3ee682931bfe7e1b391
 
 install : $(TARGET)
 

diff --git a/lfs/sqlite b/lfs/sqlite
index 0ad87a0824400e0d1a1ee1d2c2a5c7d0f7d444ea..922b303b781bd844a36b063cb068437dae627e09 100644 (file)
--- a/lfs/sqlite
+++ b/lfs/sqlite
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3450100
+VER        = 3450200
 
 THISAPP    = sqlite-autoconf-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2725faccde5b964b3c037ae0f885b3461c01619e6c086e53f53cc1ecf7e75a46dd1ac4bec4803bc149014d158976607d195993e5d925b723284512a880010bf5
+$(DL_FILE)_BLAKE2 = 7bc225167a6792a35c2e7a324fe9bff1a1540a01b0fd04197d023f113a368ba6034235045281c7653abdd2ea67aa10a5ed19b024d1d25bdb7232533e25dfb991
 
 install : $(TARGET)
 

diff --git a/lfs/squid b/lfs/squid
index 3a2d1039c4733d4374298973d5d7dff136a5dbe2..882a8842eded7a9dd14d0cdafb58dba4dd9b67c1 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.7
+VER        = 6.8
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = f91b0f617b6b32138c33575d5daec0bc6dfcb0d356939b6c01e9d4c33b77886ffb55c38678f31aeed9bf4d5d5e488c751d41098b846a956383c8b6db8c851cab
+$(DL_FILE)_BLAKE2 = 771de358d395a6b4bb5d94b02325755d1ba891c24f2cc1bdc80d91a73467a475c2cb7f0e1c24aed2f714c0de38858a24ac3864a5b772b6828beeb014da827d9d
 
 install : $(TARGET)
 

diff --git a/lfs/suricata b/lfs/suricata
index fbad89672296f1c78831c635d7f3b0c3fdb4b164..e8729e3689128d488fefdcc8db85ee114c86480f 100644 (file)
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.16
+VER        = 7.0.3
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 831d18072b52bfdd8379ac43a99b1660e575b04a805034371c1341f7fb4875f1b110d2f35bbf7eb7834f2b6b44cafdb939b32dbc50b43c4657277fa24c4dd3f4
+$(DL_FILE)_BLAKE2 = b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb
 
 install : $(TARGET)
 
@@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
        cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
                --prefix=/usr \
                --sysconfdir=/etc \

diff --git a/lfs/tcl b/lfs/tcl
index 3bfde88a2f19e438759bb1497407ca56bfbed266..05cf99aa6b119e4276f0299b7b368ded47d202e8 100644 (file)
--- a/lfs/tcl
+++ b/lfs/tcl
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.6.13
+VER        = 8.6.14
 
 THISAPP    = tcl$(VER)
 DL_FILE    = $(THISAPP)-src.tar.gz
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = f7d895ee04bf2be2a327a957189a8a4400afae13d065163c4c7b6b5ee909bae2352114843d82d9475046eafd3d288da2c1649fe6285fdb26eb22f0b97e4227ab
+$(DL_FILE)_BLAKE2 = 7089747a4d539b46e710ecb795aa3cd5576243862fae3cf8e6f0efb15681174881396c0147071dca18421d9d95eb35557b17d623f0f63383476fe882cef35a61
 
 install : $(TARGET)
 

diff --git a/lfs/transmission b/lfs/transmission
index 3b77a85e011b50486dba0398af17341078524cd8..298c2a0e9f5032e2a1de71f649005f32972360dd 100644 (file)
--- a/lfs/transmission
+++ b/lfs/transmission
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = transmission
-PAK_VER    = 21
+PAK_VER    = 22
 
 DEPS       =
 

diff --git a/lfs/unbound b/lfs/unbound
index b852f75b9b569c3b768d87f2ede9b27d5a36698f..0a510606456d8c6e445780c32223a79b0cc88c60 100644 (file)
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.19.1
+VER        = 1.19.2
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f9192434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012
+$(DL_FILE)_BLAKE2 = f8dcee649e5e1dfaab9285964419b4d957f0035e484021e3131784512fed842ee46c25d7b47304aca4f03a0480877b939968bca22e80620434d1d2cb7013c9b6
 
 install : $(TARGET)
 

diff --git a/lfs/util-linux b/lfs/util-linux
index 3252f8f465c1829d4b9fc23dd176d9a4a05c909d..d99ded13fe9c997624e8820b07139277448dc0c5 100644 (file)
--- a/lfs/util-linux
+++ b/lfs/util-linux
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.39.2
+VER        = 2.39.3
 
 THISAPP    = util-linux-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 963c257b86f8a025a3452f102656f479382b9e03dd8ce39b9561302b484c595005aa0bbce9b91422d9be038037143772483363c2a1eec569355316fc8d5d5765
+$(DL_FILE)_BLAKE2 = cd7b2b3c820e920d4a6ecd46fd807e018fc8e54439292f5e62c5f6863dd0f2505df3ec02c470d9be255a437c6ee8e4077908ac78d19a0d1273854d99eb571df0
 
 install : $(TARGET)
 

diff --git a/lfs/vdr b/lfs/vdr
index eb761123d115dadf5c29d80da8ccab3358904e7f..41dd4e92dd3bc3b1242ff7422dc23dc847de6e39 100644 (file)
--- a/lfs/vdr
+++ b/lfs/vdr
@@ -39,7 +39,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = vdr
-PAK_VER    = 16
+PAK_VER    = 17
 
 DEPS       = vdr_streamdev
 

diff --git a/lfs/vim b/lfs/vim
index ea52c8e73f0ff6164ee7a11411547e9afc382646..19f6ec10a7ea68d7267f213eca615ed1b405155d 100644 (file)
--- a/lfs/vim
+++ b/lfs/vim
@@ -32,6 +32,10 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/vim90
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
+# vim tries to build itself with FORTIFY_SOURCE=1 and is not very good at
+# filtering out any CFLAGS that might change that. So we do this ourselves.
+CFLAGS    := $(filter-out -Wp$(COMMA)-U_FORTIFY_SOURCE,$(CFLAGS))
+
 ###############################################################################
 # Top-level Rules
 ###############################################################################

diff --git a/lfs/wget b/lfs/wget
index 670a9372059a5461235b498bcd07ac6e96bb4131..5bb650e9bfbae2515570b87f826221a900cae561 100644 (file)
--- a/lfs/wget
+++ b/lfs/wget
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.21.4
+VER        = 1.24.5
 
 THISAPP    = wget-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = ced6fb9a20343d41e4d8e0c8f171c60535847504fa4c32abc81d104a1594dc7b7c97b5b301836e31dacc7a0f2155c0a2e70e42ff60dc3fa471deb1dad33ba736
+$(DL_FILE)_BLAKE2 = d33274d599f91384c2a7db0b145ec6b315cf87cbbd02026d686a79220e3f15ca9ad0f9d8b507895f6c8486b7ac2ae5fa5c9ea010e883b6eec68d3aba038b02de
 
 install : $(TARGET)
 

diff --git a/lfs/whois b/lfs/whois
index fc2b99b6ea074e8d11b51c04a7718efb43850b10..2bda1fcc96ee8e06a1bab66760276025e6afbfd2 100644 (file)
--- a/lfs/whois
+++ b/lfs/whois
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.5.18
+VER        = 5.5.21
 
 THISAPP    = whois-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 86809c2bd7175947191f1b516702e62dcb8ad1ee7bb65091a598ba7c5501e628886245d1f61ce141de869c923cfe67247038b61d6e8875c7c6c712c6a61fa119
+$(DL_FILE)_BLAKE2 = b1cf42f1a60e5009e5882f154432d5974f45c1bf89d8b36b73f6e5f55ff2dba02e8ca7900926d2824200f5422d5e9f00abde524d4e2d8a25ba37376cc2e8d04a
 
 install : $(TARGET)
 

diff --git a/lfs/wsdd b/lfs/wsdd
new file mode 100644 (file)
index 0000000..aa65e47
--- /dev/null
+++ b/lfs/wsdd
@@ -0,0 +1,89 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.7.1
+SUMMARY    = A Web Service Discovery host daemon.
+
+THISAPP    = wsdd-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = wsdd
+PAK_VER    = 1
+
+DEPS       =
+
+SERVICES   = wsdd
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = ce43022c3bd9f7ff1fd7169ac0d5ab6b2ff78d35c221c05b2e20908a5772d563ab2aca571d4e6ae48a55d19d4adcb9cde60f720ae47af8ee950198224fcfdb26
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+       @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && cp src/wsdd.py /usr/bin/wsdd
+
+       #install initscripts
+       $(call INSTALL_INITSCRIPTS,$(SERVICES))
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)

diff --git a/lfs/xz b/lfs/xz
index e0b905a22113877c50b421f532ac903ee7151e42..cbec430d4eb6047c29f337a76145d2a70cbb9d06 100644 (file)
--- a/lfs/xz
+++ b/lfs/xz
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.4.6
+VER        = 5.6.1
 
 THISAPP    = xz-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = d609590f1e9f13404988050e1bfdc623b996794b603cf2e39d2fd592be1967c97d8beaba9196eae4a0d448a432b1d7499986b7f669e736b65ec67590a04af9f7
+$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925
 
 install : $(TARGET)
 

diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index 0033d9a2c29ac5557323cd169a69fb4beaf93fc7..5f274c3098419cf1acb9c1cee018f863cc4dddb7 100644 (file)
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Zabbix Agent
 
-VER        = 6.0.22
+VER        = 6.0.27
 
 THISAPP    = zabbix-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = zabbix_agentd
-PAK_VER    = 11
+PAK_VER    = 12
 
 DEPS       = fping
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = bba7911a24b00827c58d84938b5786d07f1eb44cbcad94cddf68b484ac9a2f514beb60225d006b8cefc5bbf92e51da27f26d9f6681e10f6322ed0841394e8d9d
+$(DL_FILE)_BLAKE2 = 793bb887bd8f0d3c2f3d15a4ed9bb5b1fcfb13fcf80ea077672744a1bd8524e213eaf53291e0f9eecb9eb055fee6f1e29e91f890b54698906beac21ca54db4e9
 
 install : $(TARGET)
 
@@ -110,6 +110,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                /var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
        install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ipfire.conf \
                /var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
+       install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \
+               /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+
+       # Install IPFire-specific Zabbix Agent scripts
+       -mkdir -pv /var/ipfire/zabbix_agentd/scripts
+       install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_certificate_detail.sh \
+               /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 
        # Create directory for additional agent modules
        -mkdir -pv /usr/lib/zabbix

diff --git a/make.sh b/make.sh
index 6178b46cb7b10cc8375c003442e70bd97c120dcf..64dbef5c4bfc06846e391ce2141d25243bfa9ee6 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -23,7 +23,7 @@ NAME="IPFire"                                                 # Software name
 SNAME="ipfire"                                                 # Short name
 # If you update the version don't forget to update backupiso and add it to core update
 VERSION="2.29"                                                 # Version number
-CORE="184"                                                     # Core Level (Filename)
+CORE="185"                                                     # Core Level (Filename)
 SLOGAN="www.ipfire.org"                                                # Software slogan
 CONFIG_ROOT=/var/ipfire                                                # Configuration rootdir
 MAX_RETRIES=1                                                  # prefetch/check loop
@@ -35,7 +35,7 @@ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"                       # Git Branch
 GIT_TAG="$(git tag | tail -1)"                                 # Git Tag
 GIT_LASTCOMMIT="$(git rev-parse --verify HEAD)"                        # Last commit
 
-TOOLCHAINVER=20231206
+TOOLCHAINVER=20240210
 
 # use multicore and max compression
 ZSTD_OPT="-T0 --ultra -22"
@@ -182,9 +182,9 @@ configure_build() {
        TOOLS_DIR="/tools_${BUILD_ARCH}"
 
        # Enables hardening
-       HARDENING_CFLAGS="-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection"
+       HARDENING_CFLAGS="-Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection"
 
-       CFLAGS="-O2 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}"
+       CFLAGS="-O2 -g0 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}"
        CXXFLAGS="${CFLAGS}"
 
        RUSTFLAGS="-Copt-level=3 -Clink-arg=-Wl,-z,relro,-z,now -Ccodegen-units=1 --cap-lints=warn ${RUSTFLAGS_ARCH}"
@@ -1711,6 +1711,7 @@ buildipfire() {
   lfsmake2 perl-URI-Encode
   lfsmake2 rsnapshot
   lfsmake2 mympd
+  lfsmake2 wsdd
 
   # Kernelbuild ... current we have no platform that need
   # multi kernel builds so KCFG is empty

diff --git a/src/initscripts/packages/mpd b/src/initscripts/packages/mpd
index 977001140e8947a93d580d984cbfaf9143dfc313..d42c0c549509fbd0d9cc5525683919321bd31c17 100644 (file)
--- a/src/initscripts/packages/mpd
+++ b/src/initscripts/packages/mpd
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 case "$1" in
        start)
                boot_mesg "Starting MPD..."
-               chown -R root.nobody /var/ipfire/mpfire/db
+               chown -R root.nobody /var/ipfire/mpd/db
                /bin/nice --5 /usr/bin/mpd
     evaluate_retval
                ;;

diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd
new file mode 100644 (file)
index 0000000..68e8f3d
--- /dev/null
+++ b/src/initscripts/packages/wsdd
@@ -0,0 +1,78 @@
+#!/bin/sh
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+PIDFILE="/var/run/wsdd.pid"
+
+case "$1" in
+       start)
+               ARGS=(
+                       # Launch as non-privileged user
+                       "--user" "wsdd:wsdd"
+
+                       # Launch in chroot
+                       "--chroot" "/var/run/wsdd"
+
+                       # Only use IPv4
+                       "--ipv4only"
+
+                       # Configure the workgroup
+                       "--workgroup" "$(testparm -s --parameter-name workgroup 2>/dev/null)"
+               )
+
+               # Conditionally add the GREEN/BLUE interface
+               for intf in GREEN_DEV BLUE_DEV; do
+                       if [ -n "${!intf}" ]; then
+                               ARGS+=( "--interface" "${!intf}" )
+                       fi
+               done
+
+               # Create chroot directory for wsdd
+               mkdir -p /var/run/wsdd
+
+               boot_mesg "Starting Web Service Discovery Host Daemon..."
+               loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}"
+               ;;
+
+       stop)
+               boot_mesg "Stopping Web Service Discovery Host Daemon..."
+               killproc -p "${PIDFILE}" /usr/bin/wsdd
+               ;;
+
+       status)
+               statusproc /usr/bin/wsdd
+               ;;
+
+       restart)
+               $0 stop
+               $0 start
+               ;;
+
+       *)
+               echo "Usage: $0 (start|stop|status|restart)"
+               exit 1
+               ;;
+esac
+

diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index 6f53a941badaac4c656e7240f9088023f9a261a9..5a26aef45f843b55b95e628dbc93111a412b425f 100644 (file)
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -407,7 +407,7 @@ pidofproc()
 # This will ensure compatibility with previous LFS Bootscripts
 getpids()
 {
-       if [ -z "${PIDFILE}" ]; then
+       if [ -n "${PIDFILE}" ]; then
                pidofproc -s -p "${PIDFILE}" $@
        else
                pidofproc -s $@
@@ -446,6 +446,7 @@ loadproc()
        local pidfile=""
        local forcestart=""
        local nicelevel=""
+       local pid
 
 # This will ensure compatibility with previous LFS Bootscripts
        if [ -n "${PIDFILE}" ]; then
@@ -521,12 +522,19 @@ loadproc()
                (
                        ${cmd} &>/dev/null
                ) &
+               pid="$!"
                evaluate_retval
        else
                ${cmd}
+               pid="$!"
                evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts
        fi
 
+       # Write the pidfile
+       if [ -n "${pid}" -a -n "${pidfile}" ]; then
+               echo "${pid}" > "${pidfile}"
+       fi
+
        return 0
 }
 

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 04e43fbce0f7540cd337a63825e08a7fe2e2bf82..24d92563803a29c98423a5aefb5232cd0795d1cb 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -288,7 +288,7 @@ fix_time_if_dns_fails() {
        fi
 
        # Try to sync time with a known time server
-       boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
+       boot_mesg "DNS not functioning... Trying to sync time with time.ipfire.org (81.3.27.46)..."
        loadproc /usr/local/bin/settime 81.3.27.46
 }
 

diff --git a/src/installer/dracut-module/70-dhcpcd.exe b/src/installer/dracut-module/70-dhcpcd.exe
index d801c8adad101b4f42f27c95ecc87ea5a02d4762..b9693198d9c8980bf576b9068857e6841575455d 100755 (executable)
--- a/src/installer/dracut-module/70-dhcpcd.exe
+++ b/src/installer/dracut-module/70-dhcpcd.exe
@@ -48,7 +48,7 @@ case "${reason}" in
                make_resolvconf
 
                # Set time
-               ntpdate "ntp.ipfire.org"
+               ntpdate "time.ipfire.org"
                ;;
 
        EXPIRE|FAIL|IPV4LL|NAK|NOCARRIER|RELEASE|STOP)

diff --git a/src/paks/alsa/update.sh b/src/paks/alsa/update.sh
index 14cf836b2d64c4d03eee016767963d6d03bccf40..6ea2cdbb2586b97f13235f0614aa15245114f3da 100644 (file)
--- a/src/paks/alsa/update.sh
+++ b/src/paks/alsa/update.sh
@@ -22,8 +22,19 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
-mv /etc/asound.state /tmp
+
+# Backup /etc/asound.state
+if [ -e "/etc/asound.state" ]; then
+       mv /etc/asound.state /tmp/asound.state
+fi
+
 extract_backup_includes
 ./uninstall.sh
 ./install.sh
-mv /tmp/asound.state /etc
+
+# Restore asound.state
+if [ -e "/tmp/asound.state" ]; then
+       mv /tmp/asound.state /etc/asound.state
+fi
+
+exit 0

diff --git a/src/paks/mpd/install.sh b/src/paks/mpd/install.sh
new file mode 100644 (file)
index 0000000..5dd0aac
--- /dev/null
+++ b/src/paks/mpd/install.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+ln -svf  /etc/init.d/mpd /etc/rc.d/rc3.d/S65mpd
+ln -svf  /etc/init.d/mpd /etc/rc.d/rc0.d/K35mpd
+ln -svf  /etc/init.d/mpd /etc/rc.d/rc6.d/K35mpd
+ln -svf  /var/ipfire/mpd/mpd.conf /etc/mpd.conf
+touch /var/log/mpd.log
+restore_backup ${NAME}
+/etc/init.d/mpd restart

diff --git a/src/paks/mpd/uninstall.sh b/src/paks/mpd/uninstall.sh
new file mode 100644 (file)
index 0000000..7b86ae3
--- /dev/null
+++ b/src/paks/mpd/uninstall.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/etc/init.d/mpd stop
+make_backup ${NAME}
+remove_files
+rm -f /etc/rc.d/rc*.d/???mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf

diff --git a/src/paks/mpd/update.sh b/src/paks/mpd/update.sh
new file mode 100644 (file)
index 0000000..31d1d77
--- /dev/null
+++ b/src/paks/mpd/update.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_backup_includes
+./uninstall.sh
+./install.sh

diff --git a/src/paks/mpfire/install.sh b/src/paks/mpfire/install.sh
index f8f833de969b633acf8239ce6246f68f1afaf519..541a25ca2e30b1b97cfdd2d5e556c8e228e4e86e 100644 (file)
--- a/src/paks/mpfire/install.sh
+++ b/src/paks/mpfire/install.sh
@@ -17,20 +17,11 @@
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007-2011 IPFire-Team <info@ipfire.org>.                   #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
 extract_files
-ln -svf  /etc/init.d/mpd /etc/rc.d/rc3.d/S65mpd
-ln -svf  /etc/init.d/mpd /etc/rc.d/rc0.d/K35mpd
-ln -svf  /etc/init.d/mpd /etc/rc.d/rc6.d/K35mpd
-ln -svf  /var/ipfire/mpfire/mpd.conf /etc/mpd.conf
 chmod 755 /srv/web/ipfire/html/images/mpfire
-touch /var/log/mpd.log
 restore_backup ${NAME}
-# comment removed option from config
-sed -i -e "s|^error_file|#error_file|g" /var/ipfire/mpfire/mpd.conf
-#
-/etc/init.d/mpd start

diff --git a/src/paks/mpfire/uninstall.sh b/src/paks/mpfire/uninstall.sh
index 7dec707ee22c69c4c39eb91fe44b38cb122e6fc0..ed7e6a821c779a67b6d8ab3d791e23063d984c4b 100644 (file)
--- a/src/paks/mpfire/uninstall.sh
+++ b/src/paks/mpfire/uninstall.sh
@@ -17,12 +17,10 @@
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
-/etc/init.d/mpd stop
 make_backup ${NAME}
 remove_files
-rm -f /etc/rc.d/rc*.d/???mpd /var/log/mpd.error.log /var/log/mpd.log /etc/mpd.conf

diff --git a/src/paks/mpfire/update.sh b/src/paks/mpfire/update.sh
index 99776659c31ca813c685a8c1c983df98896933e9..31d1d77cc591bccc5fe45f54922e7ccdb9ecd69e 100644 (file)
--- a/src/paks/mpfire/update.sh
+++ b/src/paks/mpfire/update.sh
@@ -17,7 +17,7 @@
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007-2020 IPFire-Team <info@ipfire.org>.                   #
+# Copyright (C) 2007-2024 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #

diff --git a/src/paks/mympd/install.sh b/src/paks/mympd/install.sh
index 529f415e614ad07b6992b5de6f55eb19d53c6879..9c154b5b42d381fa8eee851dfb4a1ce949142a53 100644 (file)
--- a/src/paks/mympd/install.sh
+++ b/src/paks/mympd/install.sh
@@ -29,5 +29,6 @@ ln -svf  /etc/init.d/mympd /etc/rc.d/rc6.d/K34mympd
 restore_backup ${NAME}
 # create/check config
 /usr/bin/mympd -u nobody -c
-# start service
+# start services
+/etc/init.d/mpd restart
 /etc/init.d/mympd start

diff --git a/src/paks/wsdd/install.sh b/src/paks/wsdd/install.sh
new file mode 100644 (file)
index 0000000..181b84e
--- /dev/null
+++ b/src/paks/wsdd/install.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+# If the wsdd user does not exist yet, then create it and add to wsdd group.
+if ! getent user wsdd >/dev/null; then
+       useradd -r -U -d / -s /bin/false -c "wsdd user" wsdd
+       usermod -a -G wsdd wsdd
+fi
+
+extract_files
+restore_backup ${NAME}
+
+# Create startlinks
+ln -sf ../init.d/wsdd /etc/rc.d/rc0.d/K35wsdd
+ln -sf ../init.d/wsdd /etc/rc.d/rc3.d/S65wsdd
+ln -sf ../init.d/wsdd /etc/rc.d/rc6.d/K35wsdd
+start_service ${NAME}
+exit 0

diff --git a/src/paks/wsdd/uninstall.sh b/src/paks/wsdd/uninstall.sh
new file mode 100644 (file)
index 0000000..4c52ee2
--- /dev/null
+++ b/src/paks/wsdd/uninstall.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+stop_service ${NAME}
+make_backup ${NAME}
+remove_files
+# Remove all start links.
+rm -rf /etc/rc.d/rc*.d/*wsdd
+exit 0

diff --git a/src/paks/wsdd/update.sh b/src/paks/wsdd/update.sh
new file mode 100644 (file)
index 0000000..9977665
--- /dev/null
+++ b/src/paks/wsdd/update.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007-2020 IPFire-Team <info@ipfire.org>.                   #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_backup_includes
+./uninstall.sh
+./install.sh

diff --git a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch b/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch
deleted file mode 100644 (file)
index b78a5a8..0000000
--- a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From d97cca1e5df812be0e4de1e38091f02bb1e7ec4e Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Tue, 1 Aug 2023 10:27:15 +0200
-Subject: [PATCH 01/44] stdlib: Improve tst-realpath compatibility with source
- fortification
-
-On GCC before 11, IPA can make the fortified realpath aware that the
-buffer size is not large enough (8 bytes instead of PATH_MAX bytes).
-Fix this by using a buffer that is large enough.
-
-(cherry picked from commit 510fc20d73de12c85823d9996faac74666e9c2e7)
----
- stdlib/tst-realpath.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/stdlib/tst-realpath.c b/stdlib/tst-realpath.c
-index f325c95a44..3694ecd8af 100644
---- a/stdlib/tst-realpath.c
-+++ b/stdlib/tst-realpath.c
-@@ -24,6 +24,7 @@
-    License along with the GNU C Library; if not, see
-    <https://www.gnu.org/licenses/>.  */
- 
-+#include <limits.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <malloc.h>
-@@ -50,7 +51,11 @@ void dealloc (void *p)
- 
- char* alloc (void)
- {
--  return (char *)malloc (8);
-+#ifdef PATH_MAX
-+  return (char *)malloc (PATH_MAX);
-+#else
-+  return (char *)malloc (4096);
-+#endif
- }
- 
- static int
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch b/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch
deleted file mode 100644 (file)
index 3b5917d..0000000
--- a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-From ced101ed9d3b7cfd12d97ef24940cb00b8658c81 Mon Sep 17 00:00:00 2001
-From: Sajan Karumanchi <sajan.karumanchi@amd.com>
-Date: Tue, 1 Aug 2023 15:20:55 +0000
-Subject: [PATCH 02/44] x86: Fix for cache computation on AMD legacy cpus.
-
-Some legacy AMD CPUs and hypervisors have the _cpuid_ '0x8000_001D'
-set to Zero, thus resulting in zeroed-out computed cache values.
-This patch reintroduces the old way of cache computation as a
-fail-safe option to handle these exceptions.
-Fixed 'level4_cache_size' value through handle_amd().
-
-Reviewed-by: Premachandra Mallappa <premachandra.mallappa@amd.com>
-Tested-by: Florian Weimer <fweimer@redhat.com>
----
- sysdeps/x86/dl-cacheinfo.h | 226 ++++++++++++++++++++++++++++++++-----
- 1 file changed, 199 insertions(+), 27 deletions(-)
-
-diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h
-index cd4d0351ae..285773039f 100644
---- a/sysdeps/x86/dl-cacheinfo.h
-+++ b/sysdeps/x86/dl-cacheinfo.h
-@@ -315,40 +315,206 @@ handle_amd (int name)
- {
-   unsigned int eax;
-   unsigned int ebx;
--  unsigned int ecx;
-+  unsigned int ecx = 0;
-   unsigned int edx;
--  unsigned int count = 0x1;
-+  unsigned int max_cpuid = 0;
-+  unsigned int fn = 0;
- 
-   /* No level 4 cache (yet).  */
-   if (name > _SC_LEVEL3_CACHE_LINESIZE)
-     return 0;
- 
--  if (name >= _SC_LEVEL3_CACHE_SIZE)
--    count = 0x3;
--  else if (name >= _SC_LEVEL2_CACHE_SIZE)
--    count = 0x2;
--  else if (name >= _SC_LEVEL1_DCACHE_SIZE)
--    count = 0x0;
-+  __cpuid (0x80000000, max_cpuid, ebx, ecx, edx);
-+
-+  if (max_cpuid >= 0x8000001D)
-+    /* Use __cpuid__ '0x8000_001D' to compute cache details.  */
-+    {
-+      unsigned int count = 0x1;
-+
-+      if (name >= _SC_LEVEL3_CACHE_SIZE)
-+        count = 0x3;
-+      else if (name >= _SC_LEVEL2_CACHE_SIZE)
-+        count = 0x2;
-+      else if (name >= _SC_LEVEL1_DCACHE_SIZE)
-+        count = 0x0;
-+
-+      __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx);
-+
-+      if (ecx != 0)
-+        {
-+          switch (name)
-+            {
-+            case _SC_LEVEL1_ICACHE_ASSOC:
-+            case _SC_LEVEL1_DCACHE_ASSOC:
-+            case _SC_LEVEL2_CACHE_ASSOC:
-+            case _SC_LEVEL3_CACHE_ASSOC:
-+              return ((ebx >> 22) & 0x3ff) + 1;
-+            case _SC_LEVEL1_ICACHE_LINESIZE:
-+            case _SC_LEVEL1_DCACHE_LINESIZE:
-+            case _SC_LEVEL2_CACHE_LINESIZE:
-+            case _SC_LEVEL3_CACHE_LINESIZE:
-+              return (ebx & 0xfff) + 1;
-+            case _SC_LEVEL1_ICACHE_SIZE:
-+            case _SC_LEVEL1_DCACHE_SIZE:
-+            case _SC_LEVEL2_CACHE_SIZE:
-+            case _SC_LEVEL3_CACHE_SIZE:
-+              return (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1);
-+            default:
-+              __builtin_unreachable ();
-+            }
-+          return -1;
-+        }
-+    }
-+
-+  /* Legacy cache computation for CPUs prior to Bulldozer family.
-+     This is also a fail-safe mechanism for some hypervisors that
-+     accidentally configure __cpuid__ '0x8000_001D' to Zero.  */
- 
--  __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx);
-+  fn = 0x80000005 + (name >= _SC_LEVEL2_CACHE_SIZE);
-+
-+  if (max_cpuid < fn)
-+    return 0;
-+
-+  __cpuid (fn, eax, ebx, ecx, edx);
-+
-+  if (name < _SC_LEVEL1_DCACHE_SIZE)
-+    {
-+      name += _SC_LEVEL1_DCACHE_SIZE - _SC_LEVEL1_ICACHE_SIZE;
-+      ecx = edx;
-+    }
- 
-   switch (name)
-     {
--    case _SC_LEVEL1_ICACHE_ASSOC:
--    case _SC_LEVEL1_DCACHE_ASSOC:
--    case _SC_LEVEL2_CACHE_ASSOC:
-+      case _SC_LEVEL1_DCACHE_SIZE:
-+        return (ecx >> 14) & 0x3fc00;
-+
-+      case _SC_LEVEL1_DCACHE_ASSOC:
-+        ecx >>= 16;
-+        if ((ecx & 0xff) == 0xff)
-+        {
-+          /* Fully associative.  */
-+          return (ecx << 2) & 0x3fc00;
-+        }
-+        return ecx & 0xff;
-+
-+      case _SC_LEVEL1_DCACHE_LINESIZE:
-+        return ecx & 0xff;
-+
-+      case _SC_LEVEL2_CACHE_SIZE:
-+        return (ecx & 0xf000) == 0 ? 0 : (ecx >> 6) & 0x3fffc00;
-+
-+      case _SC_LEVEL2_CACHE_ASSOC:
-+        switch ((ecx >> 12) & 0xf)
-+          {
-+            case 0:
-+            case 1:
-+            case 2:
-+            case 4:
-+              return (ecx >> 12) & 0xf;
-+            case 6:
-+              return 8;
-+            case 8:
-+              return 16;
-+            case 10:
-+              return 32;
-+            case 11:
-+              return 48;
-+            case 12:
-+              return 64;
-+            case 13:
-+              return 96;
-+            case 14:
-+              return 128;
-+            case 15:
-+              return ((ecx >> 6) & 0x3fffc00) / (ecx & 0xff);
-+            default:
-+              return 0;
-+          }
-+
-+      case _SC_LEVEL2_CACHE_LINESIZE:
-+        return (ecx & 0xf000) == 0 ? 0 : ecx & 0xff;
-+
-+      case _SC_LEVEL3_CACHE_SIZE:
-+        {
-+        long int total_l3_cache = 0, l3_cache_per_thread = 0;
-+        unsigned int threads = 0;
-+        const struct cpu_features *cpu_features;
-+
-+        if ((edx & 0xf000) == 0)
-+          return 0;
-+
-+        total_l3_cache = (edx & 0x3ffc0000) << 1;
-+        cpu_features = __get_cpu_features ();
-+
-+        /* Figure out the number of logical threads that share L3.  */
-+        if (max_cpuid >= 0x80000008)
-+          {
-+            /* Get width of APIC ID.  */
-+            __cpuid (0x80000008, eax, ebx, ecx, edx);
-+            threads = (ecx & 0xff) + 1;
-+          }
-+
-+        if (threads == 0)
-+          {
-+            /* If APIC ID width is not available, use logical
-+            processor count.  */
-+            __cpuid (0x00000001, eax, ebx, ecx, edx);
-+            if ((edx & (1 << 28)) != 0)
-+              threads = (ebx >> 16) & 0xff;
-+          }
-+
-+        /* Cap usage of highest cache level to the number of
-+           supported threads.  */
-+        if (threads > 0)
-+          l3_cache_per_thread = total_l3_cache/threads;
-+
-+        /* Get shared cache per ccx for Zen architectures.  */
-+        if (cpu_features->basic.family >= 0x17)
-+          {
-+            long int l3_cache_per_ccx = 0;
-+            /* Get number of threads share the L3 cache in CCX.  */
-+            __cpuid_count (0x8000001D, 0x3, eax, ebx, ecx, edx);
-+            unsigned int threads_per_ccx = ((eax >> 14) & 0xfff) + 1;
-+            l3_cache_per_ccx = l3_cache_per_thread * threads_per_ccx;
-+            return l3_cache_per_ccx;
-+          }
-+        else
-+          {
-+            return l3_cache_per_thread;
-+          }
-+      }
-+
-     case _SC_LEVEL3_CACHE_ASSOC:
--      return ecx ? ((ebx >> 22) & 0x3ff) + 1 : 0;
--    case _SC_LEVEL1_ICACHE_LINESIZE:
--    case _SC_LEVEL1_DCACHE_LINESIZE:
--    case _SC_LEVEL2_CACHE_LINESIZE:
-+      switch ((edx >> 12) & 0xf)
-+      {
-+        case 0:
-+        case 1:
-+        case 2:
-+        case 4:
-+          return (edx >> 12) & 0xf;
-+        case 6:
-+          return 8;
-+        case 8:
-+          return 16;
-+        case 10:
-+          return 32;
-+        case 11:
-+          return 48;
-+        case 12:
-+          return 64;
-+        case 13:
-+          return 96;
-+        case 14:
-+          return 128;
-+        case 15:
-+          return ((edx & 0x3ffc0000) << 1) / (edx & 0xff);
-+        default:
-+          return 0;
-+      }
-+
-     case _SC_LEVEL3_CACHE_LINESIZE:
--      return ecx ? (ebx & 0xfff) + 1 : 0;
--    case _SC_LEVEL1_ICACHE_SIZE:
--    case _SC_LEVEL1_DCACHE_SIZE:
--    case _SC_LEVEL2_CACHE_SIZE:
--    case _SC_LEVEL3_CACHE_SIZE:
--      return ecx ? (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1): 0;
-+      return (edx & 0xf000) == 0 ? 0 : edx & 0xff;
-+
-     default:
-       __builtin_unreachable ();
-     }
-@@ -703,7 +869,6 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
-       data = handle_amd (_SC_LEVEL1_DCACHE_SIZE);
-       core = handle_amd (_SC_LEVEL2_CACHE_SIZE);
-       shared = handle_amd (_SC_LEVEL3_CACHE_SIZE);
--      shared_per_thread = shared;
- 
-       level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE);
-       level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE);
-@@ -716,13 +881,20 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
-       level3_cache_size = shared;
-       level3_cache_assoc = handle_amd (_SC_LEVEL3_CACHE_ASSOC);
-       level3_cache_linesize = handle_amd (_SC_LEVEL3_CACHE_LINESIZE);
-+      level4_cache_size = handle_amd (_SC_LEVEL4_CACHE_SIZE);
- 
-       if (shared <= 0)
--        /* No shared L3 cache.  All we have is the L2 cache.  */
--      shared = core;
-+        {
-+           /* No shared L3 cache.  All we have is the L2 cache.  */
-+           shared = core;
-+        }
-+      else if (cpu_features->basic.family < 0x17)
-+        {
-+           /* Account for exclusive L2 and L3 caches.  */
-+           shared += core;
-+        }
- 
--      if (shared_per_thread <= 0)
--      shared_per_thread = shared;
-+      shared_per_thread = shared;
-     }
- 
-   cpu_features->level1_icache_size = level1_icache_size;
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch b/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch
deleted file mode 100644 (file)
index 22a2cbd..0000000
--- a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From 6b99458d197ab779ebb6ff632c168e2cbfa4f543 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 11 Aug 2023 10:10:16 +0200
-Subject: [PATCH 03/44] nscd: Do not rebuild getaddrinfo (bug 30709)
-
-The nscd daemon caches hosts data from NSS modules verbatim, without
-filtering protocol families or sorting them (otherwise separate caches
-would be needed for certain ai_flags combinations).  The cache
-implementation is complete separate from the getaddrinfo code.  This
-means that rebuilding getaddrinfo is not needed.  The only function
-actually used is __bump_nl_timestamp from check_pf.c, and this change
-moves it into nscd/connections.c.
-
-Tested on x86_64-linux-gnu with -fexceptions, built with
-build-many-glibcs.py.  I also backported this patch into a distribution
-that still supports nscd and verified manually that caching still works.
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit 039ff51ac7e02db1cfc0c23e38ac7bfbb00221d1)
----
- include/ifaddrs.h                  |  4 ---
- inet/check_pf.c                    |  9 ------
- nscd/Makefile                      |  2 +-
- nscd/connections.c                 | 11 +++++++
- nscd/gai.c                         | 50 ------------------------------
- sysdeps/unix/sysv/linux/check_pf.c | 17 +---------
- 6 files changed, 13 insertions(+), 80 deletions(-)
- delete mode 100644 nscd/gai.c
-
-diff --git a/include/ifaddrs.h b/include/ifaddrs.h
-index 416118f1b3..19a3afb19f 100644
---- a/include/ifaddrs.h
-+++ b/include/ifaddrs.h
-@@ -34,9 +34,5 @@ extern void __check_native (uint32_t a1_index, int *a1_native,
-                           uint32_t a2_index, int *a2_native)
-   attribute_hidden;
- 
--#if IS_IN (nscd)
--extern uint32_t __bump_nl_timestamp (void) attribute_hidden;
--#endif
--
- # endif /* !_ISOMAC */
- #endif        /* ifaddrs.h */
-diff --git a/inet/check_pf.c b/inet/check_pf.c
-index 5310c99121..6d1475920f 100644
---- a/inet/check_pf.c
-+++ b/inet/check_pf.c
-@@ -60,12 +60,3 @@ __free_in6ai (struct in6addrinfo *in6ai)
- {
-   /* Nothing to do.  */
- }
--
--
--#if IS_IN (nscd)
--uint32_t
--__bump_nl_timestamp (void)
--{
--  return 0;
--}
--#endif
-diff --git a/nscd/Makefile b/nscd/Makefile
-index 2a0489f4cf..16b6460ee9 100644
---- a/nscd/Makefile
-+++ b/nscd/Makefile
-@@ -35,7 +35,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \
-               getgrnam_r getgrgid_r hstcache gethstbyad_r gethstbynm3_r \
-               getsrvbynm_r getsrvbypt_r servicescache \
-               dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \
--              xmalloc xstrdup aicache initgrcache gai res_hconf \
-+              xmalloc xstrdup aicache initgrcache res_hconf \
-               netgroupcache cachedumper
- 
- ifeq ($(build-nscd)$(have-thread-library),yesyes)
-diff --git a/nscd/connections.c b/nscd/connections.c
-index a405a44a9b..15693e5090 100644
---- a/nscd/connections.c
-+++ b/nscd/connections.c
-@@ -256,6 +256,17 @@ int inotify_fd = -1;
- #ifdef HAVE_NETLINK
- /* Descriptor for netlink status updates.  */
- static int nl_status_fd = -1;
-+
-+static uint32_t
-+__bump_nl_timestamp (void)
-+{
-+  static uint32_t nl_timestamp;
-+
-+  if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0)
-+    atomic_fetch_add_relaxed (&nl_timestamp, 1);
-+
-+  return nl_timestamp;
-+}
- #endif
- 
- /* Number of times clients had to wait.  */
-diff --git a/nscd/gai.c b/nscd/gai.c
-deleted file mode 100644
-index e29f3fe583..0000000000
---- a/nscd/gai.c
-+++ /dev/null
-@@ -1,50 +0,0 @@
--/* Copyright (C) 2004-2023 Free Software Foundation, Inc.
--   This file is part of the GNU C Library.
--
--   This program is free software; you can redistribute it and/or modify
--   it under the terms of the GNU General Public License as published
--   by the Free Software Foundation; version 2 of the License, or
--   (at your option) any later version.
--
--   This program is distributed in the hope that it will be useful,
--   but WITHOUT ANY WARRANTY; without even the implied warranty of
--   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--   GNU General Public License for more details.
--
--   You should have received a copy of the GNU General Public License
--   along with this program; if not, see <https://www.gnu.org/licenses/>.  */
--
--#include <alloca.h>
--#include <sys/stat.h>
--
--/* This file uses the getaddrinfo code but it compiles it without NSCD
--   support.  We just need a few symbol renames.  */
--#define __ioctl ioctl
--#define __getsockname getsockname
--#define __socket socket
--#define __recvmsg recvmsg
--#define __bind bind
--#define __sendto sendto
--#define __strchrnul strchrnul
--#define __getline getline
--#define __qsort_r qsort_r
--/* nscd uses 1MB or 2MB thread stacks.  */
--#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF)
--#define __getifaddrs getifaddrs
--#define __freeifaddrs freeifaddrs
--#undef __fstat64
--#define __fstat64 fstat64
--#undef __stat64
--#define __stat64 stat64
--
--/* We are nscd, so we don't want to be talking to ourselves.  */
--#undef  USE_NSCD
--
--#include <getaddrinfo.c>
--
--/* Support code.  */
--#include <check_pf.c>
--#include <check_native.c>
--
--/* Some variables normally defined in libc.  */
--nss_action_list __nss_hosts_database attribute_hidden;
-diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c
-index 2b0b8b6368..3aa6a00348 100644
---- a/sysdeps/unix/sysv/linux/check_pf.c
-+++ b/sysdeps/unix/sysv/linux/check_pf.c
-@@ -66,25 +66,10 @@ static struct cached_data *cache;
- __libc_lock_define_initialized (static, lock);
- 
- 
--#if IS_IN (nscd)
--static uint32_t nl_timestamp;
--
--uint32_t
--__bump_nl_timestamp (void)
--{
--  if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0)
--    atomic_fetch_add_relaxed (&nl_timestamp, 1);
--
--  return nl_timestamp;
--}
--#endif
--
- static inline uint32_t
- get_nl_timestamp (void)
- {
--#if IS_IN (nscd)
--  return nl_timestamp;
--#elif defined USE_NSCD
-+#if defined USE_NSCD
-   return __nscd_get_nl_timestamp ();
- #else
-   return 0;
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch b/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch
deleted file mode 100644 (file)
index e124662..0000000
--- a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 5ea70cc02626d9b85f1570153873d8648a47bf95 Mon Sep 17 00:00:00 2001
-From: Noah Goldstein <goldstein.w.n@gmail.com>
-Date: Thu, 10 Aug 2023 19:28:24 -0500
-Subject: [PATCH 04/44] x86: Fix incorrect scope of setting `shared_per_thread`
- [BZ# 30745]
-
-The:
-
-```
-    if (shared_per_thread > 0 && threads > 0)
-      shared_per_thread /= threads;
-```
-
-Code was accidentally moved to inside the else scope.  This doesn't
-match how it was previously (before af992e7abd).
-
-This patch fixes that by putting the division after the `else` block.
-
-(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede)
----
- sysdeps/x86/dl-cacheinfo.h | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h
-index 285773039f..5ddb35c9d9 100644
---- a/sysdeps/x86/dl-cacheinfo.h
-+++ b/sysdeps/x86/dl-cacheinfo.h
-@@ -770,11 +770,10 @@ get_common_cache_info (long int *shared_ptr, long int * shared_per_thread_ptr, u
-            level.  */
-         threads = ((cpu_features->features[CPUID_INDEX_1].cpuid.ebx >> 16)
-                    & 0xff);
--
--        /* Get per-thread size of highest level cache.  */
--        if (shared_per_thread > 0 && threads > 0)
--          shared_per_thread /= threads;
-       }
-+      /* Get per-thread size of highest level cache.  */
-+      if (shared_per_thread > 0 && threads > 0)
-+      shared_per_thread /= threads;
-     }
- 
-   /* Account for non-inclusive L2 and L3 caches.  */
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch b/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch
deleted file mode 100644 (file)
index 3ee8410..0000000
--- a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 6135d50e44233d8c89ca788f78c669941ad09fb9 Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-Date: Tue, 8 Aug 2023 09:27:54 -0300
-Subject: [PATCH 05/44] x86_64: Fix build with --disable-multiarch (BZ 30721)
-
-With multiarch disabled, the default memmove implementation provides
-the fortify routines for memcpy, mempcpy, and memmove.  However, it
-does not provide the internal hidden definitions used when building
-with fortify enabled.  The memset has a similar issue.
-
-Checked on x86_64-linux-gnu building with different options:
-default and --disable-multi-arch plus default, --disable-default-pie,
---enable-fortify-source={2,3}, and --enable-fortify-source={2,3}
-with --disable-default-pie.
-Tested-by: Andreas K. Huettel <dilfridge@gentoo.org>
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-
-(cherry picked from commit 51cb52214fcd72849c640b12f5099ed3ac776181)
----
- sysdeps/x86_64/memcpy.S  | 2 +-
- sysdeps/x86_64/memmove.S | 3 +++
- sysdeps/x86_64/memset.S  | 1 +
- 3 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/sysdeps/x86_64/memcpy.S b/sysdeps/x86_64/memcpy.S
-index d98500a78a..4922cba657 100644
---- a/sysdeps/x86_64/memcpy.S
-+++ b/sysdeps/x86_64/memcpy.S
-@@ -1 +1 @@
--/* Implemented in memcpy.S.  */
-+/* Implemented in memmove.S.  */
-diff --git a/sysdeps/x86_64/memmove.S b/sysdeps/x86_64/memmove.S
-index f0b84e3b52..c3c08165e1 100644
---- a/sysdeps/x86_64/memmove.S
-+++ b/sysdeps/x86_64/memmove.S
-@@ -46,6 +46,9 @@ weak_alias (__mempcpy, mempcpy)
- 
- #ifndef USE_MULTIARCH
- libc_hidden_builtin_def (memmove)
-+libc_hidden_builtin_def (__memmove_chk)
-+libc_hidden_builtin_def (__memcpy_chk)
-+libc_hidden_builtin_def (__mempcpy_chk)
- # if defined SHARED && IS_IN (libc)
- strong_alias (memmove, __memcpy)
- libc_hidden_ver (memmove, memcpy)
-diff --git a/sysdeps/x86_64/memset.S b/sysdeps/x86_64/memset.S
-index 7c99df36db..c6df24e8de 100644
---- a/sysdeps/x86_64/memset.S
-+++ b/sysdeps/x86_64/memset.S
-@@ -32,6 +32,7 @@
- #include "isa-default-impl.h"
- 
- libc_hidden_builtin_def (memset)
-+libc_hidden_builtin_def (__memset_chk)
- 
- #if IS_IN (libc)
- libc_hidden_def (__wmemset)
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch b/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch
deleted file mode 100644 (file)
index 925a319..0000000
--- a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 7ac405a74c6069b0627dc2d8449a82a621f8ff06 Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-Date: Tue, 8 Aug 2023 09:27:55 -0300
-Subject: [PATCH 06/44] i686: Fix build with --disable-multiarch
-
-Since i686 provides the fortified wrappers for memcpy, mempcpy,
-memmove, and memset on the same string implementation, the static
-build tries to optimized it by not tying the fortified wrappers
-to string routine (to avoid pulling the fortify function if
-they are not required).
-
-Checked on i686-linux-gnu building with different option:
-default and --disable-multi-arch plus default, --disable-default-pie,
---enable-fortify-source={2,3}, and --enable-fortify-source={2,3}
-with --disable-default-pie.
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-
-(cherry picked from commit c73c96a4a1af1326df7f96eec58209e1e04066d8)
----
- sysdeps/i386/i686/memcpy.S                | 2 +-
- sysdeps/i386/i686/mempcpy.S               | 2 +-
- sysdeps/i386/i686/multiarch/memcpy_chk.c  | 2 ++
- sysdeps/i386/i686/multiarch/memmove_chk.c | 2 ++
- sysdeps/i386/i686/multiarch/mempcpy_chk.c | 2 ++
- sysdeps/i386/i686/multiarch/memset_chk.c  | 2 ++
- 6 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S
-index 9b48ec0ea1..b86af4aac9 100644
---- a/sysdeps/i386/i686/memcpy.S
-+++ b/sysdeps/i386/i686/memcpy.S
-@@ -27,7 +27,7 @@
- #define LEN   SRC+4
- 
-       .text
--#if defined PIC && IS_IN (libc)
-+#if defined SHARED && IS_IN (libc)
- ENTRY_CHK (__memcpy_chk)
-       movl    12(%esp), %eax
-       cmpl    %eax, 16(%esp)
-diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S
-index 26f8501e7d..14d9dd681a 100644
---- a/sysdeps/i386/i686/mempcpy.S
-+++ b/sysdeps/i386/i686/mempcpy.S
-@@ -27,7 +27,7 @@
- #define LEN   SRC+4
- 
-       .text
--#if defined PIC && IS_IN (libc)
-+#if defined SHARED && IS_IN (libc)
- ENTRY_CHK (__mempcpy_chk)
-       movl    12(%esp), %eax
-       cmpl    %eax, 16(%esp)
-diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c
-index ec945dc91f..c3a8aeaf18 100644
---- a/sysdeps/i386/i686/multiarch/memcpy_chk.c
-+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c
-@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
- __hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
-   __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
- # endif
-+#else
-+# include <debug/memcpy_chk.c>
- #endif
-diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c
-index 55c7601d5d..070dde083a 100644
---- a/sysdeps/i386/i686/multiarch/memmove_chk.c
-+++ b/sysdeps/i386/i686/multiarch/memmove_chk.c
-@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
- __hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
-   __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
- # endif
-+#else
-+# include <debug/memmove_chk.c>
- #endif
-diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
-index 83569cf9d9..14360f1828 100644
---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c
-+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
-@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
- __hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
-   __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
- # endif
-+#else
-+# include <debug/mempcpy_chk.c>
- #endif
-diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c
-index 1a7503858d..8179ef7c0b 100644
---- a/sysdeps/i386/i686/multiarch/memset_chk.c
-+++ b/sysdeps/i386/i686/multiarch/memset_chk.c
-@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
- __hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
-   __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
- # endif
-+#else
-+# include <debug/memset_chk.c>
- #endif
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch b/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch
deleted file mode 100644 (file)
index fa4a370..0000000
--- a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-From 98c293c61f770b6b7a22f89a6ea81b711ecb1952 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 11 Aug 2023 11:18:17 +0200
-Subject: [PATCH 07/44] malloc: Enable merging of remainders in memalign (bug
- 30723)
-
-Previously, calling _int_free from _int_memalign could put remainders
-into the tcache or into fastbins, where they are invisible to the
-low-level allocator.  This results in missed merge opportunities
-because once these freed chunks become available to the low-level
-allocator, further memalign allocations (even of the same size are)
-likely obstructing merges.
-
-Furthermore, during forwards merging in _int_memalign, do not
-completely give up when the remainder is too small to serve as a
-chunk on its own.  We can still give it back if it can be merged
-with the following unused chunk.  This makes it more likely that
-memalign calls in a loop achieve a compact memory layout,
-independently of initial heap layout.
-
-Drop some useless (unsigned long) casts along the way, and tweak
-the style to more closely match GNU on changed lines.
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
-(cherry picked from commit 542b1105852568c3ebc712225ae78b8c8ba31a78)
----
- malloc/malloc.c | 197 +++++++++++++++++++++++++++++-------------------
- 1 file changed, 121 insertions(+), 76 deletions(-)
-
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index e2f1a615a4..948f9759af 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -1086,6 +1086,11 @@ typedef struct malloc_chunk* mchunkptr;
- 
- static void*  _int_malloc(mstate, size_t);
- static void     _int_free(mstate, mchunkptr, int);
-+static void _int_free_merge_chunk (mstate, mchunkptr, INTERNAL_SIZE_T);
-+static INTERNAL_SIZE_T _int_free_create_chunk (mstate,
-+                                             mchunkptr, INTERNAL_SIZE_T,
-+                                             mchunkptr, INTERNAL_SIZE_T);
-+static void _int_free_maybe_consolidate (mstate, INTERNAL_SIZE_T);
- static void*  _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
-                          INTERNAL_SIZE_T);
- static void*  _int_memalign(mstate, size_t, size_t);
-@@ -4637,31 +4642,52 @@ _int_free (mstate av, mchunkptr p, int have_lock)
-     if (!have_lock)
-       __libc_lock_lock (av->mutex);
- 
--    nextchunk = chunk_at_offset(p, size);
--
--    /* Lightweight tests: check whether the block is already the
--       top block.  */
--    if (__glibc_unlikely (p == av->top))
--      malloc_printerr ("double free or corruption (top)");
--    /* Or whether the next chunk is beyond the boundaries of the arena.  */
--    if (__builtin_expect (contiguous (av)
--                        && (char *) nextchunk
--                        >= ((char *) av->top + chunksize(av->top)), 0))
--      malloc_printerr ("double free or corruption (out)");
--    /* Or whether the block is actually not marked used.  */
--    if (__glibc_unlikely (!prev_inuse(nextchunk)))
--      malloc_printerr ("double free or corruption (!prev)");
--
--    nextsize = chunksize(nextchunk);
--    if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
--      || __builtin_expect (nextsize >= av->system_mem, 0))
--      malloc_printerr ("free(): invalid next size (normal)");
-+    _int_free_merge_chunk (av, p, size);
- 
--    free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
-+    if (!have_lock)
-+      __libc_lock_unlock (av->mutex);
-+  }
-+  /*
-+    If the chunk was allocated via mmap, release via munmap().
-+  */
-+
-+  else {
-+    munmap_chunk (p);
-+  }
-+}
-+
-+/* Try to merge chunk P of SIZE bytes with its neighbors.  Put the
-+   resulting chunk on the appropriate bin list.  P must not be on a
-+   bin list yet, and it can be in use.  */
-+static void
-+_int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size)
-+{
-+  mchunkptr nextchunk = chunk_at_offset(p, size);
-+
-+  /* Lightweight tests: check whether the block is already the
-+     top block.  */
-+  if (__glibc_unlikely (p == av->top))
-+    malloc_printerr ("double free or corruption (top)");
-+  /* Or whether the next chunk is beyond the boundaries of the arena.  */
-+  if (__builtin_expect (contiguous (av)
-+                      && (char *) nextchunk
-+                      >= ((char *) av->top + chunksize(av->top)), 0))
-+    malloc_printerr ("double free or corruption (out)");
-+  /* Or whether the block is actually not marked used.  */
-+  if (__glibc_unlikely (!prev_inuse(nextchunk)))
-+    malloc_printerr ("double free or corruption (!prev)");
-+
-+  INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
-+  if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
-+      || __builtin_expect (nextsize >= av->system_mem, 0))
-+    malloc_printerr ("free(): invalid next size (normal)");
-+
-+  free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
- 
--    /* consolidate backward */
--    if (!prev_inuse(p)) {
--      prevsize = prev_size (p);
-+  /* Consolidate backward.  */
-+  if (!prev_inuse(p))
-+    {
-+      INTERNAL_SIZE_T prevsize = prev_size (p);
-       size += prevsize;
-       p = chunk_at_offset(p, -((long) prevsize));
-       if (__glibc_unlikely (chunksize(p) != prevsize))
-@@ -4669,9 +4695,25 @@ _int_free (mstate av, mchunkptr p, int have_lock)
-       unlink_chunk (av, p);
-     }
- 
--    if (nextchunk != av->top) {
-+  /* Write the chunk header, maybe after merging with the following chunk.  */
-+  size = _int_free_create_chunk (av, p, size, nextchunk, nextsize);
-+  _int_free_maybe_consolidate (av, size);
-+}
-+
-+/* Create a chunk at P of SIZE bytes, with SIZE potentially increased
-+   to cover the immediately following chunk NEXTCHUNK of NEXTSIZE
-+   bytes (if NEXTCHUNK is unused).  The chunk at P is not actually
-+   read and does not have to be initialized.  After creation, it is
-+   placed on the appropriate bin list.  The function returns the size
-+   of the new chunk.  */
-+static INTERNAL_SIZE_T
-+_int_free_create_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size,
-+                      mchunkptr nextchunk, INTERNAL_SIZE_T nextsize)
-+{
-+  if (nextchunk != av->top)
-+    {
-       /* get and clear inuse bit */
--      nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
-+      bool nextinuse = inuse_bit_at_offset (nextchunk, nextsize);
- 
-       /* consolidate forward */
-       if (!nextinuse) {
-@@ -4686,8 +4728,8 @@ _int_free (mstate av, mchunkptr p, int have_lock)
-       been given one chance to be used in malloc.
-       */
- 
--      bck = unsorted_chunks(av);
--      fwd = bck->fd;
-+      mchunkptr bck = unsorted_chunks (av);
-+      mchunkptr fwd = bck->fd;
-       if (__glibc_unlikely (fwd->bk != bck))
-       malloc_printerr ("free(): corrupted unsorted chunks");
-       p->fd = fwd;
-@@ -4706,61 +4748,52 @@ _int_free (mstate av, mchunkptr p, int have_lock)
-       check_free_chunk(av, p);
-     }
- 
--    /*
--      If the chunk borders the current high end of memory,
--      consolidate into top
--    */
--
--    else {
-+  else
-+    {
-+      /* If the chunk borders the current high end of memory,
-+       consolidate into top.  */
-       size += nextsize;
-       set_head(p, size | PREV_INUSE);
-       av->top = p;
-       check_chunk(av, p);
-     }
- 
--    /*
--      If freeing a large space, consolidate possibly-surrounding
--      chunks. Then, if the total unused topmost memory exceeds trim
--      threshold, ask malloc_trim to reduce top.
--
--      Unless max_fast is 0, we don't know if there are fastbins
--      bordering top, so we cannot tell for sure whether threshold
--      has been reached unless fastbins are consolidated.  But we
--      don't want to consolidate on each free.  As a compromise,
--      consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD
--      is reached.
--    */
-+  return size;
-+}
- 
--    if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
-+/* If freeing a large space, consolidate possibly-surrounding
-+   chunks.  Then, if the total unused topmost memory exceeds trim
-+   threshold, ask malloc_trim to reduce top.  */
-+static void
-+_int_free_maybe_consolidate (mstate av, INTERNAL_SIZE_T size)
-+{
-+  /* Unless max_fast is 0, we don't know if there are fastbins
-+     bordering top, so we cannot tell for sure whether threshold has
-+     been reached unless fastbins are consolidated.  But we don't want
-+     to consolidate on each free.  As a compromise, consolidation is
-+     performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached.  */
-+  if (size >= FASTBIN_CONSOLIDATION_THRESHOLD)
-+    {
-       if (atomic_load_relaxed (&av->have_fastchunks))
-       malloc_consolidate(av);
- 
--      if (av == &main_arena) {
-+      if (av == &main_arena)
-+      {
- #ifndef MORECORE_CANNOT_TRIM
--      if ((unsigned long)(chunksize(av->top)) >=
--          (unsigned long)(mp_.trim_threshold))
--        systrim(mp_.top_pad, av);
-+        if (chunksize (av->top) >= mp_.trim_threshold)
-+          systrim (mp_.top_pad, av);
- #endif
--      } else {
--      /* Always try heap_trim(), even if the top chunk is not
--         large, because the corresponding heap might go away.  */
--      heap_info *heap = heap_for_ptr(top(av));
-+      }
-+      else
-+      {
-+        /* Always try heap_trim, even if the top chunk is not large,
-+           because the corresponding heap might go away.  */
-+        heap_info *heap = heap_for_ptr (top (av));
- 
--      assert(heap->ar_ptr == av);
--      heap_trim(heap, mp_.top_pad);
--      }
-+        assert (heap->ar_ptr == av);
-+        heap_trim (heap, mp_.top_pad);
-+      }
-     }
--
--    if (!have_lock)
--      __libc_lock_unlock (av->mutex);
--  }
--  /*
--    If the chunk was allocated via mmap, release via munmap().
--  */
--
--  else {
--    munmap_chunk (p);
--  }
- }
- 
- /*
-@@ -5221,7 +5254,7 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
-                 (av != &main_arena ? NON_MAIN_ARENA : 0));
-       set_inuse_bit_at_offset (newp, newsize);
-       set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0));
--      _int_free (av, p, 1);
-+      _int_free_merge_chunk (av, p, leadsize);
-       p = newp;
- 
-       assert (newsize >= nb &&
-@@ -5232,15 +5265,27 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
-   if (!chunk_is_mmapped (p))
-     {
-       size = chunksize (p);
--      if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE))
-+      mchunkptr nextchunk = chunk_at_offset(p, size);
-+      INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
-+      if (size > nb)
-         {
-           remainder_size = size - nb;
--          remainder = chunk_at_offset (p, nb);
--          set_head (remainder, remainder_size | PREV_INUSE |
--                    (av != &main_arena ? NON_MAIN_ARENA : 0));
--          set_head_size (p, nb);
--          _int_free (av, remainder, 1);
--        }
-+        if (remainder_size >= MINSIZE
-+            || nextchunk == av->top
-+            || !inuse_bit_at_offset (nextchunk, nextsize))
-+          {
-+            /* We can only give back the tail if it is larger than
-+               MINSIZE, or if the following chunk is unused (top
-+               chunk or unused in-heap chunk).  Otherwise we would
-+               create a chunk that is smaller than MINSIZE.  */
-+            remainder = chunk_at_offset (p, nb);
-+            set_head_size (p, nb);
-+            remainder_size = _int_free_create_chunk (av, remainder,
-+                                                     remainder_size,
-+                                                     nextchunk, nextsize);
-+            _int_free_maybe_consolidate (av, remainder_size);
-+          }
-+      }
-     }
- 
-   check_inuse_chunk (av, p);
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch b/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch
deleted file mode 100644 (file)
index f2b9acb..0000000
--- a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-From 2af141bda3cd407abd4bedf615f9e45fe79518e2 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Thu, 10 Aug 2023 19:36:56 +0200
-Subject: [PATCH 08/44] malloc: Remove bin scanning from memalign (bug 30723)
-
-On the test workload (mpv --cache=yes with VP9 video decoding), the
-bin scanning has a very poor success rate (less than 2%).  The tcache
-scanning has about 50% success rate, so keep that.
-
-Update comments in malloc/tst-memalign-2 to indicate the purpose
-of the tests.  Even with the scanning removed, the additional
-merging opportunities since commit 542b1105852568c3ebc712225ae78b
-("malloc: Enable merging of remainders in memalign (bug 30723)")
-are sufficient to pass the existing large bins test.
-
-Remove leftover variables from _int_free from refactoring in the
-same commit.
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
-(cherry picked from commit 0dc7fc1cf094406a138e4d1bcf9553e59edcf89d)
----
- NEWS                    |   1 +
- malloc/malloc.c         | 169 ++--------------------------------------
- malloc/tst-memalign-2.c |   7 +-
- 3 files changed, 11 insertions(+), 166 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 872bc8907b..c339cb444e 100644
---- a/NEWS
-+++ b/NEWS
-@@ -132,6 +132,7 @@ The following bugs are resolved with this release:
-   [30555] string: strerror can incorrectly return NULL
-   [30579] malloc: trim_threshold in realloc lead to high memory usage
-   [30662] nscd: Group and password cache use errno in place of errval
-+  [30723] posix_memalign repeatedly scans long bin lists
- \f
- Version 2.37
- 
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index 948f9759af..d0bbbf3710 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -4488,12 +4488,6 @@ _int_free (mstate av, mchunkptr p, int have_lock)
- {
-   INTERNAL_SIZE_T size;        /* its size */
-   mfastbinptr *fb;             /* associated fastbin */
--  mchunkptr nextchunk;         /* next contiguous chunk */
--  INTERNAL_SIZE_T nextsize;    /* its size */
--  int nextinuse;               /* true if nextchunk is used */
--  INTERNAL_SIZE_T prevsize;    /* size of previous contiguous chunk */
--  mchunkptr bck;               /* misc temp for linking */
--  mchunkptr fwd;               /* misc temp for linking */
- 
-   size = chunksize (p);
- 
-@@ -5032,42 +5026,6 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
-    ------------------------------ memalign ------------------------------
-  */
- 
--/* Returns 0 if the chunk is not and does not contain the requested
--   aligned sub-chunk, else returns the amount of "waste" from
--   trimming.  NB is the *chunk* byte size, not the user byte
--   size.  */
--static size_t
--chunk_ok_for_memalign (mchunkptr p, size_t alignment, size_t nb)
--{
--  void *m = chunk2mem (p);
--  INTERNAL_SIZE_T size = chunksize (p);
--  void *aligned_m = m;
--
--  if (__glibc_unlikely (misaligned_chunk (p)))
--    malloc_printerr ("_int_memalign(): unaligned chunk detected");
--
--  aligned_m = PTR_ALIGN_UP (m, alignment);
--
--  INTERNAL_SIZE_T front_extra = (intptr_t) aligned_m - (intptr_t) m;
--
--  /* We can't trim off the front as it's too small.  */
--  if (front_extra > 0 && front_extra < MINSIZE)
--    return 0;
--
--  /* If it's a perfect fit, it's an exception to the return value rule
--     (we would return zero waste, which looks like "not usable"), so
--     handle it here by returning a small non-zero value instead.  */
--  if (size == nb && front_extra == 0)
--    return 1;
--
--  /* If the block we need fits in the chunk, calculate total waste.  */
--  if (size > nb + front_extra)
--    return size - nb;
--
--  /* Can't use this chunk.  */
--  return 0;
--}
--
- /* BYTES is user requested bytes, not requested chunksize bytes.  */
- static void *
- _int_memalign (mstate av, size_t alignment, size_t bytes)
-@@ -5082,7 +5040,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
-   mchunkptr remainder;            /* spare room at end to split off */
-   unsigned long remainder_size;   /* its size */
-   INTERNAL_SIZE_T size;
--  mchunkptr victim;
- 
-   nb = checked_request2size (bytes);
-   if (nb == 0)
-@@ -5101,129 +5058,13 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
-      we don't find anything in those bins, the common malloc code will
-      scan starting at 2x.  */
- 
--  /* This will be set if we found a candidate chunk.  */
--  victim = NULL;
--
--  /* Fast bins are singly-linked, hard to remove a chunk from the middle
--     and unlikely to meet our alignment requirements.  We have not done
--     any experimentation with searching for aligned fastbins.  */
--
--  if (av != NULL)
--    {
--      int first_bin_index;
--      int first_largebin_index;
--      int last_bin_index;
--
--      if (in_smallbin_range (nb))
--      first_bin_index = smallbin_index (nb);
--      else
--      first_bin_index = largebin_index (nb);
--
--      if (in_smallbin_range (nb * 2))
--      last_bin_index = smallbin_index (nb * 2);
--      else
--      last_bin_index = largebin_index (nb * 2);
--
--      first_largebin_index = largebin_index (MIN_LARGE_SIZE);
--
--      int victim_index;                 /* its bin index */
--
--      for (victim_index = first_bin_index;
--         victim_index < last_bin_index;
--         victim_index ++)
--      {
--        victim = NULL;
--
--        if (victim_index < first_largebin_index)
--          {
--            /* Check small bins.  Small bin chunks are doubly-linked despite
--               being the same size.  */
--
--            mchunkptr fwd;                    /* misc temp for linking */
--            mchunkptr bck;                    /* misc temp for linking */
--
--            bck = bin_at (av, victim_index);
--            fwd = bck->fd;
--            while (fwd != bck)
--              {
--                if (chunk_ok_for_memalign (fwd, alignment, nb) > 0)
--                  {
--                    victim = fwd;
--
--                    /* Unlink it */
--                    victim->fd->bk = victim->bk;
--                    victim->bk->fd = victim->fd;
--                    break;
--                  }
--
--                fwd = fwd->fd;
--              }
--          }
--        else
--          {
--            /* Check large bins.  */
--            mchunkptr fwd;                    /* misc temp for linking */
--            mchunkptr bck;                    /* misc temp for linking */
--            mchunkptr best = NULL;
--            size_t best_size = 0;
--
--            bck = bin_at (av, victim_index);
--            fwd = bck->fd;
-+  /* Call malloc with worst case padding to hit alignment. */
-+  m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
- 
--            while (fwd != bck)
--              {
--                int extra;
--
--                if (chunksize (fwd) < nb)
--                  break;
--                extra = chunk_ok_for_memalign (fwd, alignment, nb);
--                if (extra > 0
--                    && (extra <= best_size || best == NULL))
--                  {
--                    best = fwd;
--                    best_size = extra;
--                  }
-+  if (m == 0)
-+    return 0;           /* propagate failure */
- 
--                fwd = fwd->fd;
--              }
--            victim = best;
--
--            if (victim != NULL)
--              {
--                unlink_chunk (av, victim);
--                break;
--              }
--          }
--
--        if (victim != NULL)
--          break;
--      }
--    }
--
--  /* Strategy: find a spot within that chunk that meets the alignment
--     request, and then possibly free the leading and trailing space.
--     This strategy is incredibly costly and can lead to external
--     fragmentation if header and footer chunks are unused.  */
--
--  if (victim != NULL)
--    {
--      p = victim;
--      m = chunk2mem (p);
--      set_inuse (p);
--      if (av != &main_arena)
--      set_non_main_arena (p);
--    }
--  else
--    {
--      /* Call malloc with worst case padding to hit alignment. */
--
--      m = (char *) (_int_malloc (av, nb + alignment + MINSIZE));
--
--      if (m == 0)
--      return 0;           /* propagate failure */
--
--      p = mem2chunk (m);
--    }
-+  p = mem2chunk (m);
- 
-   if ((((unsigned long) (m)) % alignment) != 0)   /* misaligned */
-     {
-diff --git a/malloc/tst-memalign-2.c b/malloc/tst-memalign-2.c
-index f229283dbf..ecd6fa249e 100644
---- a/malloc/tst-memalign-2.c
-+++ b/malloc/tst-memalign-2.c
-@@ -86,7 +86,8 @@ do_test (void)
-       TEST_VERIFY (tcache_allocs[i].ptr1 == tcache_allocs[i].ptr2);
-     }
- 
--  /* Test for non-head tcache hits.  */
-+  /* Test for non-head tcache hits.  This exercises the memalign
-+     scanning code to find matching allocations.  */
-   for (i = 0; i < array_length (ptr); ++ i)
-     {
-       if (i == 4)
-@@ -113,7 +114,9 @@ do_test (void)
-   free (p);
-   TEST_VERIFY (count > 0);
- 
--  /* Large bins test.  */
-+  /* Large bins test.  This verifies that the over-allocated parts
-+     that memalign releases for future allocations can be reused by
-+     memalign itself at least in some cases.  */
- 
-   for (i = 0; i < LN; ++ i)
-     {
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch b/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch
deleted file mode 100644 (file)
index 20b9276..0000000
--- a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c8ecda6251dd4a0dfe074e0a6011211cadeef742 Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Fri, 4 Aug 2023 23:58:27 +0100
-Subject: [PATCH 09/44] sysdeps: tst-bz21269: fix test parameter
-
-All callers pass 1 or 0x11 anyway (same meaning according to man page),
-but still.
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
-Signed-off-by: Sam James <sam@gentoo.org>
-(cherry picked from commit e0b712dd9183d527aae4506cd39564c14af3bb28)
----
- sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-index 51d4a1b082..f508ef8f16 100644
---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-@@ -52,7 +52,7 @@ xset_thread_area (struct user_desc *u_info)
- static void
- xmodify_ldt (int func, const void *ptr, unsigned long bytecount)
- {
--  TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, 1, ptr, bytecount) == 0);
-+  TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0);
- }
- 
- static int
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch b/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch
deleted file mode 100644 (file)
index 18fd845..0000000
--- a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ad9b8399537670a990572c4b0c4da5411e3b68cf Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Sat, 5 Aug 2023 00:04:33 +0100
-Subject: [PATCH 10/44] sysdeps: tst-bz21269: handle ENOSYS & skip
- appropriately
-
-SYS_modify_ldt requires CONFIG_MODIFY_LDT_SYSCALL to be set in the kernel, which
-some distributions may disable for hardening. Check if that's the case (unset)
-and mark the test as UNSUPPORTED if so.
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
-Signed-off-by: Sam James <sam@gentoo.org>
-(cherry picked from commit 652b9fdb77d9fd056d4dd26dad2c14142768ab49)
----
- sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-index f508ef8f16..28f5359bea 100644
---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-@@ -52,7 +52,16 @@ xset_thread_area (struct user_desc *u_info)
- static void
- xmodify_ldt (int func, const void *ptr, unsigned long bytecount)
- {
--  TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0);
-+  long ret = syscall (SYS_modify_ldt, func, ptr, bytecount);
-+
-+  if (ret == -1)
-+    {
-+      if (errno == ENOSYS)
-+      FAIL_UNSUPPORTED ("modify_ldt not supported");
-+      FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno);
-+    }
-+
-+  return 0;
- }
- 
- static int
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch b/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch
deleted file mode 100644 (file)
index a9681b8..0000000
--- a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1 Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Thu, 17 Aug 2023 09:30:29 +0100
-Subject: [PATCH 11/44] sysdeps: tst-bz21269: fix -Wreturn-type
-
-Thanks to Andreas Schwab for reporting.
-
-Fixes: 652b9fdb77d9fd056d4dd26dad2c14142768ab49
-Signed-off-by: Sam James <sam@gentoo.org>
-(cherry picked from commit 369f373057073c307938da91af16922bda3dff6a)
----
- sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-index 28f5359bea..822c41fceb 100644
---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c
-@@ -60,8 +60,6 @@ xmodify_ldt (int func, const void *ptr, unsigned long bytecount)
-       FAIL_UNSUPPORTED ("modify_ldt not supported");
-       FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno);
-     }
--
--  return 0;
- }
- 
- static int
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch b/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch
deleted file mode 100644 (file)
index 4752c80..0000000
--- a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 5bdef6f27c91f45505ed5444147be4ed0e9bc3c7 Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Mon, 28 Aug 2023 23:30:37 +0200
-Subject: [PATCH 12/44] io: Fix record locking contants for powerpc64 with
- __USE_FILE_OFFSET64
-
-Commit 5f828ff824e3b7cd1 ("io: Fix F_GETLK, F_SETLK, and F_SETLKW for
-powerpc64") fixed an issue with the value of the lock constants on
-powerpc64 when not using __USE_FILE_OFFSET64, but it ended-up also
-changing the value when using __USE_FILE_OFFSET64 causing an API change.
-
-Fix that by also checking that define, restoring the pre
-4d0fe291aed3a476a commit values:
-
-Default values:
-- F_GETLK: 5
-- F_SETLK: 6
-- F_SETLKW: 7
-
-With -D_FILE_OFFSET_BITS=64:
-- F_GETLK: 12
-- F_SETLK: 13
-- F_SETLKW: 14
-
-At the same time, it has been noticed that there was no test for io lock
-with __USE_FILE_OFFSET64, so just add one.
-
-Tested on x86_64-linux-gnu, i686-linux-gnu and
-powerpc64le-unknown-linux-gnu.
-
-Resolves: BZ #30804.
-Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-(cherry picked from commit 434bf72a94de68f0cc7fbf3c44bf38c1911b70cb)
----
- NEWS                                         | 2 ++
- io/Makefile                                  | 1 +
- io/tst-fcntl-lock-lfs.c                      | 2 ++
- sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h | 2 +-
- 4 files changed, 6 insertions(+), 1 deletion(-)
- create mode 100644 io/tst-fcntl-lock-lfs.c
-
-diff --git a/NEWS b/NEWS
-index c339cb444e..8156572cdf 100644
---- a/NEWS
-+++ b/NEWS
-@@ -133,6 +133,8 @@ The following bugs are resolved with this release:
-   [30579] malloc: trim_threshold in realloc lead to high memory usage
-   [30662] nscd: Group and password cache use errno in place of errval
-   [30723] posix_memalign repeatedly scans long bin lists
-+  [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-+    -D_FILE_OFFSET_BITS=64
- \f
- Version 2.37
- 
-diff --git a/io/Makefile b/io/Makefile
-index 6ccc0e8691..8a3c83a3bb 100644
---- a/io/Makefile
-+++ b/io/Makefile
-@@ -192,6 +192,7 @@ tests := \
-   tst-fchownat \
-   tst-fcntl \
-   tst-fcntl-lock \
-+  tst-fcntl-lock-lfs \
-   tst-fstatat \
-   tst-fts \
-   tst-fts-lfs \
-diff --git a/io/tst-fcntl-lock-lfs.c b/io/tst-fcntl-lock-lfs.c
-new file mode 100644
-index 0000000000..f2a909fb02
---- /dev/null
-+++ b/io/tst-fcntl-lock-lfs.c
-@@ -0,0 +1,2 @@
-+#define _FILE_OFFSET_BITS 64
-+#include <io/tst-fcntl-lock.c>
-diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
-index f7615a447e..d8a291a331 100644
---- a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
-+++ b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
-@@ -33,7 +33,7 @@
- # define __O_LARGEFILE        0200000
- #endif
- 
--#if __WORDSIZE == 64
-+#if __WORDSIZE == 64 && !defined __USE_FILE_OFFSET64
- # define F_GETLK      5
- # define F_SETLK      6
- # define F_SETLKW     7
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch b/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch
deleted file mode 100644 (file)
index 5e5520e..0000000
--- a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 92201f16cbcfd9eafe314ef6654be2ea7ba25675 Mon Sep 17 00:00:00 2001
-From: Adam Jackson <ajax@redhat.com>
-Date: Fri, 8 Sep 2023 15:55:19 -0400
-Subject: [PATCH 13/44] libio: Fix oversized __io_vtables
-
-IO_VTABLES_LEN is the size of the struct array in bytes, not the number
-of __IO_jump_t's in the array. Drops just under 384kb from .rodata on
-LP64 machines.
-
-Fixes: 3020f72618e ("libio: Remove the usage of __libc_IO_vtables")
-Signed-off-by: Adam Jackson <ajax@redhat.com>
-Reviewed-by: Florian Weimer <fweimer@redhat.com>
-Tested-by: Florian Weimer <fweimer@redhat.com>
-(cherry picked from commit 8cb69e054386f980f9ff4d93b157861d72b2019e)
----
- libio/vtables.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/libio/vtables.c b/libio/vtables.c
-index 1d8ad612e9..34f7e15f1c 100644
---- a/libio/vtables.c
-+++ b/libio/vtables.c
-@@ -20,6 +20,7 @@
- #include <libioP.h>
- #include <stdio.h>
- #include <ldsodefs.h>
-+#include <array_length.h>
- #include <pointer_guard.h>
- #include <libio-macros.h>
- 
-@@ -88,7 +89,7 @@
- # pragma weak __wprintf_buffer_as_file_xsputn
- #endif
- 
--const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro =
-+const struct _IO_jump_t __io_vtables[] attribute_relro =
- {
-   /* _IO_str_jumps  */
-   [IO_STR_JUMPS] =
-@@ -485,6 +486,8 @@ const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro =
-   },
- #endif
- };
-+_Static_assert (array_length (__io_vtables) == IO_VTABLES_NUM,
-+                "initializer count");
- 
- #ifdef SHARED
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch b/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch
deleted file mode 100644 (file)
index 4a15147..0000000
--- a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 7ae211a01b085d0bde54bd13b887ce8f9d57c2b4 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Tue, 22 Aug 2023 13:56:25 +0200
-Subject: [PATCH 14/44] elf: Do not run constructors for proxy objects
-
-Otherwise, the ld.so constructor runs for each audit namespace
-and each dlmopen namespace.
-
-(cherry picked from commit f6c8204fd7fabf0cf4162eaf10ccf23258e4d10e)
----
- elf/dl-init.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/elf/dl-init.c b/elf/dl-init.c
-index 5b0732590f..ba4d2fdc85 100644
---- a/elf/dl-init.c
-+++ b/elf/dl-init.c
-@@ -25,10 +25,14 @@
- static void
- call_init (struct link_map *l, int argc, char **argv, char **env)
- {
-+  /* Do not run constructors for proxy objects.  */
-+  if (l != l->l_real)
-+    return;
-+
-   /* If the object has not been relocated, this is a bug.  The
-      function pointers are invalid in this case.  (Executables do not
--     need relocation, and neither do proxy objects.)  */
--  assert (l->l_real->l_relocated || l->l_real->l_type == lt_executable);
-+     need relocation.)  */
-+  assert (l->l_relocated || l->l_type == lt_executable);
- 
-   if (l->l_init_called)
-     /* This object is all done.  */
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch b/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch
deleted file mode 100644 (file)
index bfc994b..0000000
--- a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch
+++ /dev/null
@@ -1,669 +0,0 @@
-From a3189f66a5f2fe86568286fa025fa153be04c6c0 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 8 Sep 2023 12:32:14 +0200
-Subject: [PATCH 15/44] elf: Always call destructors in reverse constructor
- order (bug 30785)
-
-The current implementation of dlclose (and process exit) re-sorts the
-link maps before calling ELF destructors.  Destructor order is not the
-reverse of the constructor order as a result: The second sort takes
-relocation dependencies into account, and other differences can result
-from ambiguous inputs, such as cycles.  (The force_first handling in
-_dl_sort_maps is not effective for dlclose.)  After the changes in
-this commit, there is still a required difference due to
-dlopen/dlclose ordering by the application, but the previous
-discrepancies went beyond that.
-
-A new global (namespace-spanning) list of link maps,
-_dl_init_called_list, is updated right before ELF constructors are
-called from _dl_init.
-
-In dl_close_worker, the maps variable, an on-stack variable length
-array, is eliminated.  (VLAs are problematic, and dlclose should not
-call malloc because it cannot readily deal with malloc failure.)
-Marking still-used objects uses the namespace list directly, with
-next and next_idx replacing the done_index variable.
-
-After marking, _dl_init_called_list is used to call the destructors
-of now-unused maps in reverse destructor order.  These destructors
-can call dlopen.  Previously, new objects do not have l_map_used set.
-This had to change: There is no copy of the link map list anymore,
-so processing would cover newly opened (and unmarked) mappings,
-unloading them.  Now, _dl_init (indirectly) sets l_map_used, too.
-(dlclose is handled by the existing reentrancy guard.)
-
-After _dl_init_called_list traversal, two more loops follow.  The
-processing order changes to the original link map order in the
-namespace.  Previously, dependency order was used.  The difference
-should not matter because relocation dependencies could already
-reorder link maps in the old code.
-
-The changes to _dl_fini remove the sorting step and replace it with
-a traversal of _dl_init_called_list.  The l_direct_opencount
-decrement outside the loader lock is removed because it appears
-incorrect: the counter manipulation could race with other dynamic
-loader operations.
-
-tst-audit23 needs adjustments to the changes in LA_ACT_DELETE
-notifications.  The new approach for checking la_activity should
-make it clearer that la_activty calls come in pairs around namespace
-updates.
-
-The dependency sorting test cases need updates because the destructor
-order is always the opposite order of constructor order, even with
-relocation dependencies or cycles present.
-
-There is a future cleanup opportunity to remove the now-constant
-force_first and for_fini arguments from the _dl_sort_maps function.
-
-Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement
-force_first handling in _dl_sort_maps_dfs (bug 28937)").
-
-Reviewed-by: DJ Delorie <dj@redhat.com>
-(cherry picked from commit 6985865bc3ad5b23147ee73466583dd7fdf65892)
----
- NEWS                       |   7 ++
- elf/dl-close.c             | 113 +++++++++++++++++----------
- elf/dl-fini.c              | 152 +++++++++++++------------------------
- elf/dl-init.c              |  16 ++++
- elf/dso-sort-tests-1.def   |  19 ++---
- elf/tst-audit23.c          |  44 ++++++-----
- include/link.h             |   4 +
- sysdeps/generic/ldsodefs.h |   4 +
- 8 files changed, 186 insertions(+), 173 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 8156572cdf..f1a14f45dd 100644
---- a/NEWS
-+++ b/NEWS
-@@ -4,6 +4,13 @@ See the end for copying conditions.
- 
- Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
-+\f
-+Version 2.38.1
-+
-+The following bugs are resolved with this release:
-+
-+  [30785] Always call destructors in reverse constructor order
-+
- \f
- Version 2.38
- 
-diff --git a/elf/dl-close.c b/elf/dl-close.c
-index b887a44888..ea62d0e601 100644
---- a/elf/dl-close.c
-+++ b/elf/dl-close.c
-@@ -138,30 +138,31 @@ _dl_close_worker (struct link_map *map, bool force)
- 
-   bool any_tls = false;
-   const unsigned int nloaded = ns->_ns_nloaded;
--  struct link_map *maps[nloaded];
- 
--  /* Run over the list and assign indexes to the link maps and enter
--     them into the MAPS array.  */
-+  /* Run over the list and assign indexes to the link maps.  */
-   int idx = 0;
-   for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next)
-     {
-       l->l_map_used = 0;
-       l->l_map_done = 0;
-       l->l_idx = idx;
--      maps[idx] = l;
-       ++idx;
-     }
-   assert (idx == nloaded);
- 
--  /* Keep track of the lowest index link map we have covered already.  */
--  int done_index = -1;
--  while (++done_index < nloaded)
-+  /* Keep marking link maps until no new link maps are found.  */
-+  for (struct link_map *l = ns->_ns_loaded; l != NULL; )
-     {
--      struct link_map *l = maps[done_index];
-+      /* next is reset to earlier link maps for remarking.  */
-+      struct link_map *next = l->l_next;
-+      int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL.  */
- 
-       if (l->l_map_done)
--      /* Already handled.  */
--      continue;
-+      {
-+        /* Already handled.  */
-+        l = next;
-+        continue;
-+      }
- 
-       /* Check whether this object is still used.  */
-       if (l->l_type == lt_loaded
-@@ -171,7 +172,10 @@ _dl_close_worker (struct link_map *map, bool force)
-            acquire is sufficient and correct.  */
-         && atomic_load_acquire (&l->l_tls_dtor_count) == 0
-         && !l->l_map_used)
--      continue;
-+      {
-+        l = next;
-+        continue;
-+      }
- 
-       /* We need this object and we handle it now.  */
-       l->l_map_used = 1;
-@@ -198,8 +202,11 @@ _dl_close_worker (struct link_map *map, bool force)
-                        already processed it, then we need to go back
-                        and process again from that point forward to
-                        ensure we keep all of its dependencies also.  */
--                    if ((*lp)->l_idx - 1 < done_index)
--                      done_index = (*lp)->l_idx - 1;
-+                    if ((*lp)->l_idx < next_idx)
-+                      {
-+                        next = *lp;
-+                        next_idx = next->l_idx;
-+                      }
-                   }
-               }
- 
-@@ -219,44 +226,65 @@ _dl_close_worker (struct link_map *map, bool force)
-               if (!jmap->l_map_used)
-                 {
-                   jmap->l_map_used = 1;
--                  if (jmap->l_idx - 1 < done_index)
--                    done_index = jmap->l_idx - 1;
-+                  if (jmap->l_idx < next_idx)
-+                    {
-+                        next = jmap;
-+                        next_idx = next->l_idx;
-+                    }
-                 }
-             }
-         }
--    }
- 
--  /* Sort the entries.  We can skip looking for the binary itself which is
--     at the front of the search list for the main namespace.  */
--  _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true);
-+      l = next;
-+    }
- 
--  /* Call all termination functions at once.  */
--  bool unload_any = false;
--  bool scope_mem_left = false;
--  unsigned int unload_global = 0;
--  unsigned int first_loaded = ~0;
--  for (unsigned int i = 0; i < nloaded; ++i)
-+  /* Call the destructors in reverse constructor order, and remove the
-+     closed link maps from the list.  */
-+  for (struct link_map **init_called_head = &_dl_init_called_list;
-+       *init_called_head != NULL; )
-     {
--      struct link_map *imap = maps[i];
-+      struct link_map *imap = *init_called_head;
- 
--      /* All elements must be in the same namespace.  */
--      assert (imap->l_ns == nsid);
--
--      if (!imap->l_map_used)
-+      /* _dl_init_called_list is global, to produce a global odering.
-+       Ignore the other namespaces (and link maps that are still used).  */
-+      if (imap->l_ns != nsid || imap->l_map_used)
-+      init_called_head = &imap->l_init_called_next;
-+      else
-       {
-         assert (imap->l_type == lt_loaded && !imap->l_nodelete_active);
- 
--        /* Call its termination function.  Do not do it for
--           half-cooked objects.  Temporarily disable exception
--           handling, so that errors are fatal.  */
--        if (imap->l_init_called)
-+        /* _dl_init_called_list is updated at the same time as
-+           l_init_called.  */
-+        assert (imap->l_init_called);
-+
-+        if (imap->l_info[DT_FINI_ARRAY] != NULL
-+            || imap->l_info[DT_FINI] != NULL)
-           _dl_catch_exception (NULL, _dl_call_fini, imap);
- 
- #ifdef SHARED
-         /* Auditing checkpoint: we remove an object.  */
-         _dl_audit_objclose (imap);
- #endif
-+        /* Unlink this link map.  */
-+        *init_called_head = imap->l_init_called_next;
-+      }
-+    }
-+
-+
-+  bool unload_any = false;
-+  bool scope_mem_left = false;
-+  unsigned int unload_global = 0;
-+
-+  /* For skipping un-unloadable link maps in the second loop.  */
-+  struct link_map *first_loaded = ns->_ns_loaded;
- 
-+  /* Iterate over the namespace to find objects to unload.  Some
-+     unloadable objects may not be on _dl_init_called_list due to
-+     dlopen failure.  */
-+  for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next)
-+    {
-+      if (!imap->l_map_used)
-+      {
-         /* This object must not be used anymore.  */
-         imap->l_removed = 1;
- 
-@@ -267,8 +295,8 @@ _dl_close_worker (struct link_map *map, bool force)
-           ++unload_global;
- 
-         /* Remember where the first dynamically loaded object is.  */
--        if (i < first_loaded)
--          first_loaded = i;
-+        if (first_loaded == NULL)
-+            first_loaded = imap;
-       }
-       /* Else imap->l_map_used.  */
-       else if (imap->l_type == lt_loaded)
-@@ -404,8 +432,8 @@ _dl_close_worker (struct link_map *map, bool force)
-           imap->l_loader = NULL;
- 
-         /* Remember where the first dynamically loaded object is.  */
--        if (i < first_loaded)
--          first_loaded = i;
-+        if (first_loaded == NULL)
-+            first_loaded = imap;
-       }
-     }
- 
-@@ -476,10 +504,11 @@ _dl_close_worker (struct link_map *map, bool force)
- 
-   /* Check each element of the search list to see if all references to
-      it are gone.  */
--  for (unsigned int i = first_loaded; i < nloaded; ++i)
-+  for (struct link_map *imap = first_loaded; imap != NULL; )
-     {
--      struct link_map *imap = maps[i];
--      if (!imap->l_map_used)
-+      if (imap->l_map_used)
-+      imap = imap->l_next;
-+      else
-       {
-         assert (imap->l_type == lt_loaded);
- 
-@@ -690,7 +719,9 @@ _dl_close_worker (struct link_map *map, bool force)
-         if (imap == GL(dl_initfirst))
-           GL(dl_initfirst) = NULL;
- 
-+        struct link_map *next = imap->l_next;
-         free (imap);
-+        imap = next;
-       }
-     }
- 
-diff --git a/elf/dl-fini.c b/elf/dl-fini.c
-index 9acb64f47c..e201d36651 100644
---- a/elf/dl-fini.c
-+++ b/elf/dl-fini.c
-@@ -24,116 +24,68 @@
- void
- _dl_fini (void)
- {
--  /* Lots of fun ahead.  We have to call the destructors for all still
--     loaded objects, in all namespaces.  The problem is that the ELF
--     specification now demands that dependencies between the modules
--     are taken into account.  I.e., the destructor for a module is
--     called before the ones for any of its dependencies.
--
--     To make things more complicated, we cannot simply use the reverse
--     order of the constructors.  Since the user might have loaded objects
--     using `dlopen' there are possibly several other modules with its
--     dependencies to be taken into account.  Therefore we have to start
--     determining the order of the modules once again from the beginning.  */
--
--  /* We run the destructors of the main namespaces last.  As for the
--     other namespaces, we pick run the destructors in them in reverse
--     order of the namespace ID.  */
--#ifdef SHARED
--  int do_audit = 0;
-- again:
--#endif
--  for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns)
--    {
--      /* Protect against concurrent loads and unloads.  */
--      __rtld_lock_lock_recursive (GL(dl_load_lock));
--
--      unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded;
--      /* No need to do anything for empty namespaces or those used for
--       auditing DSOs.  */
--      if (nloaded == 0
--#ifdef SHARED
--        || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit
--#endif
--        )
--      __rtld_lock_unlock_recursive (GL(dl_load_lock));
--      else
--      {
-+  /* Call destructors strictly in the reverse order of constructors.
-+     This causes fewer surprises than some arbitrary reordering based
-+     on new (relocation) dependencies.  None of the objects are
-+     unmapped, so applications can deal with this if their DSOs remain
-+     in a consistent state after destructors have run.  */
-+
-+  /* Protect against concurrent loads and unloads.  */
-+  __rtld_lock_lock_recursive (GL(dl_load_lock));
-+
-+  /* Ignore objects which are opened during shutdown.  */
-+  struct link_map *local_init_called_list = _dl_init_called_list;
-+
-+  for (struct link_map *l = local_init_called_list; l != NULL;
-+       l = l->l_init_called_next)
-+      /* Bump l_direct_opencount of all objects so that they
-+       are not dlclose()ed from underneath us.  */
-+      ++l->l_direct_opencount;
-+
-+  /* After this point, everything linked from local_init_called_list
-+     cannot be unloaded because of the reference counter update.  */
-+  __rtld_lock_unlock_recursive (GL(dl_load_lock));
-+
-+  /* Perform two passes: One for non-audit modules, one for audit
-+     modules.  This way, audit modules receive unload notifications
-+     for non-audit objects, and the destructors for audit modules
-+     still run.  */
- #ifdef SHARED
--        _dl_audit_activity_nsid (ns, LA_ACT_DELETE);
-+  int last_pass = GLRO(dl_naudit) > 0;
-+  Lmid_t last_ns = -1;
-+  for (int do_audit = 0; do_audit <= last_pass; ++do_audit)
- #endif
--
--        /* Now we can allocate an array to hold all the pointers and
--           copy the pointers in.  */
--        struct link_map *maps[nloaded];
--
--        unsigned int i;
--        struct link_map *l;
--        assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL);
--        for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next)
--          /* Do not handle ld.so in secondary namespaces.  */
--          if (l == l->l_real)
--            {
--              assert (i < nloaded);
--
--              maps[i] = l;
--              l->l_idx = i;
--              ++i;
--
--              /* Bump l_direct_opencount of all objects so that they
--                 are not dlclose()ed from underneath us.  */
--              ++l->l_direct_opencount;
--            }
--        assert (ns != LM_ID_BASE || i == nloaded);
--        assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1);
--        unsigned int nmaps = i;
--
--        /* Now we have to do the sorting.  We can skip looking for the
--           binary itself which is at the front of the search list for
--           the main namespace.  */
--        _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true);
--
--        /* We do not rely on the linked list of loaded object anymore
--           from this point on.  We have our own list here (maps).  The
--           various members of this list cannot vanish since the open
--           count is too high and will be decremented in this loop.  So
--           we release the lock so that some code which might be called
--           from a destructor can directly or indirectly access the
--           lock.  */
--        __rtld_lock_unlock_recursive (GL(dl_load_lock));
--
--        /* 'maps' now contains the objects in the right order.  Now
--           call the destructors.  We have to process this array from
--           the front.  */
--        for (i = 0; i < nmaps; ++i)
--          {
--            struct link_map *l = maps[i];
--
--            if (l->l_init_called)
--              {
--                _dl_call_fini (l);
-+    for (struct link_map *l = local_init_called_list; l != NULL;
-+       l = l->l_init_called_next)
-+      {
- #ifdef SHARED
--                /* Auditing checkpoint: another object closed.  */
--                _dl_audit_objclose (l);
-+      if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit)
-+        continue;
-+
-+      /* Avoid back-to-back calls of _dl_audit_activity_nsid for the
-+         same namespace.  */
-+      if (last_ns != l->l_ns)
-+        {
-+          if (last_ns >= 0)
-+            _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
-+          _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE);
-+          last_ns = l->l_ns;
-+        }
- #endif
--              }
- 
--            /* Correct the previous increment.  */
--            --l->l_direct_opencount;
--          }
-+      /* There is no need to re-enable exceptions because _dl_fini
-+         is not called from a context where exceptions are caught.  */
-+      _dl_call_fini (l);
- 
- #ifdef SHARED
--        _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
-+      /* Auditing checkpoint: another object closed.  */
-+      _dl_audit_objclose (l);
- #endif
--      }
--    }
-+      }
- 
- #ifdef SHARED
--  if (! do_audit && GLRO(dl_naudit) > 0)
--    {
--      do_audit = 1;
--      goto again;
--    }
-+  if (last_ns >= 0)
-+    _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
- 
-   if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS))
-     _dl_debug_printf ("\nruntime linker statistics:\n"
-diff --git a/elf/dl-init.c b/elf/dl-init.c
-index ba4d2fdc85..ffd05b7806 100644
---- a/elf/dl-init.c
-+++ b/elf/dl-init.c
-@@ -21,6 +21,7 @@
- #include <ldsodefs.h>
- #include <elf-initfini.h>
- 
-+struct link_map *_dl_init_called_list;
- 
- static void
- call_init (struct link_map *l, int argc, char **argv, char **env)
-@@ -42,6 +43,21 @@ call_init (struct link_map *l, int argc, char **argv, char **env)
-      dependency.  */
-   l->l_init_called = 1;
- 
-+  /* Help an already-running dlclose: The just-loaded object must not
-+     be removed during the current pass.  (No effect if no dlclose in
-+     progress.)  */
-+  l->l_map_used = 1;
-+
-+  /* Record execution before starting any initializers.  This way, if
-+     the initializers themselves call dlopen, their ELF destructors
-+     will eventually be run before this object is destructed, matching
-+     that their ELF constructors have run before this object was
-+     constructed.  _dl_fini uses this list for audit callbacks, so
-+     register objects on the list even if they do not have a
-+     constructor.  */
-+  l->l_init_called_next = _dl_init_called_list;
-+  _dl_init_called_list = l;
-+
-   /* Check for object which constructors we do not run here.  */
-   if (__builtin_expect (l->l_name[0], 'a') == '\0'
-       && l->l_type == lt_executable)
-diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def
-index 4bf9052db1..61dc54f8ae 100644
---- a/elf/dso-sort-tests-1.def
-+++ b/elf/dso-sort-tests-1.def
-@@ -53,21 +53,14 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c
- output: b>a>{}<a<b
- 
- # Complex example from Bugzilla #15311, under-linked and with circular
--# relocation(dynamic) dependencies. While this is technically unspecified, the
--# presumed reasonable practical behavior is for the destructor order to respect
--# the static DT_NEEDED links (here this means the a->b->c->d order).
--# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based
--# dynamic_sort=2 algorithm does, although it is still arguable whether going
--# beyond spec to do this is the right thing to do.
--# The below expected outputs are what the two algorithms currently produce
--# respectively, for regression testing purposes.
-+# relocation(dynamic) dependencies. For both sorting algorithms, the
-+# destruction order is the reverse of the construction order, and
-+# relocation dependencies are not taken into account.
- tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c
--output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
--output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
-+output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];}
- 
- # Test that even in the presence of dependency loops involving dlopen'ed
- # object, that object is initialized last (and not unloaded prematurely).
--# Final destructor order is indeterminate due to the cycle.
-+# Final destructor order is the opposite of constructor order.
- tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1
--output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1
--output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1
-+output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2
-diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
-index bb7d66c385..503699c36a 100644
---- a/elf/tst-audit23.c
-+++ b/elf/tst-audit23.c
-@@ -98,6 +98,8 @@ do_test (int argc, char *argv[])
-     char *lname;
-     uintptr_t laddr;
-     Lmid_t lmid;
-+    uintptr_t cookie;
-+    uintptr_t namespace;
-     bool closed;
-   } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
-   size_t nobjs = 0;
-@@ -117,6 +119,9 @@ do_test (int argc, char *argv[])
-   size_t buffer_length = 0;
-   while (xgetline (&buffer, &buffer_length, out))
-     {
-+      *strchrnul (buffer, '\n') = '\0';
-+      printf ("info: subprocess output: %s\n", buffer);
-+
-       if (startswith (buffer, "la_activity: "))
-       {
-         uintptr_t cookie;
-@@ -125,29 +130,26 @@ do_test (int argc, char *argv[])
-                         &cookie);
-         TEST_COMPARE (r, 2);
- 
--        /* The cookie identifies the object at the head of the link map,
--           so we only add a new namespace if it changes from the previous
--           one.  This works since dlmopen is the last in the test body.  */
--        if (cookie != last_act_cookie && last_act_cookie != -1)
--          TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
--
-         if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
-           {
-+            /* The cookie identifies the object at the head of the
-+               link map, so we only add a new namespace if it
-+               changes from the previous one.  This works since
-+               dlmopen is the last in the test body.  */
-+            if (cookie != last_act_cookie && last_act_cookie != -1)
-+              TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
-+
-             acts[nacts++] = cookie;
-             last_act_cookie = cookie;
-           }
--        /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
--           at program termination (if the tests adds a dlclose or a library
--           with extra dependencies this will need to be adapted).  */
-+        /* LA_ACT_DELETE is called multiple times for each
-+           namespace, depending on destruction order.  */
-         else if (this_act == LA_ACT_DELETE)
--          {
--            last_act_cookie = acts[--nacts];
--            TEST_COMPARE (acts[nacts], cookie);
--            acts[nacts] = 0;
--          }
-+          last_act_cookie = cookie;
-         else if (this_act == LA_ACT_CONSISTENT)
-           {
-             TEST_COMPARE (cookie, last_act_cookie);
-+            last_act_cookie = -1;
- 
-             /* LA_ACT_DELETE must always be followed by an la_objclose.  */
-             if (last_act == LA_ACT_DELETE)
-@@ -179,6 +181,8 @@ do_test (int argc, char *argv[])
-         objs[nobjs].lname = lname;
-         objs[nobjs].laddr = laddr;
-         objs[nobjs].lmid = lmid;
-+        objs[nobjs].cookie = cookie;
-+        objs[nobjs].namespace = last_act_cookie;
-         objs[nobjs].closed = false;
-         nobjs++;
- 
-@@ -201,6 +205,12 @@ do_test (int argc, char *argv[])
-             if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
-               {
-                 TEST_COMPARE (objs[i].closed, false);
-+                TEST_COMPARE (objs[i].cookie, cookie);
-+                if (objs[i].namespace == -1)
-+                  /* No LA_ACT_ADD before the first la_objopen call.  */
-+                  TEST_COMPARE (acts[0], last_act_cookie);
-+                else
-+                  TEST_COMPARE (objs[i].namespace, last_act_cookie);
-                 objs[i].closed = true;
-                 break;
-               }
-@@ -209,11 +219,7 @@ do_test (int argc, char *argv[])
-         /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
-            the closed object's namespace.  */
-         TEST_COMPARE (last_act, LA_ACT_DELETE);
--        if (!seen_first_objclose)
--          {
--            TEST_COMPARE (last_act_cookie, cookie);
--            seen_first_objclose = true;
--          }
-+        seen_first_objclose = true;
-       }
-     }
- 
-diff --git a/include/link.h b/include/link.h
-index 1d74feb2bd..69bda3ed17 100644
---- a/include/link.h
-+++ b/include/link.h
-@@ -278,6 +278,10 @@ struct link_map
-     /* List of object in order of the init and fini calls.  */
-     struct link_map **l_initfini;
- 
-+    /* Linked list of objects in reverse ELF constructor execution
-+       order.  Head of list is stored in _dl_init_called_list.  */
-+    struct link_map *l_init_called_next;
-+
-     /* List of the dependencies introduced through symbol binding.  */
-     struct link_map_reldeps
-       {
-diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
-index e8b7359b04..9ea9389a39 100644
---- a/sysdeps/generic/ldsodefs.h
-+++ b/sysdeps/generic/ldsodefs.h
-@@ -1037,6 +1037,10 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose,
- extern void _dl_init (struct link_map *main_map, int argc, char **argv,
-                     char **env) attribute_hidden;
- 
-+/* List of ELF objects in reverse order of their constructor
-+   invocation.  */
-+extern struct link_map *_dl_init_called_list attribute_hidden;
-+
- /* Call the finalizer functions of all shared objects whose
-    initializer functions have completed.  */
- extern void _dl_fini (void) attribute_hidden;
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch b/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch
deleted file mode 100644 (file)
index 6115c1f..0000000
--- a/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 750f19526ae71aac801c77a3f7ef5374890c09b7 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 8 Sep 2023 13:02:06 +0200
-Subject: [PATCH 16/44] elf: Remove unused l_text_end field from struct
- link_map
-
-It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2
-("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]").
-
-When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892
-("elf: Always call destructors in reverse constructor order
-(bug 30785)"), we can move the l_init_called_next field to this
-place, so that the internal GLIBC_PRIVATE ABI does not change.
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-Tested-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit 53df2ce6885da3d0e89e87dca7b095622296014f)
----
- elf/dl-load.c    | 2 +-
- elf/dl-load.h    | 7 ++-----
- elf/rtld.c       | 6 ------
- elf/setup-vdso.h | 4 ----
- include/link.h   | 2 --
- 5 files changed, 3 insertions(+), 18 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index 9a87fda9c9..2923b1141d 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
- 
-     /* Now process the load commands and map segments into memory.
-        This is responsible for filling in:
--       l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
-+       l_map_start, l_map_end, l_addr, l_contiguous, l_phdr
-      */
-     errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
-                                 maplength, has_holes, loader);
-diff --git a/elf/dl-load.h b/elf/dl-load.h
-index ecf6910c68..1d5207694b 100644
---- a/elf/dl-load.h
-+++ b/elf/dl-load.h
-@@ -83,14 +83,11 @@ struct loadcmd
- 
- /* This is a subroutine of _dl_map_segments.  It should be called for each
-    load command, some time after L->l_addr has been set correctly.  It is
--   responsible for setting up the l_text_end and l_phdr fields.  */
-+   responsible for setting the l_phdr fields  */
- static __always_inline void
- _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
-                          const struct loadcmd *c)
- {
--  if (c->prot & PROT_EXEC)
--    l->l_text_end = l->l_addr + c->mapend;
--
-   if (l->l_phdr == 0
-       && c->mapoff <= header->e_phoff
-       && ((size_t) (c->mapend - c->mapstart + c->mapoff)
-@@ -103,7 +100,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
- 
- /* This is a subroutine of _dl_map_object_from_fd.  It is responsible
-    for filling in several fields in *L: l_map_start, l_map_end, l_addr,
--   l_contiguous, l_text_end, l_phdr.  On successful return, all the
-+   l_contiguous, l_phdr.  On successful return, all the
-    segments are mapped (or copied, or whatever) from the file into their
-    final places in the address space, with the correct page permissions,
-    and any bss-like regions already zeroed.  It returns a null pointer
-diff --git a/elf/rtld.c b/elf/rtld.c
-index a91e2a4471..5107d16fe3 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -477,7 +477,6 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
-   GL(dl_rtld_map).l_real = &GL(dl_rtld_map);
-   GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start;
-   GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end;
--  GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext;
-   /* Copy the TLS related data if necessary.  */
- #ifndef DONT_USE_BOOTSTRAP_MAP
- # if NO_TLS_OFFSET != 0
-@@ -1119,7 +1118,6 @@ rtld_setup_main_map (struct link_map *main_map)
-   bool has_interp = false;
- 
-   main_map->l_map_end = 0;
--  main_map->l_text_end = 0;
-   /* Perhaps the executable has no PT_LOAD header entries at all.  */
-   main_map->l_map_start = ~0;
-   /* And it was opened directly.  */
-@@ -1211,8 +1209,6 @@ rtld_setup_main_map (struct link_map *main_map)
-         allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz;
-         if (main_map->l_map_end < allocend)
-           main_map->l_map_end = allocend;
--        if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end)
--          main_map->l_text_end = allocend;
- 
-         /* The next expected address is the page following this load
-            segment.  */
-@@ -1272,8 +1268,6 @@ rtld_setup_main_map (struct link_map *main_map)
-       = (char *) main_map->l_tls_initimage + main_map->l_addr;
-   if (! main_map->l_map_end)
-     main_map->l_map_end = ~0;
--  if (! main_map->l_text_end)
--    main_map->l_text_end = ~0;
-   if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name)
-     {
-       /* We were invoked directly, so the program might not have a
-diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h
-index 0079842d1f..d92b12a7aa 100644
---- a/elf/setup-vdso.h
-+++ b/elf/setup-vdso.h
-@@ -51,9 +51,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
-               l->l_addr = ph->p_vaddr;
-             if (ph->p_vaddr + ph->p_memsz >= l->l_map_end)
-               l->l_map_end = ph->p_vaddr + ph->p_memsz;
--            if ((ph->p_flags & PF_X)
--                && ph->p_vaddr + ph->p_memsz >= l->l_text_end)
--              l->l_text_end = ph->p_vaddr + ph->p_memsz;
-           }
-         else
-           /* There must be no TLS segment.  */
-@@ -62,7 +59,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
-       l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso);
-       l->l_addr = l->l_map_start - l->l_addr;
-       l->l_map_end += l->l_addr;
--      l->l_text_end += l->l_addr;
-       l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr);
-       elf_get_dynamic_info (l, false, false);
-       _dl_setup_hash (l);
-diff --git a/include/link.h b/include/link.h
-index 69bda3ed17..c6af095d87 100644
---- a/include/link.h
-+++ b/include/link.h
-@@ -253,8 +253,6 @@ struct link_map
-     /* Start and finish of memory map for this object.  l_map_start
-        need not be the same as l_addr.  */
-     ElfW(Addr) l_map_start, l_map_end;
--    /* End of the executable part of the mapping.  */
--    ElfW(Addr) l_text_end;
- 
-     /* Default array for 'l_scope'.  */
-     struct r_scope_elem *l_scope_mem[4];
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch b/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch
deleted file mode 100644 (file)
index 924bead..0000000
--- a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d3ba6c1333b10680ce5900a628108507d9d4b844 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 11 Sep 2023 09:17:52 +0200
-Subject: [PATCH 17/44] elf: Move l_init_called_next to old place of l_text_end
- in link map
-
-This preserves all member offsets and the GLIBC_PRIVATE ABI
-for backporting.
----
- include/link.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/link.h b/include/link.h
-index c6af095d87..686813f281 100644
---- a/include/link.h
-+++ b/include/link.h
-@@ -254,6 +254,10 @@ struct link_map
-        need not be the same as l_addr.  */
-     ElfW(Addr) l_map_start, l_map_end;
- 
-+    /* Linked list of objects in reverse ELF constructor execution
-+       order.  Head of list is stored in _dl_init_called_list.  */
-+    struct link_map *l_init_called_next;
-+
-     /* Default array for 'l_scope'.  */
-     struct r_scope_elem *l_scope_mem[4];
-     /* Size of array allocated for 'l_scope'.  */
-@@ -276,10 +280,6 @@ struct link_map
-     /* List of object in order of the init and fini calls.  */
-     struct link_map **l_initfini;
- 
--    /* Linked list of objects in reverse ELF constructor execution
--       order.  Head of list is stored in _dl_init_called_list.  */
--    struct link_map *l_init_called_next;
--
-     /* List of the dependencies introduced through symbol binding.  */
-     struct link_map_reldeps
-       {
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch b/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch
deleted file mode 100644 (file)
index 655b875..0000000
--- a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 89da8bc588c2296252543b049bf6d9272321f90d Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 11 Sep 2023 10:06:15 +0200
-Subject: [PATCH 18/44] NEWS: Add the 2.38.1 bug list
-
----
- NEWS | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index f1a14f45dd..64596d5d09 100644
---- a/NEWS
-+++ b/NEWS
-@@ -9,7 +9,10 @@ Version 2.38.1
- 
- The following bugs are resolved with this release:
- 
-+  [30723] posix_memalign repeatedly scans long bin lists
-   [30785] Always call destructors in reverse constructor order
-+  [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-+    -D_FILE_OFFSET_BITS=64
- 
- \f
- Version 2.38
-@@ -139,9 +142,6 @@ The following bugs are resolved with this release:
-   [30555] string: strerror can incorrectly return NULL
-   [30579] malloc: trim_threshold in realloc lead to high memory usage
-   [30662] nscd: Group and password cache use errno in place of errval
--  [30723] posix_memalign repeatedly scans long bin lists
--  [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
--    -D_FILE_OFFSET_BITS=64
- \f
- Version 2.37
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch b/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch
deleted file mode 100644 (file)
index aa21173..0000000
--- a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-From b25508dd774b617f99419bdc3cf2ace4560cd2d6 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 13 Sep 2023 14:10:56 +0200
-Subject: [PATCH 19/44] CVE-2023-4527: Stack read overflow with large TCP
- responses in no-aaaa mode
-
-Without passing alt_dns_packet_buffer, __res_context_search can only
-store 2048 bytes (what fits into dns_packet_buffer).  However,
-the function returns the total packet size, and the subsequent
-DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
-of the stack-allocated buffer.
-
-Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa
-stub resolver option") and bug 30842.
-
-(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
----
- NEWS                          |   9 +++
- resolv/Makefile               |   2 +
- resolv/nss_dns/dns-host.c     |   2 +-
- resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++
- 4 files changed, 141 insertions(+), 1 deletion(-)
- create mode 100644 resolv/tst-resolv-noaaaa-vc.c
-
-diff --git a/NEWS b/NEWS
-index 64596d5d09..dfee278a9c 100644
---- a/NEWS
-+++ b/NEWS
-@@ -7,12 +7,21 @@ using `glibc' in the "product" field.
- \f
- Version 2.38.1
- 
-+Security related changes:
-+
-+  CVE-2023-4527: If the system is configured in no-aaaa mode via
-+  /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
-+  family, and a DNS response is received over TCP that is larger than
-+  2048 bytes, getaddrinfo may potentially disclose stack contents via
-+  the returned address data, or crash.
-+
- The following bugs are resolved with this release:
- 
-   [30723] posix_memalign repeatedly scans long bin lists
-   [30785] Always call destructors in reverse constructor order
-   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-     -D_FILE_OFFSET_BITS=64
-+  [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
- 
- \f
- Version 2.38
-diff --git a/resolv/Makefile b/resolv/Makefile
-index 054b1fa36c..2f99eb3862 100644
---- a/resolv/Makefile
-+++ b/resolv/Makefile
-@@ -102,6 +102,7 @@ tests += \
-   tst-resolv-invalid-cname \
-   tst-resolv-network \
-   tst-resolv-noaaaa \
-+  tst-resolv-noaaaa-vc \
-   tst-resolv-nondecimal \
-   tst-resolv-res_init-multi \
-   tst-resolv-search \
-@@ -293,6 +294,7 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \
- $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
-   $(shared-thread-library)
- $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
-+$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
- $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
-diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index 1d60c51f5e..5d0ab30de6 100644
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
-     {
-       n = __res_context_search (ctx, name, C_IN, T_A,
-                               dns_packet_buffer, sizeof (dns_packet_buffer),
--                              NULL, NULL, NULL, NULL, NULL);
-+                              &alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
-       if (n >= 0)
-       status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n,
-                                       &abuf, pat, errnop, herrnop, ttlp);
-diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c
-new file mode 100644
-index 0000000000..9f5aebd99f
---- /dev/null
-+++ b/resolv/tst-resolv-noaaaa-vc.c
-@@ -0,0 +1,129 @@
-+/* Test the RES_NOAAAA resolver option with a large response.
-+   Copyright (C) 2022-2023 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <netdb.h>
-+#include <resolv.h>
-+#include <stdbool.h>
-+#include <stdlib.h>
-+#include <support/check.h>
-+#include <support/check_nss.h>
-+#include <support/resolv_test.h>
-+#include <support/support.h>
-+#include <support/xmemstream.h>
-+
-+/* Used to keep track of the number of queries.  */
-+static volatile unsigned int queries;
-+
-+/* If true, add a large TXT record at the start of the answer section.  */
-+static volatile bool stuff_txt;
-+
-+static void
-+response (const struct resolv_response_context *ctx,
-+          struct resolv_response_builder *b,
-+          const char *qname, uint16_t qclass, uint16_t qtype)
-+{
-+  /* If not using TCP, just force its use.  */
-+  if (!ctx->tcp)
-+    {
-+      struct resolv_response_flags flags = {.tc = true};
-+      resolv_response_init (b, flags);
-+      resolv_response_add_question (b, qname, qclass, qtype);
-+      return;
-+    }
-+
-+  /* The test needs to send four queries, the first three are used to
-+     grow the NSS buffer via the ERANGE handshake.  */
-+  ++queries;
-+  TEST_VERIFY (queries <= 4);
-+
-+  /* AAAA queries are supposed to be disabled.  */
-+  TEST_COMPARE (qtype, T_A);
-+  TEST_COMPARE (qclass, C_IN);
-+  TEST_COMPARE_STRING (qname, "example.com");
-+
-+  struct resolv_response_flags flags = {};
-+  resolv_response_init (b, flags);
-+  resolv_response_add_question (b, qname, qclass, qtype);
-+
-+  resolv_response_section (b, ns_s_an);
-+
-+  if (stuff_txt)
-+    {
-+      resolv_response_open_record (b, qname, qclass, T_TXT, 60);
-+      int zero = 0;
-+      for (int i = 0; i <= 15000; ++i)
-+        resolv_response_add_data (b, &zero, sizeof (zero));
-+      resolv_response_close_record (b);
-+    }
-+
-+  for (int i = 0; i < 200; ++i)
-+    {
-+      resolv_response_open_record (b, qname, qclass, qtype, 60);
-+      char ipv4[4] = {192, 0, 2, i + 1};
-+      resolv_response_add_data (b, &ipv4, sizeof (ipv4));
-+      resolv_response_close_record (b);
-+    }
-+}
-+
-+static int
-+do_test (void)
-+{
-+  struct resolv_test *obj = resolv_test_start
-+    ((struct resolv_redirect_config)
-+     {
-+       .response_callback = response
-+     });
-+
-+  _res.options |= RES_NOAAAA;
-+
-+  for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt)
-+    {
-+      queries = 0;
-+      stuff_txt = do_stuff_txt;
-+
-+      struct addrinfo *ai = NULL;
-+      int ret;
-+      ret = getaddrinfo ("example.com", "80",
-+                         &(struct addrinfo)
-+                         {
-+                           .ai_family = AF_UNSPEC,
-+                           .ai_socktype = SOCK_STREAM,
-+                         }, &ai);
-+
-+      char *expected_result;
-+      {
-+        struct xmemstream mem;
-+        xopen_memstream (&mem);
-+        for (int i = 0; i < 200; ++i)
-+          fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1);
-+        xfclose_memstream (&mem);
-+        expected_result = mem.buffer;
-+      }
-+
-+      check_addrinfo ("example.com", ai, ret, expected_result);
-+
-+      free (expected_result);
-+      freeaddrinfo (ai);
-+    }
-+
-+  resolv_test_end (obj);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch b/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch
deleted file mode 100644 (file)
index 708e617..0000000
--- a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Fri, 15 Sep 2023 13:51:12 -0400
-Subject: [PATCH 20/44] getaddrinfo: Fix use after free in getcanonname
- (CVE-2023-4806)
-
-When an NSS plugin only implements the _gethostbyname2_r and
-_getcanonname_r callbacks, getaddrinfo could use memory that was freed
-during tmpbuf resizing, through h_name in a previous query response.
-
-The backing store for res->at->name when doing a query with
-gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in
-gethosts during the query.  For AF_INET6 lookup with AI_ALL |
-AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second
-for a v4 lookup.  In this case, if the first call reallocates tmpbuf
-enough number of times, resulting in a malloc, th->h_name (that
-res->at->name refers to) ends up on a heap allocated storage in tmpbuf.
-Now if the second call to gethosts also causes the plugin callback to
-return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF
-reference in res->at->name.  This then gets dereferenced in the
-getcanonname_r plugin call, resulting in the use after free.
-
-Fix this by copying h_name over and freeing it at the end.  This
-resolves BZ #30843, which is assigned CVE-2023-4806.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994)
----
- nss/Makefile                                  | 15 ++++-
- nss/nss_test_gai_hv2_canonname.c              | 56 +++++++++++++++++
- nss/tst-nss-gai-hv2-canonname.c               | 63 +++++++++++++++++++
- nss/tst-nss-gai-hv2-canonname.h               |  1 +
- .../postclean.req                             |  0
- .../tst-nss-gai-hv2-canonname.script          |  2 +
- sysdeps/posix/getaddrinfo.c                   | 25 +++++---
- 7 files changed, 152 insertions(+), 10 deletions(-)
- create mode 100644 nss/nss_test_gai_hv2_canonname.c
- create mode 100644 nss/tst-nss-gai-hv2-canonname.c
- create mode 100644 nss/tst-nss-gai-hv2-canonname.h
- create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req
- create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-
-diff --git a/nss/Makefile b/nss/Makefile
-index 06fcdc450f..8a5126ecf3 100644
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -82,6 +82,7 @@ tests-container := \
-   tst-nss-test3 \
-   tst-reload1 \
-   tst-reload2 \
-+  tst-nss-gai-hv2-canonname \
- # tests-container
- 
- # Tests which need libdl
-@@ -145,7 +146,8 @@ libnss_compat-inhibit-o    = $(filter-out .os,$(object-suffixes))
- ifeq ($(build-static-nss),yes)
- tests-static          += tst-nss-static
- endif
--extra-test-objs               += nss_test1.os nss_test2.os nss_test_errno.os
-+extra-test-objs               += nss_test1.os nss_test2.os nss_test_errno.os \
-+                         nss_test_gai_hv2_canonname.os
- 
- include ../Rules
- 
-@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
- libof-nss_test1 = extramodules
- libof-nss_test2 = extramodules
- libof-nss_test_errno = extramodules
-+libof-nss_test_gai_hv2_canonname = extramodules
- $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
-       $(build-module)
- $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
-       $(build-module)
- $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
-       $(build-module)
-+$(objpfx)/libnss_test_gai_hv2_canonname.so: \
-+  $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
-+      $(build-module)
- $(objpfx)nss_test2.os : nss_test1.c
- # Use the nss_files suffix for these objects as well.
- $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
-@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
-   $(objpfx)/libnss_test_errno.so
-       $(make-link)
-+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
-+  $(objpfx)/libnss_test_gai_hv2_canonname.so
-+      $(make-link)
- $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
-       $(objpfx)/libnss_test1.so$(libnss_files.so-version) \
-       $(objpfx)/libnss_test2.so$(libnss_files.so-version) \
--      $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
-+      $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
-+      $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
- 
- ifeq (yes,$(have-thread-library))
- $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
-@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
- LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
-+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
-diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c
-new file mode 100644
-index 0000000000..4439c83c9f
---- /dev/null
-+++ b/nss/nss_test_gai_hv2_canonname.c
-@@ -0,0 +1,56 @@
-+/* NSS service provider that only provides gethostbyname2_r.
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <nss.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include "nss/tst-nss-gai-hv2-canonname.h"
-+
-+/* Catch misnamed and functions.  */
-+#pragma GCC diagnostic error "-Wmissing-prototypes"
-+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
-+
-+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
-+                                                  struct hostent *, char *,
-+                                                  size_t, int *, int *);
-+
-+enum nss_status
-+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
-+                                            struct hostent *result,
-+                                            char *buffer, size_t buflen,
-+                                            int *errnop, int *herrnop)
-+{
-+  return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop,
-+                                    herrnop);
-+}
-+
-+enum nss_status
-+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
-+                                          size_t buflen, char **result,
-+                                          int *errnop, int *h_errnop)
-+{
-+  /* We expect QUERYNAME, which is a small enough string that it shouldn't fail
-+     the test.  */
-+  if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
-+      || buflen < sizeof (QUERYNAME))
-+    abort ();
-+
-+  strncpy (buffer, name, buflen);
-+  *result = buffer;
-+  return NSS_STATUS_SUCCESS;
-+}
-diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
-new file mode 100644
-index 0000000000..d5f10c07d6
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.c
-@@ -0,0 +1,63 @@
-+/* Test NSS query path for plugins that only implement gethostbyname2
-+   (#30843).
-+   Copyright The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <nss.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <support/check.h>
-+#include <support/xstdio.h>
-+#include "nss/tst-nss-gai-hv2-canonname.h"
-+
-+#define PREPARE do_prepare
-+
-+static void do_prepare (int a, char **av)
-+{
-+  FILE *hosts = xfopen ("/etc/hosts", "w");
-+  for (unsigned i = 2; i < 255; i++)
-+    {
-+      fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
-+      fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
-+    }
-+  xfclose (hosts);
-+}
-+
-+static int
-+do_test (void)
-+{
-+  __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
-+
-+  struct addrinfo hints = {};
-+  struct addrinfo *result = NULL;
-+
-+  hints.ai_family = AF_INET6;
-+  hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
-+
-+  int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
-+
-+  if (ret != 0)
-+    FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
-+
-+  TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
-+
-+  freeaddrinfo(result);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h
-new file mode 100644
-index 0000000000..14f2a9cb08
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.h
-@@ -0,0 +1 @@
-+#define QUERYNAME "test.example.com"
-diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
-new file mode 100644
-index 0000000000..e69de29bb2
-diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-new file mode 100644
-index 0000000000..31848b4a28
---- /dev/null
-+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
-@@ -0,0 +1,2 @@
-+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2
-+su
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index 0356b622be..b2236b105c 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -120,6 +120,7 @@ struct gaih_result
- {
-   struct gaih_addrtuple *at;
-   char *canon;
-+  char *h_name;
-   bool free_at;
-   bool got_ipv6;
- };
-@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
-   if (res->free_at)
-     free (res->at);
-   free (res->canon);
-+  free (res->h_name);
-   memset (res, 0, sizeof (*res));
- }
- 
-@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
-   return 0;
- }
- 
--/* Convert struct hostent to a list of struct gaih_addrtuple objects.  h_name
--   is not copied, and the struct hostent object must not be deallocated
--   prematurely.  The new addresses are appended to the tuple array in RES.  */
-+/* Convert struct hostent to a list of struct gaih_addrtuple objects.  The new
-+   addresses are appended to the tuple array in RES.  */
- static bool
- convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-                                  struct hostent *h, struct gaih_result *res)
-@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-   res->at = array;
-   res->free_at = true;
- 
-+  /* Duplicate h_name because it may get reclaimed when the underlying storage
-+     is freed.  */
-+  if (res->h_name == NULL)
-+    {
-+      res->h_name = __strdup (h->h_name);
-+      if (res->h_name == NULL)
-+      return false;
-+    }
-+
-   /* Update the next pointers on reallocation.  */
-   for (size_t i = 0; i < old; i++)
-     array[i].next = array + i + 1;
-@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
-       }
-       array[i].next = array + i + 1;
-     }
--  array[0].name = h->h_name;
-   array[count - 1].next = NULL;
- 
-   return true;
-@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
-    memory allocation failure.  The returned string is allocated on the
-    heap; the caller has to free it.  */
- static char *
--getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
-+getcanonname (nss_action_list nip, const char *hname, const char *name)
- {
-   nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
-   char *s = (char *) name;
-   if (cfct != NULL)
-     {
-       char buf[256];
--      if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
--                            &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
-+      if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
-+                            &h_errno)) != NSS_STATUS_SUCCESS)
-       /* If the canonical name cannot be determined, use the passed
-          string.  */
-       s = (char *) name;
-@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
-                 if ((req->ai_flags & AI_CANONNAME) != 0
-                     && res->canon == NULL)
-                   {
--                    char *canonbuf = getcanonname (nip, res->at, name);
-+                    char *canonbuf = getcanonname (nip, res->h_name, name);
-                     if (canonbuf == NULL)
-                       {
-                         __resolv_context_put (res_ctx);
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch b/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch
deleted file mode 100644 (file)
index fb86f0f..0000000
--- a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Tue, 1 Aug 2023 17:01:37 +0200
-Subject: [PATCH 21/44] iconv: restore verbosity with unrecognized encoding
- names (bug 30694)
-
-Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the
-iconv program to call __gconv_open directly instead of the iconv_open
-wrapper, but the former does not set errno.  Update the caller to
-interpret the return codes like iconv_open does.
-
-(cherry picked from commit fc72b6d7d818ab2868920af956d1542d03342a4d)
----
- iconv/iconv_prog.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c
-index bee898c63c..cf32cf9b44 100644
---- a/iconv/iconv_prog.c
-+++ b/iconv/iconv_prog.c
-@@ -187,7 +187,7 @@ main (int argc, char *argv[])
- 
-       if (res != __GCONV_OK)
-       {
--        if (errno == EINVAL)
-+        if (res == __GCONV_NOCONV || res == __GCONV_NODB)
-           {
-             /* Try to be nice with the user and tell her which of the
-                two encoding names is wrong.  This is possible because
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch b/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch
deleted file mode 100644 (file)
index 38aec86..0000000
--- a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001
-From: Mahesh Bodapati <bmahi496@linux.ibm.com>
-Date: Fri, 11 Aug 2023 10:38:25 -0500
-Subject: [PATCH 22/44] string: Fix tester build with fortify enable with gcc <
- 12
-
-When building with fortify enabled, GCC < 12 issues a warning on the
-fortify strncat wrapper might overflow the destination buffer (the
-failure is tied to -Werror).
-
-Checked on ppc64 and x86_64.
-Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-
-(cherry picked from commit f1c7ed0859a45929136836341741c7cd70f428cb)
----
- string/tester.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/string/tester.c b/string/tester.c
-index f7d4bac5a8..824cf315ff 100644
---- a/string/tester.c
-+++ b/string/tester.c
-@@ -34,6 +34,14 @@
- DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-truncation");
- #endif
- 
-+/* When building with fortify enabled, GCC < 12 issues a warning on the
-+   fortify strncat wrapper might overflow the destination buffer (the
-+   failure is tied to -Werror).
-+   Triggered by strncat fortify wrapper when it is enabled.  */
-+#if __GNUC_PREREQ (11, 0)
-+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
-+#endif
-+
- #include <errno.h>
- #include <stdint.h>
- #include <stdio.h>
-@@ -52,9 +60,6 @@ DIAG_IGNORE_NEEDS_COMMENT (5.0, "-Wmemset-transposed-args");
- DIAG_IGNORE_NEEDS_COMMENT (9, "-Wrestrict");
- DIAG_IGNORE_NEEDS_COMMENT (7, "-Wstringop-overflow=");
- #endif
--#if __GNUC_PREREQ (11, 0)
--DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
--#endif
- 
- 
- #define       STREQ(a, b)     (strcmp((a), (b)) == 0)
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch b/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch
deleted file mode 100644 (file)
index a103b95..0000000
--- a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001
-From: Mark Wielaard <mark@klomp.org>
-Date: Thu, 24 Aug 2023 21:36:34 +0200
-Subject: [PATCH 23/44] manual/jobs.texi: Add missing @item EPERM for getpgid
-
-The missing @item makes it look like errno will be set to ESRCH
-if a cross-session getpgid is not permitted.
-
-Found by ulfvonbelow on irc.
-
-(cherry picked from commit 5a21cefd5abab1b99eda1fbf84204a9bf41662ab)
----
- manual/job.texi | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/manual/job.texi b/manual/job.texi
-index 42cb9fb26d..8157f13a1c 100644
---- a/manual/job.texi
-+++ b/manual/job.texi
-@@ -1133,6 +1133,7 @@ following @code{errno} error conditions are defined for this function:
- @table @code
- @item ESRCH
- There is no process with the given process ID @var{pid}.
-+@item EPERM
- The calling process and the process specified by @var{pid} are in
- different sessions, and the implementation doesn't allow to access the
- process group ID of the process with ID @var{pid} from the calling
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch b/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch
deleted file mode 100644 (file)
index 90b01eb..0000000
--- a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 5ee59ca371b99984232d7584fe2b1a758b4421d3 Mon Sep 17 00:00:00 2001
-From: Romain Geissler <romain.geissler@amadeus.com>
-Date: Mon, 25 Sep 2023 01:21:51 +0100
-Subject: [PATCH 24/44] Fix leak in getaddrinfo introduced by the fix for
- CVE-2023-4806 [BZ #30843]
-
-This patch fixes a very recently added leak in getaddrinfo.
-
-This was assigned CVE-2023-5156.
-
-Resolves: BZ #30884
-Related: BZ #30842
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
----
- nss/Makefile                    | 20 ++++++++++++++++++++
- nss/tst-nss-gai-hv2-canonname.c |  3 +++
- sysdeps/posix/getaddrinfo.c     |  4 +---
- 3 files changed, 24 insertions(+), 3 deletions(-)
-
-diff --git a/nss/Makefile b/nss/Makefile
-index 8a5126ecf3..668ba34b18 100644
---- a/nss/Makefile
-+++ b/nss/Makefile
-@@ -149,6 +149,15 @@ endif
- extra-test-objs               += nss_test1.os nss_test2.os nss_test_errno.os \
-                          nss_test_gai_hv2_canonname.os
- 
-+ifeq ($(run-built-tests),yes)
-+ifneq (no,$(PERL))
-+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
-+endif
-+endif
-+
-+generated += mtrace-tst-nss-gai-hv2-canonname.out \
-+              tst-nss-gai-hv2-canonname.mtrace
-+
- include ../Rules
- 
- ifeq (yes,$(have-selinux))
-@@ -217,6 +226,17 @@ endif
- $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
- $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
- 
-+tst-nss-gai-hv2-canonname-ENV = \
-+              MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
-+              LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
-+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
-+  $(objpfx)tst-nss-gai-hv2-canonname.out
-+      { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
-+      || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
-+      && $(common-objpfx)malloc/mtrace \
-+      $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
-+      $(evaluate-test)
-+
- # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
- # functions can load testing NSS modules via DT_RPATH.
- LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
-diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
-index d5f10c07d6..7db53cf09d 100644
---- a/nss/tst-nss-gai-hv2-canonname.c
-+++ b/nss/tst-nss-gai-hv2-canonname.c
-@@ -21,6 +21,7 @@
- #include <netdb.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <mcheck.h>
- #include <support/check.h>
- #include <support/xstdio.h>
- #include "nss/tst-nss-gai-hv2-canonname.h"
-@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av)
- static int
- do_test (void)
- {
-+  mtrace ();
-+
-   __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
- 
-   struct addrinfo hints = {};
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index b2236b105c..13082305d3 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -1196,9 +1196,7 @@ free_and_return:
-   if (malloc_name)
-     free ((char *) name);
-   free (addrmem);
--  if (res.free_at)
--    free (res.at);
--  free (res.canon);
-+  gaih_result_reset (&res);
- 
-   return result;
- }
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch b/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch
deleted file mode 100644 (file)
index f2145fd..0000000
--- a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From f6445dc94da185b3d1ee283f0ca0a34c4e1986cc Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 26 Sep 2023 07:38:07 -0400
-Subject: [PATCH 25/44] Document CVE-2023-4806 and CVE-2023-5156 in NEWS
-
-These are tracked in BZ #30884 and BZ #30843.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
----
- NEWS | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index dfee278a9c..f1b1b0a3b4 100644
---- a/NEWS
-+++ b/NEWS
-@@ -15,6 +15,15 @@ Security related changes:
-   2048 bytes, getaddrinfo may potentially disclose stack contents via
-   the returned address data, or crash.
- 
-+  CVE-2023-4806: When an NSS plugin only implements the
-+  _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
-+  memory that was freed during buffer resizing, potentially causing a
-+  crash or read or write to arbitrary memory.
-+
-+  CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
-+  an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
-+  AI_ALL and AI_V4MAPPED flags set.
-+
- The following bugs are resolved with this release:
- 
-   [30723] posix_memalign repeatedly scans long bin lists
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch b/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch
deleted file mode 100644 (file)
index 18bd1e2..0000000
--- a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 19 Sep 2023 13:25:40 -0400
-Subject: [PATCH 26/44] Propagate GLIBC_TUNABLES in setxid binaries
-
-GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some
-tunables are required to propagate past setxid boundary, like their
-env_alias.  Rely on tunable scrubbing to clean out GLIBC_TUNABLES like
-before, restoring behaviour in glibc 2.37 and earlier.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1)
----
- sysdeps/generic/unsecvars.h | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
-index 81397fb90b..8278c50a84 100644
---- a/sysdeps/generic/unsecvars.h
-+++ b/sysdeps/generic/unsecvars.h
-@@ -4,7 +4,6 @@
- #define UNSECURE_ENVVARS \
-   "GCONV_PATH\0"                                                            \
-   "GETCONF_DIR\0"                                                           \
--  "GLIBC_TUNABLES\0"                                                        \
-   "HOSTALIASES\0"                                                           \
-   "LD_AUDIT\0"                                                                      \
-   "LD_DEBUG\0"                                                                      \
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch b/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch
deleted file mode 100644 (file)
index 8f20f6c..0000000
--- a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From 750a45a783906a19591fb8ff6b7841470f1f5701 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 19 Sep 2023 18:39:32 -0400
-Subject: [PATCH 27/44] tunables: Terminate if end of input is reached
- (CVE-2023-4911)
-
-The string parsing routine may end up writing beyond bounds of tunestr
-if the input tunable string is malformed, of the form name=name=val.
-This gets processed twice, first as name=name=val and next as name=val,
-resulting in tunestr being name=name=val:name=val, thus overflowing
-tunestr.
-
-Terminate the parsing loop at the first instance itself so that tunestr
-does not overflow.
-
-This also fixes up tst-env-setuid-tunables to actually handle failures
-correct and add new tests to validate the fix for this CVE.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa)
----
- NEWS                          |  5 +++++
- elf/dl-tunables.c             | 17 +++++++++-------
- elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++--------
- 3 files changed, 44 insertions(+), 15 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index f1b1b0a3b4..bfcd46efa9 100644
---- a/NEWS
-+++ b/NEWS
-@@ -24,6 +24,11 @@ Security related changes:
-   an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
-   AI_ALL and AI_V4MAPPED flags set.
- 
-+  CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
-+  environment of a setuid program and NAME is valid, it may result in a
-+  buffer overflow, which could be exploited to achieve escalated
-+  privileges.  This flaw was introduced in glibc 2.34.
-+
- The following bugs are resolved with this release:
- 
-   [30723] posix_memalign repeatedly scans long bin lists
-diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
-index 62b7332d95..cae67efa0a 100644
---- a/elf/dl-tunables.c
-+++ b/elf/dl-tunables.c
-@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring)
-       /* If we reach the end of the string before getting a valid name-value
-        pair, bail out.  */
-       if (p[len] == '\0')
--      {
--        if (__libc_enable_secure)
--          tunestr[off] = '\0';
--        return;
--      }
-+      break;
- 
-       /* We did not find a valid name-value pair before encountering the
-        colon.  */
-@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring)
-           }
-       }
- 
--      if (p[len] != '\0')
--      p += len + 1;
-+      /* We reached the end while processing the tunable string.  */
-+      if (p[len] == '\0')
-+      break;
-+
-+      p += len + 1;
-     }
-+
-+  /* Terminate tunestr before we leave.  */
-+  if (__libc_enable_secure)
-+    tunestr[off] = '\0';
- }
- 
- /* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when
-diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
-index 7dfb0e073a..f0b92c97e7 100644
---- a/elf/tst-env-setuid-tunables.c
-+++ b/elf/tst-env-setuid-tunables.c
-@@ -50,6 +50,8 @@ const char *teststrings[] =
-   "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
-   "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096",
-   "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
-+  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
-+  "glibc.malloc.check=2",
-   "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2",
-   "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096",
-   ":glibc.malloc.garbage=2:glibc.malloc.check=1",
-@@ -68,6 +70,8 @@ const char *resultstrings[] =
-   "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
-   "glibc.malloc.mmap_threshold=4096",
-   "glibc.malloc.mmap_threshold=4096",
-+  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
-+  "",
-   "",
-   "",
-   "",
-@@ -81,11 +85,18 @@ test_child (int off)
- {
-   const char *val = getenv ("GLIBC_TUNABLES");
- 
-+  printf ("    [%d] GLIBC_TUNABLES is %s\n", off, val);
-+  fflush (stdout);
-   if (val != NULL && strcmp (val, resultstrings[off]) == 0)
-     return 0;
- 
-   if (val != NULL)
--    printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
-+    printf ("    [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n",
-+          off, val, resultstrings[off]);
-+  else
-+    printf ("    [%d] GLIBC_TUNABLES environment variable absent\n", off);
-+
-+  fflush (stdout);
- 
-   return 1;
- }
-@@ -106,21 +117,26 @@ do_test (int argc, char **argv)
-       if (ret != 0)
-       exit (1);
- 
--      exit (EXIT_SUCCESS);
-+      /* Special return code to make sure that the child executed all the way
-+       through.  */
-+      exit (42);
-     }
-   else
-     {
--      int ret = 0;
--
-       /* Spawn tests.  */
-       for (int i = 0; i < array_length (teststrings); i++)
-       {
-         char buf[INT_BUFSIZE_BOUND (int)];
- 
--        printf ("Spawned test for %s (%d)\n", teststrings[i], i);
-+        printf ("[%d] Spawned test for %s\n", i, teststrings[i]);
-         snprintf (buf, sizeof (buf), "%d\n", i);
-+        fflush (stdout);
-         if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0)
--          exit (1);
-+          {
-+            printf ("    [%d] Failed to set GLIBC_TUNABLES: %m", i);
-+            support_record_failure ();
-+            continue;
-+          }
- 
-         int status = support_capture_subprogram_self_sgid (buf);
- 
-@@ -128,9 +144,14 @@ do_test (int argc, char **argv)
-         if (WEXITSTATUS (status) == EXIT_UNSUPPORTED)
-           return EXIT_UNSUPPORTED;
- 
--        ret |= status;
-+        if (WEXITSTATUS (status) != 42)
-+          {
-+            printf ("    [%d] child failed with status %d\n", i,
-+                    WEXITSTATUS (status));
-+            support_record_failure ();
-+          }
-       }
--      return ret;
-+      return 0;
-     }
- }
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch b/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch
deleted file mode 100644 (file)
index 0ebfb5f..0000000
--- a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From e0b6c9706c91a642c781918eea52588ee8dc9f09 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 18 Oct 2023 14:22:59 +0200
-Subject: [PATCH 28/44] Revert "elf: Remove unused l_text_end field from struct
- link_map"
-
-This reverts commit 750f19526ae71aac801c77a3f7ef5374890c09b7.
-
-Reason for revert: Restore ABI after revert of commit a3189f66a5f.
----
- elf/dl-load.c    | 2 +-
- elf/dl-load.h    | 7 +++++--
- elf/rtld.c       | 6 ++++++
- elf/setup-vdso.h | 4 ++++
- include/link.h   | 2 ++
- 5 files changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index 2923b1141d..9a87fda9c9 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
- 
-     /* Now process the load commands and map segments into memory.
-        This is responsible for filling in:
--       l_map_start, l_map_end, l_addr, l_contiguous, l_phdr
-+       l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
-      */
-     errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
-                                 maplength, has_holes, loader);
-diff --git a/elf/dl-load.h b/elf/dl-load.h
-index 1d5207694b..ecf6910c68 100644
---- a/elf/dl-load.h
-+++ b/elf/dl-load.h
-@@ -83,11 +83,14 @@ struct loadcmd
- 
- /* This is a subroutine of _dl_map_segments.  It should be called for each
-    load command, some time after L->l_addr has been set correctly.  It is
--   responsible for setting the l_phdr fields  */
-+   responsible for setting up the l_text_end and l_phdr fields.  */
- static __always_inline void
- _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
-                          const struct loadcmd *c)
- {
-+  if (c->prot & PROT_EXEC)
-+    l->l_text_end = l->l_addr + c->mapend;
-+
-   if (l->l_phdr == 0
-       && c->mapoff <= header->e_phoff
-       && ((size_t) (c->mapend - c->mapstart + c->mapoff)
-@@ -100,7 +103,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
- 
- /* This is a subroutine of _dl_map_object_from_fd.  It is responsible
-    for filling in several fields in *L: l_map_start, l_map_end, l_addr,
--   l_contiguous, l_phdr.  On successful return, all the
-+   l_contiguous, l_text_end, l_phdr.  On successful return, all the
-    segments are mapped (or copied, or whatever) from the file into their
-    final places in the address space, with the correct page permissions,
-    and any bss-like regions already zeroed.  It returns a null pointer
-diff --git a/elf/rtld.c b/elf/rtld.c
-index 5107d16fe3..a91e2a4471 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -477,6 +477,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
-   GL(dl_rtld_map).l_real = &GL(dl_rtld_map);
-   GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start;
-   GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end;
-+  GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext;
-   /* Copy the TLS related data if necessary.  */
- #ifndef DONT_USE_BOOTSTRAP_MAP
- # if NO_TLS_OFFSET != 0
-@@ -1118,6 +1119,7 @@ rtld_setup_main_map (struct link_map *main_map)
-   bool has_interp = false;
- 
-   main_map->l_map_end = 0;
-+  main_map->l_text_end = 0;
-   /* Perhaps the executable has no PT_LOAD header entries at all.  */
-   main_map->l_map_start = ~0;
-   /* And it was opened directly.  */
-@@ -1209,6 +1211,8 @@ rtld_setup_main_map (struct link_map *main_map)
-         allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz;
-         if (main_map->l_map_end < allocend)
-           main_map->l_map_end = allocend;
-+        if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end)
-+          main_map->l_text_end = allocend;
- 
-         /* The next expected address is the page following this load
-            segment.  */
-@@ -1268,6 +1272,8 @@ rtld_setup_main_map (struct link_map *main_map)
-       = (char *) main_map->l_tls_initimage + main_map->l_addr;
-   if (! main_map->l_map_end)
-     main_map->l_map_end = ~0;
-+  if (! main_map->l_text_end)
-+    main_map->l_text_end = ~0;
-   if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name)
-     {
-       /* We were invoked directly, so the program might not have a
-diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h
-index d92b12a7aa..0079842d1f 100644
---- a/elf/setup-vdso.h
-+++ b/elf/setup-vdso.h
-@@ -51,6 +51,9 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
-               l->l_addr = ph->p_vaddr;
-             if (ph->p_vaddr + ph->p_memsz >= l->l_map_end)
-               l->l_map_end = ph->p_vaddr + ph->p_memsz;
-+            if ((ph->p_flags & PF_X)
-+                && ph->p_vaddr + ph->p_memsz >= l->l_text_end)
-+              l->l_text_end = ph->p_vaddr + ph->p_memsz;
-           }
-         else
-           /* There must be no TLS segment.  */
-@@ -59,6 +62,7 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
-       l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso);
-       l->l_addr = l->l_map_start - l->l_addr;
-       l->l_map_end += l->l_addr;
-+      l->l_text_end += l->l_addr;
-       l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr);
-       elf_get_dynamic_info (l, false, false);
-       _dl_setup_hash (l);
-diff --git a/include/link.h b/include/link.h
-index 686813f281..a02d5f2eba 100644
---- a/include/link.h
-+++ b/include/link.h
-@@ -253,6 +253,8 @@ struct link_map
-     /* Start and finish of memory map for this object.  l_map_start
-        need not be the same as l_addr.  */
-     ElfW(Addr) l_map_start, l_map_end;
-+    /* End of the executable part of the mapping.  */
-+    ElfW(Addr) l_text_end;
- 
-     /* Linked list of objects in reverse ELF constructor execution
-        order.  Head of list is stored in _dl_init_called_list.  */
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch b/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch
deleted file mode 100644 (file)
index 50e57e8..0000000
--- a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch
+++ /dev/null
@@ -1,593 +0,0 @@
-From 719866ab2ff0e6d514a04fb47e507d92e70ef7ee Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 18 Oct 2023 14:25:46 +0200
-Subject: [PATCH 29/44] Revert "elf: Always call destructors in reverse
- constructor order (bug 30785)"
-
-This reverts commit a3189f66a5f2fe86568286fa025fa153be04c6c0.
-
-Reason for revert: Incompatibility with existing applications.
----
- NEWS                       |   1 -
- elf/dl-close.c             | 113 ++++++++++-----------------
- elf/dl-fini.c              | 152 ++++++++++++++++++++++++-------------
- elf/dl-init.c              |  16 ----
- elf/dso-sort-tests-1.def   |  19 +++--
- elf/tst-audit23.c          |  44 +++++------
- sysdeps/generic/ldsodefs.h |   4 -
- 7 files changed, 173 insertions(+), 176 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index bfcd46efa9..f117874e34 100644
---- a/NEWS
-+++ b/NEWS
-@@ -32,7 +32,6 @@ Security related changes:
- The following bugs are resolved with this release:
- 
-   [30723] posix_memalign repeatedly scans long bin lists
--  [30785] Always call destructors in reverse constructor order
-   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-diff --git a/elf/dl-close.c b/elf/dl-close.c
-index ea62d0e601..b887a44888 100644
---- a/elf/dl-close.c
-+++ b/elf/dl-close.c
-@@ -138,31 +138,30 @@ _dl_close_worker (struct link_map *map, bool force)
- 
-   bool any_tls = false;
-   const unsigned int nloaded = ns->_ns_nloaded;
-+  struct link_map *maps[nloaded];
- 
--  /* Run over the list and assign indexes to the link maps.  */
-+  /* Run over the list and assign indexes to the link maps and enter
-+     them into the MAPS array.  */
-   int idx = 0;
-   for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next)
-     {
-       l->l_map_used = 0;
-       l->l_map_done = 0;
-       l->l_idx = idx;
-+      maps[idx] = l;
-       ++idx;
-     }
-   assert (idx == nloaded);
- 
--  /* Keep marking link maps until no new link maps are found.  */
--  for (struct link_map *l = ns->_ns_loaded; l != NULL; )
-+  /* Keep track of the lowest index link map we have covered already.  */
-+  int done_index = -1;
-+  while (++done_index < nloaded)
-     {
--      /* next is reset to earlier link maps for remarking.  */
--      struct link_map *next = l->l_next;
--      int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL.  */
-+      struct link_map *l = maps[done_index];
- 
-       if (l->l_map_done)
--      {
--        /* Already handled.  */
--        l = next;
--        continue;
--      }
-+      /* Already handled.  */
-+      continue;
- 
-       /* Check whether this object is still used.  */
-       if (l->l_type == lt_loaded
-@@ -172,10 +171,7 @@ _dl_close_worker (struct link_map *map, bool force)
-            acquire is sufficient and correct.  */
-         && atomic_load_acquire (&l->l_tls_dtor_count) == 0
-         && !l->l_map_used)
--      {
--        l = next;
--        continue;
--      }
-+      continue;
- 
-       /* We need this object and we handle it now.  */
-       l->l_map_used = 1;
-@@ -202,11 +198,8 @@ _dl_close_worker (struct link_map *map, bool force)
-                        already processed it, then we need to go back
-                        and process again from that point forward to
-                        ensure we keep all of its dependencies also.  */
--                    if ((*lp)->l_idx < next_idx)
--                      {
--                        next = *lp;
--                        next_idx = next->l_idx;
--                      }
-+                    if ((*lp)->l_idx - 1 < done_index)
-+                      done_index = (*lp)->l_idx - 1;
-                   }
-               }
- 
-@@ -226,65 +219,44 @@ _dl_close_worker (struct link_map *map, bool force)
-               if (!jmap->l_map_used)
-                 {
-                   jmap->l_map_used = 1;
--                  if (jmap->l_idx < next_idx)
--                    {
--                        next = jmap;
--                        next_idx = next->l_idx;
--                    }
-+                  if (jmap->l_idx - 1 < done_index)
-+                    done_index = jmap->l_idx - 1;
-                 }
-             }
-         }
--
--      l = next;
-     }
- 
--  /* Call the destructors in reverse constructor order, and remove the
--     closed link maps from the list.  */
--  for (struct link_map **init_called_head = &_dl_init_called_list;
--       *init_called_head != NULL; )
-+  /* Sort the entries.  We can skip looking for the binary itself which is
-+     at the front of the search list for the main namespace.  */
-+  _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true);
-+
-+  /* Call all termination functions at once.  */
-+  bool unload_any = false;
-+  bool scope_mem_left = false;
-+  unsigned int unload_global = 0;
-+  unsigned int first_loaded = ~0;
-+  for (unsigned int i = 0; i < nloaded; ++i)
-     {
--      struct link_map *imap = *init_called_head;
-+      struct link_map *imap = maps[i];
- 
--      /* _dl_init_called_list is global, to produce a global odering.
--       Ignore the other namespaces (and link maps that are still used).  */
--      if (imap->l_ns != nsid || imap->l_map_used)
--      init_called_head = &imap->l_init_called_next;
--      else
-+      /* All elements must be in the same namespace.  */
-+      assert (imap->l_ns == nsid);
-+
-+      if (!imap->l_map_used)
-       {
-         assert (imap->l_type == lt_loaded && !imap->l_nodelete_active);
- 
--        /* _dl_init_called_list is updated at the same time as
--           l_init_called.  */
--        assert (imap->l_init_called);
--
--        if (imap->l_info[DT_FINI_ARRAY] != NULL
--            || imap->l_info[DT_FINI] != NULL)
-+        /* Call its termination function.  Do not do it for
-+           half-cooked objects.  Temporarily disable exception
-+           handling, so that errors are fatal.  */
-+        if (imap->l_init_called)
-           _dl_catch_exception (NULL, _dl_call_fini, imap);
- 
- #ifdef SHARED
-         /* Auditing checkpoint: we remove an object.  */
-         _dl_audit_objclose (imap);
- #endif
--        /* Unlink this link map.  */
--        *init_called_head = imap->l_init_called_next;
--      }
--    }
--
--
--  bool unload_any = false;
--  bool scope_mem_left = false;
--  unsigned int unload_global = 0;
--
--  /* For skipping un-unloadable link maps in the second loop.  */
--  struct link_map *first_loaded = ns->_ns_loaded;
- 
--  /* Iterate over the namespace to find objects to unload.  Some
--     unloadable objects may not be on _dl_init_called_list due to
--     dlopen failure.  */
--  for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next)
--    {
--      if (!imap->l_map_used)
--      {
-         /* This object must not be used anymore.  */
-         imap->l_removed = 1;
- 
-@@ -295,8 +267,8 @@ _dl_close_worker (struct link_map *map, bool force)
-           ++unload_global;
- 
-         /* Remember where the first dynamically loaded object is.  */
--        if (first_loaded == NULL)
--            first_loaded = imap;
-+        if (i < first_loaded)
-+          first_loaded = i;
-       }
-       /* Else imap->l_map_used.  */
-       else if (imap->l_type == lt_loaded)
-@@ -432,8 +404,8 @@ _dl_close_worker (struct link_map *map, bool force)
-           imap->l_loader = NULL;
- 
-         /* Remember where the first dynamically loaded object is.  */
--        if (first_loaded == NULL)
--            first_loaded = imap;
-+        if (i < first_loaded)
-+          first_loaded = i;
-       }
-     }
- 
-@@ -504,11 +476,10 @@ _dl_close_worker (struct link_map *map, bool force)
- 
-   /* Check each element of the search list to see if all references to
-      it are gone.  */
--  for (struct link_map *imap = first_loaded; imap != NULL; )
-+  for (unsigned int i = first_loaded; i < nloaded; ++i)
-     {
--      if (imap->l_map_used)
--      imap = imap->l_next;
--      else
-+      struct link_map *imap = maps[i];
-+      if (!imap->l_map_used)
-       {
-         assert (imap->l_type == lt_loaded);
- 
-@@ -719,9 +690,7 @@ _dl_close_worker (struct link_map *map, bool force)
-         if (imap == GL(dl_initfirst))
-           GL(dl_initfirst) = NULL;
- 
--        struct link_map *next = imap->l_next;
-         free (imap);
--        imap = next;
-       }
-     }
- 
-diff --git a/elf/dl-fini.c b/elf/dl-fini.c
-index e201d36651..9acb64f47c 100644
---- a/elf/dl-fini.c
-+++ b/elf/dl-fini.c
-@@ -24,68 +24,116 @@
- void
- _dl_fini (void)
- {
--  /* Call destructors strictly in the reverse order of constructors.
--     This causes fewer surprises than some arbitrary reordering based
--     on new (relocation) dependencies.  None of the objects are
--     unmapped, so applications can deal with this if their DSOs remain
--     in a consistent state after destructors have run.  */
--
--  /* Protect against concurrent loads and unloads.  */
--  __rtld_lock_lock_recursive (GL(dl_load_lock));
--
--  /* Ignore objects which are opened during shutdown.  */
--  struct link_map *local_init_called_list = _dl_init_called_list;
--
--  for (struct link_map *l = local_init_called_list; l != NULL;
--       l = l->l_init_called_next)
--      /* Bump l_direct_opencount of all objects so that they
--       are not dlclose()ed from underneath us.  */
--      ++l->l_direct_opencount;
--
--  /* After this point, everything linked from local_init_called_list
--     cannot be unloaded because of the reference counter update.  */
--  __rtld_lock_unlock_recursive (GL(dl_load_lock));
--
--  /* Perform two passes: One for non-audit modules, one for audit
--     modules.  This way, audit modules receive unload notifications
--     for non-audit objects, and the destructors for audit modules
--     still run.  */
-+  /* Lots of fun ahead.  We have to call the destructors for all still
-+     loaded objects, in all namespaces.  The problem is that the ELF
-+     specification now demands that dependencies between the modules
-+     are taken into account.  I.e., the destructor for a module is
-+     called before the ones for any of its dependencies.
-+
-+     To make things more complicated, we cannot simply use the reverse
-+     order of the constructors.  Since the user might have loaded objects
-+     using `dlopen' there are possibly several other modules with its
-+     dependencies to be taken into account.  Therefore we have to start
-+     determining the order of the modules once again from the beginning.  */
-+
-+  /* We run the destructors of the main namespaces last.  As for the
-+     other namespaces, we pick run the destructors in them in reverse
-+     order of the namespace ID.  */
-+#ifdef SHARED
-+  int do_audit = 0;
-+ again:
-+#endif
-+  for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns)
-+    {
-+      /* Protect against concurrent loads and unloads.  */
-+      __rtld_lock_lock_recursive (GL(dl_load_lock));
-+
-+      unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded;
-+      /* No need to do anything for empty namespaces or those used for
-+       auditing DSOs.  */
-+      if (nloaded == 0
-+#ifdef SHARED
-+        || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit
-+#endif
-+        )
-+      __rtld_lock_unlock_recursive (GL(dl_load_lock));
-+      else
-+      {
- #ifdef SHARED
--  int last_pass = GLRO(dl_naudit) > 0;
--  Lmid_t last_ns = -1;
--  for (int do_audit = 0; do_audit <= last_pass; ++do_audit)
-+        _dl_audit_activity_nsid (ns, LA_ACT_DELETE);
- #endif
--    for (struct link_map *l = local_init_called_list; l != NULL;
--       l = l->l_init_called_next)
--      {
-+
-+        /* Now we can allocate an array to hold all the pointers and
-+           copy the pointers in.  */
-+        struct link_map *maps[nloaded];
-+
-+        unsigned int i;
-+        struct link_map *l;
-+        assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL);
-+        for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next)
-+          /* Do not handle ld.so in secondary namespaces.  */
-+          if (l == l->l_real)
-+            {
-+              assert (i < nloaded);
-+
-+              maps[i] = l;
-+              l->l_idx = i;
-+              ++i;
-+
-+              /* Bump l_direct_opencount of all objects so that they
-+                 are not dlclose()ed from underneath us.  */
-+              ++l->l_direct_opencount;
-+            }
-+        assert (ns != LM_ID_BASE || i == nloaded);
-+        assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1);
-+        unsigned int nmaps = i;
-+
-+        /* Now we have to do the sorting.  We can skip looking for the
-+           binary itself which is at the front of the search list for
-+           the main namespace.  */
-+        _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true);
-+
-+        /* We do not rely on the linked list of loaded object anymore
-+           from this point on.  We have our own list here (maps).  The
-+           various members of this list cannot vanish since the open
-+           count is too high and will be decremented in this loop.  So
-+           we release the lock so that some code which might be called
-+           from a destructor can directly or indirectly access the
-+           lock.  */
-+        __rtld_lock_unlock_recursive (GL(dl_load_lock));
-+
-+        /* 'maps' now contains the objects in the right order.  Now
-+           call the destructors.  We have to process this array from
-+           the front.  */
-+        for (i = 0; i < nmaps; ++i)
-+          {
-+            struct link_map *l = maps[i];
-+
-+            if (l->l_init_called)
-+              {
-+                _dl_call_fini (l);
- #ifdef SHARED
--      if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit)
--        continue;
--
--      /* Avoid back-to-back calls of _dl_audit_activity_nsid for the
--         same namespace.  */
--      if (last_ns != l->l_ns)
--        {
--          if (last_ns >= 0)
--            _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
--          _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE);
--          last_ns = l->l_ns;
--        }
-+                /* Auditing checkpoint: another object closed.  */
-+                _dl_audit_objclose (l);
- #endif
-+              }
- 
--      /* There is no need to re-enable exceptions because _dl_fini
--         is not called from a context where exceptions are caught.  */
--      _dl_call_fini (l);
-+            /* Correct the previous increment.  */
-+            --l->l_direct_opencount;
-+          }
- 
- #ifdef SHARED
--      /* Auditing checkpoint: another object closed.  */
--      _dl_audit_objclose (l);
-+        _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
- #endif
--      }
-+      }
-+    }
- 
- #ifdef SHARED
--  if (last_ns >= 0)
--    _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
-+  if (! do_audit && GLRO(dl_naudit) > 0)
-+    {
-+      do_audit = 1;
-+      goto again;
-+    }
- 
-   if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS))
-     _dl_debug_printf ("\nruntime linker statistics:\n"
-diff --git a/elf/dl-init.c b/elf/dl-init.c
-index ffd05b7806..ba4d2fdc85 100644
---- a/elf/dl-init.c
-+++ b/elf/dl-init.c
-@@ -21,7 +21,6 @@
- #include <ldsodefs.h>
- #include <elf-initfini.h>
- 
--struct link_map *_dl_init_called_list;
- 
- static void
- call_init (struct link_map *l, int argc, char **argv, char **env)
-@@ -43,21 +42,6 @@ call_init (struct link_map *l, int argc, char **argv, char **env)
-      dependency.  */
-   l->l_init_called = 1;
- 
--  /* Help an already-running dlclose: The just-loaded object must not
--     be removed during the current pass.  (No effect if no dlclose in
--     progress.)  */
--  l->l_map_used = 1;
--
--  /* Record execution before starting any initializers.  This way, if
--     the initializers themselves call dlopen, their ELF destructors
--     will eventually be run before this object is destructed, matching
--     that their ELF constructors have run before this object was
--     constructed.  _dl_fini uses this list for audit callbacks, so
--     register objects on the list even if they do not have a
--     constructor.  */
--  l->l_init_called_next = _dl_init_called_list;
--  _dl_init_called_list = l;
--
-   /* Check for object which constructors we do not run here.  */
-   if (__builtin_expect (l->l_name[0], 'a') == '\0'
-       && l->l_type == lt_executable)
-diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def
-index 61dc54f8ae..4bf9052db1 100644
---- a/elf/dso-sort-tests-1.def
-+++ b/elf/dso-sort-tests-1.def
-@@ -53,14 +53,21 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c
- output: b>a>{}<a<b
- 
- # Complex example from Bugzilla #15311, under-linked and with circular
--# relocation(dynamic) dependencies. For both sorting algorithms, the
--# destruction order is the reverse of the construction order, and
--# relocation dependencies are not taken into account.
-+# relocation(dynamic) dependencies. While this is technically unspecified, the
-+# presumed reasonable practical behavior is for the destructor order to respect
-+# the static DT_NEEDED links (here this means the a->b->c->d order).
-+# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based
-+# dynamic_sort=2 algorithm does, although it is still arguable whether going
-+# beyond spec to do this is the right thing to do.
-+# The below expected outputs are what the two algorithms currently produce
-+# respectively, for regression testing purposes.
- tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c
--output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];}
-+output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
-+output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
- 
- # Test that even in the presence of dependency loops involving dlopen'ed
- # object, that object is initialized last (and not unloaded prematurely).
--# Final destructor order is the opposite of constructor order.
-+# Final destructor order is indeterminate due to the cycle.
- tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1
--output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2
-+output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1
-+output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1
-diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
-index 503699c36a..bb7d66c385 100644
---- a/elf/tst-audit23.c
-+++ b/elf/tst-audit23.c
-@@ -98,8 +98,6 @@ do_test (int argc, char *argv[])
-     char *lname;
-     uintptr_t laddr;
-     Lmid_t lmid;
--    uintptr_t cookie;
--    uintptr_t namespace;
-     bool closed;
-   } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
-   size_t nobjs = 0;
-@@ -119,9 +117,6 @@ do_test (int argc, char *argv[])
-   size_t buffer_length = 0;
-   while (xgetline (&buffer, &buffer_length, out))
-     {
--      *strchrnul (buffer, '\n') = '\0';
--      printf ("info: subprocess output: %s\n", buffer);
--
-       if (startswith (buffer, "la_activity: "))
-       {
-         uintptr_t cookie;
-@@ -130,26 +125,29 @@ do_test (int argc, char *argv[])
-                         &cookie);
-         TEST_COMPARE (r, 2);
- 
-+        /* The cookie identifies the object at the head of the link map,
-+           so we only add a new namespace if it changes from the previous
-+           one.  This works since dlmopen is the last in the test body.  */
-+        if (cookie != last_act_cookie && last_act_cookie != -1)
-+          TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
-+
-         if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
-           {
--            /* The cookie identifies the object at the head of the
--               link map, so we only add a new namespace if it
--               changes from the previous one.  This works since
--               dlmopen is the last in the test body.  */
--            if (cookie != last_act_cookie && last_act_cookie != -1)
--              TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
--
-             acts[nacts++] = cookie;
-             last_act_cookie = cookie;
-           }
--        /* LA_ACT_DELETE is called multiple times for each
--           namespace, depending on destruction order.  */
-+        /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
-+           at program termination (if the tests adds a dlclose or a library
-+           with extra dependencies this will need to be adapted).  */
-         else if (this_act == LA_ACT_DELETE)
--          last_act_cookie = cookie;
-+          {
-+            last_act_cookie = acts[--nacts];
-+            TEST_COMPARE (acts[nacts], cookie);
-+            acts[nacts] = 0;
-+          }
-         else if (this_act == LA_ACT_CONSISTENT)
-           {
-             TEST_COMPARE (cookie, last_act_cookie);
--            last_act_cookie = -1;
- 
-             /* LA_ACT_DELETE must always be followed by an la_objclose.  */
-             if (last_act == LA_ACT_DELETE)
-@@ -181,8 +179,6 @@ do_test (int argc, char *argv[])
-         objs[nobjs].lname = lname;
-         objs[nobjs].laddr = laddr;
-         objs[nobjs].lmid = lmid;
--        objs[nobjs].cookie = cookie;
--        objs[nobjs].namespace = last_act_cookie;
-         objs[nobjs].closed = false;
-         nobjs++;
- 
-@@ -205,12 +201,6 @@ do_test (int argc, char *argv[])
-             if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
-               {
-                 TEST_COMPARE (objs[i].closed, false);
--                TEST_COMPARE (objs[i].cookie, cookie);
--                if (objs[i].namespace == -1)
--                  /* No LA_ACT_ADD before the first la_objopen call.  */
--                  TEST_COMPARE (acts[0], last_act_cookie);
--                else
--                  TEST_COMPARE (objs[i].namespace, last_act_cookie);
-                 objs[i].closed = true;
-                 break;
-               }
-@@ -219,7 +209,11 @@ do_test (int argc, char *argv[])
-         /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
-            the closed object's namespace.  */
-         TEST_COMPARE (last_act, LA_ACT_DELETE);
--        seen_first_objclose = true;
-+        if (!seen_first_objclose)
-+          {
-+            TEST_COMPARE (last_act_cookie, cookie);
-+            seen_first_objclose = true;
-+          }
-       }
-     }
- 
-diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
-index 9ea9389a39..e8b7359b04 100644
---- a/sysdeps/generic/ldsodefs.h
-+++ b/sysdeps/generic/ldsodefs.h
-@@ -1037,10 +1037,6 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose,
- extern void _dl_init (struct link_map *main_map, int argc, char **argv,
-                     char **env) attribute_hidden;
- 
--/* List of ELF objects in reverse order of their constructor
--   invocation.  */
--extern struct link_map *_dl_init_called_list attribute_hidden;
--
- /* Call the finalizer functions of all shared objects whose
-    initializer functions have completed.  */
- extern void _dl_fini (void) attribute_hidden;
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch b/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch
deleted file mode 100644 (file)
index dd4905c..0000000
--- a/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 1e04dcec491bd8f48b5b74ce3e8414132578a645 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Thu, 19 Oct 2023 09:17:38 +0200
-Subject: [PATCH 30/44] Revert "elf: Move l_init_called_next to old place of
- l_text_end in link map"
-
-This reverts commit d3ba6c1333b10680ce5900a628108507d9d4b844.
-
-Reason: Preserve internal ABI.
----
- include/link.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/link.h b/include/link.h
-index a02d5f2eba..69bda3ed17 100644
---- a/include/link.h
-+++ b/include/link.h
-@@ -256,10 +256,6 @@ struct link_map
-     /* End of the executable part of the mapping.  */
-     ElfW(Addr) l_text_end;
- 
--    /* Linked list of objects in reverse ELF constructor execution
--       order.  Head of list is stored in _dl_init_called_list.  */
--    struct link_map *l_init_called_next;
--
-     /* Default array for 'l_scope'.  */
-     struct r_scope_elem *l_scope_mem[4];
-     /* Size of array allocated for 'l_scope'.  */
-@@ -282,6 +278,10 @@ struct link_map
-     /* List of object in order of the init and fini calls.  */
-     struct link_map **l_initfini;
- 
-+    /* Linked list of objects in reverse ELF constructor execution
-+       order.  Head of list is stored in _dl_init_called_list.  */
-+    struct link_map *l_init_called_next;
-+
-     /* List of the dependencies introduced through symbol binding.  */
-     struct link_map_reldeps
-       {
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch b/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
deleted file mode 100644 (file)
index fd6fee2..0000000
--- a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001
-From: Sergio Durigan Junior <sergiodj@sergiodj.net>
-Date: Wed, 1 Nov 2023 18:15:23 -0400
-Subject: [PATCH 31/44] sysdeps: sem_open: Clear O_CREAT when semaphore file is
- expected to exist [BZ #30789]
-
-When invoking sem_open with O_CREAT as one of its flags, we'll end up
-in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag
-& O_EXCL) == 0)", which means that we don't expect the semaphore file
-to exist.
-
-In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL
-| O_CLOEXEC" and there's an attempt to open(2) the file, which will
-likely fail because it won't exist.  After that first (expected)
-failure, some cleanup is done and we go back to the label "try_again",
-which lives in the first part of the aforementioned "if".
-
-The problem is that, in that part of the code, we expect the semaphore
-file to exist, and as such O_CREAT (this time the flag we pass to
-open(2)) needs to be cleaned from open_flags, otherwise we'll see
-another failure (this time unexpected) when trying to open the file,
-which will lead the call to sem_open to fail as well.
-
-This can cause very strange bugs, especially with OpenMPI, which makes
-extensive use of semaphores.
-
-Fix the bug by simplifying the logic when choosing open(2) flags and
-making sure O_CREAT is not set when the semaphore file is expected to
-exist.
-
-A regression test for this issue would require a complex and cpu time
-consuming logic, since to trigger the wrong code path is not
-straightforward due the racy condition.  There is a somewhat reliable
-reproducer in the bug, but it requires using OpenMPI.
-
-This resolves BZ #30789.
-
-See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912
-
-Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
-Co-Authored-By: Simon Chopin <simon.chopin@canonical.com>
-Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
-Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
-(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147)
----
- NEWS                       |  2 ++
- sysdeps/pthread/sem_open.c | 10 ++++------
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index f117874e34..5ac488bf9b 100644
---- a/NEWS
-+++ b/NEWS
-@@ -32,6 +32,8 @@ Security related changes:
- The following bugs are resolved with this release:
- 
-   [30723] posix_memalign repeatedly scans long bin lists
-+  [30789] sem_open will fail on multithreaded scenarios when semaphore
-+    file doesn't exist (O_CREAT)
-   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c
-index e5db929d20..0e331a7445 100644
---- a/sysdeps/pthread/sem_open.c
-+++ b/sysdeps/pthread/sem_open.c
-@@ -32,11 +32,12 @@
- # define __unlink unlink
- #endif
- 
-+#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC)
-+
- sem_t *
- __sem_open (const char *name, int oflag, ...)
- {
-   int fd;
--  int open_flags;
-   sem_t *result;
- 
-   /* Check that shared futexes are supported.  */
-@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...)
-   /* If the semaphore object has to exist simply open it.  */
-   if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
-     {
--      open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
--      open_flags |= (oflag & ~(O_CREAT|O_ACCMODE));
-     try_again:
--      fd = __open (dirname.name, open_flags);
-+      fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS);
- 
-       if (fd == -1)
-       {
-@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...)
-           }
- 
-         /* Open the file.  Make sure we do not overwrite anything.  */
--        open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC;
--        fd = __open (tmpfname, open_flags, mode);
-+        fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode);
-         if (fd == -1)
-           {
-             if (errno == EEXIST)
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch b/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch
deleted file mode 100644 (file)
index 42d3f96..0000000
--- a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-Date: Thu, 7 Dec 2023 11:17:35 -0300
-Subject: [PATCH 32/44] elf: Fix wrong break removal from 8ee878592c
-
-Reported-by: Alexander Monakov <amonakov@ispras.ru>
-(cherry picked from commit 546a1ba664626603660b595662249d524e429013)
----
- elf/readelflib.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/elf/readelflib.c b/elf/readelflib.c
-index f5b8c80e38..64f1d662a9 100644
---- a/elf/readelflib.c
-+++ b/elf/readelflib.c
-@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
-       case PT_INTERP:
-         program_interpreter = (char *) (file_contents + segment->p_offset);
-         check_ptr (program_interpreter);
-+        break;
- 
-       case PT_GNU_PROPERTY:
-         /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch b/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch
deleted file mode 100644 (file)
index df64df3..0000000
--- a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 44f757a6364a546359809d48c76b3debd26e77d4 Mon Sep 17 00:00:00 2001
-From: caiyinyu <caiyinyu@loongson.cn>
-Date: Thu, 26 Oct 2023 17:27:21 +0800
-Subject: [PATCH 33/44] LoongArch: Delete excessively allocated memory.
-
-Backported from glibc 2.39 development.
----
- sysdeps/loongarch/dl-trampoline.h | 68 +++++++++++++++----------------
- 1 file changed, 34 insertions(+), 34 deletions(-)
-
-diff --git a/sysdeps/loongarch/dl-trampoline.h b/sysdeps/loongarch/dl-trampoline.h
-index 02375286f8..99fcacab76 100644
---- a/sysdeps/loongarch/dl-trampoline.h
-+++ b/sysdeps/loongarch/dl-trampoline.h
-@@ -19,9 +19,9 @@
- /* Assembler veneer called from the PLT header code for lazy loading.
-    The PLT header passes its own args in t0-t2.  */
- #ifdef USE_LASX
--# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZXREG) & ALMASK))
-+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZXREG) & ALMASK))
- #elif defined USE_LSX
--# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZVREG) & ALMASK))
-+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZVREG) & ALMASK))
- #elif !defined __loongarch_soft_float
- # define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG) & ALMASK))
- #else
-@@ -44,23 +44,23 @@ ENTRY (_dl_runtime_resolve)
-       REG_S   a7, sp, 8*SZREG
- 
- #ifdef USE_LASX
--      xvst    xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG
--      xvst    xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG
--      xvst    xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG
--      xvst    xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG
--      xvst    xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG
--      xvst    xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG
--      xvst    xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG
--      xvst    xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG
-+      xvst    xr0, sp, 9*SZREG + 0*SZXREG
-+      xvst    xr1, sp, 9*SZREG + 1*SZXREG
-+      xvst    xr2, sp, 9*SZREG + 2*SZXREG
-+      xvst    xr3, sp, 9*SZREG + 3*SZXREG
-+      xvst    xr4, sp, 9*SZREG + 4*SZXREG
-+      xvst    xr5, sp, 9*SZREG + 5*SZXREG
-+      xvst    xr6, sp, 9*SZREG + 6*SZXREG
-+      xvst    xr7, sp, 9*SZREG + 7*SZXREG
- #elif defined USE_LSX
--      vst     vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG
--      vst     vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG
--      vst     vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG
--      vst     vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG
--      vst     vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG
--      vst     vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG
--      vst     vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG
--      vst     vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG
-+      vst     vr0, sp, 9*SZREG + 0*SZVREG
-+      vst     vr1, sp, 9*SZREG + 1*SZVREG
-+      vst     vr2, sp, 9*SZREG + 2*SZVREG
-+      vst     vr3, sp, 9*SZREG + 3*SZVREG
-+      vst     vr4, sp, 9*SZREG + 4*SZVREG
-+      vst     vr5, sp, 9*SZREG + 5*SZVREG
-+      vst     vr6, sp, 9*SZREG + 6*SZVREG
-+      vst     vr7, sp, 9*SZREG + 7*SZVREG
- #elif !defined __loongarch_soft_float
-       FREG_S  fa0, sp, 9*SZREG + 0*SZFREG
-       FREG_S  fa1, sp, 9*SZREG + 1*SZFREG
-@@ -92,23 +92,23 @@ ENTRY (_dl_runtime_resolve)
-       REG_L   a7, sp, 8*SZREG
- 
- #ifdef USE_LASX
--      xvld    xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG
--      xvld    xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG
--      xvld    xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG
--      xvld    xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG
--      xvld    xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG
--      xvld    xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG
--      xvld    xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG
--      xvld    xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG
-+      xvld    xr0, sp, 9*SZREG + 0*SZXREG
-+      xvld    xr1, sp, 9*SZREG + 1*SZXREG
-+      xvld    xr2, sp, 9*SZREG + 2*SZXREG
-+      xvld    xr3, sp, 9*SZREG + 3*SZXREG
-+      xvld    xr4, sp, 9*SZREG + 4*SZXREG
-+      xvld    xr5, sp, 9*SZREG + 5*SZXREG
-+      xvld    xr6, sp, 9*SZREG + 6*SZXREG
-+      xvld    xr7, sp, 9*SZREG + 7*SZXREG
- #elif defined USE_LSX
--      vld     vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG
--      vld     vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG
--      vld     vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG
--      vld     vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG
--      vld     vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG
--      vld     vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG
--      vld     vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG
--      vld     vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG
-+      vld     vr0, sp, 9*SZREG + 0*SZVREG
-+      vld     vr1, sp, 9*SZREG + 1*SZVREG
-+      vld     vr2, sp, 9*SZREG + 2*SZVREG
-+      vld     vr3, sp, 9*SZREG + 3*SZVREG
-+      vld     vr4, sp, 9*SZREG + 4*SZVREG
-+      vld     vr5, sp, 9*SZREG + 5*SZVREG
-+      vld     vr6, sp, 9*SZREG + 6*SZVREG
-+      vld     vr7, sp, 9*SZREG + 7*SZVREG
- #elif !defined __loongarch_soft_float
-       FREG_L  fa0, sp, 9*SZREG + 0*SZFREG
-       FREG_L  fa1, sp, 9*SZREG + 1*SZFREG
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch b/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch
deleted file mode 100644 (file)
index 957ccf2..0000000
--- a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001
-From: Hector Martin <marcan@marcan.st>
-Date: Tue, 28 Nov 2023 15:23:07 +0900
-Subject: [PATCH 34/44] elf: Fix TLS modid reuse generation assignment (BZ
- 29039)
-
-_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
-does *not* do anything to the generation counter. The first time this
-happens, the generation is zero and map_generation() returns the current
-generation to be used during relocation processing. However, if
-a slotinfo entry is later reused, it will already have a generation
-assigned. If this generation has fallen behind the current global max
-generation, then this causes an obsolete generation to be assigned
-during relocation processing, as map_generation() returns this
-generation if nonzero. _dl_add_to_slotinfo() eventually resets the
-generation, but by then it is too late. This causes DTV updates to be
-skipped, leading to NULL or broken TLS slot pointers and segfaults.
-
-Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
-so it behaves the same as the first time a slot is assigned.
-_dl_add_to_slotinfo() will still assign the correct static generation
-later during module load, but relocation processing will no longer use
-an obsolete generation.
-
-Note that slotinfo entry (aka modid) reuse typically happens after a
-dlclose and only TLS access via dynamic tlsdesc is affected. Because
-tlsdesc is optimized to use the optional part of static TLS, dynamic
-tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
-tunable to a large enough value, or by LD_PRELOAD-ing the affected
-modules.
-
-Fixes bug 29039.
-
-Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
-(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59)
----
- elf/dl-tls.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/elf/dl-tls.c b/elf/dl-tls.c
-index 99b83ca696..1f6f820819 100644
---- a/elf/dl-tls.c
-+++ b/elf/dl-tls.c
-@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
-             {
-               /* Mark the entry as used, so any dependency see it.  */
-               atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
-+              atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
-               break;
-             }
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch b/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch
deleted file mode 100644 (file)
index 87b0235..0000000
--- a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-From 0de9082ed8d8f149ca87d569a73692046e236c18 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <szabolcs.nagy@arm.com>
-Date: Wed, 29 Nov 2023 11:31:37 +0000
-Subject: [PATCH 35/44] elf: Add TLS modid reuse test for bug 29039
-
-This is a minimal regression test for bug 29039 which only affects
-targets with TLSDESC and a reproducer requires that
-
-1) Have modid gaps (closed modules) with old generation.
-2) Update a DTV to a newer generation (needs a newer dlopen).
-3) But do not update the closed gap entry in that DTV.
-4) Reuse the modid gap for a new module (another dlopen).
-5) Use dynamic TLSDESC in that new module with old generation (bug).
-6) Access TLS via this TLSDESC and the now outdated DTV.
-
-However step (3) in practice rarely happens: during DTV update the
-entries for closed modids are initialized to "unallocated" and then
-dynamic TLSDESC calls __tls_get_addr independently of its generation.
-The only exception to this is DTV setup at thread creation (gaps are
-initialized to NULL instead of unallocated) or DTV resize where the
-gap entries are outside the previous DTV array (again NULL instead
-of unallocated, and this requires loading > DTV_SURPLUS modules).
-
-So the bug can only cause NULL (+ offset) dereference, not use after
-free. And the easiest way to get (3) is via thread creation.
-
-Note that step (5) requires that the newly loaded module has larger
-TLS than the remaining optional static TLS. And for (6) there cannot
-be other TLS access or dlopen in the thread that updates the DTV.
-
-Tested on aarch64-linux-gnu.
-
-Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-(cherry picked from commit 980450f12685326729d63ff72e93a996113bf073)
----
- elf/Makefile          | 15 +++++++
- elf/tst-tlsgap-mod0.c |  2 +
- elf/tst-tlsgap-mod1.c |  2 +
- elf/tst-tlsgap-mod2.c |  2 +
- elf/tst-tlsgap.c      | 92 +++++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 113 insertions(+)
- create mode 100644 elf/tst-tlsgap-mod0.c
- create mode 100644 elf/tst-tlsgap-mod1.c
- create mode 100644 elf/tst-tlsgap-mod2.c
- create mode 100644 elf/tst-tlsgap.c
-
-diff --git a/elf/Makefile b/elf/Makefile
-index c00e2ccfc5..1a05a6aaca 100644
---- a/elf/Makefile
-+++ b/elf/Makefile
-@@ -459,6 +459,7 @@ tests += \
-   tst-tls21 \
-   tst-tlsalign \
-   tst-tlsalign-extern \
-+  tst-tlsgap \
-   tst-unique1 \
-   tst-unique2 \
-   tst-unwind-ctor \
-@@ -883,6 +884,9 @@ modules-names += \
-   tst-tls20mod-bad \
-   tst-tls21mod \
-   tst-tlsalign-lib \
-+  tst-tlsgap-mod0 \
-+  tst-tlsgap-mod1 \
-+  tst-tlsgap-mod2 \
-   tst-tlsmod1 \
-   tst-tlsmod10 \
-   tst-tlsmod11 \
-@@ -3009,3 +3013,14 @@ LDFLAGS-tst-dlclose-lazy-mod1.so = -Wl,-z,lazy,--no-as-needed
- $(objpfx)tst-dlclose-lazy-mod1.so: $(objpfx)tst-dlclose-lazy-mod2.so
- $(objpfx)tst-dlclose-lazy.out: \
-   $(objpfx)tst-dlclose-lazy-mod1.so $(objpfx)tst-dlclose-lazy-mod2.so
-+
-+$(objpfx)tst-tlsgap: $(shared-thread-library)
-+$(objpfx)tst-tlsgap.out: \
-+  $(objpfx)tst-tlsgap-mod0.so \
-+  $(objpfx)tst-tlsgap-mod1.so \
-+  $(objpfx)tst-tlsgap-mod2.so
-+ifeq (yes,$(have-mtls-dialect-gnu2))
-+CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2
-+CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2
-+CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2
-+endif
-diff --git a/elf/tst-tlsgap-mod0.c b/elf/tst-tlsgap-mod0.c
-new file mode 100644
-index 0000000000..1478b0beac
---- /dev/null
-+++ b/elf/tst-tlsgap-mod0.c
-@@ -0,0 +1,2 @@
-+int __thread tls0;
-+int *f0(void) { return &tls0; }
-diff --git a/elf/tst-tlsgap-mod1.c b/elf/tst-tlsgap-mod1.c
-new file mode 100644
-index 0000000000..b10fc3702c
---- /dev/null
-+++ b/elf/tst-tlsgap-mod1.c
-@@ -0,0 +1,2 @@
-+int __thread tls1[100]; /* Size > glibc.rtld.optional_static_tls / 2.  */
-+int *f1(void) { return tls1; }
-diff --git a/elf/tst-tlsgap-mod2.c b/elf/tst-tlsgap-mod2.c
-new file mode 100644
-index 0000000000..166c27d7f3
---- /dev/null
-+++ b/elf/tst-tlsgap-mod2.c
-@@ -0,0 +1,2 @@
-+int __thread tls2;
-+int *f2(void) { return &tls2; }
-diff --git a/elf/tst-tlsgap.c b/elf/tst-tlsgap.c
-new file mode 100644
-index 0000000000..4932885076
---- /dev/null
-+++ b/elf/tst-tlsgap.c
-@@ -0,0 +1,92 @@
-+/* TLS modid gap reuse regression test for bug 29039.
-+   Copyright (C) 2023 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <http://www.gnu.org/licenses/>.  */
-+
-+#include <stdio.h>
-+#include <dlfcn.h>
-+#include <pthread.h>
-+#include <support/xdlfcn.h>
-+#include <support/xthread.h>
-+#include <support/check.h>
-+
-+static void *mod[3];
-+#define MOD(i) "tst-tlsgap-mod" #i ".so"
-+static const char *modname[3] = { MOD(0), MOD(1), MOD(2) };
-+#undef MOD
-+
-+static void
-+open_mod (int i)
-+{
-+  mod[i] = xdlopen (modname[i], RTLD_LAZY);
-+  printf ("open %s\n", modname[i]);
-+}
-+
-+static void
-+close_mod (int i)
-+{
-+  xdlclose (mod[i]);
-+  mod[i] = NULL;
-+  printf ("close %s\n", modname[i]);
-+}
-+
-+static void
-+access_mod (int i, const char *sym)
-+{
-+  int *(*f) (void) = xdlsym (mod[i], sym);
-+  int *p = f ();
-+  printf ("access %s: %s() = %p\n", modname[i], sym, p);
-+  TEST_VERIFY_EXIT (p != NULL);
-+  ++*p;
-+}
-+
-+static void *
-+start (void *arg)
-+{
-+  /* The DTV generation is at the last dlopen of mod0 and the
-+     entry for mod1 is NULL.  */
-+
-+  open_mod (1); /* Reuse modid of mod1. Uses dynamic TLS.  */
-+
-+  /* DTV is unchanged: dlopen only updates the DTV to the latest
-+     generation if static TLS is allocated for a loaded module.
-+
-+     With bug 29039, the TLSDESC relocation in mod1 uses the old
-+     dlclose generation of mod1 instead of the new dlopen one so
-+     DTV is not updated on TLS access.  */
-+
-+  access_mod (1, "f1");
-+
-+  return arg;
-+}
-+
-+static int
-+do_test (void)
-+{
-+  open_mod (0);
-+  open_mod (1);
-+  open_mod (2);
-+  close_mod (0);
-+  close_mod (1); /* Create modid gap at mod1.  */
-+  open_mod (0); /* Reuse modid of mod0, bump generation count.  */
-+
-+  /* Create a thread where DTV of mod1 is NULL.  */
-+  pthread_t t = xpthread_create (NULL, start, NULL);
-+  xpthread_join (t);
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch b/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch
deleted file mode 100644 (file)
index af173fb..0000000
--- a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 35ea7549751d4f13a28c732e6ad68204f5e60a06 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Wed, 20 Dec 2023 16:31:43 -0800
-Subject: [PATCH 36/44] x86-64: Fix the dtv field load for x32 [BZ #31184]
-
-On x32, I got
-
-FAIL: elf/tst-tlsgap
-
-$ gdb elf/tst-tlsgap
-...
-open tst-tlsgap-mod1.so
-
-Thread 2 "tst-tlsgap" received signal SIGSEGV, Segmentation fault.
-[Switching to LWP 2268754]
-_dl_tlsdesc_dynamic () at ../sysdeps/x86_64/dl-tlsdesc.S:108
-108            movq    (%rsi), %rax
-(gdb) p/x $rsi
-$4 = 0xf7dbf9005655fb18
-(gdb)
-
-This is caused by
-
-_dl_tlsdesc_dynamic:
-        _CET_ENDBR
-        /* Preserve call-clobbered registers that we modify.
-           We need two scratch regs anyway.  */
-        movq    %rsi, -16(%rsp)
-        movq    %fs:DTV_OFFSET, %rsi
-
-Since the dtv field in TCB is a pointer, %fs:DTV_OFFSET is a 32-bit
-location, not 64-bit.  Load the dtv field to RSI_LP instead of rsi.
-This fixes BZ #31184.
-
-(cherry picked from commit 3502440397bbb840e2f7223734aa5cc2cc0e29b6)
----
- NEWS                        | 1 +
- sysdeps/x86_64/dl-tlsdesc.S | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/NEWS b/NEWS
-index 5ac488bf9b..71057e4793 100644
---- a/NEWS
-+++ b/NEWS
-@@ -37,6 +37,7 @@ The following bugs are resolved with this release:
-   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-+  [31184] FAIL: elf/tst-tlsgap
- 
- \f
- Version 2.38
-diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S
-index 5593897e29..c4823547d7 100644
---- a/sysdeps/x86_64/dl-tlsdesc.S
-+++ b/sysdeps/x86_64/dl-tlsdesc.S
-@@ -102,7 +102,7 @@ _dl_tlsdesc_dynamic:
-       /* Preserve call-clobbered registers that we modify.
-          We need two scratch regs anyway.  */
-       movq    %rsi, -16(%rsp)
--      movq    %fs:DTV_OFFSET, %rsi
-+      mov     %fs:DTV_OFFSET, %RSI_LP
-       movq    %rdi, -8(%rsp)
-       movq    TLSDESC_ARG(%rax), %rdi
-       movq    (%rsi), %rax
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch b/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch
deleted file mode 100644 (file)
index 31959c2..0000000
--- a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Wed, 20 Dec 2023 19:42:12 -0800
-Subject: [PATCH 37/44] x86-64: Fix the tcb field load for x32 [BZ #31185]
-
-_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer
-via the tcb field in TCB:
-
-_dl_tlsdesc_undefweak:
-        _CET_ENDBR
-        movq    8(%rax), %rax
-        subq    %fs:0, %rax
-        ret
-
-_dl_tlsdesc_dynamic:
-       ...
-        subq    %fs:0, %rax
-        movq    -8(%rsp), %rdi
-        ret
-
-Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location,
-not 64-bit. It should use "sub %fs:0, %RAX_LP" instead.  Since
-_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic
-returns void *, RAX_LP is appropriate here for x32 and x86-64.  This
-fixes BZ #31185.
-
-(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3)
----
- NEWS                        | 1 +
- sysdeps/x86_64/dl-tlsdesc.S | 4 ++--
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 71057e4793..6fbb8a9e1d 100644
---- a/NEWS
-+++ b/NEWS
-@@ -38,6 +38,7 @@ The following bugs are resolved with this release:
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-   [31184] FAIL: elf/tst-tlsgap
-+  [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
- 
- \f
- Version 2.38
-diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S
-index c4823547d7..4579424bf7 100644
---- a/sysdeps/x86_64/dl-tlsdesc.S
-+++ b/sysdeps/x86_64/dl-tlsdesc.S
-@@ -61,7 +61,7 @@ _dl_tlsdesc_return:
- _dl_tlsdesc_undefweak:
-       _CET_ENDBR
-       movq    8(%rax), %rax
--      subq    %fs:0, %rax
-+      sub     %fs:0, %RAX_LP
-       ret
-       cfi_endproc
-       .size   _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak
-@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic:
-       addq    TLSDESC_MODOFF(%rdi), %rax
- .Lret:
-       movq    -16(%rsp), %rsi
--      subq    %fs:0, %rax
-+      sub     %fs:0, %RAX_LP
-       movq    -8(%rsp), %rdi
-       ret
- .Lslow:
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch b/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch
deleted file mode 100644 (file)
index 84be4a1..0000000
--- a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d25e2c8d5cb0778ae87ad43b1f4c301abe5a932b Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Sat, 23 Dec 2023 06:24:41 -0800
-Subject: [PATCH 38/44] NEWS: Mention bug fixes for 29039/30694/30709/30721
-
----
- NEWS | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 6fbb8a9e1d..db4d6c8373 100644
---- a/NEWS
-+++ b/NEWS
-@@ -31,6 +31,10 @@ Security related changes:
- 
- The following bugs are resolved with this release:
- 
-+  [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS
-+  [30694] The iconv program no longer tells the user which given encoding name was wrong
-+  [30709] nscd fails to build with cleanup handler if built with -fexceptions
-+  [30721] x86_64: Fix build with --disable-multiarch
-   [30723] posix_memalign repeatedly scans long bin lists
-   [30789] sem_open will fail on multithreaded scenarios when semaphore
-     file doesn't exist (O_CREAT)
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch b/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch
deleted file mode 100644 (file)
index fc306dc..0000000
--- a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 27339a3eb8f987eebae72b854af80256c1588ebd Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Sat, 23 Dec 2023 06:27:50 -0800
-Subject: [PATCH 39/44] NEWS: Mention bug fixes for 30745/30843
-
----
- NEWS | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index db4d6c8373..905230b838 100644
---- a/NEWS
-+++ b/NEWS
-@@ -36,11 +36,13 @@ The following bugs are resolved with this release:
-   [30709] nscd fails to build with cleanup handler if built with -fexceptions
-   [30721] x86_64: Fix build with --disable-multiarch
-   [30723] posix_memalign repeatedly scans long bin lists
-+  [30745] Slight bug in cache info codes for x86
-   [30789] sem_open will fail on multithreaded scenarios when semaphore
-     file doesn't exist (O_CREAT)
-   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-+  [30843] potential use-after-free in getcanonname (CVE-2023-4806)
-   [31184] FAIL: elf/tst-tlsgap
-   [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch b/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch
deleted file mode 100644 (file)
index ce482f7..0000000
--- a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Wed, 6 Dec 2023 14:48:22 +0100
-Subject: [PATCH 40/44] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
-
-When __resolv_context_get returns NULL due to out of memory, translate it
-to a return value of EAI_MEMORY.
-
-(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f)
----
- sysdeps/posix/getaddrinfo.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index 13082305d3..da573bea24 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
-      function variant.  */
-   res_ctx = __resolv_context_get ();
-   if (res_ctx == NULL)
--    no_more = 1;
-+    {
-+      if (errno == ENOMEM)
-+      {
-+        result = -EAI_MEMORY;
-+        goto out;
-+      }
-+      no_more = 1;
-+    }
- 
-   while (!no_more)
-     {
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch b/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch
deleted file mode 100644 (file)
index b088dba..0000000
--- a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Tue, 2 Jan 2024 14:36:17 +0100
-Subject: [PATCH 41/44] libio: Check remaining buffer size in _IO_wdo_write
- (bug 31183)
-
-The multibyte character needs to fit into the remaining buffer space,
-not the already-written buffer space.  Without the fix, we were never
-moving the write pointer from the start of the buffer, always using
-the single-character fallback buffer.
-
-Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
-a multibyte character to an unbuffered stream (bug 17522)").
-
-(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
----
- NEWS             | 1 +
- libio/wfileops.c | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/NEWS b/NEWS
-index 905230b838..6768c2da6f 100644
---- a/NEWS
-+++ b/NEWS
-@@ -43,6 +43,7 @@ The following bugs are resolved with this release:
-     -D_FILE_OFFSET_BITS=64
-   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
-   [30843] potential use-after-free in getcanonname (CVE-2023-4806)
-+  [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix
-   [31184] FAIL: elf/tst-tlsgap
-   [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
- 
-diff --git a/libio/wfileops.c b/libio/wfileops.c
-index f16f6db1c3..9ab8f2e7f3 100644
---- a/libio/wfileops.c
-+++ b/libio/wfileops.c
-@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
-         char mb_buf[MB_LEN_MAX];
-         char *write_base, *write_ptr, *buf_end;
- 
--        if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
-+        if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
-           {
-             /* Make sure we have room for at least one multibyte
-                character.  */
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
deleted file mode 100644 (file)
index a4229d9..0000000
--- a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-From 23514c72b780f3da097ecf33a793b7ba9c2070d2 Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Mon, 15 Jan 2024 17:44:43 +0100
-Subject: [PATCH 42/44] syslog: Fix heap buffer overflow in __vsyslog_internal
- (CVE-2023-6246)
-
-__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
-containing a long program name failed to update the required buffer
-size, leading to the allocation and overflow of a too-small buffer on
-the heap.  This commit fixes that.  It also adds a new regression test
-that uses glibc.malloc.check.
-
-Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-Tested-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit 6bd0e4efcc78f3c0115e5ea9739a1642807450da)
----
- misc/Makefile                                 |  8 ++-
- misc/syslog.c                                 | 50 +++++++++++++------
- misc/tst-syslog-long-progname.c               | 39 +++++++++++++++
- .../postclean.req                             |  0
- 4 files changed, 82 insertions(+), 15 deletions(-)
- create mode 100644 misc/tst-syslog-long-progname.c
- create mode 100644 misc/tst-syslog-long-progname.root/postclean.req
-
-diff --git a/misc/Makefile b/misc/Makefile
-index fe0d49c1de..90b31952c5 100644
---- a/misc/Makefile
-+++ b/misc/Makefile
-@@ -289,7 +289,10 @@ tests-special += $(objpfx)tst-error1-mem.out \
-   $(objpfx)tst-allocate_once-mem.out
- endif
- 
--tests-container := tst-syslog
-+tests-container := \
-+  tst-syslog \
-+  tst-syslog-long-progname \
-+  # tests-container
- 
- CFLAGS-select.c += -fexceptions -fasynchronous-unwind-tables
- CFLAGS-tsearch.c += $(uses-callbacks)
-@@ -351,6 +354,9 @@ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out
-       $(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \
-       $(evaluate-test)
- 
-+tst-syslog-long-progname-ENV = GLIBC_TUNABLES=glibc.malloc.check=3 \
-+                             LD_PRELOAD=libc_malloc_debug.so.0
-+
- $(objpfx)tst-select: $(librt)
- $(objpfx)tst-select-time64: $(librt)
- $(objpfx)tst-pselect: $(librt)
-diff --git a/misc/syslog.c b/misc/syslog.c
-index 1b8cb722c5..814d224a1e 100644
---- a/misc/syslog.c
-+++ b/misc/syslog.c
-@@ -124,8 +124,9 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
- {
-   /* Try to use a static buffer as an optimization.  */
-   char bufs[1024];
--  char *buf = NULL;
--  size_t bufsize = 0;
-+  char *buf = bufs;
-+  size_t bufsize;
-+
-   int msgoff;
-   int saved_errno = errno;
- 
-@@ -177,29 +178,50 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
- #define SYSLOG_HEADER_WITHOUT_TS(__pri, __msgoff)        \
-   "<%d>: %n", __pri, __msgoff
- 
--  int l;
-+  int l, vl;
-   if (has_ts)
-     l = __snprintf (bufs, sizeof bufs,
-                   SYSLOG_HEADER (pri, timestamp, &msgoff, pid));
-   else
-     l = __snprintf (bufs, sizeof bufs,
-                   SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff));
-+
-+  char *pos;
-+  size_t len;
-+
-   if (0 <= l && l < sizeof bufs)
-     {
--      va_list apc;
--      va_copy (apc, ap);
-+      /* At this point, there is still a chance that we can print the
-+         remaining part of the log into bufs and use that.  */
-+      pos = bufs + l;
-+      len = sizeof (bufs) - l;
-+    }
-+  else
-+    {
-+      buf = NULL;
-+      /* We already know that bufs is too small to use for this log message.
-+         The next vsnprintf into bufs is used only to calculate the total
-+         required buffer length.  We will discard bufs contents and allocate
-+         an appropriately sized buffer later instead.  */
-+      pos = bufs;
-+      len = sizeof (bufs);
-+    }
- 
--      /* Restore errno for %m format.  */
--      __set_errno (saved_errno);
-+  {
-+    va_list apc;
-+    va_copy (apc, ap);
- 
--      int vl = __vsnprintf_internal (bufs + l, sizeof bufs - l, fmt, apc,
--                                     mode_flags);
--      if (0 <= vl && vl < sizeof bufs - l)
--        buf = bufs;
--      bufsize = l + vl;
-+    /* Restore errno for %m format.  */
-+    __set_errno (saved_errno);
- 
--      va_end (apc);
--    }
-+    vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags);
-+
-+    if (!(0 <= vl && vl < len))
-+      buf = NULL;
-+
-+    bufsize = l + vl;
-+    va_end (apc);
-+  }
- 
-   if (buf == NULL)
-     {
-diff --git a/misc/tst-syslog-long-progname.c b/misc/tst-syslog-long-progname.c
-new file mode 100644
-index 0000000000..88f37a8a00
---- /dev/null
-+++ b/misc/tst-syslog-long-progname.c
-@@ -0,0 +1,39 @@
-+/* Test heap buffer overflow in syslog with long __progname (CVE-2023-6246)
-+   Copyright (C) 2023 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <syslog.h>
-+#include <string.h>
-+
-+extern char * __progname;
-+
-+static int
-+do_test (void)
-+{
-+  char long_progname[2048];
-+
-+  memset (long_progname, 'X', sizeof (long_progname) - 1);
-+  long_progname[sizeof (long_progname) - 1] = '\0';
-+
-+  __progname = long_progname;
-+
-+  syslog (LOG_INFO, "Hello, World!");
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/misc/tst-syslog-long-progname.root/postclean.req b/misc/tst-syslog-long-progname.root/postclean.req
-new file mode 100644
-index 0000000000..e69de29bb2
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
deleted file mode 100644 (file)
index 1ee6993..0000000
--- a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From d0338312aace5bbfef85e03055e1212dd0e49578 Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Mon, 15 Jan 2024 17:44:44 +0100
-Subject: [PATCH 43/44] syslog: Fix heap buffer overflow in __vsyslog_internal
- (CVE-2023-6779)
-
-__vsyslog_internal used the return value of snprintf/vsnprintf to
-calculate buffer sizes for memory allocation.  If these functions (for
-any reason) failed and returned -1, the resulting buffer would be too
-small to hold output.  This commit fixes that.
-
-All snprintf/vsnprintf calls are checked for negative return values and
-the function silently returns upon encountering them.
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit 7e5a0c286da33159d47d0122007aac016f3e02cd)
----
- misc/syslog.c | 39 ++++++++++++++++++++++++++++-----------
- 1 file changed, 28 insertions(+), 11 deletions(-)
-
-diff --git a/misc/syslog.c b/misc/syslog.c
-index 814d224a1e..53440e47ad 100644
---- a/misc/syslog.c
-+++ b/misc/syslog.c
-@@ -185,11 +185,13 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
-   else
-     l = __snprintf (bufs, sizeof bufs,
-                   SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff));
-+  if (l < 0)
-+    goto out;
- 
-   char *pos;
-   size_t len;
- 
--  if (0 <= l && l < sizeof bufs)
-+  if (l < sizeof bufs)
-     {
-       /* At this point, there is still a chance that we can print the
-          remaining part of the log into bufs and use that.  */
-@@ -215,12 +217,15 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
-     __set_errno (saved_errno);
- 
-     vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags);
-+    va_end (apc);
-+
-+    if (vl < 0)
-+      goto out;
- 
--    if (!(0 <= vl && vl < len))
-+    if (vl >= len)
-       buf = NULL;
- 
-     bufsize = l + vl;
--    va_end (apc);
-   }
- 
-   if (buf == NULL)
-@@ -231,25 +236,37 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
-         /* Tell the cancellation handler to free this buffer.  */
-         clarg.buf = buf;
- 
-+        int cl;
-         if (has_ts)
--          __snprintf (buf, l + 1,
--                      SYSLOG_HEADER (pri, timestamp, &msgoff, pid));
-+          cl = __snprintf (buf, l + 1,
-+                           SYSLOG_HEADER (pri, timestamp, &msgoff, pid));
-         else
--          __snprintf (buf, l + 1,
--                      SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff));
-+          cl = __snprintf (buf, l + 1,
-+                           SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff));
-+        if (cl != l)
-+          goto out;
- 
-         va_list apc;
-         va_copy (apc, ap);
--        __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc,
--                              mode_flags);
-+        cl = __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc,
-+                                   mode_flags);
-         va_end (apc);
-+
-+        if (cl != vl)
-+          goto out;
-       }
-       else
-         {
-+          int bl;
-         /* Nothing much to do but emit an error message.  */
--          bufsize = __snprintf (bufs, sizeof bufs,
--                                "out of memory[%d]", __getpid ());
-+          bl = __snprintf (bufs, sizeof bufs,
-+                           "out of memory[%d]", __getpid ());
-+          if (bl < 0 || bl >= sizeof bufs)
-+            goto out;
-+
-+          bufsize = bl;
-           buf = bufs;
-+          msgoff = 0;
-         }
-     }
- 
--- 
-2.39.2
-

diff --git a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch b/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch
deleted file mode 100644 (file)
index b7ff1f9..0000000
--- a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d37c2b20a4787463d192b32041c3406c2bd91de0 Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Mon, 15 Jan 2024 17:44:45 +0100
-Subject: [PATCH 44/44] syslog: Fix integer overflow in __vsyslog_internal
- (CVE-2023-6780)
-
-__vsyslog_internal calculated a buffer size by adding two integers, but
-did not first check if the addition would overflow.  This commit fixes
-that.
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-Tested-by: Carlos O'Donell <carlos@redhat.com>
-(cherry picked from commit ddf542da94caf97ff43cc2875c88749880b7259b)
----
- misc/syslog.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/misc/syslog.c b/misc/syslog.c
-index 53440e47ad..4af87f54fd 100644
---- a/misc/syslog.c
-+++ b/misc/syslog.c
-@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)syslog.c 8.4 (Berkeley) 3/18/94";
- #include <sys/uio.h>
- #include <sys/un.h>
- #include <syslog.h>
-+#include <limits.h>
- 
- static int LogType = SOCK_DGRAM;      /* type of socket connection */
- static int LogFile = -1;              /* fd for log */
-@@ -219,7 +220,7 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap,
-     vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags);
-     va_end (apc);
- 
--    if (vl < 0)
-+    if (vl < 0 || vl >= INT_MAX - l)
-       goto out;
- 
-     if (vl >= len)
--- 
-2.39.2
-

diff --git a/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch b/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch
deleted file mode 100644 (file)
index 9df561f..0000000
--- a/src/patches/ipxe-1b67a05-be-explicit-about-fcommon-compiler-directive.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f982a712979619dbae2c6e0d741757e2ce94be11 Mon Sep 17 00:00:00 2001
-From: Bruce Rogers <brogers@suse.com>
-Date: Wed, 6 May 2020 15:03:02 -0600
-Subject: [PATCH] [build] Be explicit about -fcommon compiler directive
-
-gcc10 switched default behavior from -fcommon to -fno-common.  Since
-"__shared" relies on the legacy behavior, explicitly specify it.
-
-Signed-off-by: Bruce Rogers <brogers@suse.com>
-Modified-by: Michael Brown <mcb30@ipxe.org>
-Signed-off-by: Michael Brown <mcb30@ipxe.org>
----
- src/Makefile.housekeeping | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
-index 66d6dd449..b6c61c112 100644
---- a/src/Makefile.housekeeping
-+++ b/src/Makefile.housekeeping
-@@ -418,6 +418,7 @@ CFLAGS             += -Os
- CFLAGS                += -g
- ifeq ($(CCTYPE),gcc)
- CFLAGS                += -ffreestanding
-+CFLAGS                += -fcommon
- CFLAGS                += -Wall -W -Wformat-nonliteral
- HOST_CFLAGS   += -Wall -W -Wformat-nonliteral
- endif

diff --git a/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch b/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch
deleted file mode 100644 (file)
index af4bd59..0000000
--- a/src/patches/ipxe-fix-stringop-truncation-warning-with-gcc-8-x.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From ddfb60813c74e988ba7c16dbbe1b163593c9da4e Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Tue, 15 May 2018 23:25:01 +0200
-Subject: [PATCH] [build] fix stringop truncation warning with GCC 8.x
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-GCC 8.x gives a warning about stringop truncation:
-
-util/elf2efi.c:497:2: error: ‘strncpy’ specified bound 8 equals destination
-size [-Werror=stringop-truncation]
-
-It assumes that strncpy() is intended to copy strings, which are NULL
-terminated. We do copy fixed size memory regions, so use memcpy() instead.
----
- src/util/elf2efi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c
-index 6718df777..de3c92463 100644
---- a/src/util/elf2efi.c
-+++ b/src/util/elf2efi.c
-@@ -494,7 +494,7 @@ static struct pe_section * process_section ( struct elf_file *elf,
-       memset ( new, 0, sizeof ( *new ) + section_filesz );
- 
-       /* Fill in section header details */
--      strncpy ( ( char * ) new->hdr.Name, name, sizeof ( new->hdr.Name ) );
-+      memcpy ( ( char * ) new->hdr.Name, name, sizeof ( new->hdr.Name ) );
-       new->hdr.Misc.VirtualSize = section_memsz;
-       new->hdr.VirtualAddress = shdr->sh_addr;
-       new->hdr.SizeOfRawData = section_filesz;

diff --git a/src/patches/ipxe-handle-R_X86_64_PLT32.patch b/src/patches/ipxe-handle-R_X86_64_PLT32.patch
deleted file mode 100644 (file)
index ef2d434..0000000
--- a/src/patches/ipxe-handle-R_X86_64_PLT32.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 5dce2d454b2829431e0484ac0f993b7a2759e0df Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Sat, 25 Aug 2018 13:53:08 +0200
-Subject: [PATCH] [build] handle R_X86_64_PLT32 from binutils 2.31
-
-Starting from binutils 2.31.0 (commit bd7ab16b) x86-64 assembler
-generates R_X86_64_PLT32 instead of R_X86_64_PC32.
----
- src/util/elf2efi.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c
-index 6718df777..2c5b9df8a 100644
---- a/src/util/elf2efi.c
-+++ b/src/util/elf2efi.c
-@@ -636,6 +636,7 @@ static void process_reloc ( struct elf_file *elf, const Elf_Shdr *shdr,
-               case ELF_MREL ( EM_ARM, R_ARM_THM_JUMP24 ) :
-               case ELF_MREL ( EM_ARM, R_ARM_V4BX ):
-               case ELF_MREL ( EM_X86_64, R_X86_64_PC32 ) :
-+              case ELF_MREL ( EM_X86_64, R_X86_64_PLT32 ) :
-               case ELF_MREL ( EM_AARCH64, R_AARCH64_CALL26 ) :
-               case ELF_MREL ( EM_AARCH64, R_AARCH64_JUMP26 ) :
-               case ELF_MREL ( EM_AARCH64, R_AARCH64_ADR_PREL_LO21 ) :

diff --git a/src/patches/ipxe-use-the-right-sized-register-for-push.patch b/src/patches/ipxe-use-the-right-sized-register-for-push.patch
deleted file mode 100644 (file)
index 99b76de..0000000
--- a/src/patches/ipxe-use-the-right-sized-register-for-push.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 08caa8be3a143d6f33782f398b7937efb39ff283 Mon Sep 17 00:00:00 2001
-From: Justin Cano <5184128+jstncno@users.noreply.github.com>
-Date: Thu, 3 Aug 2023 09:58:11 -0700
-Subject: [PATCH] Use the right sized register for the push operand based on
- the size of the value being pushed
-
-Fixes https://github.com/ipxe/ipxe/issues/997
----
- src/arch/x86/include/librm.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/arch/x86/include/librm.h b/src/arch/x86/include/librm.h
-index 5196d390fa..d9e748adfc 100644
---- a/src/arch/x86/include/librm.h
-+++ b/src/arch/x86/include/librm.h
-@@ -250,8 +250,10 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size );
- /* CODE_DEFAULT: restore default .code32/.code64 directive */
- #ifdef __x86_64__
- #define CODE_DEFAULT ".code64"
-+#define PUSH "pushq"
- #else
- #define CODE_DEFAULT ".code32"
-+#define PUSH "pushl"
- #endif
- 
- /* LINE_SYMBOL: declare a symbol for the current source code line */
-@@ -268,7 +270,7 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size );
- 
- /* REAL_CODE: declare a fragment of code that executes in real mode */
- #define REAL_CODE( asm_code_str )                     \
--      "push $1f\n\t"                                  \
-+      PUSH " $1f\n\t"                                 \
-       "call real_call\n\t"                            \
-       TEXT16_CODE ( "\n1:\n\t"                        \
-                     asm_code_str                      \
-@@ -277,7 +279,7 @@ extern void remove_user_from_rm_stack ( userptr_t data, size_t size );
- 
- /* PHYS_CODE: declare a fragment of code that executes in flat physical mode */
- #define PHYS_CODE( asm_code_str )                     \
--      "push $1f\n\t"                                  \
-+      PUSH " $1f\n\t"                                 \
-       "call phys_call\n\t"                            \
-       ".section \".text.phys\", \"ax\", @progbits\n\t"\
-       "\n" LINE_SYMBOL "\n\t"                         \

diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
deleted file mode 100644 (file)
index f152981..0000000
--- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index d56d3a550..81abf8f00 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2424,7 +2424,7 @@ fi
-     AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
-     if test "$HAVE_GETCONF_CMD" != "no"; then
-         CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
--        if [test "$CLS" != "" && test "$CLS" != "0"]; then
-+        if [test "$CLS" != "" && test "$CLS" != "0" && test "$CLS" != "undefined"]; then
-             AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size])
-         else
-             AC_DEFINE([CLS],[64],[L1 cache line size])

diff --git a/tools/checkrootfiles b/tools/checkrootfiles
index 5036ce2d0f1289bd8801f281176acdaef2ae656b..9437de6f14503b7b191774db2e734ba0535baa5c 100755 (executable)
--- a/tools/checkrootfiles
+++ b/tools/checkrootfiles
@@ -19,49 +19,96 @@
 #                                                                             #
 ###############################################################################
 
-grep -r "^etc/init.d//*" ./config/rootfiles/ >/dev/null 2>&1
-if [ "${?}" == "0" ]; then
-       echo "Error! 'etc/init.d/...' in rootfiles files found!"
-       grep -r "^etc/init.d//*" ./config/rootfiles/
-       echo "Change this to 'etc/rc.d/init.d/...' !"
-fi
-
-grep -r "^var/run//*" ./config/rootfiles/ >/dev/null 2>&1
-if [ "${?}" == "0" ]; then
-       echo "Error! 'var/run/...' in rootfiles files found!"
-       grep -r "^var/run//*" ./config/rootfiles/
-       echo "Comment this and create it at initskript if needed !"
-fi
-
-grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \
-    --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \
-    --exclude update.sh --exclude qemu --exclude cmake --exclude xfsprogs \
-    --exclude-dir oldcore --exclude-dir x86_64 >/dev/null 2>&1
-if [ "${?}" == "0" ]; then
-       echo "Error! '/x86_64' in rootfiles files found!"
-       grep -r 'x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \
-    --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64  \
-    --exclude update.sh  --exclude qemu --exclude cmake --exclude xfsprogs \
-    --exclude-dir oldcore --exclude-dir x86_64
-       echo "Replace by xxxMACHINExxx !"
-fi
-
-grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb \
-     --exclude qemu --exclude liburcu --exclude abseil-cpp \
-     --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1
-if [ "${?}" == "0" ]; then
-       echo "Error! 'aarch64' in rootfiles files found!"
-       grep -r 'aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb \
-    --exclude qemu --exclude liburcu --exclude abseil-cpp \
-    --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64
-       echo "Replace by xxxMACHINExxx !"
-fi
-
-grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude qemu \
-     --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64  >/dev/null 2>&1
-if [ "${?}" == "0" ]; then
-       echo "Error! 'riscv64' in rootfiles files found!"
-       grep -r 'riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude go --exclude qemu \
-    --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64
-       echo "Replace by xxxMACHINExxx !"
-fi
+# All supported architectures
+ARCHES=(
+       aarch64
+       riscv64
+       x86_64
+)
+
+# A list of files that are not scanned
+# because they probably cause some false positives.
+EXCLUDED_FILES=(
+       qemu
+)
+
+ARGS=(
+       # Search path
+       "config/rootfiles"
+
+       # Exclude old core updates
+       "--exclude-dir" "oldcore"
+
+       # Ignore the update scripts
+       "--exclude" "update.sh"
+)
+
+check_for_arch() {
+       local arch="${1}"
+
+       local args=(
+               "${ARGS[@]}"
+       )
+
+       # Exclude any architecture-specific directories
+       local a
+       for a in ${ARCHES[@]}; do
+               args+=( "--exclude-dir" "${a}" )
+       done
+
+       # Exclude all excluded files
+       local x
+       for x in ${EXCLUDED_FILES[@]}; do
+               args+=( "--exclude" "${x}" )
+       done
+
+       # Search for all lines that contain the architecture, but exclude commented lines
+       grep -r "^[^#].*${arch}" "${args[@]}"
+}
+
+check_for_pattern() {
+       local pattern="${1}"
+       local message="${2}"
+
+       local args=(
+               "${ARGS[@]}"
+       )
+
+       if grep -r "${pattern}" "${args[@]}"; then
+               if [ -n "${message}" ]; then
+                       echo "ERROR: ${message}"
+               else
+                       echo "ERROR: Files matching '${pattern}' have been found in the rootfiles"
+               fi
+               return 1
+       fi
+
+       return 0
+}
+
+main() {
+       local failed=0
+
+       # Check for /etc/init.d
+       if ! check_for_pattern "^etc/init\.d/" \
+                       "/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then
+               failed=1
+       fi
+
+       # Check for /var/run
+       if ! check_for_pattern "^var/run/.*" \
+                       "You cannot ship files in /var/run as it is a ramdisk"; then
+               failed=1
+       fi
+
+       # Check architectures
+       local arch
+       for arch in ${ARCHES[@]}; do
+               check_for_arch "${arch}" || failed=$?
+       done
+
+       # Return the error
+       return ${failed}
+}
+
+main "$@" || exit $?