Michael Tremer [Sat, 23 Mar 2024 14:03:36 +0000 (15:03 +0100)]
openvpnctrl: Rewrite the entire thing
This binary because a major headache as it has been changed so many
times by so many people neglegting the code quality. Therefore, the
logic has now been moved into initscripts and the binary changed so that
it only serves as a SUID wrapper to call the initscripts.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 23 Mar 2024 13:57:19 +0000 (14:57 +0100)]
initscripts: No longer restart OpenVPN when RED comes up/goes down
This is probably a relic from when dial-up connections where on trend
and systems were offline for long times of the day. Now, we should
always be on and there is no need to restart all those services on a
reconnect.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 20 Mar 2024 19:38:52 +0000 (20:38 +0100)]
ovpnmain.cgi: Migrate to subnet topology
For dynamic pools, this change is easy and does not require any extra
steps. For CCD clients however, we need to update the configuration to
replace the server IP address with the subnet mask.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 20 Mar 2024 13:56:20 +0000 (14:56 +0100)]
ovpnmain.cgi: Drop validdotmask()
This is a totally braindead function that prevented some basic usability
by using the more modern prefix notation. It simply checks if there is a
freaking dot. Great!
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 19:44:18 +0000 (20:44 +0100)]
ovpnmain.cgi: Force NCP on clients
This change requires that all clients support NCP if they are set up
with a new connection. Existing clients remain supported using the
fallback cipher option.
This will result that connections with OpenVPN <= 2.3 cannot be set up
any more which is totally fine since that version is EOL.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 19:11:31 +0000 (20:11 +0100)]
ovpnmain.cgi: Completely remove compression for RW clients
We will use the "compress migrate" option which disables compression by
default. If a client has been found that wants to use compression, the
server will push "stub-v2" to disable it. If that does not work, the
server might fall back to compression.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Mar 2024 15:32:33 +0000 (16:32 +0100)]
ovpnmain.cgi: Drop newcleanssldatabase()
I have no idea why this was added when there is a function that does the
same already. The remove function also had typos in the path which
probably resulted in it not working very well.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 13 Jul 2025 09:39:34 +0000 (11:39 +0200)]
lm_sensors: Update to version 3.6.2
- Update from version 3.6.0 to 3.6.2
- Update of rootfiles for all architectures
- The original repo for lm_sensors had the last update in 2019 (3.6.0) and the last
commit in 2021. That repo was forked and has released two updates since then. This
repo is being used by Arch Linux and Ubuntu have changed to it in the latest Questing
Quokka version.
- The owner of this new repo has also taken some of the pull requests from the old repo
and merged them into the new one. Also some fixes from the Debian releases have also
been merged into the new repo.
- The only downside with this new repo is that version 3.6.2 was released in Jan 2024
and that release was the last commit in this new repo. So not sure if any further
updates will be forthcoming.
- If it is not considered suitable to update to this repo because it looks to no longer
be getting updated then this patch can be rejected.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 10:14:16 +0000 (12:14 +0200)]
btrfs-progs: Update to version 6.15
- Update from version 6.14 to 6.15
- Update of rootfile not required
- Changelog
6.15
* mkfs: new option --inode-flags to specify flags/attributes for
inodes/directories/subvolumes
* check:
* fix false alert on missing checksum for hole
* in lowmem mode, fix false alerts when checking refs
* convert: check feature compatibility when enabling block-group-tree
* tune convert-bgt: fix resume of conversion
* rescue: add new command fix-data-checksum, selectively fix or find
mismatching checksums
* other:
* new and updated tests
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 10 Jul 2025 07:44:28 +0000 (09:44 +0200)]
cifs-utils: Update to version 7.4
- Update fropm version 7.3 to 7.4
- Update of rootfile
- According to Linux From Scratch cifs-utils-7.4 requires the autoreconf to work with
gcc-15. Certainly without it the build failed.
- Changelog
7.4
mount.cifs: retry mount on -EINPROGRESS
cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP
cifs.upcall: fix memory leaks in check_service_ticket_exits()
getcifsacl, setcifsacl: use <libgen.h> for basename
cifscreds: use <libgen.h> for basename
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 10 Jul 2025 07:44:29 +0000 (09:44 +0200)]
libtalloc: Update to version 2.4.3
- Update from version 2.4.2 to 2.4.3
- Update of rootfile
- The last changelog is recorded in the sourcde tarball is from 2007. The only place I
have found anything is by filtering the samba gitlab mirror to show the commits
related to talloc.
https://gitlab.com/samba-team/samba/-/commits/talloc-2.4.3?ref_type=tags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 12:09:49 +0000 (14:09 +0200)]
json-glib: Move to be built after glib has been built
- Shifted to build after glib is built and removed the dist entry that is used for
addons.
- Checked the glib library and the libgio entries are uncommented so that should be okay
- Checked build and this package then built with no problems but in the addon package
build section libtpms failed to build as it was missing the dist entry. Also the same
with swtpm so this is a patch set with the changes to those two packages as well.
- Full build tested out and confirmed working on x86_64 with this patch set applied.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 08:11:46 +0000 (10:11 +0200)]
libhtp: Update to version 0.5.51
- Update from version 0.5.50 to 0.5.51
- Update of rootfile not required
- suricata-7.0.11 requires libhtp-0.5.51
- Changelog
0.5.51
- decompressors: fix leak in lzma error case
- request: do not fully error on data after HTTP/0.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Jul 2025 08:11:45 +0000 (10:11 +0200)]
suricata: Update to version 7.0.11
- Update from version 7.0.10 to 7.0.11
- Update of rootfile not required
- Changelog
7.0.11
Security #7766: libhtp-c: memory leak with lzma(HIGH - CVE 2025-53537)
Security #7659: http2: global tx (stream id 0) may open file and never close it
(7.0.x backport)(HIGH - CVE 2025-53538)
Bug #7779: mpm/ac: error "Just ran out of space in the queue" (7.0.x backport)
Bug #7748: byte_extract: issue with saved 'name' in distance keyword
(7.0.x backport)
Bug #7736: brotli: old crate version has integer underflow (7.0.x backport)
Bug #7731: dcerpc: uint16 overflow (rust debug assertion) (7.0.x backport)
Bug #7716: snmp: probing parser returns ALPROTO_FAILED instead of
ALPROTO_UNKNOWN if slice.len() < 4 (7.0.x backport)
Bug #7690: datasets: set type IP can't set IPv4 (7.0.x backport)
Bug #7688: flow: non-TCP protocol timeout handling leads to missing flows
(7.0.x backport)
Bug #7682: flow: race condition at shutdown leads to duplicate flows
(7.0.x backport)
Bug #7670: http: lack of setting updated_ts leads to detection delay
(7.0.x backport)
Bug #7663: ips: deconflict pass flow and drop packet rules (7.0.x backport)
Bug #7661: pcap: continuous file reading fails on an empty directory
(7.0.x backport)
Bug #7652: rust: warnings with rustc 1.86
Bug #7610: http: reachable assertion when memcap reached during rule reload
Bug #7375: dpdk: iface-copy should not be mandatory (7.0.x backport)
Bug #7293: CI: clang-format does not work for main-7.0.x branch (7.0.x backport)
Optimization #7781: mpm/ac-ks: reduce stack usage (7.0.x backport)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 4 Jul 2025 16:33:00 +0000 (18:33 +0200)]
libtasn1: Update to version 4.20.0 & move before gnutls
- Update from version 4.19.0 to 4.20.0
- Update of rootfile
- Move earlier in make.sh so that the library can be used by gnutls in place of the
gnutls bundled version.
- Fix for a CVE
- Changelog
4.20.0
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or
SET OF elements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
