Adolf Belka [Wed, 15 Jan 2025 13:25:49 +0000 (14:25 +0100)]
rsync: Update to version 3.4.0
- Update from version 3.3.0 to 3.4.0
- Update of rootfile not required
- Changelog
3.4.0
Release 3.4.0 is a security release that fixes a number of important
vulnerabilities. For more details on the vulnerabilities please see the CERT
report https://kb.cert.org/vuls/id/952657
PROTOCOL NUMBER:
- The protocol number was changed to 32 to make it easier for
administrators to check their servers have been updated
SECURITY FIXES:
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
- CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
- CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
- CVE-2024-12086 - Server leaks arbitrary client files.
- CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.
- CVE-2024-12088 - --safe-links Bypass.
- CVE-2024-12747 - symlink race condition.
BUG FIXES:
- Fixed the included popt to avoid a memory error on modern gcc versions.
- Fixed an incorrect extern variable's type that caused an ACL issue on macOS.
- Fixed IPv6 configure check
INTERNAL:
- Updated included popt to version 1.19.
DEVELOPER RELATED:
- Various improvements to the release scripts and git setup.
- Improved packaging/var-checker to identify variable type issues.
- added FreeBSD and Solaris CI builds
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:26 +0000 (17:29 +0100)]
miniupnpc: revert the addition of this package due to transmission reversion
- As transmission has been reverted back to version 4.0.5 then miniupnpc is no longer
needed for building or runtime.
- This removes the minupnpc lfs and rootfile files. It also removes miniupnpc from
the make.sh file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:25 +0000 (17:29 +0100)]
transmission: revert version back to 4.0.5
- Revert back from 4.0.6 to 4.0.5 due to a bug in 4.0.6 that has resulted in a variety
of torrent mirrors banning transmission-4.0.6
- The update from 4.0.5 to 4.0.6 did not have any security fixes in it so there is no
issue in moving backward to 4.0.5
- A fix has been created but it is unclear when (and if) version 4.0.7 will be released.
The fix has also been included in version 4.1.0 but this is still in beta development
form.
- Version 4.0.6 required minupnpc for building and run time. This reversion is also
removing miniupnpc in an associated patch in this patch set.
- No change required in the rootfile.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 14 Dec 2024 12:05:47 +0000 (12:05 +0000)]
flash-image: Create a journal when the filesystem is being created
We recently started to have problems when a new installation was
launched from the flash image that creating the journal corrupted the
filesystem on the next mount operation.
Since we would like all IPFire installations to have a journal, we
create this now when we create the image and won't try to add it later.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 14 Dec 2024 12:05:46 +0000 (12:05 +0000)]
installer: Remove the option to install without journal
It was possible to install a new system without a journal. I think this
is a very outdated concept now and should be avoided in favour of
filesystem integrity.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 7 Dec 2024 11:50:51 +0000 (11:50 +0000)]
Config: Don't interpret file names as regular expressions
When we are searching for changes in rootfiles, we walk through each
file that we have found in the build and check if it exists in the
rootfile. That check interpreted filenames as regular expressions which
caused a problem in the case of "/usr/bin/[".
This patch changes that grep will only search for an exact string match
(-F) and the string must be the entire line (-x).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sat, 7 Dec 2024 15:03:59 +0000 (16:03 +0100)]
openssh: Introduce include directory for additional sshd config files
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20240910 to 20241029
- Update of rootfile not required
- Changelog 20241029
Update for functional issues. Refer to 14th/13th Generation Intel® Core™
Processor Specification Update for details at
https://cdrdv2.intel.com/v1/dl/getContent/740518
Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
RPL-E/HX/S B0 06-b7-01/32 000001290000012b Core Gen13/Gen14
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When we import all static leases, their remark will be used as hostname
(because WTF?) and might be overwritten if the device is not sending any
or even the same hostname.
This patch avoids that static leases will be modified.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 21 Oct 2024 16:38:47 +0000 (16:38 +0000)]
unbound-dhcp-leases-bridge: Fix typo
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 21 Oct 2024 16:38:46 +0000 (16:38 +0000)]
unbound-dhcp-leases-bridge: Don't export expired leases to Unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This option needs to be configurable since some (braindead) ISPs have
started running broken DHCP servers to be bug-compatible with cheap
broken plastic routers.
By default we keep this option enabled, but it can now be turned off
whenever needed.
Suggested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 17 Oct 2024 14:54:16 +0000 (14:54 +0000)]
chown: Replace . with : on all shipped scripts
I don't like this messy bootup screen that we have with all sorts of
warnings that actually don't cause any problems, but make the boot
messy and send the wrong message to users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 15 Oct 2024 07:35:22 +0000 (09:35 +0200)]
dhcpcd: Update to version 10.1.0
- Update from version 10.0.10 to 10.1.0
- Update of rootfile not required
- Changelog
10.1.0
Bug Fixes
dhcp: get_option_uint32/16 only accept options with correct len by
@taoyl-g in #357
Include frame header in buffer length by @acst1223 in #371
For full changelog see commits delta in
https://github.com/NetworkConfiguration/dhcpcd/compare/v10.0.10...v10.1.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 10 Oct 2024 16:01:11 +0000 (18:01 +0200)]
tshark: Update to version 4.4.1
- Update from version 4.2.7 to 4.4.1
- The 4.4.x series is the new Stable Release replascing the 4.2.x series which becomes
the Old Stable Release.
- There is an sobump so find-dependencies was run for the three libraries with changes
but all linked programs are within tshark.
- Changelog is too large to include here. Links provided
4.4.1
https://www.wireshark.org/docs/relnotes/wireshark-4.4.1.html
4.4.0
https://www.wireshark.org/docs/relnotes/wireshark-4.4.0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 8 Oct 2024 16:45:59 +0000 (18:45 +0200)]
mpfire: removal as discussed in Conf call 7th Oct
- removal of lfs, rootfile, backup, paks, misc-progs, mpfire perl, language file
content, mpfire.cgi, mpfire menu references and files, mpfire specific image,
web-user-interface references and references in manualpages.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 8 Oct 2024 12:24:24 +0000 (14:24 +0200)]
ppp: Update to version 2.5.1
- Update from version commit e1266c7 to 2.5.1
- Version 2.5.1 has around 34 additional commits from e1266c7. To me all look minor
changes, some related to other system types such as Solaris that we don't use.
- Update of rootfile
- They have added example to the configuration files to prevent accidental overwriting
of configuration systems.
- Changelog - There is no longer any changelog provided. Even the one that used to
exist for version 2.5.0 has been removed. The only option now is to look through the
commits - https://github.com/ppp-project/ppp/commits/master/?before=d5aeec65752d4a9b3bb46771d0b221c4a4a6539e+35
- Some of the patches had to be updated as the changes were enough that some hunks did
not get found for patching. Patch file number 6 has been removed as the sed lines are
no longer to be found in the configure file. The other files that patched successfully
were renamed to 2.5.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
