mpd: move scripts and config from mpfire to mpd this allows to use mpd without mpfire installed. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
cpufrequtils: hide output on disabled cores. We disable cores if the are affected by some cpu vulnerabilities this cores report errors if you try to change the settings. So only print the output for core0 and hide it for all cores. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
cpufrequtils: fix initskript for amd-pstate the initskript loads a test-modul for amd-pstate (which traces on intel) and off course reports errors if firmware settings are missing. this also fix the error at start because also amd-pstate doesn't support ondemand mode. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
suricata: Update to version 7.0.2 - Update from version 6.0.15 to 7.0.2 - Update of rootfile - suricata 7.0.2 requires libhtp >= 0.5.45 it also requires libelf.so.1 for execution. Previous suricata versions only required libelf for building. libelf or elfutils are not mentioned anywhere in the changelog - Without elfutils available during starting then suricata fails to start due to libelf.so.1 not being available. - Tested out suricata7 with elfutils on my vm testbed and it successfully started. - The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this is not available in suricata-7.0.2. It looks like that patch was never actually used in suricata as all the builds I checked used the configure file from the source tarball and the configure was never created by running autoconf on the configure.ac - Changelog is too large to include here. Details can be found in the ChangeLog file in the source tarball Fixes: Bug#13516 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
glibc: Update to 2.39 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ipfire-netboot: Update iPXE to version 0cc0f47 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
installer: Fail if the bootloader could not be installed If GRUB could not be installed during installation, the installer continued without reporting the error to the user. This change will make the installer fail. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic - This v3 version now has two if loops allowing logging of incoming drop hostile or outgoing drop hostile or both or neither. - Dependent on the choice in optionsfw.cgi this loop will either log or not log the dropped hostile traffic. Fixes: bug12981 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
readline: Update patches to patch 1 to patch 10 - Update from version 8.2 with patch 1 to 8.2 with patches 1 to 10 - Update of rootfile not required - Changelog Patch 10 Fix the case where text to be completed from the line buffer (quoted) is compared to the common prefix of the possible matches (unquoted) and the quoting makes the former appear to be longer than the latter. Readline assumes the match doesn't add any characters to the word and doesn't display multiple matches. Patch 9 Fix issue where the directory name portion of the word to be completed (the part that is passed to opendir()) requires both tilde expansion and dequoting. Readline only performed tilde expansion in this case, so filename completion would fail. Patch 8 Add missing prototypes for several function declarations. Patch 7 If readline is called with no prompt, it should display a newline if return is typed on an empty line. It should still suppress the final newline if return is typed on the last (empty) line of a multi-line command. Patch 6 This is a variant of the same issue as the one fixed by patch 5. In this case, the signal arrives and is pending before readline calls rl_getc(). When this happens, the pending signal will be handled by the loop, but may alter or destroy some state that the callback uses. Readline needs to treat this case the same way it would if a signal interrupts pselect/select, so compound operations like searches and reading numeric arguments get cleaned up properly. Patch 5 If an application is using readline in callback mode, and a signal arrives after readline checks for it in rl_callback_read_char() but before it restores the application's signal handlers, it won't get processed until the next time the application calls rl_callback_read_char(). Readline needs to check for and resend any pending signals after restoring the application's signal handlers. Patch 4 There are systems that supply one of select or pselect, but not both. Patch 3 The custom color prefix that readline uses to color possible completions must have a leading `.'. Patch 2 It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
glibc: Import latest patches from upstream These include (amongst others) fixes for: GLIBC-SA-2024-0001: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246) __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. GLIBC-SA-2024-0002: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779) __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. GLIBC-SA-2024-0003: =================== syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
collectd: Do not sync Calling a global sync operation manually is generally a bad idea as it can block for forever. If people have storage that does not retain anything that is being written to it, they need to fix their hardware. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
bash: Update to include patches 22 to 26 - Update from version 5.2 with patches 1 to 21 to 5.2 with patches 1 to 26 - Update of rootfile not required - Changelog Patch 26 The custom color prefix that readline uses to color possible completions must have a leading `.'. Patch 25 Make sure a subshell checks for and handles any terminating signals before exiting (which might have arrived after the command completed) so the parent and any EXIT trap will see the correct value for $?. Patch 24 Fix bug where associative array compound assignment would not expand tildes in values. Patch 23 Running `local -' multiple times in a shell function would overwrite the original saved set of options. Patch 22 It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
mympd: new addon to control mpd via WebGUI myMPD is written in C and has a nice WebGUI to play local music and also a WebRadio browser. This is to replace the removec client175. After install it can reached via https://IP_OF_THE_IPFIRE:8800 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>