people/pmueller/ipfire-2.x.git
2 weeks agoBump PAK_VER for all packages that use SERVICES master
Michael Tremer [Thu, 15 Sep 2022 10:43:54 +0000 (10:43 +0000)] 
Bump PAK_VER for all packages that use SERVICES

Since we have extended services.cgi that it reads the Services field
from the Pakfire metadata, we will need to make sure that that metadata
is going to be on those systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agoRun "./make.sh lang"
Michael Tremer [Tue, 13 Sep 2022 10:20:43 +0000 (10:20 +0000)] 
Run "./make.sh lang"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agoMerge remote-tracking branch 'origin/next'
Michael Tremer [Tue, 13 Sep 2022 10:20:19 +0000 (10:20 +0000)] 
Merge remote-tracking branch 'origin/next'

3 weeks agoCUPS: Bump package number after revert
Peter Müller [Mon, 12 Sep 2022 19:46:59 +0000 (19:46 +0000)] 
CUPS: Bump package number after revert

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
3 weeks agoRevert "CUPS: Update to 2.4.2"
Peter Müller [Mon, 12 Sep 2022 19:46:18 +0000 (19:46 +0000)] 
Revert "CUPS: Update to 2.4.2"

This reverts commit ffce292e7a864e547de575d3b0b8be1a2b91cd5f.

See: #12924
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
3 weeks agoMerge remote-tracking branch 'origin/next'
Michael Tremer [Sun, 11 Sep 2022 09:42:17 +0000 (09:42 +0000)] 
Merge remote-tracking branch 'origin/next'

3 weeks agoCore Update 170: Ship files related to #12925
Peter Müller [Sun, 11 Sep 2022 08:13:27 +0000 (08:13 +0000)] 
Core Update 170: Ship files related to #12925

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
3 weeks agoproxy.cgi: Correctly validate domain lists
Michael Tremer [Tue, 6 Sep 2022 12:15:54 +0000 (14:15 +0200)] 
proxy.cgi: Correctly validate domain lists

Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agomail.cgi: Validate email recipient
Michael Tremer [Tue, 6 Sep 2022 11:58:22 +0000 (13:58 +0200)] 
mail.cgi: Validate email recipient

The email recipient was not correctly validated which allowed for some
stored cross-site scripting vulnerability.

Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agosetaliases: Use "secondary" flag instead of scope
Michael Tremer [Fri, 9 Sep 2022 13:58:15 +0000 (13:58 +0000)] 
setaliases: Use "secondary" flag instead of scope

The scope option does not seem to work at all now, which is surprising
since I tested it quite well.

The secondary flag cannot be set from userspace (aparently), but it
works, so I would prefer to go with this option for now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 weeks agoMerge remote-tracking branch 'origin/next'
Michael Tremer [Mon, 5 Sep 2022 10:07:45 +0000 (10:07 +0000)] 
Merge remote-tracking branch 'origin/next'

4 weeks agoconfigroot: Create "settings" and "modify" files for ipblocklist
Peter Müller [Thu, 1 Sep 2022 20:30:18 +0000 (20:30 +0000)] 
configroot: Create "settings" and "modify" files for ipblocklist

The third version of this patch conducts the necessary changes in
configroot. Previously, they took place in ipblocklist itself, which
would have caused user settings to be overwritten, should ipblocklist be
shipped in future Core Updates.

Fixes: #12917
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
4 weeks agodbus: Bump package version
Peter Müller [Thu, 1 Sep 2022 20:36:35 +0000 (20:36 +0000)] 
dbus: Bump package version

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
4 weeks agodbus: Fix "statusproc" call in initscript
Peter Müller [Mon, 22 Aug 2022 20:41:36 +0000 (20:41 +0000)] 
dbus: Fix "statusproc" call in initscript

Fixes: #12916
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
6 weeks agonetatalk: Actually increase PAK_VER after reverting previous patch
Peter Müller [Mon, 22 Aug 2022 19:53:32 +0000 (19:53 +0000)] 
netatalk: Actually increase PAK_VER after reverting previous patch

https://lists.ipfire.org/pipermail/development/2022-August/014283.html

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
6 weeks agoipblocklist: "Tor" is not fully capitalized
Peter Müller [Mon, 22 Aug 2022 19:52:38 +0000 (19:52 +0000)] 
ipblocklist: "Tor" is not fully capitalized

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
6 weeks agoRevert "netatalk: update to 3.1.13"
Peter Müller [Mon, 22 Aug 2022 06:17:08 +0000 (06:17 +0000)] 
Revert "netatalk: update to 3.1.13"

https://lists.ipfire.org/pipermail/development/2022-August/014277.html

This reverts commit b77947998a2da141662c45b10e3ed6d074ee3207.

6 weeks agoCore Update 170: Ship getipstat
Peter Müller [Wed, 17 Aug 2022 21:22:34 +0000 (21:22 +0000)] 
Core Update 170: Ship getipstat

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
6 weeks agoFix bug 12908 - Correct getipstat pcount
Robin Roevens [Wed, 17 Aug 2022 12:58:48 +0000 (14:58 +0200)] 
Fix bug 12908 - Correct getipstat pcount

7 weeks agoqemu: add alsa to dependency list
Arne Fitzenreiter [Mon, 15 Aug 2022 17:14:27 +0000 (19:14 +0200)] 
qemu: add alsa to dependency list

qemu now links against libasound.so.2 so it need alsa to run.

fixes: #12911

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoMerge remote-tracking branch 'origin/next'
Michael Tremer [Sat, 13 Aug 2022 12:48:49 +0000 (12:48 +0000)] 
Merge remote-tracking branch 'origin/next'

7 weeks agogo: Fix filename for x86_64
Michael Tremer [Fri, 12 Aug 2022 08:54:27 +0000 (08:54 +0000)] 
go: Fix filename for x86_64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agopython3-Cython: Add 32-bit ARM rootfile
Peter Müller [Thu, 11 Aug 2022 18:44:29 +0000 (18:44 +0000)] 
python3-Cython: Add 32-bit ARM rootfile

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agofmt: Convert from build only to run time also for mpd
Adolf Belka [Thu, 11 Aug 2022 12:29:21 +0000 (14:29 +0200)] 
fmt: Convert from build only to run time also for mpd

- libfmt required in run time by mpd
- mpd changelog specifically said fmt was a build only dependency
- Bug#12909 flagged up that fmt was also a run time dependency for mpd

Fixes: Bug#12909
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agompd: Add fmt as a run time dependency
Adolf Belka [Thu, 11 Aug 2022 12:29:20 +0000 (14:29 +0200)] 
mpd: Add fmt as a run time dependency

Fixes: Bug#12909
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agocdrom: Rename ISO file
Michael Tremer [Thu, 11 Aug 2022 16:38:17 +0000 (16:38 +0000)] 
cdrom: Rename ISO file

This is cosmetic change to have the name of the ISO file similar to the
flash image and also have all parts of it in a reasonable order.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoCore Update 170: Ship vpnmain.cgi
Peter Müller [Thu, 11 Aug 2022 18:33:22 +0000 (18:33 +0000)] 
Core Update 170: Ship vpnmain.cgi

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoIPsec: Enable ECP-521/384 by default for new connections
Michael Tremer [Thu, 11 Aug 2022 16:11:05 +0000 (16:11 +0000)] 
IPsec: Enable ECP-521/384 by default for new connections

https://lists.ipfire.org/pipermail/development/2022-August/014129.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agovpnmain.cgi: Mark MODP-1536 as broken, phase out MODP-2048
Peter Müller [Sat, 6 Aug 2022 07:17:47 +0000 (07:17 +0000)] 
vpnmain.cgi: Mark MODP-1536 as broken, phase out MODP-2048

https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf (released in
2015) recommends "to use primes of 2048 bits or larger", to which BSI's
techical guideline BSI-TR-02102 (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=5)
concurs. The latter also recommends not to use DH groups comprising of
less than 2000 bits after 2022, and shift to 3000 bit DH groups earlier
as a precaution.

According to RFC 3526, section 8, MODP-1536 provides an estimated
security between 90 and 120 bits, a value that can be reasonably
considered broken today, as it has been so for other types of
cryptographic algorithms already, and per section 2.4 in the
aforementioned paper, breaking 1024-bit DH is considered feasible for
the NSA in 2015, which does not inspire confidence for MODP-1536 in
2022.

Therefore, this patch suggests to mark MODP-1536 as broken, since it
de facto is, and tag MODP-2048 as weak. The latter is also removed from
the default selection, so newly created VPN connections won't use it
anymore, to follow BSI's recommendations of using DH groups >= 3000 bits
in 2022 and later.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agoamazon-ssm-agent: Enable build for aarch64
Michael Tremer [Mon, 8 Aug 2022 20:28:23 +0000 (20:28 +0000)] 
amazon-ssm-agent: Enable build for aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agogo: Add for aarch64
Michael Tremer [Mon, 8 Aug 2022 20:28:22 +0000 (20:28 +0000)] 
go: Add for aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoCore Update 170: sed supports PCRE indeed
Peter Müller [Thu, 11 Aug 2022 10:29:12 +0000 (10:29 +0000)] 
Core Update 170: sed supports PCRE indeed

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoCore Update 170: Hrmpf, fix sed call again
Peter Müller [Wed, 10 Aug 2022 21:04:36 +0000 (21:04 +0000)] 
Core Update 170: Hrmpf, fix sed call again

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agoCore Update 170: Ship intel-microcode
Peter Müller [Wed, 10 Aug 2022 19:57:21 +0000 (19:57 +0000)] 
Core Update 170: Ship intel-microcode

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agointel-microcode: Update to 20220809
Peter Müller [Wed, 10 Aug 2022 19:55:58 +0000 (19:55 +0000)] 
intel-microcode: Update to 20220809

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agozlib: Add fix for CVE-2022-37434 fix
Peter Müller [Wed, 10 Aug 2022 10:50:57 +0000 (10:50 +0000)] 
zlib: Add fix for CVE-2022-37434 fix

https://www.openwall.com/lists/oss-security/2022/08/09/1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
7 weeks agonqptp: New package
Michael Tremer [Tue, 9 Aug 2022 10:35:57 +0000 (10:35 +0000)] 
nqptp: New package

This is a PTP clock synchronisation daemon.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agoshairport-sync: Add support for Airplay v2
Michael Tremer [Tue, 9 Aug 2022 10:35:56 +0000 (10:35 +0000)] 
shairport-sync: Add support for Airplay v2

This is a current snapshot of the development branch which adds support
for Airplay v2.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agolibsodium: New package
Michael Tremer [Tue, 9 Aug 2022 10:35:55 +0000 (10:35 +0000)] 
libsodium: New package

Sodium is a new, easy-to-use software library for encryption,
decryption, signatures, password hashing and more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agolibplist: New package
Michael Tremer [Tue, 9 Aug 2022 10:35:54 +0000 (10:35 +0000)] 
libplist: New package

A library to handle Apple Property List format in binary or XML.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agoRevert "linux: Enable randstruct on ARM as well"
Peter Müller [Tue, 9 Aug 2022 10:43:05 +0000 (10:43 +0000)] 
Revert "linux: Enable randstruct on ARM as well"

This reverts commit f38e8a35c296f00e097b07ceb6a9800a976a0271.

(Thank you, Arne!)

8 weeks agoflash-images: Drop 2gb-ext4 from image filename
Michael Tremer [Mon, 8 Aug 2022 20:27:42 +0000 (20:27 +0000)] 
flash-images: Drop 2gb-ext4 from image filename

This is now being dropped since the image won't fit onto a 2GB device
any more and since there is only one type of image, we don't need to
state the filesystem type.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agoRevert "Revert "linux: Do not allow slab caches to be merged""
Peter Müller [Tue, 9 Aug 2022 09:29:42 +0000 (09:29 +0000)] 
Revert "Revert "linux: Do not allow slab caches to be merged""

This reverts commit 1695af386205a95d079d760aff94623b245d9145.

https://lists.ipfire.org/pipermail/development/2022-August/014112.html

8 weeks agoRevert "Revert "kernel: update to 5.15.59""
Peter Müller [Mon, 8 Aug 2022 13:17:30 +0000 (13:17 +0000)] 
Revert "Revert "kernel: update to 5.15.59""

This reverts commit f25f1b55af121ceea95530dc44c4212b6771e19d.

8 weeks agoRevert "linux: Randomize layout of sensitive kernel structures"
Peter Müller [Mon, 8 Aug 2022 13:17:19 +0000 (13:17 +0000)] 
Revert "linux: Randomize layout of sensitive kernel structures"

This reverts commit 4c46e7f8180d75fe176c6e00bceaa1fccb0c4e97.

8 weeks agoinstaller: Increase size of /boot to 256 MiB
Michael Tremer [Sun, 7 Aug 2022 12:00:55 +0000 (12:00 +0000)] 
installer: Increase size of /boot to 256 MiB

On some installations, we are running out of space on the /boot
partition due to growing sizes of the ramdisk and the kernel.

To accomodate for that and have room to grow in the future, we increase
the size of the partition to 256 MiB.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agoflash-images: Increase size of the /boot partition
Michael Tremer [Sun, 7 Aug 2022 12:06:04 +0000 (12:06 +0000)] 
flash-images: Increase size of the /boot partition

Same as change to the installer.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agoCore Update 170: Ship zlib
Peter Müller [Mon, 8 Aug 2022 10:11:21 +0000 (10:11 +0000)] 
Core Update 170: Ship zlib

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agozlib: Incorporate fix for CVE-2022-37434
Peter Müller [Sun, 7 Aug 2022 09:18:45 +0000 (09:18 +0000)] 
zlib: Incorporate fix for CVE-2022-37434

https://www.cve.org/CVERecord?id=CVE-2022-37434

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agoRevert "kernel: update to 5.15.59"
Peter Müller [Mon, 8 Aug 2022 10:10:35 +0000 (10:10 +0000)] 
Revert "kernel: update to 5.15.59"

This reverts commit 43df4a03734c207fb8352edcbe1e06f576381aab.

8 weeks agoRevert "linux: Do not allow slab caches to be merged"
Peter Müller [Mon, 8 Aug 2022 10:10:17 +0000 (10:10 +0000)] 
Revert "linux: Do not allow slab caches to be merged"

This reverts commit 06b4164dfe269704976b52421edbbbdf3b345679.

8 weeks agopyfuse3: Install to provide fuse capability for borgbackup
Adolf Belka [Sat, 6 Aug 2022 21:35:48 +0000 (23:35 +0200)] 
pyfuse3: Install to provide fuse capability for borgbackup

- v3 version adds specific armv6l based rootfile as xxxMACHINExxx does not get correct
   substitution

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agolinux: Do not allow slab caches to be merged
Peter Müller [Mon, 1 Aug 2022 17:39:59 +0000 (17:39 +0000)] 
linux: Do not allow slab caches to be merged

From the kernel documentation:

> For reduced kernel memory fragmentation, slab caches can be
> merged when they share the same size and other characteristics.
> This carries a risk of kernel heap overflows being able to
> overwrite objects from merged caches (and more easily control
> cache layout), which makes such heap attacks easier to exploit
> by attackers. By keeping caches unmerged, these kinds of exploits
> can usually only damage objects in the same cache. [...]

Thus, it is more sane to leave slab merging disabled. KSPP and ClipOS
recommend this as well.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agoUpdate contributor list
Peter Müller [Sat, 6 Aug 2022 07:58:03 +0000 (07:58 +0000)] 
Update contributor list

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agokernel: update to 5.15.59
Arne Fitzenreiter [Sat, 6 Aug 2022 07:36:32 +0000 (09:36 +0200)] 
kernel: update to 5.15.59

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agoCore Update 170: Ship nano
Peter Müller [Sat, 6 Aug 2022 07:22:02 +0000 (07:22 +0000)] 
Core Update 170: Ship nano

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agonano: Update to 6.4
Matthias Fischer [Fri, 5 Aug 2022 20:32:01 +0000 (22:32 +0200)] 
nano: Update to 6.4

For details see:
https://www.nano-editor.org/news.php

"Changes between v6.3 and v6.4:
------------------------------

Benno Schulenberg (24):
      bump version numbers and add a news item for the 6.4 release
      display: remember text and column positions when softwrapping a line
      docs: concisely describe how the linter behaves
      docs: remove the two notices about the changed defaults
      docs: rename README.GIT to README.hacking, so it's clearer what is meant
      docs: stop mentioning the obsoleted keywords that were removed
      files: designate the root directory with a simple "/", not with "//"
      formatter: instead of leaving curses, use full_refresh() to wipe messages
      gnulib: update to its current upstream state
      help: reshuffle two shortcuts so that more help-line items are paired
      options: stop accepting -z, as --suspendable has been dropped too
      rcfile: remove five obsolete or deprecated keywords
      syntax: default: do not colorize a square or angle bracket after a URL
      syntax: perl: add missing keywords, and reduce the length of some lines
      syntax: python: mention an alternative linter in a comment
      tweaks: add a missing word to a news item
      tweaks: add a translator hint
      tweaks: improve a comment, and reshuffle two functions plus some lines
      tweaks: put each regex on separate line, to better show many keywords
      tweaks: rename a variable, to not be the same as a function name
      tweaks: rename two variables, to not contain the name of another
      tweaks: reshuffle a description and rewrap another
      tweaks: reshuffle a few lines, to group things better
      version: condense the copyright message, to not dominate the output

LIU Hao (1):
      build: ignore errors from `git describe`"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agortl8821cu: add realtek wlan driver
Arne Fitzenreiter [Wed, 3 Aug 2022 15:07:27 +0000 (17:07 +0200)] 
rtl8821cu: add realtek wlan driver

realtek has released a third different usb ac wlan chipset.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agorsync: Patch CVE-2022-29154
Peter Müller [Fri, 5 Aug 2022 12:00:20 +0000 (12:00 +0000)] 
rsync: Patch CVE-2022-29154

https://www.openwall.com/lists/oss-security/2022/08/02/1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agotftpd: add missing directory
Jon Murphy [Mon, 1 Aug 2022 15:11:22 +0000 (10:11 -0500)] 
tftpd: add missing directory

- starting tftpd currently throws "missing directory" error
- this change corrects the issue

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
8 weeks agonetatalk: update to 3.1.13
Jon Murphy [Fri, 5 Aug 2022 02:38:11 +0000 (21:38 -0500)] 
netatalk: update to 3.1.13

- this releases fixes the following major security issues:
    CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
    CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
 - FIX: afpd: make a variable declaration a definition
 - UPD: Remove bundled libevent

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
8 weeks agopython3-outcome: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:58 +0000 (11:20 +0200)] 
python3-outcome: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-sortedcontainers: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:57 +0000 (11:20 +0200)] 
python3-sortedcontainers: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-sniffio: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:56 +0000 (11:20 +0200)] 
python3-sniffio: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-attrs: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:55 +0000 (11:20 +0200)] 
python3-attrs: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-async_generator: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:54 +0000 (11:20 +0200)] 
python3-async_generator: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-attr: Dependency for python3-trio
Adolf Belka [Tue, 2 Aug 2022 09:20:53 +0000 (11:20 +0200)] 
python3-attr: Dependency for python3-trio

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-trio: Dependency for python3-pyfuse3
Adolf Belka [Tue, 2 Aug 2022 09:20:52 +0000 (11:20 +0200)] 
python3-trio: Dependency for python3-pyfuse3

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopython3-Cython: Required for build of pyfuse3
Adolf Belka [Tue, 2 Aug 2022 09:20:51 +0000 (11:20 +0200)] 
python3-Cython: Required for build of pyfuse3

- rootfile has all entries commented out as not needed for execution only build

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agopyfuse3: Install to provide fuse capability for borgbackup
Adolf Belka [Tue, 2 Aug 2022 09:20:50 +0000 (11:20 +0200)] 
pyfuse3: Install to provide fuse capability for borgbackup

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agomake.sh: addition of the extra modules required for the build/exec of pyfuse3
Adolf Belka [Tue, 2 Aug 2022 09:20:49 +0000 (11:20 +0200)] 
make.sh: addition of the extra modules required for the build/exec of pyfuse3

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
8 weeks agoborgbackup: Fix Bug#12611 by adding fuse mount capability with pyfuse3
Adolf Belka [Tue, 2 Aug 2022 09:20:48 +0000 (11:20 +0200)] 
borgbackup: Fix Bug#12611 by adding fuse mount capability with pyfuse3

- The addition of pyfuse3 requires a total of 11 python3 module dependencies and the
   addition of python3-Cython during the build
- The other dependencies etc are submitted in the rest of this patch series.

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
2 months agolinux: Enable randstruct on ARM as well
Peter Müller [Thu, 4 Aug 2022 12:38:01 +0000 (12:38 +0000)] 
linux: Enable randstruct on ARM as well

My fault, again. :-/

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolibloc: Update database version built into the ISO
Peter Müller [Thu, 4 Aug 2022 12:33:02 +0000 (12:33 +0000)] 
libloc: Update database version built into the ISO

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Update ARM kernel configuration files
Peter Müller [Thu, 4 Aug 2022 12:32:43 +0000 (12:32 +0000)] 
linux: Update ARM kernel configuration files

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Update rootfiles
Peter Müller [Thu, 4 Aug 2022 12:11:53 +0000 (12:11 +0000)] 
linux: Update rootfiles

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoGnuTLS: Zut alors, update rootfile
Peter Müller [Thu, 4 Aug 2022 12:04:01 +0000 (12:04 +0000)] 
GnuTLS: Zut alors, update rootfile

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoopenvmtools: Update to 12.0.5
Peter Müller [Tue, 2 Aug 2022 14:20:07 +0000 (14:20 +0000)] 
openvmtools: Update to 12.0.5

Please refer to https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5
for the release announcement of this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoqemu-ga: Update to 7.0.0
Peter Müller [Mon, 1 Aug 2022 15:53:42 +0000 (15:53 +0000)] 
qemu-ga: Update to 7.0.0

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoqemu: Update to 7.0.0
Peter Müller [Mon, 1 Aug 2022 15:52:24 +0000 (15:52 +0000)] 
qemu: Update to 7.0.0

Please refer to https://wiki.qemu.org/ChangeLog/7.0 for the changelog of
this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Randomize layout of sensitive kernel structures
Peter Müller [Mon, 1 Aug 2022 17:18:07 +0000 (17:18 +0000)] 
linux: Randomize layout of sensitive kernel structures

To quote from the kernel documentation:

> If you say Y here, the layouts of structures that are entirely
> function pointers (and have not been manually annotated with
> __no_randomize_layout), or structures that have been explicitly
> marked with __randomize_layout, will be randomized at compile-time.
> This can introduce the requirement of an additional information
> exposure vulnerability for exploits targeting these structure
> types.
>
> Enabling this feature will introduce some performance impact,
> slightly increase memory usage, and prevent the use of forensic
> tools like Volatility against the system (unless the kernel
> source tree isn't cleaned after kernel installation).
>
> The seed used for compilation is located at
> scripts/gcc-plgins/randomize_layout_seed.h. It remains after
> a make clean to allow for external modules to be compiled with
> the existing seed and will be removed by a make mrproper or
> make distclean.
>
> Note that the implementation requires gcc 4.7 or newer.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoCore Update 170: Delete stale GnuTLS library
Peter Müller [Wed, 3 Aug 2022 10:58:06 +0000 (10:58 +0000)] 
Core Update 170: Delete stale GnuTLS library

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoGnuTLS: Update to 3.7.7
Peter Müller [Wed, 3 Aug 2022 10:27:23 +0000 (10:27 +0000)] 
GnuTLS: Update to 3.7.7

Please refer to https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
the release notes of this version, and https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
for the accompanying security advisory.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Enable PCI passthrough for QEMU
Peter Müller [Tue, 2 Aug 2022 16:01:13 +0000 (16:01 +0000)] 
linux: Enable PCI passthrough for QEMU

Fixes: #12754
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoCore Update 170: Ship Bash
Peter Müller [Wed, 3 Aug 2022 10:56:37 +0000 (10:56 +0000)] 
Core Update 170: Ship Bash

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoBash: Update to 5.1.16
Peter Müller [Wed, 3 Aug 2022 10:34:45 +0000 (10:34 +0000)] 
Bash: Update to 5.1.16

This is a maintenance release that bundles all the previously added
patches, which have therefore been deleted.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agompd: Update to 0.23.8
Peter Müller [Tue, 2 Aug 2022 14:17:21 +0000 (14:17 +0000)] 
mpd: Update to 0.23.8

Full changelog since version 0.23.6:

ver 0.23.8 (2022/07/09)
* storage
  - curl: fix crash if web server does not understand WebDAV
* input
  - cdio_paranoia: fix crash if no drive was found
  - cdio_paranoia: faster cancellation
  - cdio_paranoia: don't scan for replay gain tags
  - pipewire: fix playback of very short tracks
  - pipewire: drop all buffers before manual song change
  - pipewire: fix stuttering after manual song change
  - snapcast: fix busy loop while paused
  - snapcast: fix stuttering after resuming playback
* mixer
  - better error messages
  - alsa: fix setting volume before playback starts
  - pipewire: fix crash bug
  - pipewire: fix volume change events with PipeWire 0.3.53
  - pipewire: don't force initial volume=100%
* support libfmt 9

ver 0.23.7 (2022/05/09)
* database
  - upnp: support pupnp 1.14
* decoder
  - ffmpeg: fix HLS seeking
  - opus: fix missing song length on high-latency files
* output
  - shout: require at least libshout 2.4.0
* mixer
  - pipewire: fix volume restore
  - software: update volume of disabled outputs
* support libiconv

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agofmt: Update to 9.0.0
Peter Müller [Tue, 2 Aug 2022 14:16:27 +0000 (14:16 +0000)] 
fmt: Update to 9.0.0

Please refer to https://github.com/fmtlib/fmt/releases/tag/9.0.0 for the
release announcement of this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoninja: Update to 1.11.0
Peter Müller [Tue, 2 Aug 2022 14:18:36 +0000 (14:18 +0000)] 
ninja: Update to 1.11.0

https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ
appears to be the only release note-alike source for this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Do not enable dangerous legacy DRM drivers
Peter Müller [Tue, 2 Aug 2022 09:35:07 +0000 (09:35 +0000)] 
linux: Do not enable dangerous legacy DRM drivers

https://lists.ipfire.org/pipermail/development/2022-July/013886.html

This leaves current Nvidia Nouveau support untouched.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agogit: Update to 2.37.1
Peter Müller [Mon, 1 Aug 2022 15:55:06 +0000 (15:55 +0000)] 
git: Update to 2.37.1

Please refer to
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.37.0.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.37.1.txt
for the changes since 2.36.1.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoNRPE: Update to 4.1.0
Peter Müller [Mon, 1 Aug 2022 15:57:08 +0000 (15:57 +0000)] 
NRPE: Update to 4.1.0

Full changelog:

4.1.0 - 2022-07-18

ENHANCEMENTS

    Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
    Allow tcpd/libwrap to be excluded from build when present on the system
    Allow loading of full certificate chains
    Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
    Disable renegotiation and enforce server cipher order when using SSL
    Verify that private keys match certificates when using SSL

FIXES

    Fixed incorrect default for nasty_metachars in nrpe.cfg
    Fixed incorrect help text for --use-adh
    Fixed potential out-of-bound read when used with IPv6

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Update rootfiles to reflect dropped support of dprintk
Peter Müller [Mon, 1 Aug 2022 17:23:28 +0000 (17:23 +0000)] 
linux: Update rootfiles to reflect dropped support of dprintk

See: 883e29630cb1f5b16c8508b585c32d7f54a86e1a

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agolinux: Update aarch64 rootfile
Peter Müller [Tue, 2 Aug 2022 15:22:15 +0000 (15:22 +0000)] 
linux: Update aarch64 rootfile

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoCore Update 170: Delete orphaned comment from update.sh
Peter Müller [Tue, 2 Aug 2022 15:19:07 +0000 (15:19 +0000)] 
Core Update 170: Delete orphaned comment from update.sh

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoupdate.sh: clean out old collectd statistics
Jon Murphy [Sun, 31 Jul 2022 20:49:00 +0000 (15:49 -0500)] 
update.sh: clean out old collectd statistics

- processes-mysqld
- processes-snort
- processes-rtorrent
- processes-asterisk
- processes-java
- processes-spamd
- entropy

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoparted: Update LFS to reflect that parted is no longer an addon
Adolf Belka [Mon, 1 Aug 2022 16:02:11 +0000 (18:02 +0200)] 
parted: Update LFS to reflect that parted is no longer an addon

- In 2018 parted was moved from being an addon to being a core program
- The rootfile was moved from rootfiles/packages/ to rootfiles/common/
- The LFS was not updated to remove the PAK_VER etc elements.
- This patch adjusts the LFS file to be in line with being a core program

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoCore Update 170: Fix sed call
Peter Müller [Tue, 2 Aug 2022 15:09:55 +0000 (15:09 +0000)] 
Core Update 170: Fix sed call

Fixes: #12907
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agoCore Update 170: Ship hdparm
Peter Müller [Tue, 2 Aug 2022 06:48:04 +0000 (06:48 +0000)] 
Core Update 170: Ship hdparm

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2 months agohdparm: Update to 9.64
Peter Müller [Mon, 1 Aug 2022 14:27:16 +0000 (14:27 +0000)] 
hdparm: Update to 9.64

Changes according to https://sourceforge.net/p/hdparm/news/2022/07/hdparm-964-is-released/:

Fixed bug whereby output from "hdparm --Istdin" would sometimes be truncated.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>