For details see:
https://download.samba.org/pub/rsync/NEWS#3.4.4
"NEWS for rsync 3.4.4 (8 Jun 2026)
Changes in this version:
This is a conservative point release that backports regression fixes on top
of 3.4.3. No new features are included.
BUG FIXES:
Honour a relative alt-basis directory (e.g. --link-dest=../sibling,
--copy-dest, --compare-dest) on a daemon receiver running with use
chroot = no. Such a path is re-anchored at the module root but was then
rejected by the receiver's secure open; it now works where
kernel-enforced confinement is available. See the PORTABILITY note
below for the platform limitation. Fixes #915.
sender: open a module-root-absolute path for a path = / module so a
daemon serving the filesystem root can satisfy absolute request paths
again. Fixes #897.
flist: accept the missing-args mode-0 entry in recv_file_entry. Fixes
#910.
receiver: fix a false "failed verification -- update discarded" when
resuming a delta transfer with an absolute --partial-dir.
receiver: fix a NULL dereference on the delta discard path.
generator: cap the block s2length at the negotiated checksum length.
main: fix --mkpath with --dry-run for a file-to-file copy. Fixes #880.
token: drain the matched-block insert deflate. Fixes #951.
Fix the "update skips a file of a different type" case and the daemon
upload delete stats.
alloc: revert "zero all new memory from allocations". Fixes #959.
Always clear the stat buffer and validate nanoseconds before use.
PORTABILITY / BUILD:
The relative alt-basis fix for daemon receivers (#915) relies on kernel
"stay below dirfd" path resolution -- openat2(RESOLVE_BENEATH) on
Linux 5.6+, or openat() with O_RESOLVE_BENEATH on FreeBSD 13+ and macOS
15+. On platforms that lack it (Solaris, OpenBSD, NetBSD, Cygwin and
older Linux) secure_relative_open() deliberately rejects any path with
a .. component, so relative alt-basis directories remain unavailable
there -- function traded for safety, matching the trade-off already
documented for the #715 fix. Absolute alt-basis paths are unaffected on
every platform.
openat2 is now autodetected at configure time (HAVE_OPENAT2): the
openat2(RESOLVE_BENEATH) resolver is compiled in only when both
<linux/openat2.h> and the SYS_openat2 syscall number are present,
fixing the build on older kernels/headers. Fixes #924, #905, #900,
#904.
Fall back to do_mknod() when mknodat() / mkfifoat() are unavailable.
Fixes #896.
Install generated manpages correctly in an out-of-tree build.
DEVELOPER RELATED:
Added a CI workflow that builds this stable branch and runs the
v34-stable-testsuite regression suite against the built binary, giving
regression coverage without importing the full master test suite into
the stable branch.
Added a check-progs target for fleettest and extended the build
workflows to run on *-stable release branches."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 9 Jun 2026 14:43:22 +0000 (16:43 +0200)]
wio.cgi: Change status extraction due to OpenVPN-2.7 change
- With OpenVPN-2.7 the format of the RW status log changed. This was updated in
the ovpnmain.cgi file but was missed for the wio.cgi file
- This patch corrects that.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Jun 2026 13:58:21 +0000 (13:58 +0000)]
strongswan: Update to 6.0.7
CVE-2026-47895 - Fixed a vulnerability in libstrongswan related to the cloning of certain identities that can result in an double-free and potentially remote code execution. Affects 4.3.3 and newer.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Jun 2026 09:31:37 +0000 (09:31 +0000)]
boost: Build the multi-threaded version only
We don't have any requirements for the single-threaded version (any
more?) and so to save space and make this all a lot easier to manage we
will only build the multi-threaded version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Fri, 5 Jun 2026 21:28:30 +0000 (23:28 +0200)]
zabbix_agentd: Fix gateway ping errorhandling
Fixed gateway ping items:
* ipfire.net.gateway.pingtime: now always returns 0 when fping does not return the expected stats
* ipfire.net.gateway.ping: prevent possible stderr messages from slipping in the output
* ipfire.net.gateway.arpingtime: now always return 0 when arping does not return the expected stats.
* ipfire.net.gateway.arping: now effectively returns 0 when arping fails. Previously this returned the arping error making Zabbix fail to detect gateway down events.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:40:20 +0000 (18:40 +0200)]
backup.pl: unbound entries not needed with knot in place
- With the change from unbound to knot the unbound specific user and group no longer
need to be created and any restored /etc/unbound directory can also be removed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:40:19 +0000 (18:40 +0200)]
backup.pl: Fix issue with University of Toulouse change
- Some months ago University of Toulouse changed any lists with a different French and
English name from being duplicate files to being a file plus a symlink.
- Doing a restore from a backup with symlinks into a system with only file names
resulted in a symlink trying to be created when a file with the same name already
existed causing a failure.
- This failure stopped the restore part way through resulting in only a partial restore.
- This patch removes all entries in the urlfilter blacklists, allowing all restored
entries to be created.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:39 +0000 (18:11 +0200)]
which: Update to version 2.25
- Update from version 2.23 to 2.25
- No change to rootfile
- Changelog
2.25
* The changes of 2.22 and 2.23 were not in 2.24 because accidently used an old
repository.
2.24
* Bug fix for an out of bounds stack read (by Daniel Anderson)
Not exploitable as far as I can tell- so low priority.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:37 +0000 (18:11 +0200)]
spice-protocol: Update to version 0.14.5
- Update from version 0.14.3 to 0.14.5
- No change to rootfile
- Changelog
0.14.5
* Add SPICE_MSG_DISPLAY_GL_SCANOUT2_UNIX
* Fix for Windows Arm64 build
0.14.4
* Fix enum deprecation warning for visual studio
* Fix documentation typos in stream-device.h
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:38 +0000 (18:11 +0200)]
spice: Update to version 0.16.0
- Update from version 0.15.0 to 0.16.0
- Update of rootfile
- Changelog
0.16.0
Added
* Added DMA-BUF encoder support for GStreamer 1.24+
* Implemented hardware-accelerated encoding for Intel GPUs
* Added environment variable `SPICE_CONVERTER_PREFERRED_FORMAT` to override converter
format
* Multi-plane GL scanout support (new `spice_qxl_gl_scanout2()`)
Changed
* Improved memslot to preserve address bits for ARM64 TBI/AMD UAI/Intel LAM
* Optimized BGR24/BGRX32 conversion when `JCS_EXTENSIONS` is defined
* Removed GStreamer 0.10 support
* Send real time to client, instead of synchronizing on both ends, attempting to fix
latency issue
Fixes
* Fixes a `GL_DRAW` cookie assertion race
* Add `SSL_OP_NO_RENEGOTIATION` fallback path, fixing w/LibreSSL 3.7.2 builds
* Fix Win32 builds
* Fix `TCP_NOPUSH` usage on Darwin
0.15.2
Fixes
* Add missing file to distribution
* Fix sound recording fix in case of buffer wrapping
0.15.1
Fixes
* Fix some compatibility issues with FreeBSD
* Fix some minor issue with build
* Improve packaging with Meson
* Lot of C++ improves (clang-tidy)
* Fix some compatibility with no-Glibc libraries (like Musl)
* Fix minor leaks shutting down library
* Add Doxygen file to distribution
* Fix a longstanding issue related to surface updates where wrong surfaces were
possibly used
* Fix compatibility with OpenSSL 3
* Updates and fixes for CI
* Use more random connection IDs to fix possible issues with proxies
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:36 +0000 (18:11 +0200)]
ntfs-3gt: Update to version 2026.2.25
- Update from version 2022.10.3 to 2026.2.25
- No change to rootfile
- One CVE fix
- Changelog
2026.2.25
Fix bashism in configure script causing errors in non-bash shells.
(mkntfs) Enable microsecond-level volume creation time.
Fix two instances of an invalid errno state when encountering NULL in strings.
Fix a crash when a reparse tag could not be found in the index.
Fix incorrect MFT free records value when bitmap is expanded.
Fix 'extras' manpages being installed when extras are disabled.
Fix various instances of use-after-free conditions in the library and tools.
Fix typo in NTFS hibernation message. Thanks to Anil Kumar for the report/fix.
Escape commas in the fsname when libfuse 2.8 or higher is used.
(ntfsclone) Allow adjusting the sector size in the NTFS boot sector for the target
device when restoring images.
Remove libdl dependency when building without external plugins.
(ntfsinfo) Show information about the logfile state when dumping metadata.
(ntfsinfo) Fix displaying crowded directories or indexes.
(ntfsinfo) Fix displaying the security descriptor list in ntfsinfo.
Fix heap buffer overflow when POSIX ACLs were enabled (CVE-2026-40706). Thanks to
Andrea Bocchetti for the report.
(ntfsusermap) Fix overflow when constructing backup filename.
Fix two time-of-check-time-of-use conditions.
Fix missing malloc/sscanf return value checks.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:35 +0000 (18:11 +0200)]
less: Update to version 702
- Update from versionj 692 to 702
- Update of rootfile
- Changelog
702
* Add --hilite-target option and -DJ to color target line (github #745).
* Add --past-eof option.
* Add --end-prompt option.
* Add --emouse and --rmouse options, and horizontal mouse scrolling
and dragging (github #744).
* Add -DT option to format tilde lines (github #725).
* Change OSC 8 link handling: replace LESS_OSC8_xxx with LESS_OSC8_OPEN_xxx.
Remove %O from prompt expansion as no longer needed.
Any use of environment variables LESS_OSC8_xxx need to be manually
changed to use LESS_OSC8_OPEN_xxx.
* Add ?o to prompt strings, to detect whether an OSC 8 link is selected.
* When scrolling past end-of-file or before beginning-of-file,
stop when exactly one line is left on screen.
* Make -w/-W highlight lines when moving backward as well as forward
(github #729).
* Display pattern in "Pattern not found" message (github #731).
* Allow m and M commands to take a numeric argument to specify the
line to be marked (github #736).
* Allow ' command to take a numeric argument to specify the screen
position on which to place the marked line.
* Allow lesskey to map keypad ENTER with \kpe (github #761).
* Add "noaction" as a possible action in #line-edit section
in a lesskey file (github #761).
* Support POSIX character classes with the built-in V8 regex library
(github #732).
* Change | command to pipe just one line if the marked line is at the
top of the screen (github #733).
* If OSC8 handler command begins with "-", suppress command echo,
and if it begins with ctrl-P, suppress "done" message (github #747).
* Don't ask for confirmation when input is a binary file and stdout is
redirected. Fixes infinite loop in that situation (github #719).
* Make early error messages go to stderr if stdout is redirected
(github #719).
* Don't retry read after read error; fixes hang when attempting to read
a directory or other unreadable file (github #741).
* Fix incorrect restoration of saved mark if not at top of screen.
* With --save-marks, don't save a mark that was cleared with ESC-m.
* Fix buffer overflow when using malformed lesskey file (github #721).
* Fix unexpected scrolling past end of file (github #720).
* Fix bug when env var in LESSKEY_CONTENT partially matches env var
defined in lesskey file (github #727).
* Fix bug when env var in lesskey file matches tail of env var used
by less (github #728).
* Fix command parsing bug when one command is a substring of another.
Also fixes --no-paste option (github #724).
* Fix incorrect display using --color to set character attributes
without color, such as -DS-u (github #730).
* Fix crash when tags file contains invalid line number 0 (github #743).
* Fix build when tparm() doesn't use varargs (github #748).
* Fix prompt overflow when filtering with long prompt (github #749).
* Fix incorrect highlighting when change -i while filtering (github #750).
* Fix erroneous error mesage using --show-preproc-error with
some shells (github #753).
* Fix erroneous highlighting when using a search pattern containing more
than 5 pairs of parentheses with PCRE2 (github #754).
* When ^X interrupts F mode, discard pending keys as is done when
^C interrupts it (github #757).
* Fix bug in Windows where pressing any key during "waiting for data" would
prevent a subsequent ^X from working.
* Fix erroneous display in some situations when using LESS_LINES (github #759).
* Fix erroneous display after certain messages are displayed in a
very narrow terminal (github #760).
* Don't init terminal if stdout is not a tty (github #768).
* Fix bug clicking OSC 8 link that crosses a screen line boundary
(github #775).
* Fix beeps when resizing window on Windows (github #771).
* Fix beeps when paging continuously on Windows (github #772).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Jun 2026 16:11:34 +0000 (18:11 +0200)]
fontconfig: Update to version 2.18.1
- Update from version 2.17.1 to 2.18.1
- Update of rootfile
- Changelog
2.18.1
ci: Fix wrong short options for glab
Fix not matching with a font family name
test-conf: Add a feature to load a certain config for testing
test: Add comprehensive documentation for test-conf JSON format
Fix another font matching issue
Do not set 'sans-serif' for default genericfamily
test: use const instead of number for genericfamily
meson: force enabling HAVE_C99_VSNPRINTF
Disable invalid attribute warning by default
ci: Add .abidiff for suppression
Workaround :-prefixed filename used in Qt
meson: Only install 05-macos.conf on darwin
Fix a null pointer dereference when computing a pattern from an FT_Face that
has no family
2.18
ci: Add Fedora 42 and drop 40
ci: Add FreeBSD 14.2 and drop 14.1
ci: Update ci-tamplates
ci: Add Alpine Linux
ci: Fix a typo
ci: make sure build.sh is running on bash
ci: Use venv to avoid externally-managed-environment error on Alpine
ci: Add extra setup hook
ci: install test fonts for Alpine
test: Fix a build issue with musl libc
fc-lang: Add suz.orth for Sunuwar
test: add common helper class
test: port basic functionality check to Python
test: update to pass test cases on Win32
do not mix up a slash and a backslash in file object on Win32
meson: Add a missing fontconfig architecture test case
Add fontconfig version in FcCache
Improve a warning message
Better error message when missing default config
ci: install before test to avoid fontconfig error
Fix regex to pick up libtool version
Improve performance in FcConfigAdd
Improve log header in FcConfigSubstituteWithPat
meson: Update WrapDB files for v2 format migration
ci: add an option for the address sanitizer
Fix "UBSAN null pointer passed" to qsort
ci: Enable ASAN and UBSAN
Add genericfamily object in FcPattern
Add xsi:nil attribute support to limited elements
Get out from FcConfigAdd immediately if no valid pointer given
Bump the cache version again
fc-case: Update CaseFolding.txt to Unicode 17
ci: Update git repo for subproject build
ci: Add a test case for static build on Win32
Add obvious namespace to macros for FC_SPACING
Improve handling of constant name
test: fix pytest error when running on the top project directory
meson: Update wrapdb for expat to the latest
Use FcStrCopy instead of strdup
Fix -Wpointer-sign warnings
Do not store duplicate object name into FcObjectSet
Fix unused variable warning when iconv support disabled
doc: Fix a typo in FcPatternAdd description
Add fc-genconf the configuration generator tool
test-conf: Correct test results to display at the proper place
Fix unexpected priority change when looking up by specific family name
Return error code if FcPatternFormat failed
Add const converter for pattern format
fc-genconf: Add scan pattern to update genericfamily with commandline option
Fix dereferencing a null pointer of FcConfig in FcFontSetSort
conf.d: Fix a typo in 65-khmer.conf
Update doc for xsi:nil attribute support
test: add more conditional for bwrap sandbox test cases
meson: add tests-bwrap option
Avoid locale-dependent float-to-string
ci: enable json-c for MinGW
test-conf: add wrapper setenv for Win32
ci: Use 14.3 CI image for FreeBSD
Fix invalid memory access on Win32
More fixes for locale-dependent float-to-string conversion
Replace strtod() with FcStrtod()
ci: Fix warnings from shellcheck
ci: workaround for the ownership change issue on extracting tar
ci: Fix a typo
ci: simplify scriptlet
ci: Hold the version of meson at 1.10.1 temporarily
ci: Enable the debugging build by default
ci: Do not store the build log at the source dir
Explicitly declare FcPatternObjectCount as a public function
ci: Add API/ABI checker in CI
ci: Fix 'refusing to fetch into branch' error
Update meson dependency to 1.11.0
ci: Update Fedora Image to 44 and 43
ci: Disable pipelines for macOS and VS on Windows
Revert "ci: Disable pipelines for macOS and VS on Windows"
ci: Replace shell scripts with portable Python build system
ci: Add MSYS2 build pipeline
ci: Use CI_PROJECT_DIR instead of hardcode path
ci: fix argument error in abicheck.sh
Define __EXTENSIONS__ on illumos/Solaris to access strdup()
Update default Korean fonts
Remove unused global variable default_langs
Fix rustc warning for mismatching referred lifetimes
[Fontations] Fix use-after-free in handling exclusive lang
Fix memory leak after path canonicalization in e42188283f0ee
[Fontations] Remaining fix for UaF
Architecture-dependent hex formatting of int64_t in fccache.c
[Fontations] Don't leak PatternElement values
Roll Fontations Crates
[Fontations] Match FreeType for two types of broken fonts
[Fontations] Fix compilation under -D unsafe-op-in-unsafe-fn
Move FreeType-related API to fcfreetype.h header
Minimal preparations for FreeType-less build
Follow-up for preparation for FreeType-less build
Roll Fontations and libc crates
Update Mac OS image to upstream gStreamer image
Roll Fontations crates
build: Added missing target rule-dependencies
Use uintptr_t to represent pointers
macOS: use selectfont globs for font asset directories
meson: Don't dllexport when built as static library on Win32
Do not cast as const as the variable is being modified
detect mkostemp with stdlib.h
doc: Fix two typos
Fix -Wnewline-eof warning with fcconst.h
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 25 May 2026 12:25:03 +0000 (14:25 +0200)]
tmux: Update to version 3.6b
- Update from version 3.6a to 3.6b
- No change to rootfile
- Changelog
3.6b
* Remove images from the correct list when they are removed while in the
alternate screen (reported by xlabai at tencent dot com).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Jun 2026 19:36:07 +0000 (21:36 +0200)]
libloc: Update to version 0.9.19
- Update from version 0.9.18 to 0.9.19
- No change in rootfile
- Two of the patches have been removed as ther are now built into the tarball
- Changelog
0.9.19
* jenkins: Publish Debian packages for all supported architectures
* address: Fix endianess problem when fetching octets in IPv4
addresses
* jenkins: Build for s390x again
* jenkins: Try building for Alma Linux 9
* jenkins: Fix installing development tools on Alma Linux
* jenkins: Alma Linux does not seem to understand Code Ready
* jenkins: Okay, drop Alma Linux again
* configure: Fix indentation
* configure: Fix passing custom LDFLAGS
* jenkins: Build Debian packages for riscv64, too
* Revert "jenkins: Build Debian packages for riscv64, too"
* jenkins: Fedora no longer seems to install awk by default
* python: Cleanup the switch statement
* database: Fix backtracking after no match was found at the end of
the tree
* jenkins: Explicitely install gettext/autopoint
* importer: Fix SyntaxWarning about regular expressions
* importer: Accept ASNs larger than PostgreSQL's integer
* po: Import the POT file and create a target to update it
* python: network: Add a new property "subnets" to fetch any subnets
* location: Add a command to export the database as a DNS zone file
* network: Refactor composing the reverse pointer
* export: Support exporting a zone with all bogons
* export: Give the origin zone the correct name
* export: Refactor writing zones
* exporter: Implement exporting AS names over DNS
* po: Add new translation strings
* exporter: Call the correct functions
* export: Support exporting a zone with country codes
* export: Support exporting a zone with the network prefixes
* export: Write the everything zone
* export: Write a SOA for all DNS zones
* export: Allow passing nameservers for a zone
* export: Write more metadata into the zone apex
* jenkins: Build for Ubuntu 25.10, but no longer for 24.10
* po: Update translation
* export: Improve the slightly broken header in DNS zones
* importer: Add some more AWS regions
* jenkins: Build for more recent version of Debian/Ubuntu/Fedora
* jenkins: Build packages for Debian Forky, too
* tests: Ensure loc_database_lookup finds a match
* configure: Explicitely configure Gettext
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peer Dietzmann [Mon, 1 Jun 2026 19:57:31 +0000 (21:57 +0200)]
ovpnmain.cgi: Add collumn for subnet
Hello,
in an earlier version of IPFire the main OVPN page of the WUI showed the subnet of each client in separate tables. Since the upgrade of OpenVPN 2.6 this feature has been removed.
As I find it very useful to see directly on the first page to which subnet a client belongs, this patch should bring back this feature.
I think this is also something users requested multiple timesin the forum.
There is just one thing I am currently unsure how to handle: When a client belongs to the dynamic subnet, the current patch would display "dynamic" independent from the language of the WUI. Maybe this could be adjusted?
Best regards
Peer
Signed-off-by: Peer Dietzmann <dietzmann@brecht-schule.hamburg> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Jun 2026 13:33:38 +0000 (13:33 +0000)]
sysklogd: Listen on localhost
This is required for some services to deliver their syslog messages. For
example haproxy which is running in chroot and does not have access to
/dev/log.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jun 2026 10:39:19 +0000 (11:39 +0100)]
knot resolver: Automatically reload the custom RPZ
This is required as the policy loader is unaware of the custom RPZ rules
in the workers. Therefore they have to reload any configuration changes
themselves.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jun 2026 10:30:36 +0000 (11:30 +0100)]
knot resolver: Load custom RPZs using the legacy engine
The new ruledb engine does not support the PASS action which is why we
will have to load this as a custom action into the workers. The extra
overhead of this is minimal.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 27 May 2026 14:09:53 +0000 (15:09 +0100)]
knot resolver: Don't try to load RPZs which don't exist
Since we can no longer use the inotify feature, there is no point in
creating or loading an empty zone file. We can simply skip the load and
hope that sooner or later we will be reloaded and the zone is present.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 27 May 2026 14:02:51 +0000 (15:02 +0100)]
update-rpzs: Run zone-sync as knot-resolver user
This is so that the code that is exposed to the network does not run
with root priviledges and so that zone-sync can take advantage of our
outbound firewall rules and perform the sync.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 27 May 2026 13:49:01 +0000 (14:49 +0100)]
settime: Remove braindead localization and subnet guessing
This is so broken. OMG.
There is no point to guess where the time servers are. The sync should
happen regardless. The NTP daemon will also try to sync the time now and
therefore we should rather fire and forget.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 27 May 2026 13:30:11 +0000 (14:30 +0100)]
initscripts: ntp: Don't block boot process if time cannot be synced
This is in the wrong place because we are running some race conditions
here. If the system is not connected at all, we will just unnecessarily
block the boot process without giving the user any option to abort the
wait.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
