commit 40571258e8b92a021bf2330fc6a6d2556e34c2e2 Author: Michael Tremer Date: Wed Oct 16 16:40:50 2024 +0000 make.sh: Check for changes in logs Signed-off-by: Michael Tremer commit 398fa44015c2f140ea4d1d6a85a6aa7771dc56e7 Author: Adolf Belka Date: Tue Oct 15 09:35:22 2024 +0200 dhcpcd: Update to version 10.1.0 - Update from version 10.0.10 to 10.1.0 - Update of rootfile not required - Changelog 10.1.0 Bug Fixes dhcp: get_option_uint32/16 only accept options with correct len by @taoyl-g in #357 Include frame header in buffer length by @acst1223 in #371 For full changelog see commits delta in https://github.com/NetworkConfiguration/dhcpcd/compare/v10.0.10...v10.1.0 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit bb108657a88ad874f98dc6faabe2565a65c886bf Author: Matthias Fischer Date: Sat Oct 12 17:48:43 2024 +0200 squid: Update to 6.12 For details see: https://github.com/squid-cache/squid/commits/v6 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 7b4155905c6fa56d3c0a3c2443c0a3b6d93c371e Author: Matthias Fischer Date: Sat Oct 12 17:46:12 2024 +0200 monit: Update to 5.34.2 For details see: https://mmonit.com/monit/changes/ "Fixed: The network protocol test may occasionally fail with a "Poll failed: Interrupted system call" error." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 60b5c6c2bd13e9ed0423da66682bfd95b5d0ee32 Author: Michael Tremer Date: Mon Oct 14 09:02:37 2024 +0000 make.sh: Avoid finding non-existant rootfiles Signed-off-by: Michael Tremer commit 522632655c3e06d02414c0905b5117aae769aa3e Author: Michael Tremer Date: Mon Oct 14 09:00:21 2024 +0000 kernel: Enable IO uring This is a feature more and more tools start using now and will help to keep performance of the OS up. This was enabled on riscv64 already. Signed-off-by: Michael Tremer commit b71fe1a1e7bea7d95777ceb6a0bc0c8a87ea14f6 Author: Adolf Belka Date: Thu Oct 10 18:01:11 2024 +0200 tshark: Update to version 4.4.1 - Update from version 4.2.7 to 4.4.1 - The 4.4.x series is the new Stable Release replascing the 4.2.x series which becomes the Old Stable Release. - There is an sobump so find-dependencies was run for the three libraries with changes but all linked programs are within tshark. - Changelog is too large to include here. Links provided 4.4.1 https://www.wireshark.org/docs/relnotes/wireshark-4.4.1.html 4.4.0 https://www.wireshark.org/docs/relnotes/wireshark-4.4.0.html Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 32ec5667d9a63b64ae39274af22b44eb4adc5fbd Author: Michael Tremer Date: Sat Oct 12 09:34:45 2024 +0000 make.sh: Show rootfiles that contain some architecture Previously, make.sh just failed but did not explain why it was unhappy. This patch adds a message which rootfiles contain which architecture. Signed-off-by: Michael Tremer commit 24f875d7878d7caddcbc809169464f248bc75b26 Author: Arne Fitzenreiter Date: Fri Oct 11 13:30:13 2024 +0200 mympd: update to 18.0.0 Signed-off-by: Arne Fitzenreiter commit 019f139b20611ed782e9b79d8ed6d6583b9d13e9 Author: Arne Fitzenreiter Date: Fri Oct 11 13:17:53 2024 +0200 kernel: update to 6.6.56 Signed-off-by: Arne Fitzenreiter commit c45abd5f1ca1ad8566ea631943c51be0091bbdd5 Author: Arne Fitzenreiter Date: Fri Oct 11 13:12:17 2024 +0200 rtl8812au: add missing rootfile. Signed-off-by: Arne Fitzenreiter commit 384c5ba18e283d161ce7d5b3fe34a789f3c21bc7 Author: Matthias Fischer Date: Wed Oct 9 14:42:00 2024 +0200 monit: Update to 5.34.1 For details see: https://mmonit.com/monit/changes/ "Fixed: The check program now avoids leaving zombie processes between cycles." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1af2530c07a7f27889d1f363ce16f91361b36511 Author: Adolf Belka Date: Tue Oct 8 23:34:26 2024 +0200 lcdproc: removal as discussed in Conf call 7th Oct - removal of lfs, rootfile and config files - backup includes file is also removed, althouigh it was an empty file, so not backing anything up. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5fd4ca19a88b5f431c5f4fdfdeab6fca4f79a22f Author: Adolf Belka Date: Tue Oct 8 18:45:59 2024 +0200 mpfire: removal as discussed in Conf call 7th Oct - removal of lfs, rootfile, backup, paks, misc-progs, mpfire perl, language file content, mpfire.cgi, mpfire menu references and files, mpfire specific image, web-user-interface references and references in manualpages. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 9462f634e2090530d545b9e6290c4eb151307186 Author: Michael Tremer Date: Wed Oct 9 18:25:33 2024 +0000 core190: Ship ppp Signed-off-by: Michael Tremer commit 8e33ca324662c92c57b04fc5b49095f2c4826d5d Author: Adolf Belka Date: Tue Oct 8 14:24:24 2024 +0200 ppp: Update to version 2.5.1 - Update from version commit e1266c7 to 2.5.1 - Version 2.5.1 has around 34 additional commits from e1266c7. To me all look minor changes, some related to other system types such as Solaris that we don't use. - Update of rootfile - They have added example to the configuration files to prevent accidental overwriting of configuration systems. - Changelog - There is no longer any changelog provided. Even the one that used to exist for version 2.5.0 has been removed. The only option now is to look through the commits - https://github.com/ppp-project/ppp/commits/master/?before=d5aeec65752d4a9b3bb46771d0b221c4a4a6539e+35 - Some of the patches had to be updated as the changes were enough that some hunks did not get found for patching. Patch file number 6 has been removed as the sed lines are no longer to be found in the configure file. The other files that patched successfully were renamed to 2.5.1 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b400c58f5a6f1cf1f3be4e7976c0e98ba4fd50af Merge: 0a8cfdac4 8e1259a31 Author: Michael Tremer Date: Tue Oct 8 08:48:14 2024 +0000 Merge branch 'master' into next commit 8e1259a31b148fce90ba56f8e4c3ca3e05b35bc1 Author: Arne Fitzenreiter Date: Sun Sep 29 18:03:58 2024 +0200 hostapd: update to git 64d60bb4 Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer commit 6f7bbb38c9460e1f179f064d9e0a0b2cf4bf45da Author: Michael Tremer Date: Fri Sep 20 14:12:07 2024 +0200 wlanap.cgi: Fix copying configuration This allows to uncheck checkboxes again. Signed-off-by: Michael Tremer commit d56df86ce26d5c35a89ffde492a0eb708396ee7e Author: Michael Tremer Date: Fri Sep 20 13:55:40 2024 +0200 wlanap.cgi: Change broadcast SSID to hide SSID Signed-off-by: Michael Tremer commit 375d1dc6dd46783900b9eb2f4fb3e3e25e7e0778 Author: Michael Tremer Date: Fri Sep 20 13:19:10 2024 +0200 wlanap.cgi: Default to channel 0 for ACS Signed-off-by: Michael Tremer commit 5474f9b32ffb2c41c89e30560919854584ed8169 Author: Michael Tremer Date: Fri Sep 20 13:17:59 2024 +0200 wlanap.cgi: Enable Neighbourhood Scan by default Signed-off-by: Michael Tremer commit b165dcdd803ba278013b1af03a8269f8994cb5f7 Author: Michael Tremer Date: Fri Sep 20 13:16:44 2024 +0200 wlanap.cgi: Don't try to show status if there is no interface Signed-off-by: Michael Tremer commit 03a71cd52131be601e2fc5101e3425e82e654ec9 Author: Michael Tremer Date: Fri Sep 20 13:13:41 2024 +0200 wlanap.cgi: Correctly show broadcast SSID status Signed-off-by: Michael Tremer commit 69bb956729ffc7268a40400cb1e01335ab919ea9 Author: Michael Tremer Date: Fri Sep 20 11:30:03 2024 +0100 wlanap.cgi: Disable generating Perl warnings Reported-by: Waynie Signed-off-by: Michael Tremer commit ff599dd2cb0d0cb9cac7019f1970b4d516bb2c36 Author: Michael Tremer Date: Tue Oct 8 08:43:39 2024 +0000 core189: Ship rules.pl Signed-off-by: Michael Tremer commit 5cee03da1e29e6cde5d4fe121b22b86768006775 Author: Michael Tremer Date: Mon Oct 7 09:13:12 2024 +0000 firewall: Flush SYN_FLOOD_PROTECTION This chain was not flushed when the firewall was being reloaded which made any ports appear as open when rules have been disabled or deleted. This has no security implications, but nevertheless isn't right. Reported-by: Adolf Belka Signed-off-by: Michael Tremer commit 0a8cfdac43dd8d782ae99020e442d39eefaf3896 Author: Michael Tremer Date: Mon Oct 7 10:24:09 2024 +0000 core190: Ship ncat again (just to be sure) Signed-off-by: Michael Tremer commit e28cb28628239a93a36ed044e0a6d31ac0f7a945 Merge: 71cea32cd 01782a41f Author: Michael Tremer Date: Mon Oct 7 10:23:22 2024 +0000 Merge branch 'master' into next commit 01782a41f8feea008b92ea3e349c15dc7994588b Author: Michael Tremer Date: Mon Oct 7 10:22:33 2024 +0000 core189: Ship ncat This is required for the new Unbound/DHCP Leases bridge to work. Signed-off-by: Michael Tremer commit 7eec7e2c8b99bfe577d5b9cbd0bc0559f52f8020 Author: Michael Tremer Date: Mon Oct 7 10:18:57 2024 +0000 ncat: Make this package part of the core system The nc command is required for the Unbound/DHCP leases bridge. Signed-off-by: Michael Tremer commit 71cea32cd8ab84d174f1913a04b4751c8eacd69e Author: Michael Tremer Date: Mon Oct 7 09:15:40 2024 +0000 core190: Ship Unbound again This was a late addition to c189 Signed-off-by: Michael Tremer commit 388802662fea877c22fc57c95084c60bc40c402e Merge: d867ea268 74f5f4137 Author: Michael Tremer Date: Mon Oct 7 09:15:04 2024 +0000 Merge branch 'master' into next commit d867ea26850725c9c230973eb12fdda44f8ffe23 Author: Michael Tremer Date: Mon Oct 7 09:14:37 2024 +0000 core190: Ship rules.pl Signed-off-by: Michael Tremer commit d455578342ce1b54eeac30c6adf9f8531406e5d3 Author: Michael Tremer Date: Mon Oct 7 09:13:12 2024 +0000 firewall: Flush SYN_FLOOD_PROTECTION This chain was not flushed when the firewall was being reloaded which made any ports appear as open when rules have been disabled or deleted. This has no security implications, but nevertheless isn't right. Reported-by: Adolf Belka Signed-off-by: Michael Tremer commit 74f5f41372571c29b80db217a3d852ef0e613c6f Author: Michael Tremer Date: Fri Oct 4 11:46:22 2024 +0000 core189: Ship and restart Unbound Signed-off-by: Michael Tremer commit b38609d64d0ea20f510d6a692d7114d9d331bd77 Author: Matthias Fischer Date: Fri Oct 4 10:41:17 2024 +0200 unbound: Update to 1.21.1 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-1 "Fix CVE-2024-8508, unbounded name compression could lead to denial of service." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 0e49a87ff0218385d2998664367c861dbc52638b Author: Michael Tremer Date: Wed Oct 2 16:02:32 2024 +0000 core190: Ship Suricata & libhtp Signed-off-by: Michael Tremer commit 252a5d4d06c4eefd102502a175bbc5264553002f Author: Matthias Fischer Date: Wed Oct 2 15:41:33 2024 +0200 suricata: Update to 7.0.7 Exerpt from changelog: "7.0.7 -- 2024-10-01 Security #7289: http: missing hashtable random seed leads to potential DoS(CRITICAL - CVE 2024-47188) Security #7268: ja4: non alphanumeric characters in alpn lead to panic (7.0.x backport)(HIGH - CVE 2024-47522) Security #7258: thash: random factor not used; possible abusive hash collisions (7.0.x backport)(CRITICAL - CVE 2024-47187) Security #7215: defrag: off by one leads to possible evasion (7.0.x backport)(HIGH - CVE 2024-45796) Security #7196: datasets: rule with unset makes suricata abort (7.0.x backport)(HIGH - CVE 2024-45795) Security #7192: http: quadratic complexity in headers processing/finding (7.0.x backport)(CRITICAL - CVE 2024-45797) Bug #7290: tls: a rule stops working since 7.0.5 (7.0.x backport) Bug #7286: eve/tls: enabling JA4 breaks custom field selection Bug #7276: ja3: Error: ja3: Buffer should not be NULL (7.0.x backport) Bug #7271: pgsql: track 'progress' in tx per direction (7.0.x backport) Bug #7265: detect/flow: ACK with data on 3whs fails to match 'flow:established' (7.0.x backport) Bug #7257: fuzz: CIFuzz is not fuzzing PRs as it is supposed to (7.0.x backport) Bug #7242: app-layer-protocol: negated matching false positive (7.0.x backport) Bug #7239: tls: Invalid ja3 due to double client hello (7.0.x backport) Bug #7225: dataset: lookup function is not working with ip type (7.0.x backport) Bug #7214: frames: stream frame is not always the first one registered (7.0.x backport) Bug #7207: cbindgen: comptability with newer version 0.27 (7.0.x backport) Bug #7198: log/rfb: inconsistent key value security_result or security-result Bug #7194: output: jb context not closed on error in EvePacket Bug #7188: detect: dcerpc logging and matching issues (7.0.x backport) Bug #7182: fuzz: File confyaml.c is missing (7.0.x backport) Bug #7173: detect/integers: do not bother to free NULL pointer on setup/parse failure (7.0.x backport) Bug #7166: profiling: rule profiling doesn't support absolute paths (7.0.x backport) Bug #7159: tcp: 'broken ack' event set on flow timeout (7.0.x backport) Bug #7136: util/thash: debug assertion for memuse (7.0.x backport) Bug #7122: smb/ntlmssp: nonsense smb.ntlmssp.version values (7.0.x backport) Bug #7116: dpdk: timestamping packets through TSC does not yield the same time as kernel time (7.0.x backport) Bug #7066: alert/metadata: no pgsql object encapsulation (7.0.x backport) Bug #7054: bypass: cannot bypass udp flow from first packet (7.0.x backport) Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport) Bug #6608: file: do not store if filestore:both,flow is triggered after the file was set to nostore (7.0.x backport) Bug #6555: eve/alert: payload/payload_printable misrepresent data in case of overlaps (7.0.x backport) Bug #6541: landlock: coverity warnings (7.0.x backport) Optimization #7134: detect/snmp.version: do not free NULL pointer Optimization #7075: dns/tcp: allow triggering raw stream reassembly (7.0.x backport) Feature #7102: iprep: support seeing if rule is part of a rep list (7.0.x backport) Feature #6674: detect: allow alert-then-pass logic (7.0.x backport) Task #7249: libhtp 0.5.49 (7.0.x backport) Task #7168: dns: make the version field in a dns object required (7.0.x backport) Documentation #6641: doc: add tcp timeout fix to upgrade guide (7.0.x backport)" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 7386cc1f6072864479022d12a8f1fc8ddf676805 Author: Matthias Fischer Date: Wed Oct 2 15:41:32 2024 +0200 libhtp: Update to 0.5.49 For details see: https://github.com/OISF/libhtp/releases/tag/0.5.49 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 202d48c3408c2a3a7ec3b2a25d7b2c3a429f0719 Author: Arne Fitzenreiter Date: Sun Sep 29 18:03:58 2024 +0200 hostapd: update to git 64d60bb4 Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer commit 74218cba8cc09fc591f4ed9d2b1597f051cab9db Merge: a5c7005c3 a7ac62f4a Author: Michael Tremer Date: Sun Sep 29 11:29:11 2024 +0000 Merge branch 'master' into next commit a5c7005c3d3e739cdcbcf0c9bcde821019d93f05 Author: Arne Fitzenreiter Date: Sun Sep 29 09:44:55 2024 +0200 mpd: fix chown syntax this remove a warning at boot that user and group should seperated by ":" and not by "." Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer commit a7ac62f4a67fa2016edc27735cec71bc1474c2b7 Author: Michael Tremer Date: Thu Sep 26 20:40:04 2024 +0000 ovpnmain.cgi: Remove using dropped &General::getlastip() function Signed-off-by: Michael Tremer commit dcd828666ae3b6df8d88579a930c7f90f80dc707 Author: Adolf Belka Date: Tue Sep 24 12:33:36 2024 +0200 dnsdist: Update to version 1.9.6 - Update from version 1.9.4 to 1.9.6 - Tested building on riscv64 and it built without issues and rootfile is sam as for x86_64 & aarch64. So supported architectures has been removed and dnsdist is available on all three architectures. - Update of rootfile not required - Changelog 1.9.6 New Features Add support for a callback when a new tickets key is added References: pull request 14449 Improvements Make the logging functions available to all Lua environments References: pull request 14438 Handle Quiche >= 0.22.0 References: pull request 14450 Don’t include openssl/engine.h if it’s not going to be used (Sander Hoentjen) References: pull request 14452 Bug Fixes Dedup Prometheus help and type lines for custom metrics with labels¶ References: #14395, pull request 14439 Fix a race in the XSK/AF_XDP backend handling code References: pull request 14436 dns.cc: use pdns::views::UnsignedCharView References: pull request 14437 1.9.5 New Features Add a Lua FFI function to set proxy protocol values References: pull request 14338 Add Lua FFI bindings to generate SVC responses References: pull request 14339 Bug Fixes Use the correct source IP for outgoing QUIC datagrams References: pull request 14166 Reply to HTTP/2 PING frames immediately References: pull request 14163 Log the correct amount of bytes sent for DoH w/ nghttp2 References: pull request 14332 Prevent a race when calling registerWebHandler at runtime References: pull request 14170 Enforce a maximum number of HTTP request fields and a maximum HTTP request line size References: pull request 14333 Fix a race condition with custom Lua web handlers References: pull request 14342 Syslog should be enabled by default References: pull request 14331 Fix a warning when compiling the unit tests without XSK¶ References: pull request 14334 autoconf: allow prerelease systemd versions (Chris Hofstaedtler) References: pull request 14335 Edit the systemd unit file, CAP_BPF is no longer enough References: #14279, pull request 14336 Fix ‘Error creating TCP worker’ error message References: pull request 14337 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0555434effc70080d8278ca3db38fef51bba1efa Author: Michael Tremer Date: Thu Sep 26 14:13:10 2024 +0000 header.pl: Force browsers to reload rrdimage.js Signed-off-by: Michael Tremer commit d1a3fd9e0debf994055a410fbc7e5ba7c7c074b0 Author: Michael Tremer Date: Sun Sep 22 14:33:03 2024 +0000 ovpnmain.cgi: Fix IP address calculation with static pools Signed-off-by: Michael Tremer commit c2cd03024f145375b8e9628fb0bb0a5e6b81e544 Author: Adolf Belka Date: Tue Sep 24 11:43:01 2024 +0200 miniupnpc: Required for build of transmission to replace bundled version - miniupnpc is required for the build of transmiossion but the bundled version was not working properly with version 4.0.6 and we prefer to not use bundled versions. - Only used for the build so rootfile is 100% commented out. No miniupnpc installed on IPFire. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5702c62b11a2ea87b1bf254f30fb7c5e8de12eba Author: Adolf Belka Date: Tue Sep 24 11:43:00 2024 +0200 transmission: Update to version 4.0.6 - Update from version 4.0.5 to 4.0.6 - Update of rootfile not required - Bundled miniupnpc not working with build of 4.0.6 As we prefer not to use bundled packages where possible, this patch set builds miniupnpc prior to transmission. As miniupnpc is only required for the build of transmission, nothing is installed from miniupnpc. - miniupnpc-2.2.8 has a problem with transmission and needs a patch to fix it. Added into the transmission lfs file - Changelog 4.0.6 All Platforms Improved parsing HTTP tracker announce response. (#6223) Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434) Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483) Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514) Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846) macOS Client Fix: Sparkle support for handling beta version updates. (#5263) Fixed app unable to start when having many torrents and TimeMachine enabled. (#6523) Fix: Sparkle Version Comparator. (#6623) Qt Client Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. (#6516) GTK Client Fixed build when compiling with GTKMM 4. (#6393) Added developer name to metainfo files. (#6598) Added the launchable desktop-id to metainfo files. (#6779) Fixed build when compiling on BSD. (#6812) Web Client Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500) Fixed layout issue in speed display. (#6570) General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761) Daemon Fixed a couple of logging issues. (#6463) Everything Else Updated flatpak release metainfo. (#6357) Fixed libtransmission build on very old cmake versions. (#6418) UTP peer connections follow user-defined speed limits better now. (#6551) Only use a single concurrent queue for timeMachineExclude instead of one queue per torrent (#6523). (#6558) Fixed 4.0.5 bug where svg and png icons in the WebUI might not be displayed. (#6563) Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6564) Fixed 4.0.0 bugs where some RPC methods don't put torrents in recently-active anymore. (#6565) Improved parsing HTTP tracker announce response. (#6567) Fixed compatibility with clang-format 18. (#6690) Fixed build when compiling with mbedtls 3.x . (#6823) Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b3d87fa3ea167bb759814b78799b36a79df3b58a Author: Michael Tremer Date: Tue Sep 24 10:01:44 2024 +0000 core190: Ship Compress::Raw::Zlib Signed-off-by: Michael Tremer