commit 28e8d436fc14cc2a0bcc16251756951178b8f6f0 Author: Peter Müller Date: Sun Apr 21 21:10:52 2024 +0000 Remove orphaned Apache patch See: https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/BENPLQ43YKYOWIKIEXHDVEQWNE3SBKEH/ Signed-off-by: Peter Müller commit e212c7293d717aa70c9b03ad0b282dd76e6d68e6 Author: Peter Müller Date: Sun Apr 21 21:10:29 2024 +0000 Core Update 186: Ship and restart Apache Signed-off-by: Peter Müller commit 9fbb9c39fb13dbfbe90c3038fcb5abbe771ad91f Author: Matthias Fischer Date: Sun Apr 21 14:55:25 2024 +0200 apache: Update to 2.4.59 For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.59 Fixes CVE-2024-27316 / CVE-2024-24795 / CVE-2023-38709 Previously applied patch (apache-2.4.58_mod_xml2enc_remove_dependency_on_xmlstring_header.patch) has been removed - is now included. Signed-off-by: Matthias Fischer Reviewed-by: Peter Müller commit 9ce9514bad8109a9ffa0f4206a7668757221287c Author: Peter Müller Date: Sun Apr 21 20:09:40 2024 +0000 libloc: Adjust changed URL format Signed-off-by: Peter Müller commit 658e1675f7da0d7d02216a083f71e34d4eeabd5e Author: Peter Müller Date: Sun Apr 21 20:06:52 2024 +0000 langs: Update Spamhaus DROP URL Signed-off-by: Peter Müller commit 3cc7b53a8774f750dc0bdeb66715ec013586c0ae Author: Peter Müller Date: Sun Apr 21 20:04:51 2024 +0000 libloc: Update location database shipped with new installations Signed-off-by: Peter Müller commit ba5da82e9be39e2236a709c9d61f48b217c5dd35 Author: Arne Fitzenreiter Date: Fri Apr 19 19:55:13 2024 +0000 core186: ship ipblocklist sources Signed-off-by: Arne Fitzenreiter commit 4fdaa9577b45487dd13df467d09817beafc1e1f1 Author: Adolf Belka Date: Fri Apr 19 15:39:41 2024 +0200 backup.pl: removes any references to ALIENVAULT & SPAMHAUSEDROP from restores - This patch ensures that if a restore is carried out from an earlier version that includes ALIENVAULT and/or SPAMHAUS_EDROP that the references will be removed. - This is the same code as was put into the update.sh file with the previous patch of this set. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 6408ff8d6a952cd88927a7ba6a7aece6cdfb04c0 Author: Adolf Belka Date: Fri Apr 19 15:39:40 2024 +0200 update.sh: Remove existing entries for ALIENVAULT & SPAMHAUS_EDROP - This removes any time entries in the modified file for either ALIENVAULT or SPAMHAUS_EDROP. - This also removes any blocklists for either of these sources from the /var/lib/ipblocklist directory. - This patch will ensure that any reference to either of these sources is removed from the ipblocklist files. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 78e2c1dce515487d7db912970a1e12202990662d Author: Adolf Belka Date: Fri Apr 19 15:39:39 2024 +0200 sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources - ALIENVAULT has not been updated since at least Nov 2022 but probably earlier. There is no date for the file to be downloaded but a forum user has log messages from Nov 2022 that indicate the file had not changed as therefore no download occurred. - AT&T aquired AlienVault in August 2018. Somewhere between 2018 and 2022 the list stopped getting updated. AlienVault references on the AT&T website are now for a different product. - Discussed in IPFire conf call of April 2024 and agreed to remove the ALIENVAULT blocklist. - On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP list. The eDROP list is still available but is now empty. Trying to select the SPAMHAUS_EDROP list gives an error message that the blocklist was found to be empty. - This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists from the ipblocklist sources file. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit fc2b1edc73a536a231a9e89e795ba55e42b902c8 Author: Arne Fitzenreiter Date: Fri Apr 19 18:53:27 2024 +0000 core185: ship fixes for bug12763 Signed-off-by: Arne Fitzenreiter commit 238a47874fe044ae90129bde10b267063c4305f5 Author: Adolf Belka Date: Thu Apr 11 17:01:08 2024 +0200 oci-setup: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 2841a675482879a5eb6bfeaabb268066af762e9d Author: Adolf Belka Date: Thu Apr 11 17:01:07 2024 +0200 gcp-setup: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 3162b6ccfa2fb22513c7d23d29f0509343f46828 Author: Adolf Belka Date: Thu Apr 11 17:01:06 2024 +0200 exoscale-setup: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 1db5f96c5ebbb2074c9c0a3edf29866c4769da11 Author: Adolf Belka Date: Thu Apr 11 17:01:05 2024 +0200 azure-setup: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit eb0de6531c441663477cf7e139f1bd5321630eef Author: Adolf Belka Date: Thu Apr 11 17:01:04 2024 +0200 aws-setup: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 4f455c488ee8542bea4ccbe439351b3e9973c6e4 Author: Adolf Belka Date: Thu Apr 11 17:01:03 2024 +0200 ip-up: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 9c28cd59c1b4f535382e5e4e7952d921af8cc03b Author: Adolf Belka Date: Thu Apr 11 17:01:02 2024 +0200 red: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot if an empty table is accessed. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit e33ee46e621eb6967c954a9d3b4683880e372579 Author: Adolf Belka Date: Thu Apr 11 17:01:01 2024 +0200 static-routes: Fixes bug12763 - This ensures that all ip route and ip rule commands are redirected to null if the output is not used to feed into a variable. - This will prevent any error messages related to empty iproute tables being displayed during boot. - Tested on my vm system and confirmed that the fix in ipsec-interfaces stops the "FIB table does not exist" and "RTNETLINK answers: no such file or directory" messages during boot. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 87a97a431915849cf6d19e1b7137b4fb0b6dd91d Author: Adolf Belka Date: Thu Apr 11 17:01:00 2024 +0200 ipsec-interfaces: Fixes bug12763 - Some of the ip route commands are not redirected to null. This causes the "FIB table does not exist" message from bug12763 - This patch makes all ip route commands get redirected to null, preventing the error message from being seen at boot. - One of the ip rule commands is not redirected to null. This causes the "RTNETLINK answers: no such file or directory" message. - This patch makes all ip rule commands get redirected to null, preventing the error message from being seen at boot. - Additional patches in this set ensure that all ip route and ip rule commands in all IPFire code is redirected to null unless the output of the ip route or ip rule command is used in a variable for use elsewhere in the code. - Tested on my vm system and confirmed that the fix in ipsec-interfaces stops the "FIB table does not exist" and "RTNETLINK answers: no such file or directory" messages during boot. Fixes: Bug#12763 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit dbda89e0fce3514f6d1d1f3d2499d7d26227f34b Author: Arne Fitzenreiter Date: Fri Apr 19 06:17:04 2024 +0000 core186: remove incinga and sslh if installed Signed-off-by: Arne Fitzenreiter commit ea7dd6822c54db2fc6a70b6de1d05d8e25cb8099 Author: Adolf Belka Date: Wed Apr 10 13:39:39 2024 +0200 icinga: Removal of icinga addon - As discussed in the Dev conf call on 2024-Jan-08 - The 1.x version of Icinga has been EOL since 2018 - The 2.x version would require a complete new configuration approach as the settings and options are completely different to 1.x and so would be a start from scratch. - removal of icinga from make.sh file - removal of lfs file - removal of rootfile - removal of configuration file - removal of backup includes file Signed-off-by: Adolf Belka Acked-by: Peter Müller Signed-off-by: Arne Fitzenreiter commit e792c3b9457e1c2f8a0aac384c55c1e823ff5f85 Author: Adolf Belka Date: Tue Apr 9 16:07:09 2024 +0200 initscripts: Removal of references to sslh - sslh is listed in the initscripts lfs and rootfiles. - Removal of these references with the bremoval of sslh Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 4ed125ae66ed72cbaf58e52d800be3d6a87c732b Author: Adolf Belka Date: Tue Apr 9 16:07:08 2024 +0200 sslh: Removal of sslh addon - As discussed in the Dev conf call on 2024-Apr-08 - sslh has not been functioning since last update ion Sep 2021. Configuration syntax was radically changed somewhere in the update from 1.7a(2013) to 1.22c in Sep 2021 - removal of sslh from make file - removal of lfs file - removal of rootfile - removal of paks files - removal of initscript Signed-off-by: Adolf Belka Signed-off-by: Arne Fitzenreiter commit 4b7906cc4b7b30641ab7b114b95da738a79e6417 Author: Michael Tremer Date: Fri Apr 5 13:03:01 2024 +0000 dnsdist: Update to 1.9.3 Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit f102cdc5159c6f1342a8f4a665539f2c26874e9e Author: Michael Tremer Date: Fri Apr 5 12:59:42 2024 +0000 installer: Fix using uninitialized variables Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit af932f13dd270e2faa605ae20a3107fdf12ee2ef Author: Michael Tremer Date: Fri Apr 5 12:59:41 2024 +0000 installer: Fix more const warnings Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit fd0b10c92cdc87c56fb51a3316f12a0412278a4e Author: Michael Tremer Date: Fri Apr 5 12:59:40 2024 +0000 installer: Pass correct length of hostname to sethostname() Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 874ec4b0495a957e7dd453463d719ac6ca14f4c9 Author: Michael Tremer Date: Fri Apr 5 12:59:39 2024 +0000 installer: Replace all uses of strncpy with snprintf Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 1415e83a3473e864ce4bd683485e02e8f1326961 Author: Michael Tremer Date: Fri Apr 5 12:59:38 2024 +0000 installer: Correctly pass mount flags Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit eb64913be183be3ce4fecf6c0b5270a2d1cd98d0 Author: Michael Tremer Date: Fri Apr 5 12:59:37 2024 +0000 installer: Fix use of uninitialized variable Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit cebe531b7050159b5a32b18fa37e8e656ce53bab Author: Michael Tremer Date: Fri Apr 5 12:59:36 2024 +0000 installer: Remove unused variables Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 0e0346cc4bb6c33ad44c5a361a4cd42cb6a6aaa1 Author: Michael Tremer Date: Fri Apr 5 12:59:35 2024 +0000 installer: Make hw_mkdir static Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 428490406d68848b3b42a0a77dc5e3e7e785c958 Author: Michael Tremer Date: Fri Apr 5 12:59:34 2024 +0000 installer: Make btrfs functions static Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 16640487b0a52b2923ba402feb5ff5d7b0b26a81 Author: Michael Tremer Date: Fri Apr 5 12:59:33 2024 +0000 installer: Fix lots of constify issues Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit eb3ede284b1f445715c83ec20b2e364419f1f5a2 Author: Michael Tremer Date: Fri Apr 5 12:59:32 2024 +0000 installer: Remove obsolete macros from configure script Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit c4d47a112c9095c500850cde687de8d8e21d7449 Author: Michael Tremer Date: Fri Apr 5 12:59:31 2024 +0000 installer: Translate BTRFS string Fixes: #13630 - BTRFS - Add translations to installer Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 2667749996b628238de92aa839dcc276b24076cb Author: Michael Tremer Date: Fri Apr 5 12:59:30 2024 +0000 installer: Update language files Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 1f57daefa1d32926a8eb85db605fc8f6fbbc84d8 Author: Michael Tremer Date: Fri Apr 5 10:05:53 2024 +0000 dnsdist: Update to 1.9.2 Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit ef739f2379b5d51353a2f872c41c2dd2456cb11d Author: Rico Hoppe Date: Sun Mar 31 20:39:24 2024 +0000 CONTRIBUTING.md: adjust links to new URLs - change wiki to documentation - fix bugzilla link Signed-off-by: Rico Hoppe Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 4e4316ef6f547146b4c2f291fd9945c82689835c Author: Arne Fitzenreiter Date: Fri Apr 19 05:59:16 2024 +0000 core186: ship bind Signed-off-by: Arne Fitzenreiter commit 6f1b0fecd20e158261d63e193eeabbb83fafa3f3 Author: Matthias Fischer Date: Sun Mar 24 00:28:40 2024 +0100 bind: Update to 9.16.49 For details see: https://downloads.isc.org/isc/bind9/9.16.49/doc/arm/html/notes.html#notes-for-bind-9-16-49 "Bug Fixes A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. [GL #4596] Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. [GL #4621] The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. [GL #4591] It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. [GL #4595]" Signed-off-by: Matthias Fischer Signed-off-by: Arne Fitzenreiter commit a8e7c5ff8617fbda3fbc2460b860b31d25741c94 Author: Arne Fitzenreiter Date: Wed Apr 17 19:39:14 2024 +0200 kernel: update to 6.6.28 Signed-off-by: Arne Fitzenreiter commit 24f2ab15c632081d51781eafad330710056f6faa Author: Arne Fitzenreiter Date: Tue Apr 16 06:50:49 2024 +0200 kernel: rootfile update Signed-off-by: Arne Fitzenreiter commit 4b5d8a37b69c29dae49a6cf561ed669aa44f4d64 Author: Arne Fitzenreiter Date: Sun Apr 14 14:38:32 2024 +0200 kernel: disable CONFIG_N_GSM this feature should not used by IPFire and there is a possible unfixed race condition that can used for a privilege elevation attack. Signed-off-by: Arne Fitzenreiter commit 991b7eb4e2c7086aaa01700357f9d166143cbd56 Author: Arne Fitzenreiter Date: Sun Apr 14 14:38:00 2024 +0200 kernel: update to 6.6.27 Signed-off-by: Arne Fitzenreiter commit 31a8214d1651e556f3eac2d8fd19ca9ec5bde724 Author: Arne Fitzenreiter Date: Thu Apr 11 12:55:25 2024 +0200 kernel: update to 6.6.26 Signed-off-by: Arne Fitzenreiter commit 103aa06884f0d4a29e041545f091546fd384d654 Merge: 833d42fed 76ba16aef Author: Arne Fitzenreiter Date: Wed Apr 10 07:11:02 2024 +0200 Merge remote-tracking branch 'origin/master' into next commit 76ba16aef070d5efd10325b8a34a134ec04dcaf2 Author: Michael Tremer Date: Tue Apr 9 10:51:18 2024 +0100 suricata: Change midstream policy to "pass-flow" Pass packet isn't allowed here. Signed-off-by: Michael Tremer commit 833d42fed0d733952a95b98e016d0560b5142e1d Merge: 11a778d83 ee13f80e5 Author: Arne Fitzenreiter Date: Tue Apr 9 06:52:42 2024 +0200 Merge remote-tracking branch 'origin/master' into next