lp:~vcs-imports/ipfire/ipfire-2.x

Branch merges

This import branch has no branches proposed for merge into it.

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11802. By Adolf Belka <email address hidden> on 2023-09-28

libslirp: Add the slirp library as this is required for the net user backend in qemu

- Looking through some of the changelog and some mail list communications it looks like
   qemu decided they did noty want to maintain their own bundled version of libslirp when
   the majority of OS's had their own version now in place. Ubuntu 18.04 did not have
   libslirp but qemu stopped supporting that version from qemu-7.1
- So it looks like all OS's have a standard libslirp available now and qemu have taken
   the decision to no longer have their own version but to use the system version. That
   was always possible to do if use of the system version was explicitly defined but
   the default was to use the bundled version.
- No evidence that libslirp is deprecated.
- The last version of libslirp was released a year ago but it looks like every month or
   so there are a couple of commits merged. The last was a month ago.

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11801. By Adolf Belka <email address hidden> on 2023-09-28

qemu-ga: Update to version 8.1.1

- Update from version 8.0.3 to 8.1.1
- Update of rootfile not required
- Changelog
    8.1
 https://wiki.qemu.org/ChangeLog/8.1

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11800. By Adolf Belka <email address hidden> on 2023-09-28

qemu: Update to version 8.1.1 and add libslirp for net user backend

- Update from version 8.0.3 to 8.1.1
- In CU179 the update of qemu caused at least one user to have a problem starting his
   qemu system as the qemu bundled slirp library used for the net user backend was removed
   in version 7.2. Unfortunately no user tested qemu in the CU179 Testing phase, or if they
   did they are not using the net user backend.
- This patch adds the --enable-slirp option to configure and installs libslirp in a
   separate patch.
- I can't test if this now works as I don't use qemu anywhere.
- Changelog is too large to include here.
    8.1
 https://wiki.qemu.org/ChangeLog/8.1

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11799. By Michael Tremer <email address hidden> on 2023-09-28

core180: Ship bind

Signed-off-by: Michael Tremer <email address hidden>

11798. By Matthias Fischer <email address hidden> on 2023-09-28

bind: Update to 9.16.44

For details see:
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44

Changes since 9.16.40:

9.16.44:
"Previously, sending a specially crafted message
over the control channel could cause the packet-parsing
code to run out of available stack memory, causing named
to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"

9.16.43:
"Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed."

9.16.42:
"The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured max-cache-size
limit. (CVE-2023-2828)

A query that prioritizes stale data over lookup triggers a fetch
to refresh the stale data in cache. If the fetch is aborted for
exceeding the recursion quota, it was possible for named to enter
an infinite callback loop and crash due to stack overflow. This
has been fixed. (CVE-2023-2911)

Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed."

9.16.41:
"When removing delegations from an opt-out range, empty-non-terminal
NSEC3 records generated by those delegations were not cleaned up.
This has been fixed."

Signed-off-by: Matthias Fischer <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11797. By Michael Tremer <email address hidden> on 2023-09-28

core180: Ship extrahd.pl

Signed-off-by: Michael Tremer <email address hidden>

11796. By Arne Fitzenreiter on 2023-09-28

extrahd: add forgotten udev_event handler to mount partitions via udev

Signed-off-by: Arne Fitzenreiter <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11795. By Michael Tremer <email address hidden> on 2023-09-19

core180: Ship suricata

Signed-off-by: Michael Tremer <email address hidden>

11794. By Matthias Fischer <email address hidden> on 2023-09-19

suricata: Update to 6.0.14

Excerpt from changelog:

"6.0.14 -- 2023-09-13

Security #6289: Crash in SMTP parser during parsing of email (6.0.x backport)
Security #6196: process exit in hyperscan error handling (6.0.x backport)
Security #6156: dcerpc: max-tx config parameter, also for UDP (6.0.x backport)
Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport)
Bug #6248: Multi-tenancy: crash under test mode when tenant signature load fails (6.0.x backport)
Bug #6245: tcp: RST with data used in reassembly (6.0.x backport)
Bug #6236: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc (6.0.x backport)
Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport)
Bug #6227: windows: lua script path truncated (6.0.x backport)
Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport)
Bug #6224: base64: complete support for RFC2045 (6.0.x backport)
Bug #6220: Backport tenant_id conversion to uint32_t
Bug #6213: file.magic: rule reload can lead to crashes (6.0.x backport)
Bug #6193: smtp: Attachment not being md5 matched (6.0.x backport)
Bug #6192: smtp: use every byte to compute email.body_md5 (6.0.x backport)
Bug #6182: log-pcap: fix segfault on lz4 compressed pcaps (6.0.x backport)
Bug #6181: eve/alert: deprecated fields can have unexpected side affects (6.0.x backport)
Bug #6174: FTP bounce detection doesn't work for big-endian platforms (6.0.x backport)
Bug #6166: http2: fileinfo events log http2 object instead of http object as alerts and http2 do (6.0.x backport)
Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport)
Bug #6082: pcap: device reopen broken (6.0.x backport)
Bug #6068: pcap: memory leaks (6.0.x backport)
Bug #6045: detect: multi-tenancy leaks memory if more than 1 tenant registered (6.0.x backport)
Bug #6035: stream.midstream: if enabled breaks exception policy (6.0.x backport)
Bug #5915: rfb: parser returns error on unimplemented record types (6.0.x backport)
Bug #5794: eve: if alert and drop rules match for a packet, "alert.action" is ambigious (6.0.x backport)
Bug #5439: Invalid certificate when Issuer is not present.
Optimization #6229: Performance impact of Cisco Fabricpath (6.0.x backport)
Optimization #6203: detect: modernize filename fileext filemagic (6.0.x backport)
Optimization #6153: suricatasc: Gracefully handle unsupported commands (6.0.x backport)
Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport)
Feature #5935: ips: add 'master switch' to enable dropping on traffic (handling) exceptions (6.0.x backport)
Documentation #6234: userguide: add installation from Ubuntu PPA section (6.0.x backport)"

Signed-off-by: Matthias Fischer <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

11793. By Arne Fitzenreiter on 2023-09-17

Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter <email address hidden>