lp:~vcs-imports/ipfire/ipfire-2.x

Branch merges

This import branch has no branches proposed for merge into it.

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

12684. By Arne Fitzenreiter on 2024-07-23

core187: ship /usr/bin/unshare

Signed-off-by: Arne Fitzenreiter <email address hidden>

12683. By Arne Fitzenreiter on 2024-07-23

util-linux: ship /usr/bin/unshare

the updated biuldscripts need unshare to build IPFire on IPFire systems.

Signed-off-by: Arne Fitzenreiter <email address hidden>

12682. By Arne Fitzenreiter on 2024-07-18

core187: exclude squid access.log from update

Signed-off-by: Arne Fitzenreiter <email address hidden>

12681. By Arne Fitzenreiter on 2024-07-18

Revert "squid: Comment out access.log in rootfile"

the file was created to be shipped with permissions
so it is needed in the rootfile.

This reverts commit 516d541c29bce32e1241b319fc72eb4d59ea3a58.

12680. By Michael Tremer <email address hidden> on 2024-07-10

make.sh: Update contributors

Signed-off-by: Michael Tremer <email address hidden>

12679. By Michael Tremer <email address hidden> on 2024-07-10

make.sh: Run "make.sh lang"

Signed-off-by: Michael Tremer <email address hidden>

12678. By Michael Tremer <email address hidden> on 2024-07-10

samba: Fix rootfiles

The CGI script, the misc-progs helper and the menu entry were removed.

Signed-off-by: Michael Tremer <email address hidden>

12677. By Adolf Belka <email address hidden> on 2024-07-08

squid: Comment out access.log in rootfile

- Everytime an update has been done on squid the access.log file has been replaced with an
   empty file, losing whatever messages have been in the log.
- This has been the case since squid was implemented in IPFire.
- Update of rootfile to comment out var/log/squid/access.log

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

12676. By Matthias Fischer <email address hidden> on 2024-07-08

apache: Update to 2.4.61

For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.61

"Changes with Apache 2.4.61

  *) SECURITY: CVE-2024-39884: Apache HTTP Server: source code
     disclosure with handlers configured via AddType (cve.mitre.org)
     A regression in the core of Apache HTTP Server 2.4.60 ignores
     some use of the legacy content-type based configuration of
     handlers. "AddType" and similar configuration, under some
     circumstances where files are requested indirectly, result in
     source code disclosure of local content. For example, PHP
     scripts may be served instead of interpreted.
     Users are recommended to upgrade to version 2.4.61, which fixes
     this issue."

Signed-off-by: Matthias Fischer <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

12675. By Adolf Belka <email address hidden> on 2024-07-08

samba: Update to version 4.20.2

- Update from version 4.20.1 to 4.20.2
- Update of rootfile for both x86_64 and aarch64
- After doing a grep into the config directories I realised that the xxxMACHINExxx phrase
   is only added into rootfiles in the main common or package directories and not in the
   x86_64 and aarch64
- In the past I have submitted the samba rootfile with x86_64 replaced by xxxMACHINExxx.
   It seems to have worked, so the replacement probably occurs even in the architecture
   specific directories but it doesn't need to be used there as the directory is clearly
   only for that one architecture.
- Changelog
    4.20.2
    * BUG 15662: vfs_widelinks with DFS shares breaks case insensitivity.
    * BUG 13213: Samba build is not reproducible.
    * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare
      function.
    * BUG 15625: Many qsort() comparison functions are non-transitive, which can
      lead to out-of-bounds access in some circumstances.
    * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI
      bill.
    * BUG 15654: We have added new options --vendor-name and --vendor-patch-
      revision arguments to ./configure to allow distributions and packagers to
      put their name in the Samba version string so that when debugging Samba the
      source of the binary is obvious.
    * BUG 15665: CTDB RADOS mutex helper misses namespace support.
    * BUG 13019: Dynamic DNS updates with the internal DNS are not working.
    * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
      SysvolReady=0.
    * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to
      Windows Server 2022).
    * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger.
    * BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd
      can't use nmb requests instead cldap.
    * BUG 15642: winbindd, net ads join and other things don't work on an ipv6
      only host.
    * BUG 15659: Segmentation fault when deleting files in vfs_recycle.
    * BUG 15664: Panic in vfs_offload_token_db_fetch_fsp().
    * BUG 15666: "client use kerberos" and --use-kerberos is ignored for the
      machine account.
    * BUG 15435: Regression DFS not working with widelinks = true.
    * BUG 15633: samba-gpupdate - Invalid NtVer in netlogon_samlogon_response.
    * BUG 15653: idmap_ad creates an incorrect local krb5.conf in case of trusted
      domain lookups.
    * BUG 15660: The images don't build after the git security release and CentOS
      8 Stream is EOL.

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>