slackware-current/source/a/sysvinit-scripts/scripts/rc.6

370 lines
11 KiB
Groff
Raw Normal View History

#!/bin/bash
#
# rc.6 This file is executed by init when it goes into runlevel
# 0 (halt) or runlevel 6 (reboot). It kills all processes,
# unmounts file systems and then either halts or reboots.
#
# Version: @(#)/etc/rc.d/rc.6 15.0 Wed Nov 10 21:19:42 UTC 2021
#
# Author: Miquel van Smoorenburg <miquels@drinkel.nl.mugnet.org>
# Modified by: Patrick J. Volkerding, <volkerdi@slackware.com>
# Set the path.
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
# If we are in an lxc container, set $container to skip parts of the script.
# Thanks to Matteo Bernardini <ponce@slackbuilds.org> and Chris Willing for
# the initial work making this script lxc compatible.
if grep -aq container=lxc /proc/1/environ 2> /dev/null ; then
container="lxc"
fi
# If there are SystemV init scripts for this runlevel, run them.
if [ -x /etc/rc.d/rc.sysvinit ]; then
/etc/rc.d/rc.sysvinit
fi
# Set linefeed mode to avoid staircase effect.
/bin/stty onlcr
echo "Running shutdown script $0:"
# Find out how we were called.
case "$0" in
*0)
shutdown_command="halt"
;;
*6)
shutdown_command=reboot
;;
*)
echo "$0: call me as \"rc.0\" or \"rc.6\" please!"
exit 1
;;
esac
# Restart init. This prevents init from hanging on to file handles for removed
# glibc shared libraries in the case that those were upgraded or reinstalled.
/sbin/telinit u
# Save the system time to the hardware clock using hwclock --systohc.
# This will also create or update the timestamps in /etc/adjtime.
if [ -x /sbin/hwclock -a -z "$container" ]; then
# Check for a broken motherboard RTC clock (where ioports for rtc are
# unknown) to prevent hwclock causing a hang:
if ! grep -q " : rtc" /proc/ioports ; then
CLOCK_OPT="--directisa"
fi
if [ /etc/adjtime -nt /etc/hardwareclock ]; then
if grep -q "^LOCAL" /etc/adjtime ; then
echo "Saving system time to the hardware clock (localtime)."
else
echo "Saving system time to the hardware clock (UTC)."
fi
/sbin/hwclock $CLOCK_OPT --systohc
elif grep -q "^UTC" /etc/hardwareclock 2> /dev/null ; then
echo "Saving system time to the hardware clock (UTC)."
if [ ! -r /etc/adjtime ]; then
echo "Creating system time correction file /etc/adjtime."
fi
/sbin/hwclock $CLOCK_OPT --utc --systohc
else
echo "Saving system time to the hardware clock (localtime)."
if [ ! -r /etc/adjtime ]; then
echo "Creating system time correction file /etc/adjtime."
fi
/sbin/hwclock $CLOCK_OPT --localtime --systohc
fi
fi
# Run any local shutdown scripts:
if [ -x /etc/rc.d/rc.local_shutdown ]; then
/etc/rc.d/rc.local_shutdown stop
fi
# Stop the Apache web server:
if [ -x /etc/rc.d/rc.httpd ]; then
/etc/rc.d/rc.httpd stop
fi
# Stop the MySQL database:
if [ -x /etc/rc.d/rc.mysqld -a -r /var/run/mysql/mysql.pid ]; then
/etc/rc.d/rc.mysqld stop
fi
# Stop the Samba server:
if [ -x /etc/rc.d/rc.samba ]; then
/etc/rc.d/rc.samba stop
fi
# Shut down the NFS server:
if [ -x /etc/rc.d/rc.nfsd ]; then
/etc/rc.d/rc.nfsd stop
fi
# Shut down the SSH server:
if [ -x /etc/rc.d/rc.sshd ]; then
/etc/rc.d/rc.sshd stop
fi
# Shut down the SASL authentication daemon:
if [ -x /etc/rc.d/rc.saslauthd ]; then
/etc/rc.d/rc.saslauthd stop
fi
# Shut down OpenLDAP:
if [ -x /etc/rc.d/rc.openldap ]; then
/etc/rc.d/rc.openldap stop
fi
# Stop the haveged entropy daemon:
if [ -x /etc/rc.d/rc.haveged -a -z "$container" ]; then
/etc/rc.d/rc.haveged stop
fi
# Kill any processes (typically gam) that would otherwise prevent
# unmounting NFS volumes:
unset FUSER_DELAY
for dir in $(/bin/mount | grep -e 'type nfs ' -e 'type nfs4 ' | sed -e 's|.* on ||g' | cut -d ' ' -f 1) ; do
echo "Killing processes holding NFS mount $dir open..."
# Background this to prevent fuser from also blocking shutdown:
Wed Jul 25 03:50:17 UTC 2018 a/kernel-generic-4.14.57-x86_64-1.txz: Upgraded. a/kernel-huge-4.14.57-x86_64-1.txz: Upgraded. a/kernel-modules-4.14.57-x86_64-1.txz: Upgraded. a/shadow-4.2.1-x86_64-5.txz: Rebuilt. adduser: added "input" to additional user groups. Thanks to stormtracknole. a/sysvinit-scripts-2.1-noarch-14.txz: Rebuilt. Handle remote (NFS, etc.) mounts with spaces in the name. Thanks to upnort. d/kernel-headers-4.14.57-x86-1.txz: Upgraded. d/parallel-20180722-noarch-1.txz: Upgraded. d/rust-1.27.2-x86_64-1.txz: Upgraded. d/subversion-1.10.2-x86_64-1.txz: Upgraded. k/kernel-source-4.14.57-noarch-1.txz: Upgraded. l/libgphoto2-2.5.19-x86_64-1.txz: Upgraded. l/libzip-1.5.1-x86_64-4.txz: Rebuilt. Make sure that the API-CHANGES file is included in the package documentation. x/xf86-video-r128-6.11.0-x86_64-1.txz: Upgraded. x/xorg-server-1.20.0-x86_64-3.txz: Rebuilt. Applied some patches that other distributions have been using for a while: Fix glamor so that the return value from glamor_fds_from_pixmap matches what's expected (thanks to Darth Vader for pointing out these patches). Autobind secondary GPUs to the master as output sink / offload source. This seems like a beneficial patch until/unless DEs start to handle this. For nvidia cards, if they are GeForce 8 or newer use the modesetting driver by default. Seems to be recommmended by upstream where they indicate that fixes going into nouveau are primarily to target older cards for legacy support and that the modesetting ddx is preferable for newer ones: https://bugs.freedesktop.org/show_bug.cgi?id=94844 x/xorg-server-xephyr-1.20.0-x86_64-3.txz: Rebuilt. x/xorg-server-xnest-1.20.0-x86_64-3.txz: Rebuilt. x/xorg-server-xvfb-1.20.0-x86_64-3.txz: Rebuilt. isolinux/initrd.img: Rebuilt. Use ter-v14v.psf.gz as the consolefont. It supports more character sets, and the larger font was causing wraparound on UEFI (at least on bare metal here). kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2018-07-25 05:50:17 +02:00
/usr/bin/fuser -k -M -m "$dir" &
FUSER_DELAY=5
done
# If fuser was run, let it have some delay:
if [ ! -z "$FUSER_DELAY" ]; then
sleep $FUSER_DELAY
fi
# Unmount any NFS, SMB, or CIFS filesystems:
echo "Unmounting remote filesystems:"
/bin/umount -v -a -l -f -r -t nfs,nfs4,smbfs,cifs | tr -d ' ' | grep successfully | sed "s/:successfullyunmounted/ has been successfully unmounted./g"
# Update PATH hashes:
hash -r
Fri Sep 17 04:17:57 UTC 2021 a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded. a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt. Stop D-Bus after NFS partitions are unmounted to avoid a hang. Thanks to vulcan59 and bassmadrigal. ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded. l/fftw-3.3.10-x86_64-1.txz: Upgraded. l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded. l/pipewire-0.3.36-x86_64-1.txz: Upgraded. n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt. Applied upstream patch: DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages. Thanks to marav. n/httpd-2.4.49-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic] core: ap_escape_quotes buffer overflow mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] core: null pointer dereference on malformed request mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193 (* Security fix *) x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded. x/libpinyin-2.6.1-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
2021-09-17 06:17:57 +02:00
# Stop D-Bus:
if [ -x /etc/rc.d/rc.messagebus ]; then
/etc/rc.d/rc.messagebus stop
fi
# Try to shut down pppd:
PS="$(ps ax)"
if echo "$PS" | grep -q -w pppd ; then
if [ -x /usr/sbin/ppp-off ]; then
/usr/sbin/ppp-off
fi
fi
# Shut down YP services:
if [ -x /etc/rc.d/rc.yp ]; then
if grep -wq stop /etc/rc.d/rc.yp ; then
/etc/rc.d/rc.yp stop
fi
fi
# Bring down the networking system, but first make sure that this
# isn't a diskless client with the / partition mounted via NFS:
if ! /bin/mount | grep -q -e 'on / type nfs' -e 'on / type nfs4' ; then
if [ -x /etc/rc.d/rc.inet1 ]; then
/etc/rc.d/rc.inet1 stop
fi
fi
# In case dhcpcd might have been manually started on the command line,
# look for the .pid file, and shut dhcpcd down if it's found:
if /bin/ls /etc/dhcpc/*.pid 1> /dev/null 2> /dev/null ; then
/sbin/dhcpcd -k 1> /dev/null 2> /dev/null
# A little time for /etc/resolv.conf and/or other files to
# restore themselves.
sleep 2
fi
Thu Dec 22 03:40:55 UTC 2022 a/sysvinit-scripts-15.1-noarch-3.txz: Rebuilt. rc.6: support an optional rc.firewall_shutdown script. Most firewall scripts don't need a formal shutdown, but in some cases it can be useful. If your rc.firewall script supports a stop parameter, the shutdown script should just contain "/etc/rc.d/rc.firewall stop", or rc.firewall_shutdown could also be a symlink to the rc.firewall script in that case. But how the script works is (like the rc.firewall script support) completely up to the admin. Thanks to metaed for the suggestion. Please note that contrary to the request, I placed this *after* the network is shut down to avoid removing firewall protection while the interfaces are still active. Whether it'll work in this place for metaed's (or anyone else's) needs, I'm not sure. It's a start. Feel free to weigh in on the LQ thread if you have any ideas for improvement, but the goal here is to keep this support as simple and flexible as possible. d/nasm-2.16-x86_64-1.txz: Upgraded. d/parallel-20221222-noarch-1.txz: Upgraded. n/bind-9.18.10-x86_64-1.txz: Upgraded. n/curl-7.87.0-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-102.6.1-x86_64-1.txz: Upgraded. This release contains a security fix and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/ https://www.cve.org/CVERecord?id=CVE-2022-46874 (* Security fix *) xfce/xfce4-screenshooter-1.10.0-x86_64-1.txz: Upgraded.
2022-12-22 04:40:55 +01:00
# If there is a firewall_shutdown script, run it. Most firewall setups
# will not need to be formally shut down, but in case yours needs that
# (perhaps to do some shutdown-time cleanup or to save the state), then
# create an /etc/rc.d/rc.firewall_shutdown script to do these things.
# If your rc.firewall script supports a "stop" parameter, you might only
# need this in your rc.firewall_shutdown script:
#
# /etc/rc.d/rc.firewall stop
#
# Or in that case you could also just make rc.firewall_shutdown a symlink
# to the rc.firewall script, since we also provide the stop parameter here.
if [ -x /etc/rc.d/rc.firewall_shutdown ]; then
/etc/rc.d/rc.firewall_shutdown stop
fi
# Shut down PCMCIA devices:
if [ -x /etc/rc.d/rc.pcmcia -a -z "$container" ]; then
/etc/rc.d/rc.pcmcia stop
# The cards might need a little extra time here to deactivate:
/bin/sleep 5
fi
# Turn off process accounting:
if [ -x /sbin/accton -a -r /var/log/pacct ]; then
/sbin/accton off
fi
# Terminate acpid before syslog:
if [ -x /etc/rc.d/rc.acpid -a -r /var/run/acpid.pid -a -z "$container" ]; then # quit
/etc/rc.d/rc.acpid stop
fi
# Stop udev:
if [ -x /etc/rc.d/rc.udev -a -z "$container" ]; then
/etc/rc.d/rc.udev force-stop
fi
# Kill all remaining processes.
OMITPIDS="$(for p in $(pgrep mdmon); do echo -o $p; done)" # Don't kill mdmon
if [ ! "$1" = "fast" ]; then
echo "Sending all processes the SIGTERM signal."
/sbin/killall5 -15 $OMITPIDS
/bin/sleep 5
echo "Sending all processes the SIGKILL signal."
/sbin/killall5 -9 $OMITPIDS
fi
# Try to turn off quota.
if grep -q quota /etc/fstab ; then
if [ -x /sbin/quotaoff -a -z "$container" ]; then
echo "Turning off filesystem quotas."
/sbin/quotaoff -a
fi
fi
# Carry a random seed between reboots.
Wed Apr 6 20:23:46 UTC 2022 a/haveged-1.9.17-x86_64-2.txz: Rebuilt. Install /etc/rc.d/rc.haveged as non-executable. For existing installations running a recent kernel, it is safe to turn this off. Back when we added the haveged package we were using the 4.4 kernel, but since Linux 5.4 this same entropy generating algorithm has been built into the kernel, so there's no reason to also run it in userspace. We'll keep the package around (for now, anyway) in case someone might be running an old kernel. Thanks to Jason A. Donenfeld. a/sysvinit-scripts-15.0-noarch-10.txz: Rebuilt. rc.S, rc.6: use the seedrng utility to seed and initialize the kernel random number generator and generate a new seed. If seedrng is missing, we'll attempt to do these things with scripting. Thanks to Jason A. Donenfeld for hints about how to make a modest improvement in that regard (blame me for any problems with my own changes), but because you can't force the kernel RNG to initialize with a script (it needs an ioctl), you won't get the same guarantees that you do when using the new seedrng utility. a/util-linux-2.38-x86_64-2.txz: Rebuilt. Added seedrng utility, used to seed and initialize the kernel random number generator and to generate new seeds for carrying entropy across reboots. Thanks to Jason A. Donenfeld. n/libmnl-1.0.5-x86_64-1.txz: Upgraded. n/libnfnetlink-1.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.8.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
2022-04-06 22:23:46 +02:00
# Doing this properly requires the seedrng utility.
if [ -z "$container" ]; then
Wed Apr 6 20:23:46 UTC 2022 a/haveged-1.9.17-x86_64-2.txz: Rebuilt. Install /etc/rc.d/rc.haveged as non-executable. For existing installations running a recent kernel, it is safe to turn this off. Back when we added the haveged package we were using the 4.4 kernel, but since Linux 5.4 this same entropy generating algorithm has been built into the kernel, so there's no reason to also run it in userspace. We'll keep the package around (for now, anyway) in case someone might be running an old kernel. Thanks to Jason A. Donenfeld. a/sysvinit-scripts-15.0-noarch-10.txz: Rebuilt. rc.S, rc.6: use the seedrng utility to seed and initialize the kernel random number generator and generate a new seed. If seedrng is missing, we'll attempt to do these things with scripting. Thanks to Jason A. Donenfeld for hints about how to make a modest improvement in that regard (blame me for any problems with my own changes), but because you can't force the kernel RNG to initialize with a script (it needs an ioctl), you won't get the same guarantees that you do when using the new seedrng utility. a/util-linux-2.38-x86_64-2.txz: Rebuilt. Added seedrng utility, used to seed and initialize the kernel random number generator and to generate new seeds for carrying entropy across reboots. Thanks to Jason A. Donenfeld. n/libmnl-1.0.5-x86_64-1.txz: Upgraded. n/libnfnetlink-1.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.8.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
2022-04-06 22:23:46 +02:00
# Any old seed that exists here shall be deemed useless:
if [ -f /etc/random-seed ]; then
rm -f /etc/random-seed
Mon Apr 11 20:49:27 UTC 2022 a/aaa_libraries-15.1-x86_64-3.txz: Rebuilt. Upgraded: libz.so.1.2.12, libexpat.so.1.8.8, libcap.so.2.64, libicudata.so.70.1, libicui18n.so.70.1, libicuio.so.70.1, libicutest.so.70.1, libicutu.so.70.1, libicuuc.so.70.1. The icu4c libraries are from the previous package (for temporary compatibility) and will be removed in a month or so. Removed: liblber-2.4.so.2.11.7, libldap-2.4.so.2.11.7. a/haveged-1.9.18-x86_64-1.txz: Upgraded. I've decided to turn this back on by default in light of comments in README.md. It doesn't hurt to have an additional source of entropy (especially in early boot), and the overhead from running this daemon is negligible. a/sysvinit-scripts-15.0-noarch-11.txz: Rebuilt. rc.S, rc.6: use a temporary umask and more syncing to avoid any races when creating the random seed directory and files. Use the poolsize rather than a hardcoded 512 bytes when creating a non-creditable seed in the fallback scripts. Thanks to Jason A. Donenfeld. a/xfsprogs-5.13.0-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. ap/inxi-3.3.15_1-noarch-1.txz: Upgraded. ap/sqlite-3.38.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. d/help2man-1.49.2-x86_64-1.txz: Upgraded. kde/attica-5.93.0-x86_64-1.txz: Upgraded. kde/baloo-5.93.0-x86_64-1.txz: Upgraded. kde/bluez-qt-5.93.0-x86_64-1.txz: Upgraded. kde/breeze-icons-5.93.0-noarch-1.txz: Upgraded. kde/extra-cmake-modules-5.93.0-x86_64-1.txz: Upgraded. kde/frameworkintegration-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-stats-5.93.0-x86_64-1.txz: Upgraded. kde/kapidox-5.93.0-x86_64-1.txz: Upgraded. kde/karchive-5.93.0-x86_64-1.txz: Upgraded. kde/kauth-5.93.0-x86_64-1.txz: Upgraded. kde/kbookmarks-5.93.0-x86_64-1.txz: Upgraded. kde/kcalendarcore-5.93.0-x86_64-1.txz: Upgraded. kde/kcmutils-5.93.0-x86_64-1.txz: Upgraded. kde/kcodecs-5.93.0-x86_64-1.txz: Upgraded. kde/kcompletion-5.93.0-x86_64-1.txz: Upgraded. kde/kconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kconfigwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kcontacts-5.93.0-x86_64-1.txz: Upgraded. kde/kcoreaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kcrash-5.93.0-x86_64-1.txz: Upgraded. kde/kdav-5.93.0-x86_64-1.txz: Upgraded. kde/kdbusaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kdeclarative-5.93.0-x86_64-1.txz: Upgraded. kde/kded-5.93.0-x86_64-1.txz: Upgraded. kde/kdelibs4support-5.93.0-x86_64-1.txz: Upgraded. kde/kdesignerplugin-5.93.0-x86_64-1.txz: Upgraded. kde/kdesu-5.93.0-x86_64-1.txz: Upgraded. kde/kdewebkit-5.93.0-x86_64-1.txz: Upgraded. kde/kdnssd-5.93.0-x86_64-1.txz: Upgraded. kde/kdoctools-5.93.0-x86_64-1.txz: Upgraded. kde/kemoticons-5.93.0-x86_64-1.txz: Upgraded. kde/kfilemetadata-5.93.0-x86_64-1.txz: Upgraded. kde/kglobalaccel-5.93.0-x86_64-1.txz: Upgraded. kde/kguiaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kholidays-5.93.0-x86_64-1.txz: Upgraded. kde/khtml-5.93.0-x86_64-1.txz: Upgraded. kde/ki18n-5.93.0-x86_64-1.txz: Upgraded. kde/kiconthemes-5.93.0-x86_64-1.txz: Upgraded. kde/kidletime-5.93.0-x86_64-1.txz: Upgraded. kde/kimageformats-5.93.0-x86_64-1.txz: Upgraded. kde/kinit-5.93.0-x86_64-1.txz: Upgraded. kde/kio-5.93.0-x86_64-1.txz: Upgraded. kde/kirigami2-5.93.0-x86_64-1.txz: Upgraded. kde/kitemmodels-5.93.0-x86_64-1.txz: Upgraded. kde/kitemviews-5.93.0-x86_64-1.txz: Upgraded. kde/kjobwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kjs-5.93.0-x86_64-1.txz: Upgraded. kde/kjsembed-5.93.0-x86_64-1.txz: Upgraded. kde/kmediaplayer-5.93.0-x86_64-1.txz: Upgraded. kde/knewstuff-5.93.0-x86_64-1.txz: Upgraded. kde/knotifications-5.93.0-x86_64-1.txz: Upgraded. kde/knotifyconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kpackage-5.93.0-x86_64-1.txz: Upgraded. kde/kparts-5.93.0-x86_64-1.txz: Upgraded. kde/kpeople-5.93.0-x86_64-1.txz: Upgraded. kde/kplotting-5.93.0-x86_64-1.txz: Upgraded. kde/kpty-5.93.0-x86_64-1.txz: Upgraded. kde/kquickcharts-5.93.0-x86_64-1.txz: Upgraded. kde/kross-5.93.0-x86_64-1.txz: Upgraded. kde/krunner-5.93.0-x86_64-1.txz: Upgraded. kde/kservice-5.93.0-x86_64-1.txz: Upgraded. kde/ktexteditor-5.93.0-x86_64-1.txz: Upgraded. kde/ktextwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kunitconversion-5.93.0-x86_64-1.txz: Upgraded. kde/kwallet-5.93.0-x86_64-1.txz: Upgraded. kde/kwayland-5.93.0-x86_64-1.txz: Upgraded. kde/kwidgetsaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kwindowsystem-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlgui-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlrpcclient-5.93.0-x86_64-1.txz: Upgraded. kde/modemmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/networkmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/oxygen-icons5-5.93.0-noarch-1.txz: Upgraded. kde/plasma-framework-5.93.0-x86_64-1.txz: Upgraded. kde/prison-5.93.0-x86_64-1.txz: Upgraded. kde/purpose-5.93.0-x86_64-1.txz: Upgraded. kde/qqc2-desktop-style-5.93.0-x86_64-1.txz: Upgraded. kde/solid-5.93.0-x86_64-1.txz: Upgraded. kde/sonnet-5.93.0-x86_64-1.txz: Upgraded. kde/syndication-5.93.0-x86_64-1.txz: Upgraded. kde/syntax-highlighting-5.93.0-x86_64-1.txz: Upgraded. kde/threadweaver-5.93.0-x86_64-1.txz: Upgraded. l/boost-1.78.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. l/harfbuzz-4.2.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/icu4c-71.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcap-2.64-x86_64-1.txz: Upgraded. l/libical-3.0.14-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. l/libqalculate-4.1.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/libvisio-0.1.7-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/nodejs-16.14.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/qt5-5.15.3_20220407_9b1efa0e-x86_64-1.txz: Upgraded. Compiled against icu4c-71.1. l/qt5-webkit-5.212.0_alpha4-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/vte-0.66.2-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. n/dovecot-2.3.18-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/links-2.26-x86_64-1.txz: Upgraded. n/openssh-9.0p1-x86_64-1.txz: Upgraded. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 n/php-7.4.28-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/postfix-3.7.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/samba-4.16.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. n/tin-2.6.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. t/texlive-2021.210418-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. x/xclock-1.1.1-x86_64-1.txz: Upgraded. x/xdpyinfo-1.3.3-x86_64-1.txz: Upgraded. extra/brltty/brltty-6.4-x86_64-5.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php80/php80-8.0.17-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php81/php81-8.1.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-8.17.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-cf-8.17.1-noarch-3.txz: Rebuilt.
2022-04-11 22:49:27 +02:00
sync /etc
Wed Apr 6 20:23:46 UTC 2022 a/haveged-1.9.17-x86_64-2.txz: Rebuilt. Install /etc/rc.d/rc.haveged as non-executable. For existing installations running a recent kernel, it is safe to turn this off. Back when we added the haveged package we were using the 4.4 kernel, but since Linux 5.4 this same entropy generating algorithm has been built into the kernel, so there's no reason to also run it in userspace. We'll keep the package around (for now, anyway) in case someone might be running an old kernel. Thanks to Jason A. Donenfeld. a/sysvinit-scripts-15.0-noarch-10.txz: Rebuilt. rc.S, rc.6: use the seedrng utility to seed and initialize the kernel random number generator and generate a new seed. If seedrng is missing, we'll attempt to do these things with scripting. Thanks to Jason A. Donenfeld for hints about how to make a modest improvement in that regard (blame me for any problems with my own changes), but because you can't force the kernel RNG to initialize with a script (it needs an ioctl), you won't get the same guarantees that you do when using the new seedrng utility. a/util-linux-2.38-x86_64-2.txz: Rebuilt. Added seedrng utility, used to seed and initialize the kernel random number generator and to generate new seeds for carrying entropy across reboots. Thanks to Jason A. Donenfeld. n/libmnl-1.0.5-x86_64-1.txz: Upgraded. n/libnfnetlink-1.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.8.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
2022-04-06 22:23:46 +02:00
fi
if [ -x /usr/sbin/seedrng ]; then
/usr/sbin/seedrng
else # we have to fall back on the old method:
Mon Apr 11 20:49:27 UTC 2022 a/aaa_libraries-15.1-x86_64-3.txz: Rebuilt. Upgraded: libz.so.1.2.12, libexpat.so.1.8.8, libcap.so.2.64, libicudata.so.70.1, libicui18n.so.70.1, libicuio.so.70.1, libicutest.so.70.1, libicutu.so.70.1, libicuuc.so.70.1. The icu4c libraries are from the previous package (for temporary compatibility) and will be removed in a month or so. Removed: liblber-2.4.so.2.11.7, libldap-2.4.so.2.11.7. a/haveged-1.9.18-x86_64-1.txz: Upgraded. I've decided to turn this back on by default in light of comments in README.md. It doesn't hurt to have an additional source of entropy (especially in early boot), and the overhead from running this daemon is negligible. a/sysvinit-scripts-15.0-noarch-11.txz: Rebuilt. rc.S, rc.6: use a temporary umask and more syncing to avoid any races when creating the random seed directory and files. Use the poolsize rather than a hardcoded 512 bytes when creating a non-creditable seed in the fallback scripts. Thanks to Jason A. Donenfeld. a/xfsprogs-5.13.0-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. ap/inxi-3.3.15_1-noarch-1.txz: Upgraded. ap/sqlite-3.38.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. d/help2man-1.49.2-x86_64-1.txz: Upgraded. kde/attica-5.93.0-x86_64-1.txz: Upgraded. kde/baloo-5.93.0-x86_64-1.txz: Upgraded. kde/bluez-qt-5.93.0-x86_64-1.txz: Upgraded. kde/breeze-icons-5.93.0-noarch-1.txz: Upgraded. kde/extra-cmake-modules-5.93.0-x86_64-1.txz: Upgraded. kde/frameworkintegration-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-stats-5.93.0-x86_64-1.txz: Upgraded. kde/kapidox-5.93.0-x86_64-1.txz: Upgraded. kde/karchive-5.93.0-x86_64-1.txz: Upgraded. kde/kauth-5.93.0-x86_64-1.txz: Upgraded. kde/kbookmarks-5.93.0-x86_64-1.txz: Upgraded. kde/kcalendarcore-5.93.0-x86_64-1.txz: Upgraded. kde/kcmutils-5.93.0-x86_64-1.txz: Upgraded. kde/kcodecs-5.93.0-x86_64-1.txz: Upgraded. kde/kcompletion-5.93.0-x86_64-1.txz: Upgraded. kde/kconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kconfigwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kcontacts-5.93.0-x86_64-1.txz: Upgraded. kde/kcoreaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kcrash-5.93.0-x86_64-1.txz: Upgraded. kde/kdav-5.93.0-x86_64-1.txz: Upgraded. kde/kdbusaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kdeclarative-5.93.0-x86_64-1.txz: Upgraded. kde/kded-5.93.0-x86_64-1.txz: Upgraded. kde/kdelibs4support-5.93.0-x86_64-1.txz: Upgraded. kde/kdesignerplugin-5.93.0-x86_64-1.txz: Upgraded. kde/kdesu-5.93.0-x86_64-1.txz: Upgraded. kde/kdewebkit-5.93.0-x86_64-1.txz: Upgraded. kde/kdnssd-5.93.0-x86_64-1.txz: Upgraded. kde/kdoctools-5.93.0-x86_64-1.txz: Upgraded. kde/kemoticons-5.93.0-x86_64-1.txz: Upgraded. kde/kfilemetadata-5.93.0-x86_64-1.txz: Upgraded. kde/kglobalaccel-5.93.0-x86_64-1.txz: Upgraded. kde/kguiaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kholidays-5.93.0-x86_64-1.txz: Upgraded. kde/khtml-5.93.0-x86_64-1.txz: Upgraded. kde/ki18n-5.93.0-x86_64-1.txz: Upgraded. kde/kiconthemes-5.93.0-x86_64-1.txz: Upgraded. kde/kidletime-5.93.0-x86_64-1.txz: Upgraded. kde/kimageformats-5.93.0-x86_64-1.txz: Upgraded. kde/kinit-5.93.0-x86_64-1.txz: Upgraded. kde/kio-5.93.0-x86_64-1.txz: Upgraded. kde/kirigami2-5.93.0-x86_64-1.txz: Upgraded. kde/kitemmodels-5.93.0-x86_64-1.txz: Upgraded. kde/kitemviews-5.93.0-x86_64-1.txz: Upgraded. kde/kjobwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kjs-5.93.0-x86_64-1.txz: Upgraded. kde/kjsembed-5.93.0-x86_64-1.txz: Upgraded. kde/kmediaplayer-5.93.0-x86_64-1.txz: Upgraded. kde/knewstuff-5.93.0-x86_64-1.txz: Upgraded. kde/knotifications-5.93.0-x86_64-1.txz: Upgraded. kde/knotifyconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kpackage-5.93.0-x86_64-1.txz: Upgraded. kde/kparts-5.93.0-x86_64-1.txz: Upgraded. kde/kpeople-5.93.0-x86_64-1.txz: Upgraded. kde/kplotting-5.93.0-x86_64-1.txz: Upgraded. kde/kpty-5.93.0-x86_64-1.txz: Upgraded. kde/kquickcharts-5.93.0-x86_64-1.txz: Upgraded. kde/kross-5.93.0-x86_64-1.txz: Upgraded. kde/krunner-5.93.0-x86_64-1.txz: Upgraded. kde/kservice-5.93.0-x86_64-1.txz: Upgraded. kde/ktexteditor-5.93.0-x86_64-1.txz: Upgraded. kde/ktextwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kunitconversion-5.93.0-x86_64-1.txz: Upgraded. kde/kwallet-5.93.0-x86_64-1.txz: Upgraded. kde/kwayland-5.93.0-x86_64-1.txz: Upgraded. kde/kwidgetsaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kwindowsystem-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlgui-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlrpcclient-5.93.0-x86_64-1.txz: Upgraded. kde/modemmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/networkmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/oxygen-icons5-5.93.0-noarch-1.txz: Upgraded. kde/plasma-framework-5.93.0-x86_64-1.txz: Upgraded. kde/prison-5.93.0-x86_64-1.txz: Upgraded. kde/purpose-5.93.0-x86_64-1.txz: Upgraded. kde/qqc2-desktop-style-5.93.0-x86_64-1.txz: Upgraded. kde/solid-5.93.0-x86_64-1.txz: Upgraded. kde/sonnet-5.93.0-x86_64-1.txz: Upgraded. kde/syndication-5.93.0-x86_64-1.txz: Upgraded. kde/syntax-highlighting-5.93.0-x86_64-1.txz: Upgraded. kde/threadweaver-5.93.0-x86_64-1.txz: Upgraded. l/boost-1.78.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. l/harfbuzz-4.2.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/icu4c-71.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcap-2.64-x86_64-1.txz: Upgraded. l/libical-3.0.14-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. l/libqalculate-4.1.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/libvisio-0.1.7-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/nodejs-16.14.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/qt5-5.15.3_20220407_9b1efa0e-x86_64-1.txz: Upgraded. Compiled against icu4c-71.1. l/qt5-webkit-5.212.0_alpha4-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/vte-0.66.2-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. n/dovecot-2.3.18-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/links-2.26-x86_64-1.txz: Upgraded. n/openssh-9.0p1-x86_64-1.txz: Upgraded. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 n/php-7.4.28-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/postfix-3.7.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/samba-4.16.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. n/tin-2.6.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. t/texlive-2021.210418-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. x/xclock-1.1.1-x86_64-1.txz: Upgraded. x/xdpyinfo-1.3.3-x86_64-1.txz: Upgraded. extra/brltty/brltty-6.4-x86_64-5.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php80/php80-8.0.17-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php81/php81-8.1.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-8.17.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-cf-8.17.1-noarch-3.txz: Rebuilt.
2022-04-11 22:49:27 +02:00
OLD_UMASK="$(umask)"
umask 077
mkdir -p /var/lib/seedrng
Wed Apr 6 20:23:46 UTC 2022 a/haveged-1.9.17-x86_64-2.txz: Rebuilt. Install /etc/rc.d/rc.haveged as non-executable. For existing installations running a recent kernel, it is safe to turn this off. Back when we added the haveged package we were using the 4.4 kernel, but since Linux 5.4 this same entropy generating algorithm has been built into the kernel, so there's no reason to also run it in userspace. We'll keep the package around (for now, anyway) in case someone might be running an old kernel. Thanks to Jason A. Donenfeld. a/sysvinit-scripts-15.0-noarch-10.txz: Rebuilt. rc.S, rc.6: use the seedrng utility to seed and initialize the kernel random number generator and generate a new seed. If seedrng is missing, we'll attempt to do these things with scripting. Thanks to Jason A. Donenfeld for hints about how to make a modest improvement in that regard (blame me for any problems with my own changes), but because you can't force the kernel RNG to initialize with a script (it needs an ioctl), you won't get the same guarantees that you do when using the new seedrng utility. a/util-linux-2.38-x86_64-2.txz: Rebuilt. Added seedrng utility, used to seed and initialize the kernel random number generator and to generate new seeds for carrying entropy across reboots. Thanks to Jason A. Donenfeld. n/libmnl-1.0.5-x86_64-1.txz: Upgraded. n/libnfnetlink-1.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.8.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
2022-04-06 22:23:46 +02:00
echo "The SeedRNG utility was not found. Generating a non-creditable and"
echo "inferior RNG seed: /var/lib/seedrng/seed.no-credit"
Mon Apr 11 20:49:27 UTC 2022 a/aaa_libraries-15.1-x86_64-3.txz: Rebuilt. Upgraded: libz.so.1.2.12, libexpat.so.1.8.8, libcap.so.2.64, libicudata.so.70.1, libicui18n.so.70.1, libicuio.so.70.1, libicutest.so.70.1, libicutu.so.70.1, libicuuc.so.70.1. The icu4c libraries are from the previous package (for temporary compatibility) and will be removed in a month or so. Removed: liblber-2.4.so.2.11.7, libldap-2.4.so.2.11.7. a/haveged-1.9.18-x86_64-1.txz: Upgraded. I've decided to turn this back on by default in light of comments in README.md. It doesn't hurt to have an additional source of entropy (especially in early boot), and the overhead from running this daemon is negligible. a/sysvinit-scripts-15.0-noarch-11.txz: Rebuilt. rc.S, rc.6: use a temporary umask and more syncing to avoid any races when creating the random seed directory and files. Use the poolsize rather than a hardcoded 512 bytes when creating a non-creditable seed in the fallback scripts. Thanks to Jason A. Donenfeld. a/xfsprogs-5.13.0-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. ap/inxi-3.3.15_1-noarch-1.txz: Upgraded. ap/sqlite-3.38.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. d/help2man-1.49.2-x86_64-1.txz: Upgraded. kde/attica-5.93.0-x86_64-1.txz: Upgraded. kde/baloo-5.93.0-x86_64-1.txz: Upgraded. kde/bluez-qt-5.93.0-x86_64-1.txz: Upgraded. kde/breeze-icons-5.93.0-noarch-1.txz: Upgraded. kde/extra-cmake-modules-5.93.0-x86_64-1.txz: Upgraded. kde/frameworkintegration-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-stats-5.93.0-x86_64-1.txz: Upgraded. kde/kapidox-5.93.0-x86_64-1.txz: Upgraded. kde/karchive-5.93.0-x86_64-1.txz: Upgraded. kde/kauth-5.93.0-x86_64-1.txz: Upgraded. kde/kbookmarks-5.93.0-x86_64-1.txz: Upgraded. kde/kcalendarcore-5.93.0-x86_64-1.txz: Upgraded. kde/kcmutils-5.93.0-x86_64-1.txz: Upgraded. kde/kcodecs-5.93.0-x86_64-1.txz: Upgraded. kde/kcompletion-5.93.0-x86_64-1.txz: Upgraded. kde/kconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kconfigwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kcontacts-5.93.0-x86_64-1.txz: Upgraded. kde/kcoreaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kcrash-5.93.0-x86_64-1.txz: Upgraded. kde/kdav-5.93.0-x86_64-1.txz: Upgraded. kde/kdbusaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kdeclarative-5.93.0-x86_64-1.txz: Upgraded. kde/kded-5.93.0-x86_64-1.txz: Upgraded. kde/kdelibs4support-5.93.0-x86_64-1.txz: Upgraded. kde/kdesignerplugin-5.93.0-x86_64-1.txz: Upgraded. kde/kdesu-5.93.0-x86_64-1.txz: Upgraded. kde/kdewebkit-5.93.0-x86_64-1.txz: Upgraded. kde/kdnssd-5.93.0-x86_64-1.txz: Upgraded. kde/kdoctools-5.93.0-x86_64-1.txz: Upgraded. kde/kemoticons-5.93.0-x86_64-1.txz: Upgraded. kde/kfilemetadata-5.93.0-x86_64-1.txz: Upgraded. kde/kglobalaccel-5.93.0-x86_64-1.txz: Upgraded. kde/kguiaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kholidays-5.93.0-x86_64-1.txz: Upgraded. kde/khtml-5.93.0-x86_64-1.txz: Upgraded. kde/ki18n-5.93.0-x86_64-1.txz: Upgraded. kde/kiconthemes-5.93.0-x86_64-1.txz: Upgraded. kde/kidletime-5.93.0-x86_64-1.txz: Upgraded. kde/kimageformats-5.93.0-x86_64-1.txz: Upgraded. kde/kinit-5.93.0-x86_64-1.txz: Upgraded. kde/kio-5.93.0-x86_64-1.txz: Upgraded. kde/kirigami2-5.93.0-x86_64-1.txz: Upgraded. kde/kitemmodels-5.93.0-x86_64-1.txz: Upgraded. kde/kitemviews-5.93.0-x86_64-1.txz: Upgraded. kde/kjobwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kjs-5.93.0-x86_64-1.txz: Upgraded. kde/kjsembed-5.93.0-x86_64-1.txz: Upgraded. kde/kmediaplayer-5.93.0-x86_64-1.txz: Upgraded. kde/knewstuff-5.93.0-x86_64-1.txz: Upgraded. kde/knotifications-5.93.0-x86_64-1.txz: Upgraded. kde/knotifyconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kpackage-5.93.0-x86_64-1.txz: Upgraded. kde/kparts-5.93.0-x86_64-1.txz: Upgraded. kde/kpeople-5.93.0-x86_64-1.txz: Upgraded. kde/kplotting-5.93.0-x86_64-1.txz: Upgraded. kde/kpty-5.93.0-x86_64-1.txz: Upgraded. kde/kquickcharts-5.93.0-x86_64-1.txz: Upgraded. kde/kross-5.93.0-x86_64-1.txz: Upgraded. kde/krunner-5.93.0-x86_64-1.txz: Upgraded. kde/kservice-5.93.0-x86_64-1.txz: Upgraded. kde/ktexteditor-5.93.0-x86_64-1.txz: Upgraded. kde/ktextwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kunitconversion-5.93.0-x86_64-1.txz: Upgraded. kde/kwallet-5.93.0-x86_64-1.txz: Upgraded. kde/kwayland-5.93.0-x86_64-1.txz: Upgraded. kde/kwidgetsaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kwindowsystem-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlgui-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlrpcclient-5.93.0-x86_64-1.txz: Upgraded. kde/modemmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/networkmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/oxygen-icons5-5.93.0-noarch-1.txz: Upgraded. kde/plasma-framework-5.93.0-x86_64-1.txz: Upgraded. kde/prison-5.93.0-x86_64-1.txz: Upgraded. kde/purpose-5.93.0-x86_64-1.txz: Upgraded. kde/qqc2-desktop-style-5.93.0-x86_64-1.txz: Upgraded. kde/solid-5.93.0-x86_64-1.txz: Upgraded. kde/sonnet-5.93.0-x86_64-1.txz: Upgraded. kde/syndication-5.93.0-x86_64-1.txz: Upgraded. kde/syntax-highlighting-5.93.0-x86_64-1.txz: Upgraded. kde/threadweaver-5.93.0-x86_64-1.txz: Upgraded. l/boost-1.78.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. l/harfbuzz-4.2.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/icu4c-71.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcap-2.64-x86_64-1.txz: Upgraded. l/libical-3.0.14-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. l/libqalculate-4.1.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/libvisio-0.1.7-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/nodejs-16.14.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/qt5-5.15.3_20220407_9b1efa0e-x86_64-1.txz: Upgraded. Compiled against icu4c-71.1. l/qt5-webkit-5.212.0_alpha4-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/vte-0.66.2-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. n/dovecot-2.3.18-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/links-2.26-x86_64-1.txz: Upgraded. n/openssh-9.0p1-x86_64-1.txz: Upgraded. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 n/php-7.4.28-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/postfix-3.7.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/samba-4.16.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. n/tin-2.6.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. t/texlive-2021.210418-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. x/xclock-1.1.1-x86_64-1.txz: Upgraded. x/xdpyinfo-1.3.3-x86_64-1.txz: Upgraded. extra/brltty/brltty-6.4-x86_64-5.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php80/php80-8.0.17-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php81/php81-8.1.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-8.17.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-cf-8.17.1-noarch-3.txz: Rebuilt.
2022-04-11 22:49:27 +02:00
SEED="$(cat /var/lib/seedrng/seed.* 2>/dev/null | base64)"
rm -f /var/lib/seedrng/seed.*
sync /var/lib/seedrng
POOLSIZE=$(expr $(cat /proc/sys/kernel/random/poolsize 2> /dev/null || echo 4096) / 8)
{
head -c $POOLSIZE /dev/urandom
echo "$SEED" | base64 -d
} | sha512sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit
umask "$OLD_UMASK"
unset OLD_UMASK
unset SEED
fi
fi
# Before unmounting file systems write a reboot or halt record to wtmp.
$shutdown_command -w
# Turn off swap:
if [ ! "$(cat /proc/swaps | wc -l)" = "1" -a -z "$container" ]; then
echo "Turning off swap."
/sbin/swapoff -a
/bin/sync
fi
# Umount all tmpfs mounts except /dev/shm and under /run:
if [ -z "$container" ]; then
cat /proc/mounts | grep " tmpfs " | grep -v -e " /run " -e " /run/" -e " /dev/shm " | while read mount ; do
umount --recursive -v $(echo $mount | cut -f 2 -d ' ') 2> /dev/null
done
fi
Thu Nov 22 05:56:56 UTC 2018 a/kernel-generic-4.19.3-x86_64-1.txz: Upgraded. a/kernel-huge-4.19.3-x86_64-1.txz: Upgraded. a/kernel-modules-4.19.3-x86_64-1.txz: Upgraded. a/openssl-solibs-1.1.1a-x86_64-1.txz: Upgraded. a/sysvinit-scripts-2.1-noarch-21.txz: Rebuilt. rc.S: Don't run rc.fuse - udev takes care of the FUSE module and filesystem. rc.S: Support replacing the /etc/mtab file with a symlink to /proc/mounts. rc.6: Show more information when unmounting filesystems at shutdown. ap/ghostscript-9.26-x86_64-1.txz: Upgraded. ap/mariadb-10.3.11-x86_64-1.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://mariadb.com/kb/en/library/mariadb-10311-release-notes/ https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3282 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-9843 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3174 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3143 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3156 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3251 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3185 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3277 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3162 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3173 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3200 https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-3284 (* Security fix *) d/cmake-3.13.0-x86_64-1.txz: Upgraded. d/git-2.19.2-x86_64-1.txz: Upgraded. d/kernel-headers-4.14.63-x86-1.txz: Upgraded. d/kernel-headers-4.19.3-x86-1.txz: Upgraded. d/vala-0.42.3-x86_64-1.txz: Added. k/kernel-source-4.19.3-noarch-1.txz: Upgraded. l/adwaita-icon-theme-3.30.0-noarch-1.txz: Upgraded. l/at-spi2-atk-2.30.0-x86_64-1.txz: Upgraded. l/at-spi2-core-2.30.0-x86_64-1.txz: Upgraded. l/atk-2.30.0-x86_64-1.txz: Upgraded. l/atkmm-2.28.0-x86_64-1.txz: Upgraded. l/dconf-0.28.0-x86_64-1.txz: Upgraded. dconf and dconf-editor require Vala; the alternative would be to try to stick with the old versions forever, and we don't want to do that. l/dconf-editor-3.30.2-x86_64-1.txz: Upgraded. l/gcr-3.28.0-x86_64-3.txz: Rebuilt. Recompiled to add Vala bindings. l/gdk-pixbuf2-2.38.0-x86_64-1.txz: Upgraded. l/gexiv2-0.10.9-x86_64-1.txz: Upgraded. l/glib-networking-2.58.0-x86_64-1.txz: Upgraded. l/glib2-2.58.1-x86_64-1.txz: Upgraded. l/glibmm-2.58.0-x86_64-1.txz: Upgraded. l/gobject-introspection-1.58.0-x86_64-1.txz: Upgraded. l/gtk+3-3.24.1-x86_64-1.txz: Upgraded. l/gtkmm3-3.24.0-x86_64-1.txz: Upgraded. l/gvfs-1.38.1-x86_64-1.txz: Upgraded. l/libcap-2.26-x86_64-1.txz: Upgraded. l/libpsl-0.20.1-x86_64-1.txz: Added. Required by libsoup. l/libsoup-2.64.2-x86_64-1.txz: Upgraded. l/pangomm-2.42.0-x86_64-1.txz: Upgraded. l/pygobject3-3.30.2-x86_64-1.txz: Upgraded. l/vte-0.54.2-x86_64-1.txz: Upgraded. n/openssl-1.1.1a-x86_64-1.txz: Upgraded. This update fixes timing side channel attacks on DSA and ECDSA signature generation that could allow an attacker to recover the private key. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735 (* Security fix *) x/pixman-0.36.0-x86_64-1.txz: Upgraded. xfce/xfce4-terminal-0.8.7.4-x86_64-2.txz: Rebuilt. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2018-11-22 06:56:56 +01:00
# Unmount local file systems:
if [ -z "$container" ]; then
echo "Unmounting local file systems:"
/bin/umount -v -a -t no,proc,sysfs,devtmpfs,fuse.gvfsd-fuse,tmpfs
# Update PATH hashes:
hash -r
# JFS needs a sync here or the / partition cannot be remounted read-only.
# In spite of this, it seems that a JFS root partition will always be checked
# (and found to be clean) at boot:
/bin/sync
echo "Remounting root filesystem read-only:"
/bin/mount -v -n -o remount,ro /
fi
# This never hurts:
/bin/sync
# Close any volumes opened by cryptsetup:
if [ -f /etc/crypttab -a -x /sbin/cryptsetup ]; then
cat /etc/crypttab | grep -v "^#" | grep -v "^$" | while read line; do
# NOTE: we only support LUKS formatted volumes (except for swap)!
LUKS=$(echo $line | tr '\t' ' ' | tr -s ' ' | cut -f1 -d' ')
DEV=$(echo $line | tr '\t' ' ' | tr -s ' ' | cut -f2 -d' ')
OPTS=$(echo $line | tr '\t' ' ' | tr -s ' ' | cut -f4 -d' ')
if /sbin/cryptsetup isLuks $DEV 2>/dev/null ; then
echo "Locking LUKS crypt volume '${LUKS}':"
/sbin/cryptsetup luksClose ${LUKS}
elif echo $OPTS | grep -wq swap ; then
# If any of the volumes was used as encrypted swap,
# then run mkswap on the underlying device -
# in case other Linux installations on this computer should use it:
echo "Erasing encrypted swap '${LUKS}' and restoring normal swap on ${DEV}:"
/sbin/cryptsetup remove ${LUKS}
mkswap $DEV
fi
done
fi
# Deactivate LVM volume groups:
if [ -z "$container" ]; then
if [ -r /etc/lvmtab -o -d /etc/lvm/backup ]; then
echo "Deactivating LVM volume groups:"
/sbin/vgchange -an
fi
fi
# This never hurts again (especially since root-on-LVM always fails
# to deactivate the / logical volume... but at least it was
# remounted as read-only first)
/bin/sync
# sleep 3 fixes problems with some hard drives that don't
# otherwise finish syncing before reboot or poweroff
/bin/sleep 3
# This is to ensure all processes have completed on SMP machines:
wait
if [ -x /sbin/genpowerd -a -z "$container" ]; then
# See if this is a powerfail situation:
Tue Sep 6 20:21:24 UTC 2022 a/cracklib-2.9.8-x86_64-1.txz: Upgraded. a/gawk-5.2.0-x86_64-1.txz: Upgraded. a/grep-3.8-x86_64-1.txz: Upgraded. a/kernel-firmware-20220902_2f2f018-noarch-1.txz: Upgraded. a/kernel-generic-5.19.7-x86_64-1.txz: Upgraded. a/kernel-huge-5.19.7-x86_64-1.txz: Upgraded. a/kernel-modules-5.19.7-x86_64-1.txz: Upgraded. a/pcmciautils-018-x86_64-5.txz: Rebuilt. rc.pcmcia: change fgrep to grep -F. a/pkgtools-15.1-noarch-1.txz: Upgraded. removepkg: change fgrep to grep -F. a/sysvinit-functions-8.53-x86_64-6.txz: Rebuilt. /etc/rc.d/init.d/functions: change egrep to grep -E. a/sysvinit-scripts-15.1-noarch-2.txz: Rebuilt. rc.cpufreq: command-line choice should take priority over /etc/default/cpufreq. Thanks to af7567. rc.6: change egrep to grep -E. ap/sqlite-3.39.3-x86_64-1.txz: Upgraded. ap/vim-9.0.0396-x86_64-1.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 (* Security fix *) d/autoconf-2.71-noarch-2.txz: Rebuilt. doinst.sh: change fgrep to grep -F. d/autoconf-archive-2022.09.03-noarch-1.txz: Upgraded. d/automake-1.16.5-noarch-2.txz: Rebuilt. doinst.sh: change fgrep to grep -F. d/kernel-headers-5.19.7-x86-1.txz: Upgraded. d/libtool-2.4.7-x86_64-4.txz: Rebuilt. doinst.sh: change fgrep to grep -F. d/meson-0.63.2-x86_64-1.txz: Upgraded. d/vala-0.56.3-x86_64-1.txz: Upgraded. k/kernel-source-5.19.7-noarch-1.txz: Upgraded. kde/bluedevil-5.25.5-x86_64-1.txz: Upgraded. kde/breeze-5.25.5-x86_64-1.txz: Upgraded. kde/breeze-grub-5.25.5-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.25.5-x86_64-1.txz: Upgraded. kde/drkonqi-5.25.5-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.25.5-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.25.5-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.25.5-x86_64-1.txz: Upgraded. kde/kdecoration-5.25.5-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.25.5-x86_64-1.txz: Upgraded. kde/kgamma5-5.25.5-x86_64-1.txz: Upgraded. kde/khotkeys-5.25.5-x86_64-1.txz: Upgraded. kde/kinfocenter-5.25.5-x86_64-1.txz: Upgraded. kde/kmenuedit-5.25.5-x86_64-1.txz: Upgraded. kde/kscreen-5.25.5-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.25.5-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.25.5-x86_64-1.txz: Upgraded. kde/ksystemstats-5.25.5-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.25.5-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.25.5-x86_64-1.txz: Upgraded. kde/kwin-5.25.5-x86_64-1.txz: Upgraded. kde/kwrited-5.25.5-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.25.5-x86_64-1.txz: Upgraded. kde/libkscreen-5.25.5-x86_64-1.txz: Upgraded. kde/libksysguard-5.25.5-x86_64-1.txz: Upgraded. kde/milou-5.25.5-x86_64-1.txz: Upgraded. kde/oxygen-5.25.5-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-disks-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-integration-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-nm-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-pa-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-vault-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-wayland-protocols-1.8.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.25.5-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.25.5-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.25.5-x86_64-1.txz: Upgraded. kde/powerdevil-5.25.5-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.25.5-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.25.5-x86_64-1.txz: Upgraded. kde/systemsettings-5.25.5-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.25.5-x86_64-1.txz: Upgraded. l/fluidsynth-2.2.9-x86_64-1.txz: Upgraded. l/libsoup3-3.0.8-x86_64-1.txz: Upgraded. l/libssh-0.10.3-x86_64-1.txz: Upgraded. l/neon-0.32.3-x86_64-1.txz: Upgraded. l/slang-2.3.3-x86_64-1.txz: Upgraded. n/nmap-7.93-x86_64-1.txz: Upgraded. x/ibus-m17n-1.4.11-x86_64-1.txz: Upgraded. x/libXft-2.3.5-x86_64-1.txz: Upgraded. xap/mozilla-firefox-104.0.2-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/ xap/vim-gvim-9.0.0396-x86_64-1.txz: Upgraded. xfce/xfce4-pulseaudio-plugin-0.4.4-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2022-09-06 22:21:24 +02:00
if grep -E -q "FAIL|SCRAM" /etc/upsstatus 2> /dev/null ; then
# Signal UPS to shut off the inverter:
/sbin/genpowerd -k
if [ ! $? = 0 ]; then
echo
echo "There was an error signaling the UPS."
echo "Perhaps you need to edit /etc/genpowerd.conf to configure"
echo "the serial line and UPS type."
# Wasting 15 seconds of precious power:
/bin/sleep 15
fi
fi
fi
if [ "$container" = "lxc" ]; then
# Confirm successful shutdown of the container:
echo "LXC container stopped."
fi
# Now halt (poweroff with APM or ACPI enabled kernels) or reboot.
if [ "$shutdown_command" = "reboot" ]; then
echo "Rebooting."
/sbin/reboot
else
/sbin/poweroff
fi