This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core104 has been created at 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 (commit)
- Log ----------------------------------------------------------------- commit 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 20:37:07 2016 +0200
kernel: add hyper-v: mark tsc unstable patch
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3bf2f1822d654e98d5341c1134479b04edcc8db2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 19:52:09 2016 +0200
kernel: update to 3.14.76
this kernel has important tcp and ext4 fixes.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d1d60e001a1123e115fe0f262690fcbd79ecdcfd Merge: 6bc2225 40607f8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 19:51:01 2016 +0200
Merge branch 'core104' into next
commit 6bc2225a5dc26c9de683c59dcdc1b92ff6ce3267 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 11:25:01 2016 +0200
Libvirt: load vhost_net before libvirtd start.
If the kernel module vhot_net is loaded, the performance of virtio networking is better then without vhost_net. So the module is loaded before libvirtd ist started to get the benefit of vhost_net.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 62be0cda19fe2a18b08141916f73ff8209ead737 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 11:10:36 2016 +0200
Libvirt: fix configuration options
Adds a missed - to -without-dbus and -with-interface.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0296bbea84ae3fc1d85d4b9249490c02f602b7ea Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 10:55:38 2016 +0200
Libvirt: enable storage-fs
Fixes: 11154
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 40607f812638f5abd7b4b2313e7e6c1e61502f33 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Aug 7 17:08:44 2016 +0200
core104: revert adding customservices.
simply adding may use id's twice if the user has added other services so we don't update this files.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bf8378e4b7593916b83fd5dfb517708bbdb67101 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Aug 7 13:09:39 2016 +0200
dnsmasq 2.76: latest patches (013-014)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 678a797077eb4026a26126c98944edd67dbd99fe Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 7 15:29:44 2016 +0200
Add new package libusbredir
This package adds support for the use redirection of spice. It is now possible to attach USB devices of the host where the spice client run to the virtual machine.
The binary is not needed for this functionality and that's why they is not shipped with the package
This feature is also enabled in qemu.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2493a758239e07c9af39510c0745ad9bf38aa688 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 6 12:21:42 2016 +0200
set version to core104
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e2f8251726f7b4b567021a8631f153e014442f0c Merge: 1159f71 2b47cc2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 6 12:11:46 2016 +0200
Merge remote-tracking branch 'origin/master' into next
commit 1159f711c8676d63ce9e2d100790031385eb01e3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 6 12:09:44 2016 +0200
core104: add changed files
customservices and openssh.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1cd62a8d3dd6b340adb2208761f46d2d0de8f672 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Wed Aug 3 09:47:13 2016 +0200
Libvirt: Remove delay from start command in install.sh
Fixes: #11152
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c3afb9c65d4e9108db64cf8f3fc2e234e846380e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jul 23 23:03:14 2016 +0200
dnsmasq 2.76: latest patches from upstream (010-012)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3a4a8b055b56e22d9176486ce77abb1e26a0647e Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Tue Aug 2 14:01:05 2016 +0200
Libvirt: Add backup
The directory /etc/libvirt is backed up on uninstallation and is restored on installation.
Alle Files in /var are commented in the rootfile so they are not removed on uninstallation. Because of the fact that the directories are not shipped with the package they were created at installation time. The permissions of 3 directories are changed because the qemu user is nobody and the qemu group is kvm, so the permissions must be nobody:kvm
Fixes: #11151
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4b8f1ffb319303c1f70bcaa987803ddb328a6e94 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 2 16:06:35 2016 +0100
openssh: Update to 7.3p1
Includes various security fixes:
* sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters. Independently reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This removes the possibility of timing differences leaking facts about the plaintext, though no such leakage has been observed. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh.
Fixes: #11160
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 80a474183e6c730da89e96a3d7719534c252a06b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 2 12:43:01 2016 +0100
Improve wording of the Guardian translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f62bd2742cdfd2d2af8c6b77a526e6fe92f2d27b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 2 12:18:45 2016 +0100
Update translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit afc0f6e8849c6b9bed5005a05c8c4a526b63e06d Merge: de56278 e73a5ce Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 2 12:18:29 2016 +0100
Merge remote-tracking branch 'stevee/guardian-2.0' into next
commit de5627819ba5b7381b446606512eb7b4793fca88 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Jul 31 19:43:26 2016 +0200
htop: Update to 2.0.2
For details, see: http://hisham.hm/htop/index.php?page=downloads
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e73a5ce77a518e1c83bab5e59702b76f2b80d655 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 30 11:31:08 2016 +0200
guardian: Update to the tagged release version.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 65a61d88c8a9d73c3315f4ea07a0d5f714ceb2d4 Merge: 9a300ee 0c265f5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jul 29 18:58:56 2016 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 9a300ee8b5d142f1b3d7a47be64be03151493067 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jul 29 18:57:49 2016 +0200
core104: ship screen
old binary is linked against libshadow.0*
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6a5b83f80d4f0ad34597b46e90d4dfbc567de4a0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 29 15:40:30 2016 +0200
Core 104: Add for guardian changed files to core update.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dcb6493a0cc32211c713615465ddf39bc3c1916f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 29 13:29:13 2016 +0200
initscripts: Drop guardian related code from snort initscript.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a27c40a05bda1e3dc64954c0550ec32bc84c6763 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 29 13:25:28 2016 +0200
ids.cgi: Drop guardian related code.
Guardian competely will be managed by it's own CGI.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3b8ad4fde998ada617708a1c175e0039dd75194a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 29 13:21:08 2016 +0200
guardian-legacy: Drop old guardian related files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dadee76d7be1b5f1d1ab9c100e8e4e4929aea3ff Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 29 13:16:11 2016 +0200
guardian.cgi: Fix path to snort alert file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5cbfa0140c0f97e077957e351c1fbfd943ed3450 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jul 19 20:17:11 2016 +0200
log.dat: Added entry for 'guardian'
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a11aaa91b36761f07f05db5cc1a3efd27cf0bf88 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 4 11:49:39 2016 +0200
guardian: Update to 2.0.
Update guardian to the re-written version.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f617f21cc0661a74e452d61d299742b4634eef99 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jul 13 09:37:30 2016 +0200
guardian.cgi: Prevent from using "syslog" and "debug".
When using syslog as log facility and debug as log mode, syslog does not log anything.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit efd9c5ffb45579b4ff3c323f1f19689caa8fe50a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 2 10:21:52 2016 +0200
guardian.cgi: Also generate ignore file when building the configuration.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8651c94e9a03116fcb9d4226b1457c4307a9dee7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 29 09:39:39 2016 +0200
Language file update.
Add guardian related strings to the german language file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8afd763e702fc1e711e5544ab4246ec1b59ea7cb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 18 18:17:24 2016 +0100
perl-Net-IP: New package
The perl-Net-IP module provides various methods for validating and calculating IP-addresses (both IP protocols supported) and is a runtime dependency of guardian 2.0.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 65c61b574f9f4e461418b26fa0f5e3780c1a019a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 7 19:24:11 2014 +0200
perl-common-sense: New package.
This is a runtime dependency for perl-inotify2.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7f218a58ba2537d04dd3a661f0a57f55fe8484b1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 7 19:25:11 2014 +0200
perl-inotify2: New package.
This module contains inotify bindings for perl, used by the extendend guardian.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 06f261cfb973edfc4b633afdd8060d001076aa99 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jun 27 12:54:44 2016 +0200
Language file update.
Add new guardian related strings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2daa1f5bb230cff536067280545dff60f2fecaa8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jun 27 12:52:39 2016 +0200
guardian.cgi: Show/Hide options using Java Script.
The options for configuring the log file location and snort alert priority level now dynamically will be displayed or hidden if the desired options or feature is not used.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2d17c6e6b8d6b0f8bb9711ead293e3f6abc73ede Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jun 23 15:54:19 2016 +0200
guardian.cgi: Add support for selecting the used firewall action.
This will allow to choose between DROP and REJECT if guardian blocks an attackers address.
Fixes #10xxx.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1cc653239fd4d1a8c589082ea6706d76de9dd55a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 21 10:05:01 2016 +0200
guardian.cgi: Use new feature of ignore file inclusion.
Add support and usage of the recently introduced feature of including other files in the ignore file to add the red related IP-addresses to the ignore list on IPFire systems.
Also use reload-ignore-list feature instead of reloading the whole configuration on ignore list modifications.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c880c2cb8a922bb1132871dad96e079b7b98442b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 29 11:54:53 2016 +0200
guardian.cgi: Create config and ignore file if they does not exist.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 62fd0e6fc7c946f2c9f11d34062c555d95e8a272 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 29 11:06:40 2016 +0200
guardian.cgi: Prevent from blocking the used DNS servers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c232e3489ada10b19ca00f675f2e7a930e9164a5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 29 11:06:06 2016 +0200
guardian.cgi: Use private subfunction for gateway and DNS server detection.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 97849142bd882820c336bec357b62381cae8a5c4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 29 10:55:32 2016 +0200
guardian.cgi: Add function to generate the guardian.ignore file.
This function is responsible for collecting all required data, like the green, blue, orange (if the interfaces are available), red, gateway and used DNS server IP-addresses.
It will add als these addresses and the configured and enabled user-defined ignored addresses/networks to the ignore file of guardian to prevent from blocking any of them.
Note:
The IPFire and RED inteface related addresses also will be added to the ignore file, even if there is no user-defined entry in the list.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7edbe063742d0c65e2f229dc366da8b18ea41482 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 29 09:09:25 2016 +0200
guardian.cgi: Use ignored config file.
The CGI now uses an own ignored configuration file for storing host addresses and/or subnets which should be ignored by guardian.
This allows to add remarks for them and to enable or disable each entry individally at any time.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 891ba055f2ece97941bfe3801ec4e33114b583d1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 25 11:22:19 2016 +0100
guardian.cgi: Use "getipstat" binary.
Rework the GetBlockedHosts() to use the "getipstat" binary instead of the not longer available "guardianctrl" binary.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit af6856afc470656283347c86106c76d4ba3a6f49 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 24 12:41:12 2016 +0100
guardian.cgi: Send commands through socket connection.
The guardianctrl binary does not longer exists, use the Guardian::Socket module to send various commands by using the provided socket client.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 52958991040571d3154345612c6adc38b31973bb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 24 12:12:11 2016 +0100
guardian.cgi: Adjust code for generating the config file.
The config file format and values have been changed, so the code to do the generation has to be adjusted.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d5305379985e5f33a5639a7f4ebb8fa5ab48290f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 24 09:27:10 2016 +0100
guardian.cgi: Drop option for configure the path to the snort alertfile.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 723648ac92c18e9b8e43ccc138fab9c0c1224f54 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 24 09:19:39 2016 +0100
guardian.cgi: Rename hash keys for enabled modules.
Rename the hash key names of enabled parser modules, (services which should be monitored by guardian) to keep the same name sheme than in the guardian config file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b5f7d90327dc8ecc346bac6f758d752d2b510e78 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 24 08:59:42 2016 +0100
guardian.cgi: Adjust CGI to use Locale::Codes::Country.
The module has been renamed some time ago.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit eff1feb8c7d4ed98d24ed2119dbee8da3185ec05 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Feb 28 12:33:12 2015 +0100
guardian.cgi: Disable debugging.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b1597f879c0e897c7bf9fdb256d178857055c61e Author: Matthias Fischer fischerm@ipfire.org Date: Sat Feb 28 11:57:33 2015 +0100
guardian.cgi: Suppress warnings for ${Header::colourgreen} variable.
Reference #10748.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6a153ecdaca6ea9a04d69ba7790e88e44479eca2 Author: Matthias Fischer fischerm@ipfire.org Date: Sat Feb 28 11:54:58 2015 +0100
guardian.cgi: Fix unititalized value "GUARDIAN_ENABLE_OWNCLOUD".
When the owncloud addon is not installed, this value was not initialized correctly.
Reference #10748.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 922ddf0ef64d977422653d4346f57a9f71c6ea4e Author: Matthias Fischer fischerm@ipfire.org Date: Sat Feb 28 11:52:33 2015 +0100
guardian.cgi: Use variable $pid instead of array element.
This will prevent from a lot of perl suggestions in the apache error log.
Reference #10748.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bfb860ceb797fd9e74601f0accdf5d87193f78c0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 24 18:41:37 2015 +0100
guardian.cgi: Fix path to meta-owncloud.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 28981fac68e0c86dbdb2faf0bde1fd3d538fb50f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 17 10:15:12 2015 +0100
guardian.cgi: Add configure options for owncloud.
The related options only will be displayed when the owncloud addon has been installed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 36dbcf2e43d77678cfe96ee8f58f01dc0c33f69c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Nov 1 13:42:53 2014 +0100
guardian.cgi: Allways read-in settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c973d6da105f1e83423ee8d66b25a934262b069d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 28 21:53:27 2014 +0100
guardian.cgi: Some more input validation.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 473c7257215a905d6eac7fe892b46038f534737b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 27 21:12:03 2014 +0100
guardian.cgi: Correct indentation when writing out the config file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4a7fc9f6349f56d8f0409a1cbb3df693944a2810 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 27 21:06:58 2014 +0100
guardian.cgi: Add dropdown for PriorityLevel selection.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 96655fa6b7712d586d9ce6a11e7b2f2c47ea2c7d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 27 20:16:42 2014 +0100
guardian.cgi: Fix and improve input validation.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f8c3bfe050776a702c0f7134d21e07569a2b8d50 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 21 21:55:07 2014 +0200
guardian.cgi: Reload guardian if config or the ignorelist changes.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a35a066845d17c5cc1ebc03bb9f01e844ea20689 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 19 19:58:45 2014 +0200
guardian.cgi: Add option to configure the BlockCount.
Some small code fixes.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 06ff7e28d7993d02be4e4a87bfc959b3bb375346 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 19 16:46:38 2014 +0200
guardian.cgi: Accidently hardcoded some descriptions.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7899718f04b1a7e1288c12a49444f3e0312214d9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 19 16:43:32 2014 +0200
guardian.cgi: Add dropdown to select the used loglevel.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a67b3e2dc53d24c7a25c4f053c4ae2e6368da1b0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 19 14:01:48 2014 +0200
guardian.cgi: Remove code for options which have been dropped from guardian.
Guardian does not longer require the information for the red interface from the configfile.
Guardian does not longer support a targetfile.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 26fcd31e1f68e279c6882e9d1998f3079cc4be19 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Oct 19 13:57:30 2014 +0200
guardian.cgi: Add options to enable/disable some built-in functions from guardian.
This commit allows to enable or disable the monitoring of the snort alertfile and to switch off the blocking of SSH and HTTPD Brute-force attempts.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d2fea55e0930cdc2715855297734dd65857718fb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 9 10:35:32 2014 +0200
guardian.cgi: Remove code for Blockinterfaces.
We don't need this code anymore because we dropped interface support from guardian.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1d5702a7c3e4de0700d08c2e45a1a2891f777fa9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 5 15:09:50 2014 +0200
guardian.cgi: Connect subboxes with input elements to the main boxes.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5f462919d9fe730aaca4e0a0e1751df9a3b7d936 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jun 30 17:59:28 2014 +0200
guardian.cgi: Sort blocked IP addresses.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8b8413e566334bfdb62776d31427cfb1162e4a36 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 8 12:47:58 2014 +0200
guardian.cgi: Add hyperlink to ipinfo page for blocked hosts.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7f7285911c65776b061a9a2df018fec66eef064c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 3 22:36:32 2014 +0200
guardian.cgi: Autodetect the used interface for red.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 01dbccb11e113497809d74356d2d3467982a5681 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 1 17:24:23 2014 +0200
guardian.cgi: New page to configure and interact with guardian.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0c265f57175644c55431490a2aa10b860eabc26d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jul 28 10:46:21 2016 +0100
nginx: Update to 1.8.1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit de2ee80d4ffb0d3d6a219223d1a2e0c85e6ad8c9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jul 29 07:18:37 2016 +0200
kernel: update arm buildfix patch
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5a53d5947d29a65240a9a60e10101bc567638f0f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:12:13 2016 +0200
core104: add kernel to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bde891d1b133a8a28d487cf163ff639d989f6d9a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:01:32 2016 +0200
kernel: update to 3.14.74
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c5c12c9c81bd8ef085a5453fe39e53df100915c3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jul 28 18:00:50 2016 +0200
backports: add upstream driver fixes.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0eccc8a97c59a3ad86c9370f4cfd844e63da8d2e Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Jul 26 14:40:45 2016 +0200
Firewall: Add Services SSMTP and submission
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 24159f095246659fed4bb581384fa91784d3359e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Jul 22 22:23:24 2016 +0200
nano 2.6.1: fix in rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c48a24dc14da1322dae72511c3e4c021602cf005 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jul 20 16:49:11 2016 +0100
core104: Include recent changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f00699e8bb9f820f1be200a40d987b749cd278dd Author: Alf Høgemark alf@i100.no Date: Thu Jul 14 13:14:55 2016 +0200
Change case of the unit "bit" from "Bit" to "bit" in web UI
The correct case for "kilobit" is "kilobit", not "kiloBit". And the same applies for Mbit, Gbit etc. Reference is https://en.wikipedia.org/wiki/Kilobit
This commit changes the texts used in the web UI, so that it correctly displays as "bit", "kbit", "Mbit" etc.
This fixes bugzilla item 10918.
Signed-off-by: Alf Høgemark alf@i100.no Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5261a13d3c2f5bec97c837713720c98a3a4c161b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Jul 18 11:50:45 2016 +0200
nano: Update to 2.6.1
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 19 15:01:05 2016 +0100
Fix potential HTTPoxy vulnerability
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 71f578bbfc43b5cf5b6480f00ca4536bd4155143 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 12 14:51:18 2016 +0100
freeradius: New package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ccb35c191fe91611a8bb8d755acddccd5f803051 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Tue Jul 5 11:56:52 2016 +0200
Update qemu to version 2.6
This patch update qemu to version 2.6 For changelogs see: http://wiki.qemu.org/ChangeLog/2.5 http://wiki.qemu.org/ChangeLog/2.6
Qemu try to built with bluez, but before version 2.6 bluez was not used by qemu on IPFire, so I think it is better to disable bluez because nobody needs it before version 2.6 and our bluez is not the latest version so I think this will cause more problems than benefits.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d4641215c788c54c36a7e3b3c056a1f4566af513 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Jul 16 12:18:52 2016 +0200
Update spice to version 0.12.8
This is an security update. Recent were 2 serious security vulnerabilities published. This patch update spice to a version which is not vulnerable.
Changelog:
Changes in 0.12.8:
================== * Fixes for CVE-2016-0749 and CVE-2016-2150
Changes in 0.12.7: ================== * spice-server will now send TCP keepalive probes on the TCP connections it uses. This can prevent unwanted idle disconnections if proxies are used between the client and the host. * Fix important memory usage when the webdav channel is used * Do not disconnect when the client requests an unsupported compression type * Fix a few race conditions * Fix display glitch when using XSpice * Improve help string for 'replay -s' * Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE port configured, USB webcam redirection over a slow link) * Fix various compilation warning when building on 32 bit machines * Some fixes for big-endian machines, more work is likely to be needed * Do not build static libraries by default, this can be reenabled with --enable-static * Fix small leak in MJPEG code
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5fb41958ce9ca71f4eee6d71f932de5a696b6e54 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 16 11:24:41 2016 +0100
libtiff: Bump release
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 25bb3677e9090d05aa64abdbaad97ae1efae3af2 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Jul 15 19:13:07 2016 +0200
libtiff: update to 4.0.6
The pak version from spandsp sane and foomatic are increased by one to ship packages build against new libtiff.
A compat is not needed
http://www.remotesensing.org/libtiff/v4.0.6.html
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Reviewed-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 035e2b4a9b843601b0af484d37c91fc3048f0ab7 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 16 10:57:04 2016 +0100
core104: Ship recently updated which
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 10f8c6f421e0d635dfa303b71b7e7a2cb1694424 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Jul 15 18:42:46 2016 +0200
which: update to 2.21
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fb686fdef34743853f618d0b816a8e678c7c8540 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jul 15 17:27:15 2016 +0200
Update spice-protocol to 0.12.11
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f5194e7a38d63fc9769dbd35eb1941a49ff716b3 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 15 11:08:56 2016 +0100
kernel: Fix broken syntax in configuration file
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit eb03f0178286ba0c049f4ef15b47d7e9ca60cc75 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 15 09:55:49 2016 +0100
Build bzip2 before pcre
pcre is now depending on bzip2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b61fe3f404035488e051929336d2b5159c8cb313 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jul 15 10:28:17 2016 +0200
Fix in libvirt install.sh/uninstall.sh
The libvirt daemon was not started after installation because the initscritp is named 'libvirtd' not like the package 'libvirt'. The same problem appear in the uninstall.sh. The service was not stopped.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 19a4317093718fc057d1a84d577593aaaee5c42e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jul 14 23:36:49 2016 +0100
core104: Ship recently updated packages
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aa3ff233c2895c0f0aa32d957e7403b108e9fb2b Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 09:58:14 2016 +0200
acpid: update to 2.0.26
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 602696704cb13d91c87f99fd54e891040418540b Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 09:42:04 2016 +0200
pcre: update to 8.39
http://www.pcre.org/original/changelog.txt
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c11dfb92959d60cb73092c8a740c7eabe03a09e0 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 10:02:54 2016 +0200
popt: update to 1.16
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2a53bafffe1313eec256e5466924f35d8976532d Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 10:07:44 2016 +0200
curl: update to 7.49.1
https://curl.haxx.se/changes.html#7_49_1
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6ec0831ae9716497276e33c4bef3dc4500d75d9e Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 10:08:58 2016 +0200
iputils: update to s20160308
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2249bb1d52f36a69aad36384e60de4a4c63b0fda Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 10:38:18 2016 +0200
acl: update to 2.2.52
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 04251def7f2a4f823ce5384298eb85c09676fb79 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 10:33:03 2016 +0200
libcap: update to 2.25
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cc97d7b417a44749be1568478173b799a7dc5ff9 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jul 13 16:55:29 2016 +0100
collectd: Ignore *phys, macvtap* and vnet* interfaces
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2b47cc27e3fbb6478a8729bc3c8fcffa7df3538a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jul 13 13:33:21 2016 +0200
bump package version of corrupted paks.
I had uploaded the wrong arch of this paks so bump version to fix this in pakfire.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a4fdc176429a03fb47f851a9767c93f8b3a19259 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jul 12 12:37:19 2016 +0200
dnsmasq 2.76: latest patches from upstream (004-009)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 754efda13126e16c951f4051df6cfc9926fca490 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jul 9 12:27:37 2016 +0200
dnsmasq 2.76: latest patches from upstream (001-003)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit afc14499a725d2d7d6f363d6859492dc74b3300b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 11 16:27:58 2016 +0200
p7zip: add CVE-2016-2334 and CVE-2016-2335 patches
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d0d869b022b7cc1f103227579c9175d9b2bd167b Merge: 7959134 913a442 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 11 15:39:53 2016 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 7959134a5564345adb1f16b42cf3d7666be9aa42 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 11 10:42:51 2016 +0200
kernel: disable amd ccp support
ccp based trng of the apu2 produce none random data. Aes accleration is also not used because IPFire prefere AES-NI if this is supported.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 913a442a2aad8f359462d2dbaa8f29a69ed3ebd6 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 2 12:18:38 2016 +0200
Fix compound nouns for mail service feature
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 795147c7d97b5fc691c6528bb5754f2b917a49c7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 30 20:29:40 2016 +0200
kernel: arm7-multi: enable ohci_hcd
needed for usb1.1 support on BananaPi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 484e62046ee462af0c102a131b0c7d47ae7f33e8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jun 29 17:04:28 2016 +0200
kernel: update to 3.14.74
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 01e38218c9193c9747ae9fca2a48345ff262af9e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jun 29 17:00:29 2016 +0200
backports: r8152 add lenovo and nvidia usb id
this id's are blacklisted in new cdc_ether module because the r8152 module should used but the 3.14 module not know this id's.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dc2e0320d3bfdaf0f2c51f6ed7297c3140806482 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 27 23:18:39 2016 +0100
core104: Ship updated libarchive
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a3cab8134a87712723a5a4a76e0e5deee4b02864 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Jun 26 09:27:58 2016 +0200
libarchive: update to 3.2.1
Fixes CVE-2016-4301 Libarchive mtree parse_device Code Execution Vulnerability
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f7029f205713edc6f523c58685e2f420b5d2852e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 22 14:19:24 2016 +0200
core 104: Add updated snort.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fee796dcb761b70911644311e7dba98f7727cb79 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 22 14:18:36 2016 +0200
core 104: Add changed ids.cgi.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b1e8c4b521d8b8759c63985812f17d7c23ffe753 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 22 14:13:49 2016 +0200
snort: Rootfile update.
Rootfile update for snort 2.9.8.2 which has been overlocked in commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 60ef4f6704c5a0cc2d971dccc90f81d4f0a051ce Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 21 12:02:49 2016 +0200
Add updated ddns to core 104.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 312ba20037df7db21abaeb4fcf5ee687d9c90dbe Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 21 11:59:18 2016 +0200
ddns: Update to version 010.
This update fixes some smaller issues on various dynamic DNS providers and adds support for DuckDNS as new provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 59232d72251e46011b92501b7538bfe24e869ffa Merge: 3a376d9 96aeacd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 21 10:08:07 2016 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 96aeacd808bbde03997e7d699bed16605095c8a8 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 17 13:06:41 2016 +0200
Change the default qemu user and group of libvirt
Changes the libvirt user to nobody and the group to kvm this is a bit safer as to use root for both.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5cc7ae0926454f93998f7c25b931dae7eec0539d Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 17 13:06:40 2016 +0200
Qemu: add a group kvm to access /dev/kvm eaiser
As a normal user, it is not possible to use qemu with KVM. This is bad because it is better when it is possible to start the machine with a less privileged user. To achieve this a group KVM is created and the access to /dev/kvm is allowed for this group. So every user in this group can use qemu with KVM. This change is also useful for libvirt because the VMs can be started with user nobody and group kvm.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1dd61e0594e92155642039d3229e1505f8aea937 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 19 09:54:32 2016 +0100
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0204a3c5bff8b22c880b2fb181814a25c2c3e3b9 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 17 13:07:10 2016 +0100
core104: Ship updated shadow-utils and remove old files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4787315b6e67b486e813292d45402ee3890a3e7b Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sat Mar 19 08:10:25 2016 +0100
shadow: update to 4.2.1
The "groups" from the coreutils package is used (/usr/bin/groups)
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1bddfa5abf7a970bb6a1df90271bc6e2c67154a5 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 16 09:34:24 2016 +0100
core104: Ship updated pakfire functions.sh
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e6fd1f2d3876aae2c37051fce718f68712fdee4a Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 10 10:13:41 2016 +0200
Fix in pakfire functions.sh
The if statement in line 89 and 99 are useless with the -e conditional expression because it returns true if the path ist a regular file or a directory. So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true, but the statement should return only true if we have a regular file. So -f if the right conditional expression, and we only try to execute the init script if the path "/etc/init.d/${1}" points to a regular file.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 77d989a66726dfe8282d00eec25f1cca80aca118 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Jun 10 10:57:13 2016 +0200
Change the default libvirt remote user to libvirt-remote
It is possible to communicate per ssh via a socket with libvirt. It is not a good idea to do this as root, so the remote user is now libvirt-remote. Only this user or users in the group libvirt-remote can communicate with the socket. The user libvirt-remote is created without a password. The users have to set a password for this user after installation.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6c2720cac6c4d807e7608d10d15349854714a8e0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 16 09:28:34 2016 +0100
core104: Add ntp update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6ce32b1d84a539bae4503fbfe0cb043edb919265 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jun 14 12:44:48 2016 +0200
ntp: Update to 4.2.8p8
It addresses 1 high- and 4 low--severity security issues, 4 bugfixes, and contains other improvements over 4.2.8p7.
For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 51f69a46533e2ed7a9c29de23b9ec791d27cc80b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun May 1 12:29:02 2016 +0200
ntp: Update to 4.2.8p7
It addresses 11 low- and medium-severity security issues, 16 bugfixes, and contains other improvements over 4.2.8p6.
For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2e45b1125bc54f5376b57905541cd1309364579a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Feb 6 23:37:50 2016 +0100
ntp: Update to 4.2.8p6
"...addresses 9 low- and medium-severity security issues, 10 bugfixes, and contains other improvements over 4.2.8p5."
For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 44285d92a297f27310b3bf4de3d5c0af15a82462 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 16 09:26:55 2016 +0100
core104: Add wget update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e072f094e6fcb20a718caaef91ba9766258e2377 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jun 14 12:33:00 2016 +0200
wget: Update to 1.18
Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in all old versions of wget. The vulnerability was discovered by Dawid Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a redirect from HTTP to another HTTP resource so the original name is used as the destination file. To keep the previous behaviour the user must provide --trust-server-names."
Best, Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6118218c192bdd0a957e787114190bfc9c440da0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Feb 8 14:10:57 2016 +0100
wget: Update to 1.17.1
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b6c0145236385bcef7b3fa016f2884f64a2bc9f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 16 09:24:22 2016 +0100
Start Core Update 104
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3a376d999ecf485803c270e3d9d6f767c0378ba9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun May 1 07:35:32 2016 +0200
snort 2.9.8.2: update snort download url
Update for http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0aff7b81965c06756ff42482e...
Update url is set to 'snortrules-snapshot-2982.tar.gz'
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 1 08:40:00 2016 +0200
snort: Update to 2.9.8.2
Release notes:
2016-03-09 - Snort 2.9.8.2 [*] New additions * Future-flow and DNS API exposed to lua detector. * Double VLAN tagging support. [*] Improvements * Performance improvements to AppID. * Stability improvements to file and ftp_telnet preprocessor. * Fixed several issues with SDF and obfuscation. * Resolved an issue of improper handling of malformed DNS host in AppID. * HTTP PAF accepts all tokens between method and version strings in a request URI. * Resolved snort build issue with "--disable-perfprofiling" configure option. * Enhanced mime parsing by adding support for detecting files after unknown headers and no headers. * Fixed issue with gzip decompression. If the server response specifies Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0. * End of Header(EOH) identification for HTTP response header spanning multiple packets. * Improved packet reassembly for HTTP. * Fixed Flash LZMA decompression issue.
For details see: https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 00c2bfe89b236ebbd0306d19965c9087b3aaf485 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Dec 11 19:38:26 2015 +0100
snort 2.9.8.0: Updated rootfile
snort 2.9.8.0: Updated rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cf074eb256e1254f3463f62d3e1893cca56ca2ff Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Dec 10 07:40:18 2015 +0100
snort: Update to 2.9.8.0
snort: Update to 2.9.8.0
Release notes: https://snort.org/downloads/snort/release_notes_2.9.8.0.txt Changelog: https://snort.org/downloads/snort/changelog_2.9.8.0.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree