This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core128 has been created at 8818db9a1cf3488707b0a1193af2db56a30a8560 (commit)
- Log ----------------------------------------------------------------- commit 8818db9a1cf3488707b0a1193af2db56a30a8560 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 22 21:33:45 2019 +0100
core128: finish core128
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 173844d3521040abeac360c2871403e51266dcd4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 22 21:20:57 2019 +0100
kernel: import cve-2019-8912 patch
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 186402fbe83fcff9b15bfab81a6d35cebe431126 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 22 19:26:08 2019 +0100
core128: stop apache before replacing files
apache will not restart without stopped before the files was replaced.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6957b699b374b8053c8de66a0e61a489c982bb34 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 22 18:02:45 2019 +0100
kernel: apu leds: add more id's
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 710153a89cf95ed2cf0c1440969dc03f89758790 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 22 18:01:18 2019 +0100
partresize: add "apu1" for apus with new bios.
commit 4a25ada199d26bf5da93c05150c6d85b82efce74 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Feb 21 19:23:05 2019 +0100
core128: add kernel to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a2d49659f3947e5a5a77cbc1bf384eb0b2760ca9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Feb 21 19:13:27 2019 +0100
kernel: cleanup unused rpi patch
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8c8b4b21545338efea26df2c1285d89793e1b77c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Feb 21 10:50:15 2019 +0100
kernel: update to 4.14.102
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8f49959d70210f4a2d6d1bbf2f6936d4e3e28f6b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Feb 19 13:48:12 2019 +0100
partresize: enable serial console on PC Engines APU
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 17872019ba56d6ec81742fc61218933f25988f7e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Feb 19 01:04:19 2019 +0100
kernel: update apu led patch for apu3 and 4
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9bc17600521eabca8238fc9116d1fae47800a6af Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 17 13:46:51 2019 +0000
unbound: Drop certificates for local control connection
These are a cause of worry because they are sometimes generated with an invalid timestamp and therefore render unbound being unusable.
There is no strong reason to use self-signed certificates for extra security here.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 256070e92fed192f80c0c4fcdbbf9102fdc8e6b4 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Feb 10 20:21:22 2019 +0100
Added 'CONFIG_X86_MSR=y for 'powertop' to i586 and x86_64 builds for fixing #11997
Triggered by: https://forum.ipfire.org/viewtopic.php?f=69&t=22274
This - probably - fixes Bug #11997.
Needs testing on 64bit installations!
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 34f4af78a800b250dd3766747607231d3872d40f Author: Rob Brewer ipfire-devel@grantura.co.uk Date: Wed Feb 13 22:49:11 2019 +0000
Fix ownership of sendEmail script
The script used to be owned by a non-privileged user and it should just be owned by root.root like any other binary.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 56ec56a8193ebccb7c32469e0870849f820b0d14 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Feb 16 22:49:47 2019 +0100
borgbackup: fix build on armv5tel
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2caca412176a5de89fa4b359cf33766be552c447 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Feb 16 21:40:50 2019 +0100
kernel: enable PCA953X GPIO extender for ClearFog boards
fixes: #12000
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ede92473100923d577f3bb4124e8a88da1d30a39 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 15 17:46:54 2019 +0100
kernel: update to 4.14.101
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5368ccb0fc19d8f7678a292d95334e1855b875d3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 13 11:32:00 2019 +0000
core128: Ship kdig
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2397e51335eb623b65e2ff1176e83d3d920c8ef7 Author: Erik Kapfer ummeegge@ipfire.org Date: Sat Feb 9 08:41:15 2019 +0100
knot: Reduced version of knot with kdig only
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 59d673ae44c2319b1a0894d181f5114114de8276 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 13 11:31:24 2019 +0000
core128: Ship libedit
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 17b3255b7f16a0b62a00d8c244b131047091f7ad Author: Erik Kapfer ummeegge@ipfire.org Date: Sat Feb 9 08:41:14 2019 +0100
libedit: A command line editor library
Dependency for knot (kdig).
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 17d9d4257139a78162051b71accaf9ff9764230f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Feb 10 20:13:17 2019 +0100
powertop: Update to 2.10
Hi,
Triggered by: https://forum.ipfire.org/viewtopic.php?f=69&t=22274
For details see: https://01.org/powertop/downloads/powertop-v2.10
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 941a3dec4e69e5081d76682e635cdf47be51af1c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Feb 9 10:59:08 2019 +0100
dhcpcd: Update to 7.1.1
For details see: https://roy.marples.name/blog/dhcpcd-7-1-1-released
"A minor update, highlights include:
IPv4LL: Fixed build with this disabled IPv4LL: Remember last address between carrier resets BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN FreeBSD: Avoid panicing kernel when RTA_IFP is set for IPv6 prefix routes"
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d5b7f82a40b69a57d6d849c2e6da583c6772fc9a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Feb 9 10:37:22 2019 +0100
curl: Update to 7.64.0
Hi,
For details see: https://curl.haxx.se/changes.html
This came rather unexpected - if I'd known, I'd have waited with 7.63.0.
"Changes: cookies: leave secure cookies alone hostip: support wildcard hosts http: Implement trailing headers for chunked transfers http: added options for allowing HTTP/0.9 responses timeval: Use high resolution timestamps on Windows
Bugfixes: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read FAQ: remove mention of sourceforge for github OS400: handle memory error in list conversion OS400: upgrade ILE/RPG binding. README: add codacy code quality badge Revert http_negotiate: do not close connection THANKS: added several missing names from year <= 2000 build: make 'tidy' target work for metalink builds cmake: added checks for variadic macros cmake: updated check for HAVE_POLL_FINE to match autotools cmake: use lowercase for function name like the rest of the code configure: detect xlclang separately from clang configure: fix recv/send/select detection on Android configure: rewrite --enable-code-coverage conncache_unlock: avoid indirection by changing input argument type cookie: fix comment typo cookies: allow secure override when done over HTTPS cookies: extend domain checks to non psl builds cookies: skip custom cookies when redirecting cross-site curl --xattr: strip credentials from any URL that is stored curl -J: refuse to append to the destination file curl/urlapi.h: include "curl.h" first curl_multi_remove_handle() don't block terminating c-ares requests darwinssl: accept setting max-tls with default min-tls disconnect: separate connections and easy handles better disconnect: set conn->data for protocol disconnect docs/version.d: mention MultiSSL docs: fix the --tls-max description docs: use $(INSTALL_DATA) to install man page docs: use meaningless port number in CURLOPT_LOCALPORT example gopher: always include the entire gopher-path in request http2: clear pause stream id if it gets closed if2ip: remove unused function Curl_if_is_interface_name libssh: do not let libssh create socket libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh libssh: free sftp_canonicalize_path() data correctly libtest/stub_gssapi: use "real" snprintf mbedtls: use VERIFYHOST multi: multiplexing improvements multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time ntlm: fix NTMLv2 compliance ntlm_sspi: add support for channel binding openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated openssl: fix the SSL_get_tlsext_status_ocsp_resp call openvms: fix OpenSSL discovery on VAX openvms: fix typos in documentation os400: add a missing closing bracket os400: fix extra parameter syntax error pingpong: change default response timeout to 120 seconds pingpong: ignore regular timeout in disconnect phase printf: fix format specifiers runtests.pl: Fix perl call to include srcdir schannel: fix compiler warning schannel: preserve original certificate path parameter schannel: stop calling it "winssl" sigpipe: if mbedTLS is used, ignore SIGPIPE smb: fix incorrect path in request if connection reused ssh: log the libssh2 error message when ssh session startup fails test1558: verify CURLINFO_PROTOCOL on file:// transfer test1561: improve test name test1653: make it survive torture tests tests: allow tests to pass by 2037-02-12 tests: move objnames-* from lib into tests timediff: fix math for unsigned time_t timeval: Disable MSVC Analyzer GetTickCount warning tool_cb_prg: avoid integer overflow travis: added cmake build for osx urlapi: Fix port parsing of eol colon urlapi: distinguish possibly empty query urlapi: fix parsing ipv6 with zone index urldata: rename easy_conn to just conn winbuild: conditionally use /DZLIB_WINAPI wolfssl: fix memory-leak in threaded use spnego_sspi: add support for channel binding"
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 39d43c5b99720c31e4423e3668ea77679954c184 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Feb 8 20:50:37 2019 +0100
kernel: update to 4.14.98
todo: check if RPi dwc dma patch still need to reverted before release
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 27a9f86ec4c7b42a0d9d9da5728344c0431f3768 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Feb 8 12:01:42 2019 +0100
borgbackup: Fix build on i586
Fixes
... '/usr/src/config/rootfiles/packages//borgbackup' -> '/install/packages/package/ROOTFILES' tar: usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/compress.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: Exiting with failure status due to previous errors make: *** [borgbackup:58: dist] Error 2 ...
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7a7c30e11972da586997e8568a11cc91c54e416b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Feb 8 11:57:47 2019 +0100
python3-llfuse: Fix build on i586
Fixes
"tar: usr/lib/python3.6/site-packages/llfuse.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory"
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 02a8a241bb74f9ab56d673bc89f3b720fe9c7e12 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 7 15:13:50 2019 +0000
core128: Ship updated firewall initscript
Require reboot after the update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e01e07ec8b770eb849a42ad3f8c0f67e55faf905 Author: Peter Müller peter.mueller@ipfire.org Date: Wed Feb 6 21:00:00 2019 +0000
apply default firewall policy for ORANGE, too
If firewall default policy is set to DROP, this setting was not applied to outgoing ORANGE traffic as well, which was misleading.
Fixes #11973
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org Cc: Oliver Fuhrer oliver.fuhrer@bluewin.ch Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fd16f5d8c132ae28baf33163b8553933035c2beb Author: Peter Müller peter.mueller@ipfire.org Date: Wed Feb 6 19:21:00 2019 +0000
Tor: update to 0.3.5.7
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 08d91c0f7a7511da8a8d4a7ff2f156677d94463b Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Tue Feb 5 18:33:31 2019 +0000
python3-msgpack: Fix build on i586
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e20b7de067c5df0318dea9eaa67dedf78130d66d Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Feb 4 07:00:13 2019 +0000
python3-dateutil: Update rootfiles
Changed because of new python3-setuptools
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1cca99e3a1eab5c18fba623bc1de427c28a5772f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Feb 4 00:40:02 2019 +0000
core128: Ship updated dhcpcd
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2378f373dd2fd58eaf734877be3827c8d1682b32 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Feb 4 18:38:44 2019 +0100
dhcpcd: Update to 7.1.0
For some informations about this update see: https://roy.marples.name/blog/dhcpcd-7-1-0-released
"dhcpcd-7.1.0 has been released with the following changes:
- OpenBSD: works alongside slaacd(8) - NetBSD: sets SO_RERROR on to detect receive socket overflow - BSD: route improvements to avoid listening for own changes - Linux: use NETLINK_BROADCAST_ERROR - BSD: avoid late address deletion messages by testing address existance - IP6: implement IP6 address sharing - BSD: catch UP/DOWN events when interfaces does support media changes - IPv4LL: remember old address when carrier is lost
Many other minor fixes and documenation updates have been submitted by various community members for this release..."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 60c692e38585977b7e644f0c14d017b1ed350a9c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Feb 4 00:15:24 2019 +0000
core128: Ship updated curl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d2b7811b1510c8a1f5fc993cf913b2d4342c4aae Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Feb 4 18:30:54 2019 +0100
curl: Update to 7.63.0
For details see: https://curl.haxx.se/changes.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b4285088a121f71048870061de2c388d747ae3a2 Author: Erik Kapfer ummeegge@ipfire.org Date: Sat Feb 2 08:46:12 2019 +0100
update.sh: Delete .rnd files
Since RANDFILE has been disabled in OpenSSL configurations, .rnd files are not needed anymore.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 06232b041a8da29dacb7655bd431e5eec6e782b3 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 3 21:42:43 2019 +0000
core128: Ship updated apr
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 33f7d610fbd518d5809f273fb6fca927fcf25e01 Author: Wolfgang Apolinarski wolfgang.apolinarski@ipfire.org Date: Sun Feb 3 15:11:58 2019 +0100
Updated apr, stabilized apache build
- Updated apr to 1.6.5 - Stabilized apache build (rebuild)
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 22f7be0d4d9d676d002cf0736edbc174f31cd238 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Feb 3 15:28:52 2019 +0100
python3-llfuse: fix rootfile for non x86_64 builds
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 329788dee52f8ea58b8d01a42ff4a1a44ed45489 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Feb 3 12:45:52 2019 +0100
kernel: update to 4.14.97
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2a915f98cbd5983a5246cce7ec2e88041412f361 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Feb 1 17:34:02 2019 +0000
haproxy: Bump version to support TLSv1.3 (and PCRE JIT)
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 83064ee34ea0659f0c2ea204a76db2112e75332e Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Feb 1 17:12:23 2019 +0000
core128: Restart updated apache
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 57bc05a53de810f2b4dca122f209be4b547f9d5f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Feb 1 18:06:38 2019 +0100
apache: Update to 2.4.38
For details see: http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.38
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2d8187e8e05222a05c2a074da798bbbc660f642d Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Feb 1 17:08:44 2019 +0000
core128: Ship AWS scripts again
It seems that this was missing in Core Update 125/126 so not all bug fixes made it into the release.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 46114d79d99533ebb59ece038836b44dabb4083e Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Feb 1 11:52:45 2019 +0000
Add new package borgbackup
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit def9f4a3e074e1401c6f40946833785d4b27ce66 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Feb 1 11:52:44 2019 +0000
Add new package python3-msgpack
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3be819876bf56f9ce1026cfdab57aaff49fe072f Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Feb 1 11:52:43 2019 +0000
Add new package python3-llfuse
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 662b2a812f6bfd8e5143564c8b162abc2df0dbd6 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Feb 1 11:52:42 2019 +0000
Add new package python3-setuptools-scm
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2d17377aa0216522a47d9f81a4b754d8ce30a2a1 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Fri Feb 1 11:52:41 2019 +0000
Add new package python3-settuptools
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit feeda1e4dd0780cff4bebe3b8c232548072a2d8d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 30 18:37:26 2019 +0000
core128: Delete SSE2-optimised legacy OpenSSL libraries, too
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 898fe209ff2b72dfdc54e8bac8b99d1644b14eb0 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 29 13:51:37 2019 +0000
core128: Ship updated OpenSSL configuration files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a946892338329dbee0289132413d4849e3641f7e Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Jan 8 20:33:32 2019 +0100
del_rand: Deletion of RAND file in openssl config
Fixes #11943
Since the kernel RNG should do this, there is no need for this anymore.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 61ee842911ec21254931cd52bd601ee3d28033c6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Jan 27 18:38:04 2019 +0100
ghostscript: Update to 9.26
For details see: https://www.ghostscript.com/doc/9.26/News.htm
This version fixes CVE-2019-6116 ("code execution via subroutines within pseudo-operators")
Some details (german) can be found here: https://www.heise.de/security/meldung/Boeser-Bug-in-PostScript-trifft-ghosts...
I saw this article and found it could be the time for an update...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d03916e55851a243594ebf6f0c20c8f6d9092277 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 24 12:31:27 2019 +0000
Enable some performance tuning
These parameters increase the throughput on various (large-ish) systems by 5-10% on the slight expense of higher power consumption.
Socket buffers are increases and the system is configured to be less aggressive when scheduling processes from one processor to another one which ensures that the cache remains "hot" for longer.
On a slower system (apu1d) no performance improvement or loss could have been measured.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7ec83993e54034cfa5620fb24bec24e6f630d7a6 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 23 06:21:53 2019 +0000
proxy: Show error messages in English by default
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 75936b067f3e4ef057d7ecf37e32733467dd3a23 Author: Peter Müller peter.mueller@link38.eu Date: Wed Jan 23 21:34:13 2019 +0100
Postfix: update to 3.3.2
See http://www.postfix.org/announcements/postfix-3.3.2.html for release note. This makes Postfix TLS 1.3/OpenSSL 1.1.1a ready.
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0a44d9bcec0b91dc70303487a9e5e4f61324c01f Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 23 05:40:41 2019 +0000
core128: Ship updated ca-certificates
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 07c36be56ff136c64e4c396f694325f814a8673b Author: Peter Müller peter.mueller@link38.eu Date: Wed Jan 23 20:59:41 2019 +0100
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu...
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bdc831015465182f505c777d05cc3e0d2603a13b Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 23 05:40:04 2019 +0000
core128: Ship updated openssh
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fee8b1c5041e7a3abeda7b2148296f417d9f6362 Author: Peter Müller peter.mueller@link38.eu Date: Wed Jan 23 20:54:07 2019 +0100
OpenSSH: update to 7.9p1
Update OpenSSH to 7.9p1 (release note is available at https://www.openssh.com/txt/release-7.9). Patching support for OpenSSL 1.1.0 is no longer required, thus the orphaned patchfile has been deleted.
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit be838808e1d3e7dc52fd25621bda18507294919a Merge: 7c26f07da 903052dde Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 23 21:19:01 2019 +0100
Merge remote-tracking branch 'origin/master' into next
commit 7c26f07dabd486f1723615e2546f52c825f8899b Merge: b9d494e77 26d07ee5d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 23 21:18:44 2019 +0100
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit b9d494e7736ab1fa543903542f2b922ac370331f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 23 18:38:14 2019 +0100
kernel: update to 4.14.95
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 26d07ee5da961c7ac8a062b6e8386800cd5f21f7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 23 03:06:07 2019 +0000
core128: Ship updated tzdata
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0661be620bb3119ea5cd2191ae6028c99f50d4b9 Author: Peter Müller peter.mueller@link38.eu Date: Wed Jan 23 16:00:57 2019 +0100
tzdata: update to 2018i
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b7ddf23b7238e469a19e09acaa5cfeb63fac9c78 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 22 05:31:21 2019 +0000
strongswan: Update to 5.7.2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ec7d630b622e40c558479cda2b5a64516d1be7a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 22 07:46:08 2019 +0100
kernel: x86_64 encrease NR_CPUS to 64
fixes #11963
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 503a6f155b218d9a991b98d9cc8b31dada77ca55 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 22 07:41:18 2019 +0100
kernel: update to 4.14.94
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit eacf8dc4b7d028d7fd53707c9db84373a26b8a30 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 21 21:04:10 2019 +0000
core128: Ship updated xt_geoip_update script
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d38e7e256d43069e49c557e947d4b940aae8a566 Author: Peter Müller peter.mueller@link38.eu Date: Mon Jan 21 21:40:50 2019 +0100
use HTTPS for downloading GeoIP database files
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f6326e4f777519e857d740cc525bb1ae3ea57ee3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 21 10:20:29 2019 +0000
core128: Ship updated logrotate
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6f1aa31f01ed3e4a6cf59823f40405f5437c8c21 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Jan 20 18:07:47 2019 +0100
logrotate: Update to 3.15
For details see: https://github.com/logrotate/logrotate/releases
- timer unit: change trigger fuzz from 12h to 1h (#230) - service unit: only run if /var/log is mounted (#230) - preserve fractional part of timestamps when compressing (#226) - re-indent source code using spaces only (#188) - minage: avoid rounding issue while comparing the amount of seconds (#36) - never remove old log files if rotate -1 is specified (#202) - return non-zero exit status if a config file contains an error (#199) - make copytruncate work with rotate 0 (#191) - warn user if both size and the time interval options are used (#192) - pass rotated log file name as the 2nd argument of the postrotate script when sharedscript is not enabled (#193) - rename logrotate-default to logrotate.conf (#187)
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9b86a7ec28bd2a2049e771b59dff817c0569e106 Merge: 93d516bd7 f29ff21cd Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 19 19:58:48 2019 +0100
Merge remote-tracking branch 'origin/master' into next
commit 93d516bd7065e4a30a1a04bd3f1045b2b56864ad Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 17 19:24:46 2019 +0000
Revert "Disable Path MTU discovery"
This reverts commit 1c0cfaa5949e4303e8e4e2f041af86a812f3fe6c.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 47051c2a0aa6307d0d1cefb05d51d0eda175a62e Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 5 16:21:43 2018 +0100
drop orphaned OpenSSL patches
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8f095fb28722929b3d36d384ad3e38787f7030fe Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 17 14:41:54 2019 +0000
core128: Remove openssl-compat package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 63cf6d5cefc422ddec3f078cbc9f29350aece092 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 5 16:12:40 2018 +0100
drop openssl-compat package
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ac520af83740fbfe8500f50ed750da1eaacf5aca Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 17 14:39:14 2019 +0000
core128: Ship recently updated openssl and apache
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5a394647545be13285bded059607cd86c4d551e6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 17 14:38:01 2019 +0000
Start Core Update 128
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 535dab60d61f86d78e8c6753c4d6c69bd0f3cbcc Author: Peter Müller peter.mueller@link38.eu Date: Tue Jan 15 15:39:25 2019 +0100
httpd: include TLS 1.3 cipher suites
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Erik Kapfer erik.kapfer@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 32ba431458a616026f17a687735bc6bec2e8dca9 Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Jan 15 15:43:01 2019 +0100
openssl: Update to version 1.1.1a
Disabled MD2 and Aria cipher.
TLSv1.3 is now available with:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 TLS_AES_128_GCM_SHA256 TLSv1.3
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree