This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f (commit) via f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 (commit) via 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f (commit) via e705636a854de570987817d2f847bec980db928f (commit) via 0698daa3fb935ede4c027e8b507e7b3106391a86 (commit) via de9e44e82daa1e650a38e3cb5235a59caaedb66b (commit) from 4a9fe2eaaa45e25428ce72f0076c0a38fe9b291a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Feb 14 11:34:36 2024 +0100
graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT rrd directories are created. - With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error message is caused by the inability to open the required files. - This patch adds an if/else loop into the fwhits graph code to deal with the two cases of the DROP_HOSTILE being present or not depending on the history and if a backup with logs has been restored from when DROP_HOSTILE was in use. - Tested on vm testbed and created a historical line for the hostile data when it was not split - There might be a simpler or better approach than this but it was the only option I could identify. I couldn't find anything about being able to use if loops within the RRD::Graph loop
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:01:25 2024 +0000
core184: Ship unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Feb 14 17:24:52 2024 +0100
unbound: Update to 1.19.1
For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-1
"Bug Fixes
Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e705636a854de570987817d2f847bec980db928f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Feb 14 17:34:10 2024 +0100
unbound 1.19.1: Fix for forgotten rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0698daa3fb935ede4c027e8b507e7b3106391a86 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:00:03 2024 +0000
core184: Ship bind
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit de9e44e82daa1e650a38e3cb5235a59caaedb66b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Feb 14 17:43:12 2024 +0100
bind: Update to 9.16.48
For details see: https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html#notes-fo...
Fixes several CVEs.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/graphs.pl | 237 ++++++++++++++------- config/rootfiles/common/bind | 14 +- config/rootfiles/common/unbound | 2 +- .../{oldcore/100 => core/184}/filelists/bind | 0 .../{oldcore/106 => core/184}/filelists/unbound | 0 config/rootfiles/core/184/update.sh | 1 + lfs/bind | 6 +- lfs/unbound | 6 +- 8 files changed, 173 insertions(+), 93 deletions(-) copy config/rootfiles/{oldcore/100 => core/184}/filelists/bind (100%) copy config/rootfiles/{oldcore/106 => core/184}/filelists/unbound (100%)
Difference in files: diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c980..96c6c26ead 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # +# GNU General Public License for more details. #update.sh # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see http://www.gnu.org/licenses/. # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph { my $period = $_[0]; - RRDs::graph( - @GRAPH_ARGS, - "-", - "--start", - "-1".$period, - "-r", - "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, - "-v ".$Lang::tr{'bytes per second'}, - "--color=SHADEA".$color{"color19"}, - "--color=SHADEB".$color{"color19"}, - "--color=BACK".$color{"color21"}, - "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", - "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", - "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", - "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", - "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", - "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", - "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - - # This creates a new combined hostile segment. - # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values - # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown, - # we replace them with them sum of IN + OUT. - "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", - - "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), - "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", - "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), - "GPRINT:output:MAX:%8.1lf %sBps", - "GPRINT:output:AVERAGE:%8.1lf %sBps", - "GPRINT:output:MIN:%8.1lf %sBps", - "GPRINT:output:LAST:%8.1lf %sBps\j", - "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), - "GPRINT:forward:MAX:%8.1lf %sBps", - "GPRINT:forward:AVERAGE:%8.1lf %sBps", - "GPRINT:forward:MIN:%8.1lf %sBps", - "GPRINT:forward:LAST:%8.1lf %sBps\j", - "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), - "GPRINT:input:MAX:%8.1lf %sBps", - "GPRINT:input:AVERAGE:%8.1lf %sBps", - "GPRINT:input:MIN:%8.1lf %sBps", - "GPRINT:input:LAST:%8.1lf %sBps\j", - "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), - "GPRINT:newnotsyn:MAX:%8.1lf %sBps", - "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", - "GPRINT:newnotsyn:MIN:%8.1lf %sBps", - "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", - "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), - "GPRINT:portscan:MAX:%8.1lf %sBps", - "GPRINT:portscan:AVERAGE:%8.1lf %sBps", - "GPRINT:portscan:MIN:%8.1lf %sBps", - "GPRINT:portscan:LAST:%8.1lf %sBps\j", - "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), - "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", - "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", - "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", - "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", - "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), - "GPRINT:hostilein:MAX:%8.1lf %sBps", - "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", - "GPRINT:hostilein:MIN:%8.1lf %sBps", - "GPRINT:hostilein:LAST:%8.1lf %sBps\j", - "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), - "GPRINT:hostileout:MAX:%8.1lf %sBps", - "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", - "GPRINT:hostileout:MIN:%8.1lf %sBps", - "GPRINT:hostileout:LAST:%8.1lf %sBps\j", - "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), - "GPRINT:hostile:MAX:%8.1lf %sBps", - "GPRINT:hostile:AVERAGE:%8.1lf %sBps", - "GPRINT:hostile:MIN:%8.1lf %sBps", - "GPRINT:hostile:LAST:%8.1lf %sBps\j", - ); + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) { + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values + # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out), + # we replace them with the sum of IN + OUT. + "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + }else{ + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values + # from the sum of IN + OUT. + "CDEF:hostile=hostilein,hostileout,+", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + } $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; } diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 230b2e595f..96859c8db4 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -271,24 +271,24 @@ usr/bin/nsupdate #usr/include/pk11/site.h #usr/include/pkcs11 #usr/include/pkcs11/pkcs11.h -usr/lib/libbind9-9.16.45.so +usr/lib/libbind9-9.16.48.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libdns-9.16.45.so +usr/lib/libdns-9.16.48.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libirs-9.16.45.so +usr/lib/libirs-9.16.48.so #usr/lib/libirs.la #usr/lib/libirs.so -usr/lib/libisc-9.16.45.so +usr/lib/libisc-9.16.48.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.16.45.so +usr/lib/libisccc-9.16.48.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.16.45.so +usr/lib/libisccfg-9.16.48.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.16.45.so +usr/lib/libns-9.16.48.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 78c5a31ae2..1badd605ab 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.23 +usr/lib/libunbound.so.8.1.24 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/184/filelists/bind b/config/rootfiles/core/184/filelists/bind new file mode 120000 index 0000000000..48a0ebaefd --- /dev/null +++ b/config/rootfiles/core/184/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/unbound b/config/rootfiles/core/184/filelists/unbound new file mode 120000 index 0000000000..66adf09242 --- /dev/null +++ b/config/rootfiles/core/184/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index 024c44be7f..3bf38ff8b2 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -81,6 +81,7 @@ telinit u /etc/init.d/vnstat start /etc/init.d/collectd restart /etc/init.d/suricata restart +/etc/init.d/unbound restart if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi diff --git a/lfs/bind b/lfs/bind index 63e642ca89..271f8ab53b 100644 --- a/lfs/bind +++ b/lfs/bind @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@
include Config
-VER = 9.16.45 +VER = 9.16.48
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2b6cea5e5b510780fb144cf9fce5fbec4adc6a2bb2186646f95afb4aa486edc326106519f149e600aec373238d55c06dfe7ac65f41016453a0967a28ec67ad7e +$(DL_FILE)_BLAKE2 = 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7
install : $(TARGET)
diff --git a/lfs/unbound b/lfs/unbound index 22bb2e1ceb..b852f75b9b 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.19.0 +VER = 1.19.1
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 66ec2b1cd32ac5930c088c73e884bc1fb4d35526a0c89bdbe209defd3e78326ce9b3c1a523fc1ab28b8fdf0e457280d5de7b300cf560c15d875f460bc361f5c7 +$(DL_FILE)_BLAKE2 = a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f9192434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree