This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core134 has been created at c6e032e13d5d1eff16189c50229f00522835aae5 (commit)
- Log ----------------------------------------------------------------- commit c6e032e13d5d1eff16189c50229f00522835aae5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jun 22 08:47:55 2019 +0200
finish core134
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c8ee8f37d401a16db0a3a784301f94b71964860c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 21 01:39:42 2019 +0100
Update contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 92f6c5ed861c9e7597cf8e882d96277a8b40e494 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 21 01:38:59 2019 +0100
core134: Ship updated firewall initscript
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7866fa2513693d7bde786c2924b1118f0488c30c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 21 01:38:22 2019 +0100
core134: Ship updated bind
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f3959d13e858f4768f45244a3792851acda740d8 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Jun 21 14:31:26 2019 +0200
bind: Update to 9.11.8
For Details see: https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html
"Security Fixes A race condition could trigger an assertion failure when a large number of incoming packets were being rejected. This flaw is disclosed in CVE-2019-6471. [GL #942]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1722701a9aab07e1a96ae25d2cedcbac403ddb76 Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Jun 20 07:04:30 2019 +0200
BUG12015: Redirecting to Captive portal does not work after IPFire restart
When the Captive portal is enabled, the needed firewall rules are applied. But when restarting IPFire, the rules are not applied because there is no call to do so. Added call to captivectrl in the initscrip 'firewall'.
Fixes: #12015
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 744f16e45a9d7923f99ee8ce6e2cbebda131824c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jun 21 11:58:58 2019 +0200
core134: ship core133 late fixes again
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 70dd356329f2f5617a0f4572d15c2d6ae94e1c6f Merge: 3a8fef331 0dd16f404 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 20 09:35:59 2019 +0200
Merge remote-tracking branch 'origin/master' into next
commit 3a8fef331dd2950705c1d32ec314fa72a84463d9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 20 09:33:17 2019 +0200
kernel: remove RPi DMA allignment revert
TODO: test if RPi works without now or if we need to revert more of the allignment patches.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 70590cef482e17063838e62ad1aad349ef1133b5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jun 19 21:01:29 2019 +0200
Kernel: update to 4.14.128
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4b64da2914c53c4fad16341c17fc23b88f356f4e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jun 18 22:35:23 2019 +0100
core134: Ship updated vim
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit beac38454154ceb878c9f73dd9834f3324f086be Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Jun 19 13:24:06 2019 +0200
Remove old vim 7.4 data
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 98f55e136fe482f8c191ba5c541887ce2d0007ec Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Jun 19 13:24:05 2019 +0200
vim: Update to 8.1
Please note: If this gets merged, the update process must deal with the otherwise remaining files in '/usr/share/vim74' (~16 MB).
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d3e88203308ea22105d12d6ebfb08f81e0efbdc8 Author: Stéphane Pautrel stephane.pautrel@gmail.com Date: Tue Jun 18 20:01:23 2019 +0100
Update French translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a04eedfe7da2719452d6f683c05ca644cda71195 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jun 18 18:49:46 2019 +0200
core134: add kernel to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 15ca18a3d9efbe8879e8b22f1f72eaeb596ca2f9 Merge: 82c279a51 7516e8b7f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jun 18 18:42:02 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 82c279a518613a2a9ba200e14629c0171d0c4233 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jun 18 18:41:19 2019 +0200
kernel: update to 4.14.127
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1a129822af7e4e574ee5ca8e6c973b560d563324 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jun 18 14:36:02 2019 +0200
linux-pae: fix grub.conf creation on pv machines
on some systems it seems that grub2 and it config also exist.
commit 7516e8b7f1edff1ff59c1e8ac3f342c66bada85d Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jun 18 09:13:21 2019 +0100
core134: Ship changed general-functions.pl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cc724c142aa71d9e33d923599f31ec19bd2072e2 Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Jun 18 09:55:35 2019 +0200
BUG12070: Its not possible to use the underscore in email addresses
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore. The function used to verify that is used from general-functions.pl. Now the function 'validemail' allows the underscore in the address.
Fixes: #12070
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 82899ad1ce895d3b2348b6c7eb6179096e3724aa Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 17 17:40:37 2019 +0100
core134: Ship updated unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2f278de868f0a62f03bf6f32d76309a0c1d8f9fe Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Jun 17 21:11:00 2019 +0200
unbound: Update to 1.9.2
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1307df22574f5c4a04b79510b181e17fa33bad5d Merge: f5662122b faec909e1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jun 15 18:09:06 2019 +0200
Merge branch 'master' into next
commit f5662122b5d5e1dba35d8de599597ac9f1870623 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jun 14 22:09:47 2019 +0200
hyperscan: increase min RAM per buildprocess to 1GB
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 527078e439fc7376c3a7da3ae8551c853e99e2b7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 12 17:25:13 2019 +0100
core134: Ship updated OpenSSL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 69772b7dda05726077fa5c70e86f41169a91534f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Jun 10 18:55:00 2019 +0000
OpenSSL: lower priority for CBC ciphers in default cipherlist
In order to avoid CBC ciphers as often as possible (they contain some known vulnerabilities), this changes the OpenSSL default ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Since TLS servers usually override the clients' preference with their own, this will neither break existing setups nor introduce huge differences in the wild. Unfortunately, CBC ciphers cannot be disabled at all, as they are still used by popular web sites.
TLS 1.3 ciphers will be added implicitly and can be omitted in the ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing AES-NI support for the majority of installations reporting to Fireinfo (see https://fireinfo.ipfire.org/processors for details, AES-NI support is 28.22% at the time of writing).
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ce46df9b83d15033156845e19e9a386e52a0a1cd Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 12 17:18:23 2019 +0100
Start Core Update 134
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e263c29c929e69e345833f436d4958d88264020c Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 12 17:14:28 2019 +0100
unbound: Make some zones type-transparent
If we remove other records (like MX) from the response, we won't be able to send mail to those hosts any more.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 91056adea5d6e203f41e7743443eb61ed2b885cf Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 12 17:11:32 2019 +0100
unbound: Add yandex.com to safe search feature
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 043e7aa50ff36e65eb0d6a341b09301ce25795f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 13 11:12:07 2019 +0100
unbound: safe search: Resolve hosts at startup
unbound is not able to expand CNAMEs in local-data. Therefore we have to do it manually at startup.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree