This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core141 has been created at c845152b6d4882394f74a5347a785f6a570b6787 (commit)
- Log ----------------------------------------------------------------- commit c845152b6d4882394f74a5347a785f6a570b6787 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 13:10:13 2020 +0100
set version and pakfire version to core141
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6df8a22b8ae124d5312b84de97cb123fb31de969 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 26 13:07:08 2020 +0100
core141: correct move of nobeeps flag
in core139 there was a syntax error, and it was missed in backup converter also.
fixes #12273
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a83bcf914c9214d522d99966386c0a989c651f0f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 22:22:26 2020 +0100
networking/red: wait only for carrier if device exists
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4f175a1f579e087949ddf6bd514082d40c0b7b44 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 21:14:54 2020 +0100
rust: rootfiles updates
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8961fd08527186b2b663d0b29c01fbc4ba2fdf49 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 19:44:18 2020 +0000
core141: run convert-dns-settings at update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 87dfe754a22f9dc2bb3ddac0a5af6d7214a27e17 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 15:28:06 2020 +0000
core141: check free space on root
also force fsck at next boot to free the journal on xfs partitions.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit efc4a15600298bb987e40562932196fc65844a56 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 15:16:12 2020 +0000
core140: don't system-release and co
This files contain version 141 because there is no extra build so don't pak it into the updater to prevent wrong display in webgui if core141 fails because there is not enough diskspace.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ac924baf924906b77353c03690c047183c363bfa Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 15:13:51 2020 +0000
core141: cleanup go-8.3.0 and run filesystem-cleanup
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8c0ab3d471c2cb468c5c904dd3b62041aab528ba Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 25 15:05:38 2020 +0000
filesystem-cleanup: fix "fixed space" type
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 612bb2dff9c436f3a748c3572808ca699a21287f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 22 14:40:34 2020 +0100
ids-functions.pl: Introduce file for local rules.
This file is to be used, to store customized IDS rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 140707831bf512e9c8477ffde18c167e2c2d455b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 19:20:36 2020 +0100
core140: remove /usr/lib/libboost*1.55.0 at cleanup
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 45e1202d27f6a4d3a4416ce800a9560b87c49989 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 19:18:15 2020 +0100
filesystem-cleanup: add /usr/lib/sse2 folder
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 69c529972aec2641f9f689915c0a29f84d457002 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 19:14:02 2020 +0100
core140: insert a core upgrade that only cleans the rootfs
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d3bf851bf8a272ac7f51bc1f37018ab434c3b64c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 24 08:55:40 2020 +0100
rename core140 to core141
we need to insert a core that cleanup root to free some diskspace.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 30fcfc4cd56414383259895ac1c807d9e2cc182a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 23 17:52:14 2020 +0000
core140: ship glibc built with new gcc
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fa886f25615de1dd1b3a363f0be5561dbc9b9424 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 23 17:47:42 2020 +0000
core140: add gui.cgi
this cgi was forgotten in core139
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4a791d2ab924129ff3dacc1bd47da4533badc33a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 21 18:27:13 2020 +0100
dns.cgi: Display when unbound is running in recursor mode.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ab4ef40f2bfb4bd5de22c1d6ef5213c60602b329 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 21 17:13:06 2020 +0100
unbound: Use recursor mode if no nameservers are configured
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 26eab1fe3e5ed74013420e077a112a012eeab4f6 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 20 17:23:12 2020 +0000
azure: Abort script when no instance ID can be retrieved
We cannot reliably determine if a system is running on Hyper-V on a private server or on the Azure Cloud.
Therefore, we will have to try to retrieve an IP address with DHCP and try to connect to the metadata service. If either of those things is not successful, we will just continue with the setup process as usual.
So cloud instances should be automatically configured now and all other systems will continue to boot and call the setup wizard as usual.
Fixes: #12272 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b3e3c818958f86ae2612d626f26232209a2b5ee9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 19 17:28:24 2020 +0000
core140: add changed cloudsetup helper tu updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f770492902a5c6194ecd4f596432093498ac6b66 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 19 16:32:14 2020 +0000
cloud-init: Remove importing DNS settings
Those scripts used to import settings from the meta-data services and wrote them to the local configuration files.
For the DNS settings and Amazon, this is no longer possible because their DNS servers do not support DNSSEC at all. Therefore we default to recursor mode.
To be consistent across cloud providers, we are doing the same for Azure.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c07c3e47f19307a28d91c7a83baed869e1ce5102 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 19 15:50:21 2020 +0000
modules: Cleanup file
This file has an unsed line for the "fusion" module which is no longer needed.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a8d162129938fe955d4e626c987eb52806894aac Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 19 15:50:20 2020 +0000
modules: No longer load parallel port modules
These modules are loaded by default on all systems.
They are simply a waste of space since not many systems have parallel ports any more.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e403fa6ad97ad2d72d7add7c7564a4e15a9baa20 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 19 15:03:34 2020 +0000
setup: Do not check DNS settings any more
It has been removed that DNS servers could be configured in setup, but I forgot to remove a check which leads to new installations not being able to complete the setup wizard.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dcc655efb8620b760d4b414203a54845ac9bbe34 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 18 10:03:06 2020 +0100
convert-dns-settings: Import all possible PPP dialin profiles.
* Avoid from adding the same imported DNS server multiple times.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dc08d74d955861ff39013e35e42d46e54602692f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 19 12:23:54 2020 +0000
core140: fix typo
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 97f4b51474551b9076af00bb9fc69acd0eba9bfc Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 17 11:21:43 2020 +0100
partresize: NanoPi R1: copy also a0 config of Ampac AP6212
there is a second hardware version of the AP6212 in some NanoPi R1 boards.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7fd560d81fb0041d292445fff194f40dd5dbbd23 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 16 18:28:26 2020 +0000
core140: add lvm2 to core updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 889388116048b44a1e3a8b28e2933af9191d34d5 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 15:20:12 2020 +0000
lvm2: Add initscript for lvmetad
This daemon needs to be launched in order to use LVM devices in IPFire.
It will run on all installations after this patch has been merged but only consumes very little memory.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dd5e20120e1fdd49106b3c3847e01c5a3be4aac5 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 15:20:11 2020 +0000
lvm2: Create lock files in /run/lvm
The default is /var/lock which is not mounted at the time when udev is initialising the volumes. Therefore after a reboot, LVM devices won't show up unless pvscan is executed manually.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c835011d6ec0018892ed1ee69e8e32c7b2c4dc64 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 15:20:10 2020 +0000
lvm2: Enable lvmetad
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f9f79c662c5ba57d2b297be2069f84fb9bd75e12 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 15:20:09 2020 +0000
lvm2: Build with support for udev
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 03d559964c6cee18533fbd6e414f9f70c13741e3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 15:20:08 2020 +0000
lvm2: Ship with core system
This was requested by some users to mount devices with LVM.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 87bee81c561562c61324769313414fcff5704176 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 15 11:28:01 2020 +0000
Update list of contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bcf318fbd0cde846c053d9d0a9c36f8ceda28d40 Author: Stéphane Pautrel stephane.pautrel@gmail.com Date: Wed Jan 15 11:26:47 2020 +0000
Many improvements for the French translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c919b15c34e6fd25dadd4990bf86f8709a084c37 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 16 17:18:13 2020 +0100
DNS: Defaults to use the ISP nameservers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b48379d5ba9ea0cdffe6c0994d43f7213b5a830b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 16 17:18:12 2020 +0100
configroot: Create /var/ipfire/dns/servers file
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e4c19cc91c23fb9f08b2b993133565670312a8e0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 16 15:01:13 2020 +0100
core140: add dns changes to updater.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9662858bd8ad02dbd11369436797420a6a1f25b7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 15 17:15:48 2020 +0000
Revert "stage2: update rootfile"
This reverts commit a877032915898b07dcacd165c0f89e427bc672a4.
commit 3a380f87c7b914edc41cfd01b8106254f85e27e7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 15 17:15:25 2020 +0000
Revert "Introduce update-location-database script."
This reverts commit 93a985cc05e6b564ac1e3fc59fd37e94c77000ca.
commit 834b933ca5f9e3c969f7891cb0588b752cbe24e5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Jan 15 17:14:57 2020 +0000
Revert "crontab: Adjust crontab to hourly launch the update-location-database"
This reverts commit f8e7c1c9d07d348e8c3235c83fd889068269c823.
commit cb1c8f108f7efb8fbe9aa8036e0d4e0d8c54aa59 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 14 21:10:15 2020 +0000
set version in backupiso and also pakfire core to 140
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 19602b681f9b5d88578162319366e7efde768352 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 14 13:53:59 2020 +0100
dns.cgi: Fix ID and greater than checks.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3a5866ac2bc26ddbc5c51192dbc4f653b879036a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 14 12:14:02 2020 +0100
dns.cgi: Set kdig params for timeout and retry back to default.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a877032915898b07dcacd165c0f89e427bc672a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Jan 14 06:54:45 2020 +0000
stage2: update rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 61cc563558f0bd2fed68a60e83f68d595855e7d7 Merge: 23dc6e0b2 7be4822f3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jan 13 21:42:49 2020 +0000
Merge remote-tracking branch 'ms/next-dns-ng' into next
commit 23dc6e0b23dc519b41a26ff25ecf0e221863128f Merge: 1475bc53a eba8e481e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jan 13 21:38:16 2020 +0000
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 1475bc53a4757af1fca78dcf521dfd5f11d1a819 Author: Daniel Weismüller whytea@ipfire.org Date: Fri Jan 10 16:06:00 2020 +0100
filesystem-cleanup: Add parameter to show changes
Use --dry-run to only show files that would be deleted, but do not actually delete them.
Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 97756e21241b2eb6823368b4d3ab2856e18856ca Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 10 11:12:36 2020 +0000
filesystem-cleanup: Automatically remove old libraries
This script runs through /usr/lib and /lib and tries to find all libraries which are no longer being used and more and deletes them.
This will help us to free space on root partitions that are limited to 2GB.
However, the script does not cover 100% of the cases, so that some files still need to be deleted manually (e.g. boost with their weird versioning schema).
This script should be executed after a Core Update has been installed.
Fixes: #12270 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit aab6ec606a068f153e1a8cd5920d5c411e018639 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:06:38 2020 +0000
amazon-ssm-agent: Move source to GOPATH
Go won't build when this is only symlinked any more.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7be4822f3d60eee6be75cb622b153ae2487bcdce Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:43:27 2020 +0100
unbound: Make dhcp-leases.conf readable for everyone
unbound runs as nobody and cannot reload its configuration when this file is only readable for root.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 04b7a78140356b6c3288364cb1451f012e842fe4 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:25:10 2020 +0100
unbound: Do not reset safe search again
This is now done in the reload stage and we do not need to take care about it again.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ebc14e8db2c43274770153b7561d8be0ac2f7139 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:20:32 2020 +0100
unbound: Drop some unused variables
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 24a694d425b3036a3334ded8a39b74833c7ab05d Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:19:22 2020 +0100
unbound: Drop function to reload forwarders on the fly
This is now being done by updating and re-reading forward.conf.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 77c454b267f4a99809226b4a5f0d2c7ca31265b4 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:13:03 2020 +0100
dnsforward.cgi: Reloading unbound is enough to apply changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d37cdb1bf80a97ea55c18d566fb3154b75d228a0 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:12:02 2020 +0100
hosts.cgi: Hosts can now be imported when reloading unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6137797cb39b32e49d97eee572478a92099ded23 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 21:10:18 2020 +0100
unbound: Write hosts to unbound configuration file
This will allow us to read more hosts in a shorter time.
Fixes: #11743 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 903247fef8bb482d81aeef98a88b8acf1a024482 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 20:55:59 2020 +0100
unbound: There is no need to rewrite tuning.conf
The number of CPU cores and memory normally does not change
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f59bc0c55d807ca37ef39654cdfb60d53bdfa65e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 20:55:32 2020 +0100
unbound: Reload own hostname, too
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a25dcda295b45ca6e5789c01c7b78f639d188bb3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 20:44:55 2020 +0100
dns.cgi: Fix check for undefined variable
This was positive when zero was returned.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 39a6219fff28fa4af0754683148f1fb781cef818 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jan 13 17:40:29 2020 +0100
dns.cgi: Show error when trying to use ISP nameservers and TLS at the same time.
Because the ISP-assigned nameservers do not have any TLS-hostname information they cannot be used, when TLS is activated.
They only can be used if they will be added as "regular" DNS servers with a TLS-hostname.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6e61f357fbba0bee4c01a66637e6fd44cdf85905 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 13 16:05:27 2020 +0000
setup: Remove DNS settings
This is no longer required since we have a new CGI script that takes care of all DNS settings and stores things in another format.
Fixes: #12235 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 611587cf29033a8cdcd86b02a5ec40bd8a9b2a08 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jan 13 10:42:56 2020 +0100
dns.cgi: Fix id compare when adding a new nameserver.
I do not know why perl when using "le" which means "less-or-equal" defines a "10" as "1".
This commit fixes the issue that it was not possible to add more than 8 nameservers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit eba8e481e1cc0a5bbd61d95f2022735d4e9efab0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 12 12:39:25 2020 +0100
geoip: ship database 20191217
Maxmind has disabled the download so we ship the last free (creative commons) database with the iso and core until we build an alternative.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fec9b4dc098952267376e36517789331e1424258 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 12 10:48:14 2020 +0100
core140: fix build on armv5tel and i586
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 486112adf8d78b73d2fe639ff43f5d702d7eb4b6 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 24 12:58:54 2019 +0000
Go: Move the cache to the ccache directory
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cde41c2e6f65cb16fc5e5466a6f78da46e30859b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 24 12:58:53 2019 +0000
Go: Cleanup Go Path after build
Go leaves temporary build files in the directory which we do not need and we should clean up after every build.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 44cc9a3d57a01dd0ccaa10d4c95f29e86ca0816b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 24 12:58:52 2019 +0000
amazon-ssm-agent: New package
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an Amazon EC2 instance, an on-premises server, or a virtual machine (VM). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the Amazon Message Delivery Service.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 590f879b342e8f960464b0650dbf179ab082c749 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 21:22:07 2020 +0100
python3: exclude __pycache__ from iso, core and packages
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4caa0efc595594d167d24085f7a181a4baa7bdc0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 11 19:37:50 2020 +0100
ids.cgi: Do reload instead of restarting unbound
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0c1094770a727b2c269c5c7c88eabd4ee9d01dcd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 11 19:36:29 2020 +0100
initscripts/unbound: Add support for reload the service
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bdb1f38a07370c006f06ad31582abe8e0ff8c4a7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 11 19:35:24 2020 +0100
unboundctrl: Add support for calling reload.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f03f34298bbd749211d7ee8c6c4252bb9cc1bda8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 11 19:34:12 2020 +0100
dns.cgi: Only perform reverse lookup if DNS is working.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 34ae42da0f2b25c2dc89313dcf0adb3ed88a4ae1 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 10 10:57:49 2020 +0000
unbound: No longer try to include safe-search.conf
This file is no longer generated and therefore cannot be imported any more.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 22e0e241ce47979be7306fd1f15c4a48205f65ac Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:17:50 2020 +0000
core140: ship updated vpnmain.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8e9f096e702d4bb7cd7ca74e40686e6a23d77abc Author: Peter Müller peter.mueller@ipfire.org Date: Tue Jan 7 21:47:00 2020 +0000
update translation files for vpnmain.cgi changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 993724b4dd9837af033880d7816511818f030d59 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Jan 7 21:47:00 2020 +0000
vpnmain.cgi: set SubjectAlternativeName default during root certificate generation
Some IPsec implementations such as OpenIKED require SubjectAlternativeName data on certificates and refuse to establish connections otherwise.
The StrongSwan project also recommends it (see: https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) although it is currently not enforced by their IPsec software.
For convenience purposes and to raise awareness, this patch adds a default SubjectAlternativeName based on the machines hostname or IP address. Existing certificates remain unchanged for obvious reasons.
The third version of this patch fixes a duplicate DNS query reported by Michael.
Fixes #11594
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fde4f231a08239cd4a1eeeb0522a781ea0371efa Merge: 96e4e8b6f 29ea4ac2c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:11:06 2020 +0000
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 96e4e8b6f620b496841f421ca63a2b25b7e7e56a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:10:23 2020 +0000
suricata: update rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 29ea4ac2c44b81311262611f59a088d3bdc485a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 15:04:48 2020 +0100
elinks: move to core system.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6ede197501072913be1408eaf1e3857c17d62f74 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:35:11 2020 +0100
pathon: update to 3.8 and move pyhton to core
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2f767b7b21fb8ea519d0c92eb0cf73e56b1a7e3b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:15:45 2020 +0100
make.sh: update IPFire and Toolchain verion
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 62a1f5199cc1f45810a04ec5b9d88396fcba2c07 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 11 14:11:12 2020 +0100
gcc: update armv5tel rootfile
commit c73baee1f05ed75e66e5f2b894241cc38acb1072 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jan 10 09:29:47 2020 +0100
convert-dns-settings: Set correct ownership after convert is done.
Otherwise it may happen, that the created config files have wrong permissions and the WUI will break.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8fbb12f168f770835cd3637996ca6fac974f1c0e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 9 16:36:39 2020 +0100
dns.cgi: Restart suricata if neccessary.
When the DNS configuration of the system is changed, we need to re-generate the file which contains the DNS Server details for suricata and to restart the service.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dc7466ce9a007b1fe5554d6c873d40c724ccd1a5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 9 16:30:10 2020 +0100
index.cgi: Do not longer display the DNS servers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 12c49915d8ab35f3f7ae9ee404311efb6284c840 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 9 16:25:01 2020 +0100
ids-functions.pl: Update generate_dns_servers_file() function.
The function now uses the newly introduced get_nameservers() function while generating the DNS servers file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c8dcd46537bebe4f59cd7c22d09c45e98bfecb1f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 9 16:08:13 2020 +0100
general-functions.pl: Add get_nameservers().
This function simply return an array of all used nameservers.
It also takes care if the usage of ISP assigned nameservers is enabled or not and if user-added nameservers are enabled or not.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9f9b2b8ebc2751064503fed22602f7608d8c316e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 9 09:15:05 2020 +0100
guardian: Remove code for DNS servers.
In the past this code was used to add the DNS servers to the ignore list and prevent them from being blocked by guardian.
Because of the switch to suricata as IPS, guardian now prevents from password brute-forcing on SSH and/or the webserver, so this code is not longer needed and safly can be removed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9702252470263975e972e9ea9be9a87bc5541de1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 18:44:41 2020 +0100
dns.cgi: Move grab_address_from_file function to general-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8f4bde6574d83ac197b071caaf4dd857b791ce64 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 18:19:58 2020 +0100
dns.cgi: Also restart unbound if a server got enabled/disabled
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 46cc88ed22d2e4af848c5ada6319c9e2c9e790c7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 18:15:33 2020 +0100
dns.cgi: Remove accidently commited debug code
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 719db1cdb80ce4a11f932c4bc0c92196f423e902 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 18:10:23 2020 +0100
dns.cgi: Restart unbound
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 770ea81ee514c92038f1c28546d99e7872aae1ad Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 18:00:15 2020 +0100
dns.cgi: Display DNS system status.
For this, a test query to the local unbound instance will be sent and if the DNS system work properly can be answerd.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 43140993025fd6fb0b4da264fe478762c63f0bf8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 15:24:59 2020 +0100
dns.cgi: Perform server checks on user request
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a969acc7d76d91963cab41facc611a3f78c8af70 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 15:22:56 2020 +0100
dns.cgi: Remove hard-coded box title.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 03e466de35d450853b5f7f8b82b24b64dd9f20fd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 12:58:50 2020 +0100
dns.cgi: Do not perform kdig tests when adding a server
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 038f962ea0555c132287db4c20f83800becf846f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 12:12:29 2020 +0100
dns.cgi: Check for empty server address.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 70187da6a665120f1af623899a10b0b1eff670e3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 11:13:05 2020 +0100
dns.cgi: Perform kdig tests only if the system is online.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f36855fe73010235ffbcf409219cbb2dadded8a2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 11:12:42 2020 +0100
dns.cgi: Introduce red_is_active()
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f10fb4bf4366f515f0ff523e5ae0469f55edcb70 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 10:35:52 2020 +0100
dns.cgi: Always display the input field for TLS_HOSTNAME
* Mark it as required if the protocol is set to TLS.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 25dda4a082b6b2927cbe16039bf1ef96b955a1ff Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 8 10:35:24 2020 +0100
dns.cgi: Only perform reverse lookups if the system is online
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit beebf925c38004d0703f8777a16f32adb9e1d8fa Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 16:32:35 2020 +0000
unbound: Implement setting qname minimisation into strict mode
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a33489a7aa6cd8f42c48f23b193e75fa8156b71f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 16:24:35 2020 +0000
unbound: Try to set time when DNS is not working
Since DNSSEC relies on time to validate its signatures, a common problem is that some systems (usually those without a working RTC) are not being able to reach their time server.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a32fd634ceb2e2227fb5e4104b5c9f1cfa5263d0 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 16:02:14 2020 +0000
unbound: Do not update the forwarders when we are running in TLS mode
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4b26aac62535a79dff2882356a32a1594270f3b8 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 15:28:21 2020 +0000
unbound: Read configuration globally
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2654c6694571baf4efafee6deb0b0b4dd1f85b39 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 15:21:59 2020 +0000
unbound: Update forwarders when system connects/disconnects
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 54898bc6c1951ec42f2cdced18235a31fcc7840e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 14:57:12 2020 +0000
unbound: Update setting Safe Search redirects
When the system comes online, we must update entries in the unbound cache to point to the "safe" IP addresses.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 77c7a94cdd6d0cf6fa1a48cd1248205dea1d6069 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 14:49:54 2020 +0000
dns.cgi: Show ISP name servers as disabled
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 984f14bdc4e1663200d286f98935158884366fa4 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 14:41:13 2020 +0000
dns.cgi: Fix handling of WARNINGs from kdig
There might be multiple warnings which must all be shown to the user.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 71471d9bded39dc2186a96b0eb7d5f18c103636f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 13:46:11 2020 +0000
dns.cgi: Remove smartmatch operator
Perl likes to make things difficult
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dab1258a789ab3c09b6766e603bbdbab57010909 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 13:45:21 2020 +0000
dns.cgi: Timeout after 2 seconds for DNS server checks
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1434fa0df5ab01c2e3a430f05db159a3a82bc3ba Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 13:35:45 2020 +0000
DNS: Write name servers received from ISP to /var/run/dns{1,2}
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4e2d3325afaf413e707e5d4db7172c7f379b59ce Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 13:06:09 2020 +0000
unbound: Drop live checks
Those checks have caused us a lot of trouble and are now being dropped.
Users must make sure to choose servers that support DNSSEC or enable any of the tunneling mechanisms to be able to reach them.
Fixes: #12239 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ffc46751f29af7759e051cbb0114b79b4fba4433 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 12:59:24 2020 +0000
unbound: Add path to TLS CA bundle
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ee90aa9858451db1e93e463db4b90332bbad7320 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 12:58:28 2020 +0000
unbound: No longer read old configuration file
The old configuration file in /etc/sysconfig/unbound is no longer being used and all settings should be in /var/ipfire/dns/settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 50005ad1d4da8a95dac1518d40e02344de58944f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 12:55:35 2020 +0000
unbound: Write upstream name servers to forward.conf
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 94a51c64bb7aead36ea0e6d40de06a8cc195cd5d Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 11:18:41 2020 +0000
unbound: Remove test-name-server command
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 15cf79e3b864bef46d32b08e3b381a654e00950e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 12 12:43:28 2019 +0000
unbound: Convert forward zones to stub zones
It was incorrect to use forward zones here, because that assumes that unbound is talking a recursive resolver here.
The feature is however designed to be talking to an authoritative server.
Fixes: #12230 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dea5f34914819b5f6c0801ff12eafa521c79188b Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 4 12:04:48 2019 +0000
unbound: Allow forcing to speak TLS to upstream servers only
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 372576e0ab699a188e9248d73afcc00a5a635d2b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 11:12:33 2020 +0000
unbound: Set EDNS buffer size to 1232 bytes
Fixes: #12240 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3bf804e83400c87398950526170b3d77bf38b8a6 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 11:06:10 2020 +0000
dns.cgi: Set EDNS buffer size to 1232
References: #12240 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0fa6bde78ab9d25a078cad1b233e67c14bfe1cc9 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 10:53:34 2020 +0000
Update English translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cdfc93cb7abd412987bbf098117fa86cb475de72 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 10:48:01 2020 +0000
webif: Show menu entry for DNS all the time
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e8981e3c8faafbf042e29d3896b6c81b77e5fe2c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 10:45:08 2020 +0000
netexternal.cgi: Drop DNSSEC status
This has now been moved to the new dns.cgi.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ecbf66761f922f821940ec063d271acae89c78cb Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 7 10:43:19 2020 +0000
DNS: Add converter to migrate settings
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2946d562f1fa06840e576184d58a1e90a03934e7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 7 10:32:43 2020 +0100
langs/en.pl: Add new strings for modified dns.cgi.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 24d7c5ef6bea7b6521d309757d2fa0461935f89d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 7 10:30:37 2020 +0100
dns.cgi: Rework to allow central DNS configuration.
Fixes #12237.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 456f0b06f4691cd7e07b9e5ec5bb86d0117c3456 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 5 12:37:57 2020 +0100
pppsetup.cgi: Remove support for configure DNS settings.
Fixes #12234.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0bb159bbfc6dd48bf2b6aa4b4d7e1d87f61e1655 Merge: c5d20f966 916859f5f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 5 12:15:00 2020 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 916859f5fa3fa50c0f0721623b58c11e8233b300 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Jan 5 09:28:20 2020 +0000
core140: add gcc changes to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 96ac98a568c233eb82f98e10889d12df51d7835f Author: Peter Müller peter.mueller@ipfire.org Date: Sat Jan 4 16:15:00 2020 +0000
Tor: update to 0.4.2.5
Please refer to https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359 for release notes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ae28d23d4d281b508379695708aed8d15bf06033 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Jan 4 15:31:00 2020 +0000
libseccomp: update to 2.4.2
Please refer to https://github.com/seccomp/libseccomp/releases/tag/v2.4.2 for release notes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ac7ada2a15a9613d88f922c8d9781315a1420ea0 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:16 2020 +0000
openvmtools: Update to 11.0.0
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 321c2115288a4c322920b575aac67bd1dbcada85 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:15 2020 +0000
glib: Fix compiling with GCC 9
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d04fb4ee344ecec53b22f4aca02aa19bf53ed4ab Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:14 2020 +0000
efivar: Update to 37
This also fixes some build issues with GCC 9.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3e8dd2d3edf70e6dbae35e2ae714976584460cbd Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:13 2020 +0000
mdadm: Update to 4.1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c63ba73e3a7dc56bef830af5db3a7f143117b2a5 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:12 2020 +0000
mpc: Update to 1.1.0
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d3e4320bedf5842e84020e64d54254018da4a028 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:49:11 2020 +0000
mpfr: Update to 4.0.2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 210b27e179cf04946e3e78c15fe031604d1d21e4 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 13:06:01 2020 +0000
gcc: Update to 9.2.0
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2f4d1ecb9aa6f585abd85db557193f0dce682b55 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jan 3 17:12:32 2020 +0000
lang: Fix typo in "Writen Bytes" and fix grammar
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3a3f4c37f2c40b7ecf02af88d6d4bab9eabf4ef3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 3 21:17:05 2020 +0000
core140: add convert-snort to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cde7cab264e617a9d9fd2fb9948d82af24e2529c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jan 3 11:16:53 2020 +0100
convert-snort: Check and convert snort user and group.
Fixes #12102.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 592d3708fe66ef512da765a4f716bf1dd3c77032 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 3 21:13:30 2020 +0000
Revert "bind: Update to 9.11.14"
build fails on armv5tel: https://nightly.ipfire.org/next/2020-01-02%2016:17:54%20+0000-c846ed16/armv5...
This reverts commit 7d9b0ab69750c19d51833537652c6b11fc1bc2ab.
commit c5d20f9665a659ddd5fc46fa8cba1c3133a91180 Merge: 1cb8ffe84 c846ed161 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jan 3 11:06:47 2020 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit c846ed161682adfd7a9939d7778ce28b6f677d71 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 2 16:12:35 2020 +0000
pakfire: use HTTPS if no protocol is specified
also use HTTPS on fallback to mainserver if no mirror was left
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f93238725f2f73975dff1a2c67820d9480a100e6 Merge: 25d505897 fd2dccaab Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 2 15:59:53 2020 +0000
Merge branch 'master' into next
commit 25d50589747eb20e48057f0a2efdac74b0f2cbb1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 24 10:46:51 2019 +0000
stripper: Strip all unneeded relocation information
Libraries were treated differently and therfore it could happen that they were not stripped from any unnecessary relocation information at all.
This patch changes that and strips everything from libraries that we do not need.
The ISO was 3MB smaller.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 61a4972bc6fd1791123bb49a265100874659f3b6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Dec 23 19:19:44 2019 +0100
nano: Update to 4.7
For details see: https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4e04cc87e79f1dd066d9d0502ee9772962696b3b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:19:12 2019 +0000
core140: add bind to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7d9b0ab69750c19d51833537652c6b11fc1bc2ab Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Dec 23 15:47:45 2019 +0100
bind: Update to 9.11.14
For details see: https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html
"Bug Fixes
Fixed a bug that caused named to leak memory on reconfiguration when any GeoIP2 database was in use. [GL #1445]
Fixed several possible race conditions discovered by Thread Sanitizer."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 72c24beae2ef09263ff1da1173e4a785666955ea Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:16:55 2019 +0000
core140: add file to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1eb657a66cd18619f890ceb7cd13e908cd6dfde6 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Dec 21 11:12:06 2019 +0000
file: Update to 5.38
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit edf221cbfc7e4ab5d7e1826dd6fb99bc06b60ea2 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 19 19:13:42 2019 +0000
dehydrated: Update to 0.6.5
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0db643ce38ac44520d476bbc20e10a5e84456c1e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 19 18:09:42 2019 +0100
rfkill: New package.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0ef5f4a09166a1263340c2584a5866ae0b4dbe78 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:13:28 2019 +0000
core140: add ids.cgi and suricata initskript to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 51b63b4186e9a5521437ba65b072e9a0522f1105 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 17 13:06:29 2019 +0100
IDS: Allow to inspect traffic from or to OpenVPN
This commit allows to configure suricata to monitor traffic from or to OpenVPN tunnels. This includes the RW server and all established N2N connections.
Because the RW server and/or each N2N connection uses it's own tun? device, it is only possible to enable monitoring all of them or to disable monitoring entirely.
Fixes #12111.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a1cf33ca8f51a65189df88ec88a2e1b8273d476a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:10:55 2019 +0000
core140: add suricata and libhtp to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 907874c4be2c64c584199fbcfa6ec8fdbc1ce4ef Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:24:46 2019 +0100
libhtp: Update to 0.5.32
For details see: https://github.com/OISF/libhtp/releases
Bundled with 'suricata 4.1.6'
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ad6d02ccc01ea06839e46b845d066ad1f1fca046 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:24:45 2019 +0100
suricata: Update to 4.1.6
Excerpt from 'ChangeLog':
"4.1.6 -- 2019-12-13
Bug #3276: address parsing: memory leak in error path (4.1.x) Bug #3278: segfault when test a nfs pcap file (4.1.x) Bug #3279: ikev2 enabled in config even if Rust is disabled Bug #3325: lua issues on arm (fedora:29) (4.1.x) Bug #3326: Static build with pcap fails (4.1.x) Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x) Bug #3347: BPF filter on command line not honored for pcap file (4.1.x) Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x) Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x) Bug #3369: byte_extract does not work in some situations (4.1.x) Bug #3385: fast-log: icmp type prints wrong value (4.1.x) Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x) Bug #3388: TLS Lua output does not work without TLS log (4.1.x) Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x) Bug #3393: http: pipelining tx id handling broken (4.1.x) Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x) Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x) Bug #3402: smb: post-GAP some transactions never close (4.1.x) Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x) Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x) Bug #3405: Filehash rule does not fire without filestore keyword Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x) Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x) Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8867f9c5e8400d0ec686c68a80d5ef719c316616 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 18:03:34 2019 +0000
core140: add knot to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 68e83070e2deb9d5ee215a5468e50aefeed2a1d6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:13:40 2019 +0100
knot: Update to 2.9.2
For details see: https://www.knot-dns.cz/2019-12-12-version-292.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 063a3a8bcab1621df086de25ff3829ba9815a63a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 17:59:50 2019 +0000
core140: add unbound to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 726037c6eefb01112d6b4a45fc83285903eb1201 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:09:58 2019 +0100
unbound: Update to 1.9.6
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 22680ad9be14187286a606fe19b83806e9ef6e59 Author: Stéphane Pautrel stephane.pautrel@gmail.com Date: Tue Dec 10 11:10:42 2019 +0000
Update French translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fb7226d0a6fc9a762229bce0f4999995c4413679 Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Dec 10 11:40:04 2019 +0100
tshark: Update to version 3.0.7
Several bugfixes are included in this version, some protocol support has been added. For a complete overview of the changelog, take a look in here --> https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 424442d27da84d36d2670d0c554eae38b39338cb Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 13:44:20 2019 +0000
core140: add unbound/saveserch changes to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 30b3b2cde7d1698228550e509b4b87e080943890 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 13:42:31 2019 +0000
checkrootfiles: ignore arch folder and add x86_64,aarch64
rust has arch depending rootfiles which make no sense to replache the arch by machine. Also added missing arches to check.
commit d7190078ceb7475b5de9f01fa6237af2fc66ca85 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Dec 9 23:36:59 2019 +0000
unbound: Configure Safe Search dynamically
The safe search code relied on working DNS resolution, but was executed before unbound was even started and no network was brought up.
That resulted in no records being created and nothing being filtered.
This will now set/reset safe search when the system connects to the Internet.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1ec1e499d09e1e25344501ef6ffd76f8022d5ded Author: Stéphane Pautrel stephane.pautrel@gmail.com Date: Mon Dec 9 23:10:03 2019 +0000
Update of French translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5bc042df2f633982d330d9edd29bfc21296dab46 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 9 11:38:11 2019 +0100
rust: Update to 1.39
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8245498310fb727b2ed23c2c1a210b18ebe205a1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Dec 7 19:30:45 2019 +0100
make.sh: Introduce RUSTFLAGS
This allows to set arch-specific FLAGS when dealing with software written in rust.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1cb8ffe84d5d3ea1699fa566ce8fa03f50638f4a Merge: f8e7c1c9d 6a3acff93 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 16 09:04:29 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 6a3acff9348cb755250ef9d763c73a73142f46e3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 9 19:50:03 2019 +0100
core140: start
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f8e7c1c9d07d348e8c3235c83fd889068269c823 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 9 14:19:53 2019 +0100
crontab: Adjust crontab to hourly launch the update-location-database script.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 93a985cc05e6b564ac1e3fc59fd37e94c77000ca Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 9 14:14:34 2019 +0100
Introduce update-location-database script.
This script obsoletes the old xt_geoip_update script.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree