[git.ipfire.org] IPFire 2.x development tree branch, core96, created. df00a3f1cd6a23ef48c80e431b8e472a4a340e5b - IPFire-SCM

20 Dec 2015


      This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core96 has been created
        at  df00a3f1cd6a23ef48c80e431b8e472a4a340e5b (commit)
- Log -----------------------------------------------------------------
commit df00a3f1cd6a23ef48c80e431b8e472a4a340e5b
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sun Dec 20 20:19:43 2015 +0100
core96: set pakfire version to 96.
commit 54206b6e35cacf20218addcbaaaf50029afd6e69
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 19 14:12:29 2015 +0000
curl: Fix certificate validation
curl did not find the certificate bundle so that server
    certificates could not be verified.
Fixes #10995
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d7f9a81ac575207edb6bb69f8bbea8762feab96
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 19 14:09:10 2015 +0000
strongswan: Update to 5.3.5
Also ships a fix for #853 upstream.
Fixes #10998
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b84a9b078dae234641a3708fbd7c1624c0731468
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 18 23:42:15 2015 +0000
core96: Ship updated grub
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Fri Dec 18 21:28:52 2015 +0100
grub 2.00: Bugfix for CVE-2015-8370
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
    to 2.02 (December, 2015) are affected. The vulnerability can be exploited
    under certain circumstances, allowing local attackers to bypass any kind of
    authentication (plain or hashed passwords). And so, the attacker may take
    control of the computer."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1e1b03d5819269184a85dc5bcc042c978666bc08
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Fri Dec 18 15:11:25 2015 +0100
dnsmasq 2.75: latest upstream patches ;-)
The neverending story continues...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fbcc3cb7841f10c1390550074d676ddf2afa2c1a
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Wed Dec 16 21:42:41 2015 +0100
dnsmasq 2.75: latest upstream patches
Since 'Makefile' was affected, I had to rewrite
    'dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch', too.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 78af2f67bba5900eb97989ed271b45a74448b457
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Thu Dec 17 11:31:30 2015 +0100
Squid-Accounting: Bugfix & clean up data
There was a Bug in the addon so that no data was displayed because of a
    typo. Additionally the computeraccounts are now filtered out of
    trafficdata collection.
    Only Proxy/AD/LDAP Accounts and IP adresses are collected.
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b42a7ec1a663b356dde786cc7eeb1bb54ddcc662
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 15 18:32:55 2015 +0000
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d9ef106e5cb1e2476101090caeac4609a41a1906
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sun Dec 13 18:04:40 2015 +0100
Midnight Commander 4.8.15: Update for rootfile
There was a syntax file which I overlooked...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a8d24cee436f87939625f9506e6f84fc092f4200
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 15 13:54:04 2015 +0000
core96: Ship rules.pl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 306098a49811868e2ffc4e19ce8cd62f69a2e9f3
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Mon Dec 7 15:57:32 2015 +0100
BUG10994: SNAT rules are missing the outgoing interface
When creating SNAT rules, the outgoing interface is not set. As a side
    effect, traffic that should be send unnatted to a vpn tunnel can be
    natted which is a BUG.
    With this patch the SNAT rules are getting a outgoing interface
    according to the configuration. When selecting the RED Target network,
    all SNAT rules will be configured with "-o red0". Otherwise if "all" is
    selected, there is no interface in the rule, which matches all networks.
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 08729f79fb7b31326d367a74a50e372e4fb688d7
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 15 13:47:52 2015 +0000
ramdisk: Backup ramdisks once a night
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 429524c0406baeddf270d6e2df6e5a60a410e61a
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 15 12:49:27 2015 +0000
ntp: Prefer local clock
For some reason, ntp won't use a local clock even if it is
    there and up and running. Therefore we need to "prefer" our
    only source of time.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
    Tested-by: Daniel Weismüller daniel.weismueller@ipfire.org
commit 73a000f9d1e1f43807156cfb9a9c56843330d4c6
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Tue Dec 15 00:07:10 2015 +0100
ntp 4.2.8p4: Update for rootfile
'/usr/share/ntp/lib/NTP/Util.pm' is needed for 'ntptrace'
    to run correctly
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 93d6eed9a48a509e910fb4e248a70de9cdc15f0c
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 15 12:37:16 2015 +0000
ntp: Fix syncing with local clock
This is a bug that was introduced with the latest release
    from upstream
Fixes #10997
    Upstream: http://bugs.ntp.org/show_bug.cgi?id=2965
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 50923742ba537464986269c8eb3442676b315267
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sun Dec 13 18:54:25 2015 +0100
nano: Update to 2.5.0
Changelog: http://www.nano-editor.org/dist/v2.5/ChangeLog
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c4b28466d1004bd7fdb43299e18cbfa44b2a52ae
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sun Dec 13 18:58:10 2015 +0100
arping 2.15: Update for rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1b169a72daae63d435ee74b7ca9f28f1813fb177
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 12 17:06:10 2015 +0000
Speed up rootfile generation
The old usage of find walked through the entire filesystem tree
    and excluded some paths from being printed. The more efficient
    solution is to skip walking through excluded directories entirely.
This is a slight speedup of the build process by a few minutes.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ca762aaf6e9e0062168b145b935171713c88d2b5
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sat Dec 12 14:10:16 2015 +0100
arping: Update to 2.15
arping: Update to 2.15
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Erik Kapfer ummeegge@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0909a0a1d8873ac694a3eab0c91e10e0f5cd486f
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 12 11:52:18 2015 +0000
Update rootfiles
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b5e1360eb9ca4da5c68dd7dcea79151276003622
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 12 12:46:02 2015 +0100
ramdisk: Remove temporary directory recursively
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 24f2144dd26388215ab204b0e48217ffa4d40bfb
Author: root root@ipfire.localdomain
Date:   Sat Dec 12 12:35:24 2015 +0100
ramdisk: Fix copying files
The shell expansion wasn't used because of the quotation marks.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ffeaaef6182adc81f01684a98cd1f5975d22b4be
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Dec 12 09:50:19 2015 +0000
connections.cgi: Fix page crash with IPsec connections with one subnet only
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ea6fa9de5afc5a0d0b258ff08fe7bfbc0c6dbb30
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 11 18:48:19 2015 +0000
core96: Ship missing libnet
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 600ac5c6573a2c942c462c0f2aa844a417da310d
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sat Dec 5 20:11:59 2015 +0100
libnet 1.1.6: Fix for rootfile
libnet 1.1.6: Fix for rootfile
See: https://forum.ipfire.org/viewtopic.php?f=27&t=15377, "error with
    arping and libnet.so.1"
    Should fix: Bug #10996 / https://bugzilla.ipfire.org/show_bug.cgi?id=10996
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit db1404051fa3f84ede679969ace44c0020946a7a
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sat Dec 5 04:12:51 2015 +0100
clamav: Update to 0.99
clamav: Update to 0.99
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b7488afd894de0ca908563d4b058f7f9ed0f92fc
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 11 18:43:39 2015 +0000
core96: Ship updated rrdtool
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4955d7239b2d42347a246d610eaf294f7ab4966d
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Sat Dec 5 04:08:49 2015 +0100
rrdtool: Update to 1.5.5
rrdtool: Update to 1.5.5
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit db7d2b13124e5388214f55564c6eab36373ed125
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Thu Dec 3 19:09:45 2015 +0100
Midnight Commander: Update to 4.8.15
Removed uncognized option: --with-samba
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e0eb23de56d5a207d755ea8380f9f5e2abfbaace
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 10 16:38:36 2015 +0000
core96: Ship routing.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1e656e8adccae48639e3ce66a50b85017cadf75b
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Mon Dec 7 14:36:31 2015 +0100
BUG10993: fix errormessage when editing static routes
When editing existing static routes and clicking on apply button, there
    was an errormessage saying that this route is already in use.
    Now the errormessage is only displayed if a new route has the same ip
    than an existing one.
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b1372c3befd4ba4541fad1a90200ae7c1628ff00
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 10 16:35:09 2015 +0000
dma: Import patch for better authentication
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e46f7c44ca3bc0f2eb42692866294ed6924e65e1
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 22:22:55 2015 +0000
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 24f05f327190bb245a11ca6d9a726f6c6d7cdfcb
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 22:22:41 2015 +0000
Update rootfiles
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 688a79a45e8b145561a26791b8f762bd046589fe
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 22:13:44 2015 +0000
libpri: Honour CFLAGS
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b51ffa68db18e26d0a7ee25334ebe608c3fcfe94
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 22:11:28 2015 +0000
openvmtools: Update to version 10.0.5
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2b163f4497855bc56d00a8cc626c669517e8b95d
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:41:56 2015 +0000
Drop tripwire
This add-on is likely to be unused
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 74e43e149346a5bffb7d6c6ca91d5442d297659b
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:38:05 2015 +0000
xtables-addons: Make sure kernel module directory exists
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b2155bfdd1de0553f88c7a19a15e355e74c8001
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:32:58 2015 +0000
Drop cryptodev
This module isn't used by openssl any more and therefore
    quite unnecessary.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b2e3ab6830ac81b3678b3e3b6c9372ed4f60ff9
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:18:11 2015 +0000
mISDNuser: Don't build with -Werror
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e31708279ac112ac0b0c7dc912765e1977e6cd22
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:17:27 2015 +0000
liboping: Don't build with -Werror
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fb39daffef9dc7396d65b6b2da0b73d6f625eabb
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 22:17:51 2015 +0000
core96: Ship updated mdadm
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5c424125051c9fbacfe1a2293168bbd36ec135aa
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:15:18 2015 +0000
mdadm: Update to 3.3.4
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a5ba61b89b9bcc818fb3f856ae44f4234680e07e
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Dec 4 21:14:47 2015 +0000
ebtables: Honour CFLAGS
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c7762365dc67c671b79e8869b617ad2e316bcce5
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 16:59:48 2015 +0000
openssl: Update to 1.0.2e
OpenSSL Security Advisory [3 Dec 2015]
    =======================================
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
    0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
    PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
    ==================================================================
Severity: Moderate
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
    EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
    as a result of this defect would be very difficult to perform and are not
    believed likely. Attacks against DH are considered just feasible (although very
    difficult) because most of the work necessary to deduce information
    about a private key may be performed offline. The amount of resources
    required for such an attack would be very significant and likely only
    accessible to a limited number of attackers. An attacker would
    additionally need online access to an unpatched system using the target
    private key in a scenario with persistent DH parameters and a private
    key that is shared between multiple clients. For example this can occur by
    default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 13 2015 by Hanno
    Böck. The fix was developed by Andy Polyakov of the OpenSSL
    development team.
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
    ===================================================================
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference
    if presented with an ASN.1 signature using the RSA PSS algorithm and absent
    mask generation function parameter. Since these routines are used to verify
    certificate signature algorithms this can be used to crash any certificate
    verification operation and exploited in a DoS attack. Any application which
    performs certificate verification is vulnerable including OpenSSL clients and
    servers which enable client authentication.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
    OpenSSL 1.0.1 users should upgrade to 1.0.1q
This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
    (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
    development team.
X509_ATTRIBUTE memory leak (CVE-2015-3195)
    ==========================================
Severity: Moderate
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
    memory. This structure is used by the PKCS#7 and CMS routines so any
    application which reads PKCS#7 or CMS data from untrusted sources is affected.
    SSL/TLS is not affected.
This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
    OpenSSL 1.0.1 users should upgrade to 1.0.1q
    OpenSSL 1.0.0 users should upgrade to 1.0.0t
    OpenSSL 0.9.8 users should upgrade to 0.9.8zh
This issue was reported to OpenSSL on November 9 2015 by Adam Langley
    (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
    Henson of the OpenSSL development team.
Race condition handling PSK identify hint (CVE-2015-3196)
    =========================================================
Severity: Low
If PSK identity hints are received by a multi-threaded client then
    the values are wrongly updated in the parent SSL_CTX structure. This can
    result in a race condition potentially leading to a double free of the
    identify hint data.
This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
    listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
    and has not been previously fixed in an OpenSSL 1.0.0 release.
OpenSSL 1.0.2 users should upgrade to 1.0.2d
    OpenSSL 1.0.1 users should upgrade to 1.0.1p
    OpenSSL 1.0.0 users should upgrade to 1.0.0t
The fix for this issue can be identified in the OpenSSL git repository by commit
    ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).
The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Note
    ====
As per our previous announcements and our Release Strategy
    (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
    1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
    versions will be provided after that date. In the absence of significant
    security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
    releases will be the last for those versions. Users of these versions are
    advised to upgrade.
References
    ==========
URL for this Security Advisory:
    https://www.openssl.org/news/secadv/20151203.txt
Note: the online version of the advisory may be updated with additional
    details over time.
For details of OpenSSL severity classifications please see:
    https://www.openssl.org/about/secpolicy.html
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 228bec09bf8245e03193d8d69a0999c7059ac915
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 16:34:59 2015 +0000
ramdisk: Migrate everything during the update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6146d1904aad28f0bacbb6986205c28bb7020356
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 16:03:29 2015 +0000
ramdisk: Avoid copying data if no ramdisk is used
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 84c5f0d66d5312005a2c7528dbf686dc1968cd10
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 14:57:30 2015 +0000
ramdisk: Move crontab back to disk
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ee3dec50a36c175f0eb4f258855de27051bb76ac
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 14:41:49 2015 +0000
ramdisk: Make usage of ramdisk configurable
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5258a65deaba155637d44dba97958b90ed942197
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Dec 3 14:27:33 2015 +0000
initscripts: functions: Fix indentation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c4a451eeadaade76900c0e8f8c6a90502473eada
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Thu Dec 3 13:14:23 2015 +0000
Remove ramdisks for RRD databases
Ramdisks are very limited in space and as new graphs
    are generated for OpenVPN N2N connections, etc. more
    space is necessary.
This patch will enable ramdisks for all systems with more
    than 490M of memory and allows the user to force using
    a ramdisk on systems with less memory.
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Acked-by: Arne Fitzenreiter arne.fitzenreiter@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 74e5c32e19b3752e64c83a4762c7dacfee532bb6
Merge: 7fd716f e5d5819
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Wed Dec 2 21:39:20 2015 +0100
Merge branch 'master' into next
commit 7fd716f81c2ef856be5e69645340aebc7d4d6901
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 1 22:37:07 2015 +0000
core96: Don't restart services that have not been updated
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5a0ddc615deaf0268139c61930f9af986f9b8ba7
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Tue Dec 1 22:36:21 2015 +0000
core96: Ship updated dnsmasq
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 40e1bbda54635bfa6d9894044b7bce603b12e855
Author: Matthias Fischer matthias.fischer@ipfire.org
Date:   Fri Nov 27 22:11:41 2015 +0100
dnsmasq 2.75: latest upstream patches
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e546449f6ac1203c397cd94e12a73640f35518cd
Author: Ersan Yildirim ersan73@gmail.com
Date:   Mon Nov 23 13:42:45 2015 +0000
Update Turkish translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aaf67a64c3498ab8ed0a453d433807e4b014cb0a
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Mon Nov 23 13:42:08 2015 +0000
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a74ade6d9a854bd76bd7eecf59eb6954c87dffef
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Sat Nov 21 14:27:04 2015 +0000
installer+setup: Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0b075172af1ae899337e7f072fc8490ae57e5501
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Nov 19 12:54:41 2015 +0000
core96: Ship changed files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0cf6bacad2cafcacdee5810c2a4080cb19aa85ae
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Mon Nov 16 12:01:07 2015 +0100
BUG10984: Fix portforwardconverter for upgrades before core 77
When upgrading from a post core-77 installation, the portforwarding
    rules seem to get broken. With this patch the sourceports and the
    subnetmasks from the rules are converted correctly.
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b00797e260bc84be15cea26a144f560244be4c6e
Author: Alexander Marx alexander.marx@ipfire.org
Date:   Thu Nov 19 11:09:49 2015 +0100
BUG10963: implement a better email verification
We now check all allowed chars in the address before the @ sign.
    The domainpart after the '@' sign is just checked for valid chars, so that user@ipfire is valid, too
Signed-off-by: Alexander Marx alexander.marx@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 915c88931a2c5c4cd34ece5dc754cb8da984d2e3
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Thu Nov 19 12:52:31 2015 +0000
strongswan: Update to 5.3.4
Fixes a security vulnerability in the EAP-MSCHAPv2 plugin
    that is filed under CVE-2015-8023.
https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2...
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 06988eaf4961be6c74a9aefb8203eb7b53157bd6
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Wed Nov 18 17:31:32 2015 +0000
core96: Ship updated core initscript
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c77e962d565b1ae07c9b44e3c864c9bacc9f6b78
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Fri Oct 16 18:49:15 2015 +0200
snort: Also monitor assigned alias addresses on red.
These changes will allow snort to also inspect the traffic for
    one or more configured alias addresses, which has not been done in the past.
The current situation is, that snort if enabled on red, only inspects
    the traffic which is desired to the statically configured red address.
If some alias addresses have been assigned to the red interface the
    traffic to these addresses will not be checked by snort and
    completely bypasses the IDS.
There is no user interaction required, nor visible-effects or any
    backward-compatiblity required, only a restart of snort after the
    update process to protect all red addresses.
To do this we will now check if, the RED interface has been set to STATIC (which
    is required to use the aliases function) and any aliases have been configured. In
    case of this, the modified code will add all enabled alias addresses to the HOMENET
    variable in which snort is storing all the monitored addresses.
Fixes #10619.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
    Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e9fbc1cecf856ccc7f5f2b2c504aa4318e879a7d
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Wed Nov 11 22:05:15 2015 +0100
boost: build also on x86 with -j2
boost need to much memory if it was build with more
    than 2 parallel processes.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dccbe309d2b568147c47a4d37c59b5686a7babbe
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Wed Nov 11 15:01:13 2015 +0100
core96: add pakfire changes to updater
commit 4e17785fc101be1bef918fe5c739a2aa8e68075c
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Wed Nov 11 14:54:21 2015 +0100
pakfire: remove wrong version of installed addons
in the installed addon list pakfire has showed
    the latest version of the addon not the installed.
Fixes: #10875
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cfac8f9476678259698b14463fdd0c1b3ffeff23
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Wed Nov 11 14:49:02 2015 +0100
start core96
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree